svn commit: samba-web r1324 - in trunk: .
Author: abartlet
Date: 2009-09-25 09:56:46 -0600 (Fri, 25 Sep 2009)
New Revision: 1324
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1324
Log:
Remove mirror redirect JS, now we don't do mirrors
Removed:
trunk/redirect_us.html
Modified:
trunk/header_columns.html
trunk/header_wide.html
Changeset:
Modified: trunk/header_columns.html
===
--- trunk/header_columns.html 2009-09-19 06:05:59 UTC (rev 1323)
+++ trunk/header_columns.html 2009-09-25 15:56:46 UTC (rev 1324)
@@ -52,15 +52,6 @@
input type=submit value=Go /
/form
span|/span
- form action=no_script_yet.cgi name=mirrorForm
-select name=mirrorLocation
onchange=changeMirror(this.form.mirrorLocation)
-option selected=selectedChoose A Mirror/option
-!--#include virtual=/samba/menu_options.html --
-/select
-noscript
- spanJavascript must be enabled for this menu to work./span
-/noscript
- /form
/div
/div
Modified: trunk/header_wide.html
===
--- trunk/header_wide.html 2009-09-19 06:05:59 UTC (rev 1323)
+++ trunk/header_wide.html 2009-09-25 15:56:46 UTC (rev 1324)
@@ -50,16 +50,6 @@
input type=text size=15 name=words value= /
input type=submit value=Go /
/form
- span|/span
- form action=no_script_required.cgi name=mirrorForm
-select name=mirrorLocation
onchange=changeMirror(this.form.mirrorLocation)
-option selected=selectedChoose A Mirror/option
-!--#include virtual=/samba/menu_options.html --
-/select
-noscript
- spanJavascript must be enabled for this menu to work./span
-/noscript
- /form
/div
/div
Deleted: trunk/redirect_us.html
===
--- trunk/redirect_us.html 2009-09-19 06:05:59 UTC (rev 1323)
+++ trunk/redirect_us.html 2009-09-25 15:56:46 UTC (rev 1324)
@@ -1,48 +0,0 @@
-html
-
-head
-
-titleSamba -- Opening Windows to a Wider World/title
-
-meta http-equiv=Content-Type content=text/html; charset=utf-8 /
-meta http-equiv=Content-Language content=en-us /
-meta name=keywords content=Samba SMB CIFS /
-meta name=description content=Home of Samba, the SMB file server /
-
-!--#include virtual=/samba/redirect_include.html --
-
-script type=text/javascript
-!-- Hide from old browsers
-function loadUSMirror()
-{
-if (randomMirror.length 0) {
-window.location = randomMirror[n];
-} else {
-window.location = http://us1.samba.org/samba/;;
-}
-}
-// end hide --
-/script
-
-/head
-
-
-body onload=loadUSMirror()
-noscript
-h2Samba -- Opening Windows to a Wider World/h2
-pstrongJavaScript/strong is strongnot/strong required to use the
Samba web site,
-but strong enabling JavaScript/strong will add some useful features, mostly
-to do with content display and format./p
-
-h3Please choose a mirror/h3
-
-h4For the samba.org web site:/h4
-!--#include virtual=/samba/web_hosts.html --
-
-h4For download ftp sites:/h4
-!--#include virtual=/samba/ftp_hosts.html --
-/noscript
-!--#include virtual=/samba/local_footer.html --
-/body
-/html
-
svn commit: samba-web r1325 - in trunk: .
Author: abartlet Date: 2009-09-25 10:01:52 -0600 (Fri, 25 Sep 2009) New Revision: 1325 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1325 Log: Fix typos and misinformation on the IRC page Modified: trunk/irc.html Changeset: Modified: trunk/irc.html === --- trunk/irc.html 2009-09-25 15:56:46 UTC (rev 1324) +++ trunk/irc.html 2009-09-25 16:01:52 UTC (rev 1325) @@ -4,7 +4,8 @@ h2Samba IRC Channels/h2 -pSamba is discussed on two IRC channels on the a href=http://www.freenode.net/;FreeNode/a network(irc.freenode.net)./p +pSamba is discussed on two IRC channels on the a +href=http://www.freenode.net/;FreeNode/a network (irc.freenode.net)./p h3#samba/h3 @@ -12,7 +13,7 @@ Please keep a few things in mind:/p ul - liMake sure you have read the right parts of the a href=docs/man/documentation/a before asking a question./li + liMake sure you have read the right parts of the a href=docs/documentation/a before asking a question./li liDon't ask if there is anybody who can help, just ask your question. If there is somebody who knows the answer, (s)he will reply./li liMake sure you are either running the latest version of Samba or have verified that your problem is not fixed in a later release then
svn commit: samba-web r1326 - in trunk: .
Author: abartlet Date: 2009-09-25 10:06:15 -0600 (Fri, 25 Sep 2009) New Revision: 1326 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1326 Log: fix formatting inconsistancy Modified: trunk/header_columns.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2009-09-25 16:01:52 UTC (rev 1325) +++ trunk/header_columns.html 2009-09-25 16:06:15 UTC (rev 1326) @@ -51,7 +51,6 @@ input type=text size=15 name=words value= / input type=submit value=Go / /form - span|/span /div /div
svn commit: samba-web r1323 - in trunk: .
Author: abartlet Date: 2009-09-19 00:05:59 -0600 (Sat, 19 Sep 2009) New Revision: 1323 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1323 Log: We don't redirect any more, and we don't use the US mirror rotation any more. Andrew Bartlett Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2009-09-09 14:17:31 UTC (rev 1322) +++ trunk/index.html2009-09-19 06:05:59 UTC (rev 1323) @@ -160,12 +160,4 @@ See a href=/samba/history/samba-3.0.35.htmlthe release notes for more info/a./p - div class=request - phttp://samba.org/ is automatically redirected to one of our US - mirrors. To change to a mirror closer to your location, choose a - span class=punchmirror site/span from the drop-down menu above. - The popularity of Samba puts a strain on our network. By using a - mirror site you can do your bit to reduce the load./p -/div - !--#include virtual=/samba/footer.html --
svn commit: lorikeet r799 - in trunk/heimdal: . admin appl/su appl/telnet/libtelnet cf doc doc/standardisation kadmin kdc kpasswd kuser lib lib/gssapi lib/gssapi/gssapi lib/gssapi/krb5 lib/gssapi/mech
Author: abartlet Date: 2008-07-28 06:20:35 + (Mon, 28 Jul 2008) New Revision: 799 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=799 Log: Merged with upstream Heimdal -r 23473. Dropped gss_wrap_ex patch (will maintain this with metze in GIT, then commit it here when finished). Andrew Bartlett Added: trunk/heimdal/cf/symbol-version.py trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-gss-cb-hash-agility-04.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-11.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-otp-preauth-05.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-preauth-framework-08.txt trunk/heimdal/lib/krb5/send_to_kdc_plugin.h trunk/heimdal/lib/roken/cloexec.c trunk/heimdal/lib/roken/xfree.c Removed: trunk/heimdal/lib/gssapi/mech/gss_unwrap_ex.c trunk/heimdal/lib/gssapi/mech/gss_wrap_ex.c trunk/heimdal/lib/krb5/keytab_krb4.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/admin/change.c trunk/heimdal/admin/get.c trunk/heimdal/appl/su/ChangeLog trunk/heimdal/appl/su/Makefile.am trunk/heimdal/appl/su/su.c trunk/heimdal/appl/telnet/libtelnet/encrypt.c trunk/heimdal/appl/telnet/libtelnet/genget.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/krb-ipv6.m4 trunk/heimdal/cf/krb-readline.m4 trunk/heimdal/cf/version-script.m4 trunk/heimdal/doc/ack.texi trunk/heimdal/kadmin/ank.c trunk/heimdal/kdc/default_config.c trunk/heimdal/kdc/digest.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/krb5tgs.c trunk/heimdal/kdc/kx509.c trunk/heimdal/kdc/misc.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/kdc/process.c trunk/heimdal/kdc/set_dbinfo.c trunk/heimdal/kdc/windc.c trunk/heimdal/kpasswd/kpasswd-generator.c trunk/heimdal/kpasswd/kpasswdd.c trunk/heimdal/kuser/kinit.c trunk/heimdal/lib/Makefile.am trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/krb5/accept_sec_context.c trunk/heimdal/lib/gssapi/krb5/delete_sec_context.c trunk/heimdal/lib/gssapi/krb5/display_status.c trunk/heimdal/lib/gssapi/krb5/external.c trunk/heimdal/lib/gssapi/krb5/gsskrb5_locl.h trunk/heimdal/lib/gssapi/krb5/init_sec_context.c trunk/heimdal/lib/gssapi/krb5/set_cred_option.c trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c trunk/heimdal/lib/gssapi/krb5/wrap.c trunk/heimdal/lib/gssapi/mech/gss_krb5.c trunk/heimdal/lib/gssapi/mech/gss_mech_switch.c trunk/heimdal/lib/gssapi/ntlm/crypto.c trunk/heimdal/lib/gssapi/ntlm/external.c trunk/heimdal/lib/gssapi/ntlm/init_sec_context.c trunk/heimdal/lib/gssapi/test_context.c trunk/heimdal/lib/hcrypto/ChangeLog trunk/heimdal/lib/hcrypto/rand-egd.c trunk/heimdal/lib/hcrypto/rand-fortuna.c trunk/heimdal/lib/hcrypto/rand-unix.c trunk/heimdal/lib/hcrypto/rand.c trunk/heimdal/lib/hcrypto/test_rsa.c trunk/heimdal/lib/hcrypto/ui.c trunk/heimdal/lib/hdb/Makefile.am trunk/heimdal/lib/hdb/common.c trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/db3.c trunk/heimdal/lib/hdb/dbinfo.c trunk/heimdal/lib/hdb/ext.c trunk/heimdal/lib/hdb/hdb-ldap.c trunk/heimdal/lib/hdb/hdb.c trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/hdb/keytab.c trunk/heimdal/lib/hdb/mkey.c trunk/heimdal/lib/hdb/ndbm.c trunk/heimdal/lib/hdb/print.c trunk/heimdal/lib/hdb/version-script.map trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/file.c trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/ks_dir.c trunk/heimdal/lib/hx509/ks_file.c trunk/heimdal/lib/hx509/ks_p12.c trunk/heimdal/lib/hx509/req.c trunk/heimdal/lib/hx509/revoke.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/kadm5/ad.c trunk/heimdal/lib/kadm5/chpass_s.c trunk/heimdal/lib/kadm5/init_c.c trunk/heimdal/lib/kadm5/ipropd_slave.c trunk/heimdal/lib/kadm5/log.c trunk/heimdal/lib/kadm5/password_quality.c trunk/heimdal/lib/kafs/ChangeLog trunk/heimdal/lib/kafs/common.c trunk/heimdal/lib/krb5/Makefile.am trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/acl.c trunk/heimdal/lib/krb5/addr_families.c trunk/heimdal/lib/krb5/auth_context.c trunk/heimdal/lib/krb5/build_auth.c trunk/heimdal/lib/krb5/cache.c trunk/heimdal/lib/krb5/changepw.c trunk/heimdal/lib/krb5/config_file.c trunk/heimdal/lib/krb5/context.c trunk/heimdal/lib/krb5/convert_creds.c trunk/heimdal/lib/krb5/copy_host_realm.c trunk/heimdal/lib/krb5/creds.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/data.c trunk/heimdal/lib
svn commit: lorikeet r800 - in trunk/heimdal: .
Author: abartlet Date: 2008-07-28 06:24:17 + (Mon, 28 Jul 2008) New Revision: 800 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800 Log: Remove gss_wrap_ex patch from heimdal-lorikeet.diff Keep the NTLM parts in wrap_ex_ntlm.diff for the moment (re-integrate when we finish the work with metze on a working gss_wrap_ex()). Andrew Bartlett Added: trunk/heimdal/wrap_ex_ntlm.diff Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Sorry, the patch is too large (1852 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800
svn commit: lorikeet r801 - in trunk/heimdal: . lib/krb5
Author: abartlet Date: 2008-07-28 09:31:00 + (Mon, 28 Jul 2008) New Revision: 801 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=801 Log: Revert back to using the extra argument on send_to_kdc, until Samba moves to the plugin version of this function. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/send_to_kdc.c Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 09:31:00 UTC (rev 801) @@ -180,3 +180,28 @@ ret = _krb5_principalname2krb5_principal (context, tmp_principal, rep-kdc_rep.cname, +Index: lib/krb5/send_to_kdc.c +=== +--- lib/krb5/send_to_kdc.c (revision 800) lib/krb5/send_to_kdc.c (working copy) +@@ -385,7 +385,7 @@ +struct send_to_kdc *s = context-send_to_kdc; + +ret = (*s-func)(context, s-data, +-hi, send_data, receive); ++hi, context-kdc_timeout, send_data, receive); +if (ret == 0 receive-length != 0) +goto out; +continue; +Index: lib/krb5/krb5.h +=== +--- lib/krb5/krb5.h(revision 800) lib/krb5/krb5.h(working copy) +@@ -725,6 +725,7 @@ + typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, +void *, +krb5_krbhst_info *, ++ time_t timeout, +const krb5_data *, +krb5_data *); + Modified: trunk/heimdal/lib/krb5/krb5.h === --- trunk/heimdal/lib/krb5/krb5.h 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/krb5.h 2008-07-28 09:31:00 UTC (rev 801) @@ -725,6 +725,7 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, +time_t timeout, const krb5_data *, krb5_data *); Modified: trunk/heimdal/lib/krb5/send_to_kdc.c === --- trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 09:31:00 UTC (rev 801) @@ -385,7 +385,7 @@ struct send_to_kdc *s = context-send_to_kdc; ret = (*s-func)(context, s-data, - hi, send_data, receive); + hi, context-kdc_timeout, send_data, receive); if (ret == 0 receive-length != 0) goto out; continue;
svn commit: lorikeet r796 - in trunk/heimdal: . lib/krb5
Author: abartlet Date: 2008-06-24 10:04:11 + (Tue, 24 Jun 2008) New Revision: 796 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=796 Log: Add in timeout parameter to send_to_kdc plugin. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/send_to_kdc.c Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-06-24 10:04:11 UTC (rev 796) @@ -180,3 +180,28 @@ ret = _krb5_principalname2krb5_principal (context, tmp_principal, rep-kdc_rep.cname, +Index: lib/krb5/send_to_kdc.c +=== +--- lib/krb5/send_to_kdc.c (revision 795) lib/krb5/send_to_kdc.c (working copy) +@@ -343,7 +343,7 @@ +struct send_to_kdc *s = context-send_to_kdc; + +ret = (*s-func)(context, s-data, +-hi, send_data, receive); ++hi, context-kdc_timeout, send_data, receive); +if (ret == 0 receive-length != 0) +goto out; +continue; +Index: lib/krb5/krb5.h +=== +--- lib/krb5/krb5.h(revision 795) lib/krb5/krb5.h(working copy) +@@ -725,6 +725,7 @@ + typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, +void *, +krb5_krbhst_info *, ++ time_t timeout, +const krb5_data *, +krb5_data *); + Modified: trunk/heimdal/lib/krb5/krb5.h === --- trunk/heimdal/lib/krb5/krb5.h 2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/lib/krb5/krb5.h 2008-06-24 10:04:11 UTC (rev 796) @@ -725,6 +725,7 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, +time_t timeout, const krb5_data *, krb5_data *); Modified: trunk/heimdal/lib/krb5/send_to_kdc.c === --- trunk/heimdal/lib/krb5/send_to_kdc.c2008-06-09 12:00:44 UTC (rev 795) +++ trunk/heimdal/lib/krb5/send_to_kdc.c2008-06-24 10:04:11 UTC (rev 796) @@ -343,7 +343,7 @@ struct send_to_kdc *s = context-send_to_kdc; ret = (*s-func)(context, s-data, - hi, send_data, receive); + hi, context-kdc_timeout, send_data, receive); if (ret == 0 receive-length != 0) goto out; continue;
svn commit: lorikeet r797 - in trunk/heimdal/lib/gssapi: . gssapi mech ntlm
Author: abartlet Date: 2008-06-24 10:08:22 + (Tue, 24 Jun 2008) New Revision: 797 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=797 Log: Add in new interface, gss_wrap_ex and gss_unwrap_ex. Also fix up the NTLM2 sealing code to correctly handle the key exchange case). (I didn't write most of gss_(un)wrap_ex.c, just adapted it to current heimdal). Andrew Bartlett Added: trunk/heimdal/lib/gssapi/mech/gss_unwrap_ex.c trunk/heimdal/lib/gssapi/mech/gss_wrap_ex.c Modified: trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/ntlm/crypto.c trunk/heimdal/lib/gssapi/ntlm/external.c Changeset: Sorry, the patch is too large (741 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=797
svn commit: lorikeet r798 - in trunk/heimdal: .
Author: abartlet Date: 2008-06-24 10:09:37 + (Tue, 24 Jun 2008) New Revision: 798 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=798 Log: Add gss_(un)wrap_ex changes to heimdal-lorikeet diff Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Sorry, the patch is too large (1486 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=798
svn commit: lorikeet r791 - in trunk/heimdal: . kdc
Author: abartlet
Date: 2008-03-19 01:21:06 + (Wed, 19 Mar 2008)
New Revision: 791
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=791
Log:
Update lorikeet-heimdal with Andrew Kroeger [EMAIL PROTECTED]'s work
to allow AD-like custom error data (including an NT status code) to be
pushed to the clients.
This fixes the windows dialog for 'must change password' etc.
Andrew Bartlett
Modified:
trunk/heimdal/heimdal-lorikeet.diff
trunk/heimdal/kdc/kerberos5.c
trunk/heimdal/kdc/windc.c
trunk/heimdal/kdc/windc_plugin.h
Changeset:
Modified: trunk/heimdal/heimdal-lorikeet.diff
===
--- trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:10:15 UTC (rev 790)
+++ trunk/heimdal/heimdal-lorikeet.diff 2008-03-19 01:21:06 UTC (rev 791)
@@ -270,3 +270,104 @@
{
u32 il,ir,t0,t1; /* temporary valiables */
+Binary files /data/samba/lorikeet/heimdal/kdc/524.gcda and kdc/524.gcda differ
+Binary files /data/samba/lorikeet/heimdal/kdc/524.gcno and kdc/524.gcno differ
+Only in /data/samba/lorikeet/heimdal/kdc: 524.lo
+Binary files /data/samba/lorikeet/heimdal/kdc/524.o and kdc/524.o differ
+Only in /data/samba/lorikeet/heimdal/kdc: config.c
+Only in /data/samba/lorikeet/heimdal/kdc: config.gcda
+Only in /data/samba/lorikeet/heimdal/kdc: config.gcno
+Only in /data/samba/lorikeet/heimdal/kdc: config.o
+Only in /data/samba/lorikeet/heimdal/kdc: connect.c
+Only in /data/samba/lorikeet/heimdal/kdc: connect.gcda
+Only in /data/samba/lorikeet/heimdal/kdc: connect.gcno
+Only in /data/samba/lorikeet/heimdal/kdc: connect.o
+Binary files /data/samba/lorikeet/heimdal/kdc/default_config.gcda and
kdc/default_config.gcda differ
+Binary files /data/samba/lorikeet/heimdal/kdc/default_config.gcno and
kdc/default_config.gcno differ
+Only in /data/samba/lorikeet/heimdal/kdc: default_config.lo
+Binary files /data/samba/lorikeet/heimdal/kdc/default_config.o and
kdc/default_config.o differ
+Binary files /data/samba/lorikeet/heimdal/kdc/digest.gcda and kdc/digest.gcda
differ
+Binary files /data/samba/lorikeet/heimdal/kdc/digest.gcno and kdc/digest.gcno
differ
+Only in /data/samba/lorikeet/heimdal/kdc: digest.lo
+Binary files /data/samba/lorikeet/heimdal/kdc/digest.o and kdc/digest.o differ
+Only in /data/samba/lorikeet/heimdal/kdc: hprop
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.8
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.c
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd.8
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd.c
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd.gcda
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd.gcno
+Only in /data/samba/lorikeet/heimdal/kdc: hpropd.o
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.gcda
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.gcno
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.h
+Only in /data/samba/lorikeet/heimdal/kdc: hprop.o
+Only in /data/samba/lorikeet/heimdal/kdc: kadb.h
+Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.gcda and
kdc/kaserver.gcda differ
+Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.gcno and
kdc/kaserver.gcno differ
+Only in /data/samba/lorikeet/heimdal/kdc: kaserver.lo
+Binary files /data/samba/lorikeet/heimdal/kdc/kaserver.o and kdc/kaserver.o
differ
+Only in /data/samba/lorikeet/heimdal/kdc: kdc
+Only in /data/samba/lorikeet/heimdal/kdc: kdc.8
+diff -ur /data/samba/lorikeet/heimdal/kdc/kdc-private.h kdc/kdc-private.h
+--- /data/samba/lorikeet/heimdal/kdc/kdc-private.h 2008-03-17
18:12:47.0 +1100
kdc/kdc-private.h 2008-03-19 11:04:42.0 +1100
+@@ -281,6 +281,7 @@
+ _kdc_windc_client_access (
+ krb5_context /*context*/,
+ struct hdb_entry_ex */*client*/,
+- KDC_REQ */*req*/);
++ KDC_REQ */*req*/,
++ krb5_data */*e_data*/);
+
+ #endif /* __kdc_private_h__ */
+Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay
+Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.c
+Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.gcda
+Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.gcno
+Only in /data/samba/lorikeet/heimdal/kdc: kdc-replay.o
+Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.gcda and
kdc/kerberos4.gcda differ
+Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.gcno and
kdc/kerberos4.gcno differ
+Only in /data/samba/lorikeet/heimdal/kdc: kerberos4.lo
+Binary files /data/samba/lorikeet/heimdal/kdc/kerberos4.o and kdc/kerberos4.o
differ
+diff -ur /data/samba/lorikeet/heimdal/kdc/kerberos5.c kdc/kerberos5.c
+--- /data/samba/lorikeet/heimdal/kdc/kerberos5.c 2008-03-04
10:20:46.0 +1100
kdc/kerberos5.c2008-03-19 11:04:42.0 +1100
+@@ -1050,7 +1050,7 @@
+ goto out;
+ }
+
+-ret = _kdc_windc_client_access(context, client, req);
++ret = _kdc_windc_client_access(context, client, req, e_data);
+ if(ret)
+ goto out;
+
+diff -ur
svn commit: lorikeet r788 - in trunk/heimdal/lib/hcrypto: .
Author: abartlet
Date: 2008-03-18 00:36:03 + (Tue, 18 Mar 2008)
New Revision: 788
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=788
Log:
Change to the GPL, rather than looks-like-BSD licenced versions of the
camellia cypher.
Downloaded from
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-GPL-1.2.0.tar.gz
Andrew Bartlett
Modified:
trunk/heimdal/lib/hcrypto/camellia-ntt.c
trunk/heimdal/lib/hcrypto/camellia-ntt.h
Changeset:
Modified: trunk/heimdal/lib/hcrypto/camellia-ntt.c
===
--- trunk/heimdal/lib/hcrypto/camellia-ntt.c2008-03-13 05:39:49 UTC (rev
787)
+++ trunk/heimdal/lib/hcrypto/camellia-ntt.c2008-03-18 00:36:03 UTC (rev
788)
@@ -1,28 +1,21 @@
-/* camellia.c ver 1.2.0
+/* camellia.h ver 1.2.0
*
- * Copyright (c) 2006,2007
- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer as
- * the first lines of this file unmodified.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
*
- * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
@@ -30,15 +23,13 @@
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
-
#include string.h
#include stdlib.h
-#include krb5-types.h
-#include camellia-ntt.h
+#include camellia.h
/* u32 must be 32bit word */
-typedef uint32_t u32;
+typedef unsigned int u32;
typedef unsigned char u8;
/* key constants */
@@ -453,7 +444,7 @@
#define subl(x) subL[(x)]
#define subr(x) subR[(x)]
-static void camellia_setup128(const unsigned char *key, u32 *subkey)
+void camellia_setup128(const unsigned char *key, u32 *subkey)
{
u32 kll, klr, krl, krr;
u32 il, ir, t0, t1, w0, w1;
@@ -664,7 +655,7 @@
return;
}
-static void camellia_setup256(const unsigned char *key, u32 *subkey)
+void camellia_setup256(const unsigned char *key, u32 *subkey)
{
u32 kll,klr,krl,krr; /* left half of key */
u32 krll,krlr,krrl,krrr; /* right half of key */
@@ -950,7 +941,7 @@
return;
}
-static void camellia_setup192(const unsigned char *key, u32 *subkey)
+void camellia_setup192(const unsigned char *key, u32 *subkey)
{
unsigned char kk[32];
u32 krll, krlr, krrl,krrr;
@@ -972,7 +963,7 @@
*
* io must be 4byte aligned and big-endian data.
*/
-static void camellia_encrypt128(const u32 *subkey, u32 *io)
+void camellia_encrypt128(const u32 *subkey, u32 *io)
{
u32 il, ir, t0, t1;
@@ -1062,7 +1053,7 @@
return;
}
-static void camellia_decrypt128(const u32 *subkey, u32 *io)
+void camellia_decrypt128(const u32 *subkey, u32 *io)
{
u32 il,ir,t0,t1; /* temporary valiables */
@@ -1155,7 +1146,7 @@
/**
* stuff for 192 and 256bit encryption/decryption
*/
-static void camellia_encrypt256(const u32 *subkey, u32 *io)
+void camellia_encrypt256(const u32 *subkey, u32 *io)
{
u32 il,ir,t0,t1; /* temporary valiables */
@@ -1269,7 +1260,7 @@
return;
}
-static void camellia_decrypt256(const u32
svn commit: lorikeet r789 - in trunk/heimdal/lib/hcrypto: .
Author: abartlet Date: 2008-03-18 01:02:30 + (Tue, 18 Mar 2008) New Revision: 789 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=789 Log: Bring in krb5-types into camellia.h (and therefore into camellia-ntt.[ch]) Andrew Bartlett Modified: trunk/heimdal/lib/hcrypto/camellia.h Changeset: Modified: trunk/heimdal/lib/hcrypto/camellia.h === --- trunk/heimdal/lib/hcrypto/camellia.h2008-03-18 00:36:03 UTC (rev 788) +++ trunk/heimdal/lib/hcrypto/camellia.h2008-03-18 01:02:30 UTC (rev 789) @@ -36,6 +36,7 @@ #ifndef HEIM_CAMELLIA_H #define HEIM_CAMELLIA_H 1 +#include krb5-types.h #include camellia-ntt.h /* symbol renaming */
svn commit: lorikeet r790 - in trunk/heimdal: .
Author: abartlet Date: 2008-03-18 01:10:15 + (Tue, 18 Mar 2008) New Revision: 790 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=790 Log: This patch looks *really* odd, but this is due to pulling in the GPL, rather than BSD-like licence for the camellia cypher from http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-GPL-1.2.0.tar.gz Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:02:30 UTC (rev 789) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-03-18 01:10:15 UTC (rev 790) @@ -87,3 +87,186 @@ tmp_principal, rep-kdc_rep.cname, rep-kdc_rep.crealm); +--- /data/heimdal-svn/lib/hcrypto/camellia.h 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia.h 2008-03-18 11:37:04.0 +1100 +@@ -36,6 +36,7 @@ + #ifndef HEIM_CAMELLIA_H + #define HEIM_CAMELLIA_H 1 + ++#include krb5-types.h + #include camellia-ntt.h + + /* symbol renaming */ +--- /data/heimdal-svn/lib/hcrypto/camellia-ntt.h 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia-ntt.h 2007-01-11 18:27:37.0 +1100 +@@ -1,28 +1,21 @@ +-/* camellia.h ver 1.2.0 ++/* camellia.h ver 1.2.0 + * +- * Copyright (c) 2006,2007 +- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. ++ * Copyright (C) 2006,2007 ++ * NTT (Nippon Telegraph and Telephone Corporation). + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer as +- * the first lines of this file unmodified. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. + * +- * THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR +- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +- * IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, +- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + + #ifndef HEADER_CAMELLIA_H +--- /data/heimdal-svn/lib/hcrypto/camellia-ntt.c 2007-08-07 09:21:33.0 +1000 lib/hcrypto/camellia-ntt.c 2007-01-11 18:28:12.0 +1100 +@@ -1,28 +1,21 @@ +-/* camellia.c ver 1.2.0 ++/* camellia.h ver 1.2.0 + * +- * Copyright (c) 2006,2007 +- * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved. ++ * Copyright (C) 2006,2007 ++ * NTT (Nippon Telegraph and Telephone Corporation). + * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer as +- * the first lines of this file unmodified. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License
svn commit: lorikeet r787 - in trunk/heimdal: . appl/telnet appl/telnet/telnetd cf doc include lib/gssapi lib/gssapi/gssapi lib/gssapi/krb5 lib/gssapi/mech lib/gssapi/spnego lib/hcrypto lib/hcrypto/im
Author: abartlet Date: 2008-03-13 05:39:49 + (Thu, 13 Mar 2008) New Revision: 787 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=787 Log: Merge with upstream heimdal -r 22676. (Hoping to have a new snapshot of Heimdal in next Samba4 alpha). Andrew Bartlett Added: trunk/heimdal/doc/oid.txt trunk/heimdal/lib/wind/ldap.c trunk/heimdal/lib/wind/test-ldap.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/appl/telnet/ChangeLog trunk/heimdal/appl/telnet/telnetd/sys_term.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/Makefile.am.common trunk/heimdal/cf/make-proto.pl trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/include/Makefile.am trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/krb5/gsskrb5_locl.h trunk/heimdal/lib/gssapi/krb5/init_sec_context.c trunk/heimdal/lib/gssapi/krb5/set_cred_option.c trunk/heimdal/lib/gssapi/mech/context.c trunk/heimdal/lib/gssapi/spnego/accept_sec_context.c trunk/heimdal/lib/gssapi/spnego/context_stubs.c trunk/heimdal/lib/gssapi/spnego/external.c trunk/heimdal/lib/gssapi/spnego/init_sec_context.c trunk/heimdal/lib/gssapi/version-script.map trunk/heimdal/lib/hcrypto/hmac.c trunk/heimdal/lib/hcrypto/imath/imath.c trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/test_cms.in trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/add_et_list.c trunk/heimdal/lib/krb5/get_in_tkt.c trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/otp/Makefile.am trunk/heimdal/lib/roken/ChangeLog trunk/heimdal/lib/roken/Makefile.am trunk/heimdal/lib/wind/ChangeLog trunk/heimdal/lib/wind/Makefile.am trunk/heimdal/lib/wind/combining.c trunk/heimdal/lib/wind/errorlist.c trunk/heimdal/lib/wind/punycode.c trunk/heimdal/lib/wind/test-punycode.c trunk/heimdal/lib/wind/version-script.map trunk/heimdal/tests/gss/check-context.in Changeset: Sorry, the patch is too large (2330 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=787
svn commit: lorikeet r786 - in trunk/heimdal: . admin appl/dceutils appl/ftp/ftpd appl/rcp appl/su appl/telnet appl/telnet/libtelnet appl/telnet/telnet appl/telnet/telnetd appl/xnlock cf doc doc/stand
Author: abartlet Date: 2008-03-03 22:53:23 + (Mon, 03 Mar 2008) New Revision: 786 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=786 Log: Update to Heimdal -r 22664, in preperation for a merge to Samba4 Andrew Bartlett Added: trunk/heimdal/appl/su/supaths.h trunk/heimdal/doc/doxytmpl.dxy trunk/heimdal/doc/footer.html trunk/heimdal/doc/hcrypto.din trunk/heimdal/doc/header.html trunk/heimdal/doc/hx509.din trunk/heimdal/doc/krb5.din trunk/heimdal/doc/ntlm.din trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-gss-cb-hash-agility-03.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-09.txt trunk/heimdal/doc/standardisation/draft-kamada-krb-client-friendly-cross-02.txt trunk/heimdal/doc/standardisation/draft-sakane-krb-cross-problem-statement-03.txt trunk/heimdal/doc/vars.tin trunk/heimdal/doc/wind.din trunk/heimdal/lib/hcrypto/camellia-ntt.c trunk/heimdal/lib/hcrypto/camellia-ntt.h trunk/heimdal/lib/hcrypto/camellia.c trunk/heimdal/lib/hcrypto/camellia.h trunk/heimdal/lib/hcrypto/doxygen.c trunk/heimdal/lib/hcrypto/rsa-gmp.c trunk/heimdal/lib/hcrypto/test_dh.c trunk/heimdal/lib/hx509/data/PKITS.pdf trunk/heimdal/lib/hx509/data/PKITS_data.zip trunk/heimdal/lib/hx509/data/https.crt trunk/heimdal/lib/hx509/data/https.key trunk/heimdal/lib/hx509/data/nist-data2 trunk/heimdal/lib/hx509/data/nist-result2 trunk/heimdal/lib/hx509/doxygen.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/test_java_pkcs11.in trunk/heimdal/lib/hx509/test_nist2.in trunk/heimdal/lib/hx509/test_pkcs11.in trunk/heimdal/lib/hx509/test_soft_pkcs11.c trunk/heimdal/lib/kadm5/version-script.map trunk/heimdal/lib/krb5/doxygen.c trunk/heimdal/lib/krb5/test_forward.c trunk/heimdal/lib/krb5/test_renew.c trunk/heimdal/lib/roken/strpftime-test.h trunk/heimdal/lib/wind/ trunk/heimdal/lib/wind/ChangeLog trunk/heimdal/lib/wind/CompositionExclusions-3.2.0.txt trunk/heimdal/lib/wind/DerivedNormalizationProps.txt trunk/heimdal/lib/wind/Makefile.am trunk/heimdal/lib/wind/NormalizationCorrections.txt trunk/heimdal/lib/wind/NormalizationTest.txt trunk/heimdal/lib/wind/UnicodeData.py trunk/heimdal/lib/wind/UnicodeData.txt trunk/heimdal/lib/wind/bidi.c trunk/heimdal/lib/wind/combining.c trunk/heimdal/lib/wind/doxygen.c trunk/heimdal/lib/wind/errorlist.c trunk/heimdal/lib/wind/gen-bidi.py trunk/heimdal/lib/wind/gen-combining.py trunk/heimdal/lib/wind/gen-errorlist.py trunk/heimdal/lib/wind/gen-map.py trunk/heimdal/lib/wind/gen-normalize.py trunk/heimdal/lib/wind/gen-punycode-examples.py trunk/heimdal/lib/wind/generate.py trunk/heimdal/lib/wind/idn-lookup.c trunk/heimdal/lib/wind/map.c trunk/heimdal/lib/wind/normalize.c trunk/heimdal/lib/wind/punycode.c trunk/heimdal/lib/wind/rfc3454.py trunk/heimdal/lib/wind/rfc3454.txt trunk/heimdal/lib/wind/rfc3490.txt trunk/heimdal/lib/wind/rfc3491.txt trunk/heimdal/lib/wind/rfc3492.txt trunk/heimdal/lib/wind/rfc4013.txt trunk/heimdal/lib/wind/rfc4518.py trunk/heimdal/lib/wind/rfc4518.txt trunk/heimdal/lib/wind/stringprep.c trunk/heimdal/lib/wind/stringprep.py trunk/heimdal/lib/wind/test-bidi.c trunk/heimdal/lib/wind/test-map.c trunk/heimdal/lib/wind/test-normalize.c trunk/heimdal/lib/wind/test-prohibited.c trunk/heimdal/lib/wind/test-punycode.c trunk/heimdal/lib/wind/test-rw.c trunk/heimdal/lib/wind/test-utf8.c trunk/heimdal/lib/wind/utf8.c trunk/heimdal/lib/wind/util.py trunk/heimdal/lib/wind/version-script.map trunk/heimdal/lib/wind/wind.h trunk/heimdal/lib/wind/wind_err.et trunk/heimdal/lib/wind/windlocl.h trunk/heimdal/packages/debian/ trunk/heimdal/packages/debian/Makefile.am trunk/heimdal/packages/debian/README trunk/heimdal/packages/debian/README.Debian trunk/heimdal/packages/debian/changelog trunk/heimdal/packages/debian/compat trunk/heimdal/packages/debian/control trunk/heimdal/packages/debian/copyright trunk/heimdal/packages/debian/extras/ trunk/heimdal/packages/debian/extras/default trunk/heimdal/packages/debian/extras/kadmind.acl trunk/heimdal/packages/debian/extras/kdc.conf trunk/heimdal/packages/debian/heimdal-clients-x.install trunk/heimdal/packages/debian/heimdal-clients.install trunk/heimdal/packages/debian/heimdal-clients.postinst trunk/heimdal/packages/debian/heimdal-clients.prerm trunk/heimdal/packages/debian/heimdal-dev.install trunk/heimdal/packages/debian/heimdal-docs.install trunk/heimdal/packages/debian/heimdal-kcm.init trunk/heimdal/packages/debian/heimdal-kcm.install trunk/heimdal/packages/debian/heimdal-kdc.dirs trunk/heimdal/packages/debian/heimdal-kdc.examples trunk/heimdal/packages/debian/heimdal-kdc.init trunk/heimdal/packages/debian/heimdal-kdc.install trunk/heimdal/packages/debian/heimdal
svn commit: samba r26697 - in branches/SAMBA_4_0/source/dsdb/schema: .
Author: abartlet
Date: 2008-01-09 05:36:02 + (Wed, 09 Jan 2008)
New Revision: 26697
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26697
Log:
Leak less memory into the ldb context.
(Trying to chase down memory leaks in provision)
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
===
--- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2008-01-08 22:56:44 UTC
(rev 26696)
+++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2008-01-09 05:36:02 UTC
(rev 26697)
@@ -85,24 +85,30 @@
struct prefixMapBlob pfm;
char *schema_info;
- ndr_err = ndr_pull_struct_blob(prefixMap, schema,
lp_iconv_convenience(global_loadparm), pfm,
+ TALLOC_CTX *mem_ctx = talloc_new(schema);
+ W_ERROR_HAVE_NO_MEMORY(mem_ctx);
+
+ ndr_err = ndr_pull_struct_blob(prefixMap, mem_ctx,
lp_iconv_convenience(global_loadparm), pfm,
(ndr_pull_flags_fn_t)ndr_pull_prefixMapBlob);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
NTSTATUS nt_status = ndr_map_error2ntstatus(ndr_err);
+ talloc_free(mem_ctx);
return ntstatus_to_werror(nt_status);
}
if (pfm.version != PREFIX_MAP_VERSION_DSDB) {
+ talloc_free(mem_ctx);
return WERR_FOOBAR;
}
if (schemaInfo-length != 21 schemaInfo-data[0] == 0xFF) {
+ talloc_free(mem_ctx);
return WERR_FOOBAR;
}
/* append the schema info as last element */
pfm.ctr.dsdb.num_mappings++;
- pfm.ctr.dsdb.mappings = talloc_realloc(schema, pfm.ctr.dsdb.mappings,
+ pfm.ctr.dsdb.mappings = talloc_realloc(mem_ctx, pfm.ctr.dsdb.mappings,
struct
drsuapi_DsReplicaOIDMapping,
pfm.ctr.dsdb.num_mappings);
W_ERROR_HAVE_NO_MEMORY(pfm.ctr.dsdb.mappings);
@@ -116,7 +122,8 @@
/* call the drsuapi version */
status = dsdb_load_oid_mappings_drsuapi(schema, pfm.ctr.dsdb);
- talloc_free(pfm.ctr.dsdb.mappings);
+ talloc_free(mem_ctx);
+
W_ERROR_NOT_OK_RETURN(status);
return WERR_OK;
@@ -1164,6 +1171,8 @@
if (!msg) {
goto nomem;
}
+ talloc_steal(mem_ctx, msg);
+ talloc_free(ldif);
prefix_val = ldb_msg_find_ldb_val(msg, prefixMap);
if (!prefix_val) {
@@ -1200,6 +1209,9 @@
goto nomem;
}
+ talloc_steal(mem_ctx, msg);
+ talloc_free(ldif);
+
is_sa = ldb_msg_check_string_attribute(msg, objectClass,
attributeSchema);
is_sc = ldb_msg_check_string_attribute(msg, objectClass,
classSchema);
svn commit: samba r26679 - in branches/SAMBA_4_0/source/dsdb/common: .
Author: abartlet
Date: 2008-01-07 00:46:39 + (Mon, 07 Jan 2008)
New Revision: 26679
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26679
Log:
It is very bad to free the ldb handle when you didn't create it...
(My bad when copying this code into samdb_is_gc()).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/common/util.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/common/util.c
===
--- branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-06 23:42:46 UTC
(rev 26678)
+++ branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-07 00:46:39 UTC
(rev 26679)
@@ -1395,7 +1395,7 @@
options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0);
talloc_free(res);
- talloc_free(ldb);
+ talloc_free(tmp_ctx);
/* if options attribute has the 0x0001 flag set, then enable the
global catlog */
if (options 0x1) {
svn commit: samba r26680 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet
Date: 2008-01-07 00:47:01 + (Mon, 07 Jan 2008)
New Revision: 26680
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26680
Log:
Don't always advertise GC functionality.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/cldap_server/netlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c
===
--- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:46:39 UTC
(rev 26679)
+++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:47:01 UTC
(rev 26680)
@@ -162,7 +162,6 @@
}
server_type =
- NBT_SERVER_GC |
NBT_SERVER_DS | NBT_SERVER_TIMESERV |
NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
NBT_SERVER_GOOD_TIMESERV;
@@ -171,6 +170,10 @@
server_type |= NBT_SERVER_PDC;
}
+ if (samdb_is_gc(cldapd-samctx)) {
+ server_type |= NBT_SERVER_GC;
+ }
+
if (str_list_check(services, ldap)) {
server_type |= NBT_SERVER_LDAP;
}
svn commit: samba r26681 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet Date: 2008-01-07 03:14:51 + (Mon, 07 Jan 2008) New Revision: 26681 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26681 Log: Use fewer magic numbers. Andrew Bartlett Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 00:47:01 UTC (rev 26680) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-07 03:14:51 UTC (rev 26681) @@ -230,7 +230,7 @@ case 5: case 6: case 7: - netlogon-logon5.type = (user?23+2:23); + netlogon-logon5.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon-logon5.server_type = server_type; netlogon-logon5.domain_uuid = domain_uuid; netlogon-logon5.forest = realm; @@ -245,7 +245,7 @@ netlogon-logon5.lm20_token = 0x; break; default: - netlogon-logon13.type = (user?23+2:23); + netlogon-logon13.type = (user?NETLOGON_RESPONSE_FROM_PDC_USER:NETLOGON_RESPONSE_FROM_PDC2); netlogon-logon13.server_type = server_type; netlogon-logon13.domain_uuid = domain_uuid; netlogon-logon13.forest = realm;
svn commit: samba r26682 - in branches/SAMBA_4_0/source/torture/ldap: .
Author: abartlet
Date: 2008-01-07 03:15:39 + (Mon, 07 Jan 2008)
New Revision: 26682
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26682
Log:
Move CLDAP to the modern torture system, and add value checking.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/ldap/cldap.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c
===
--- branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:14:51 UTC
(rev 26681)
+++ branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:15:39 UTC
(rev 26682)
@@ -28,15 +28,11 @@
#include lib/ldb/include/ldb.h
#include param/param.h
-#define CHECK_STATUS(status, correct) do { \
- if (!NT_STATUS_EQUAL(status, correct)) { \
- printf((%s) Incorrect status %s - should be %s\n, \
- __location__, nt_errstr(status), nt_errstr(correct)); \
- ret = false; \
- goto done; \
- } \
-} while (0)
+#define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx,
status, correct, incorrect status)
+#define CHECK_VAL(v, correct) torture_assert_int_equal(tctx, (v), (correct),
incorrect value);
+
+#define CHECK_STRING(v, correct) torture_assert_str_equal(tctx, v, correct,
incorrect value);
/*
test netlogon operations
*/
@@ -48,7 +44,6 @@
union nbt_cldap_netlogon n1;
struct GUID guid;
int i;
- bool ret = true;
ZERO_STRUCT(search);
search.in.dest_address = dest;
@@ -94,6 +89,8 @@
search.in.user = NULL;
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, );
+ CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
printf(Trying with User=Administrator\n);
@@ -101,11 +98,16 @@
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
+ CHECK_VAL(search.out.netlogon.logon5.type,
NETLOGON_RESPONSE_FROM_PDC_USER);
+
printf(Trying with a GUID\n);
search.in.realm = NULL;
search.in.domain_guid = GUID_string(tctx, n1.logon5.domain_uuid);
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.logon5.type,
NETLOGON_RESPONSE_FROM_PDC_USER);
+ CHECK_STRING(GUID_string(tctx,
search.out.netlogon.logon5.domain_uuid), search.in.domain_guid);
printf(Trying with a incorrect GUID\n);
guid = GUID_random();
@@ -119,6 +121,8 @@
search.in.realm = n1.logon5.dns_domain;
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, );
printf(Trying with a bad AAC\n);
search.in.acct_control = 0xFF00FF00;
@@ -131,11 +135,15 @@
search.in.user = Administrator;
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_STRING(search.out.netlogon.logon5.dns_domain,
n1.logon5.dns_domain);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
printf(Trying with just a bad username\n);
search.in.user = ___no_such_user___;
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user);
+ CHECK_STRING(search.out.netlogon.logon5.dns_domain,
n1.logon5.dns_domain);
printf(Trying with just a bad domain\n);
search = empty_search;
@@ -147,20 +155,28 @@
search.in.domain_guid = GUID_string(tctx, n1.logon5.domain_uuid);
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_OK);
+ CHECK_STRING(search.out.netlogon.logon5.dns_domain,
n1.logon5.dns_domain);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, );
+ CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
printf(Trying with a incorrect domain and incorrect guid\n);
search.in.domain_guid = GUID_string(tctx, guid);
status = cldap_netlogon(cldap, tctx, search);
CHECK_STATUS(status, NT_STATUS_NOT_FOUND);
+ CHECK_STRING(search.out.netlogon.logon5.dns_domain,
n1.logon5.dns_domain);
+ CHECK_STRING(search.out.netlogon.logon5.user_name, );
+ CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2);
printf(Trying with a incorrect GUID and correct domain\n);
search.in.domain_guid = GUID_string(tctx, guid);
search.in.realm = n1.logon5.dns_domain;
status = cldap_netlogon(cldap, tctx, search
svn commit: samba r26683 - in branches/SAMBA_4_0/source/torture/ldap: .
Author: abartlet Date: 2008-01-07 04:46:13 + (Mon, 07 Jan 2008) New Revision: 26683 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26683 Log: Add another testcase. I still don't know what's wrong here. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c Changeset: Modified: branches/SAMBA_4_0/source/torture/ldap/cldap.c === --- branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 03:15:39 UTC (rev 26682) +++ branches/SAMBA_4_0/source/torture/ldap/cldap.c 2008-01-07 04:46:13 UTC (rev 26683) @@ -80,6 +80,27 @@ CHECK_STATUS(status, NT_STATUS_OK); } + search.in.version = 0x2006; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + + printf(Trying with User=NULL\n); + + search.in.user = NULL; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + CHECK_STRING(search.out.netlogon.logon5.user_name, ); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC2); + + printf(Trying with User=Administrator\n); + + search.in.user = Administrator; + status = cldap_netlogon(cldap, tctx, search); + CHECK_STATUS(status, NT_STATUS_OK); + + CHECK_STRING(search.out.netlogon.logon5.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.logon5.type, NETLOGON_RESPONSE_FROM_PDC_USER); + search.in.version = 6; status = cldap_netlogon(cldap, tctx, search); CHECK_STATUS(status, NT_STATUS_OK);
svn commit: samba r26684 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2008-01-07 05:22:14 + (Mon, 07 Jan 2008) New Revision: 26684 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26684 Log: Trivial cleanup from Matthias Dieter Walln?\195?\182fer, from bug 5090 Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2008-01-07 04:46:13 UTC (rev 26683) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2008-01-07 05:22:14 UTC (rev 26684) @@ -886,7 +886,7 @@ msg-elements[idx].values[msg-elements[idx].num_values].data = discard_const_p(uint8_t, dn); msg-elements[idx].num_values++; - return 0; + return LDB_SUCCESS; } /*
svn commit: samba r26685 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet
Date: 2008-01-07 05:41:16 + (Mon, 07 Jan 2008)
New Revision: 26685
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26685
Log:
Fix bug 5137 by Mark Ridley. The RPC-ATSVC test is not tested, so was
broken by 'ref' changes long ago.
We need a working script to aim against windows.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/rpc/atsvc.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/atsvc.c
===
--- branches/SAMBA_4_0/source/torture/rpc/atsvc.c 2008-01-07 05:22:14 UTC
(rev 26684)
+++ branches/SAMBA_4_0/source/torture/rpc/atsvc.c 2008-01-07 05:41:16 UTC
(rev 26685)
@@ -27,9 +27,14 @@
{
NTSTATUS status;
struct atsvc_JobGetInfo r;
+ struct atsvc_JobInfo *info = talloc(tctx, struct atsvc_JobInfo);
+ if (!info) {
+ return false;
+ }
r.in.servername = dcerpc_server_name(p);
r.in.job_id = job_id;
+ r.out.job_info = info;
status = dcerpc_atsvc_JobGetInfo(p, tctx, r);
svn commit: samba r26686 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet
Date: 2008-01-07 05:50:04 + (Mon, 07 Jan 2008)
New Revision: 26686
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26686
Log:
Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of
the provision options used.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/setup/provision
Changeset:
Modified: branches/SAMBA_4_0/source/setup/provision
===
--- branches/SAMBA_4_0/source/setup/provision 2008-01-07 05:41:16 UTC (rev
26685)
+++ branches/SAMBA_4_0/source/setup/provision 2008-01-07 05:50:04 UTC (rev
26686)
@@ -182,7 +182,7 @@
message(--invocationid='%s' \\\n, subobj.INVOCATIONID);
message(--adminpass='%s' --krbtgtpass='%s' \\\n, subobj.ADMINPASS,
subobj.KRBTGTPASS);
message(--machinepass='%s' --dnspass='%s' \\\n, subobj.MACHINEPASS,
subobj.DNSPASS);
- message(--root='%s' --nobody='%s' --nogroup-'%s' \\\n, subobj.ROOT,
subobj.NOBODY, subobj.NOGROUP);
+ message(--root='%s' --nobody='%s' --nogroup='%s' \\\n, subobj.ROOT,
subobj.NOBODY, subobj.NOGROUP);
message(--wheel='%s' --users='%s' --server-role='%s' \\\n,
subobj.WHEEL, subobj.USERS, subobj.SERVERROLE);
if (ldapbackend) {
message(--ldap-backend='%s' \\\n, subobj.LDAPBACKEND);
svn commit: samba r26647 - in branches/SAMBA_4_0/source/script: .
Author: abartlet Date: 2008-01-03 03:31:14 + (Thu, 03 Jan 2008) New Revision: 26647 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26647 Log: Mark 'valgrind_run' as executable Modified: branches/SAMBA_4_0/source/script/valgrind_run Changeset: Property changes on: branches/SAMBA_4_0/source/script/valgrind_run ___ Name: svn:executable + *
svn commit: samba r26648 - in branches/SAMBA_4_0/source: dsdb/common ldap_server
Author: abartlet
Date: 2008-01-03 04:40:24 + (Thu, 03 Jan 2008)
New Revision: 26648
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26648
Log:
Move detection of global catalog captability to a central function, so
this can be shared with the CLDAP server (for the netlogon reply).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/common/util.c
branches/SAMBA_4_0/source/ldap_server/ldap_server.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/common/util.c
===
--- branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-03 03:31:14 UTC
(rev 26647)
+++ branches/SAMBA_4_0/source/dsdb/common/util.c2008-01-03 04:40:24 UTC
(rev 26648)
@@ -1367,7 +1367,43 @@
return false;
}
+/*
+ work out if we are a Global Catalog server for the domain of the current
open ldb
+*/
+bool samdb_is_gc(struct ldb_context *ldb)
+{
+ const char *attrs[] = { options, NULL };
+ int ret, options;
+ struct ldb_result *res;
+ TALLOC_CTX *tmp_ctx;
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ DEBUG(1, (talloc_new failed in samdb_is_pdc));
+ return false;
+ }
+
+ /* Query cn=ntds settings, */
+ ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE,
NULL, attrs, res);
+ if (ret) {
+ return false;
+ }
+ if (res-count != 1) {
+ talloc_free(res);
+ return false;
+ }
+
+ options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0);
+ talloc_free(res);
+ talloc_free(ldb);
+
+ /* if options attribute has the 0x0001 flag set, then enable the
global catlog */
+ if (options 0x1) {
+ return true;
+ }
+ return false;
+}
+
/* Find a domain object in the parents of a particular DN. */
int samdb_search_for_parent_domain(struct ldb_context *ldb, TALLOC_CTX
*mem_ctx, struct ldb_dn *dn,
struct ldb_dn **parent_dn, const char
**errstring)
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_server.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2008-01-03 03:31:14 UTC
(rev 26647)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_server.c 2008-01-03 04:40:24 UTC
(rev 26648)
@@ -447,11 +447,7 @@
{
uint16_t port = 389;
NTSTATUS status;
- const char *attrs[] = { options, NULL };
- int ret;
- struct ldb_result *res;
struct ldb_context *ldb;
- int options;
status = stream_setup_socket(event_context, model_ops,
ldap_stream_ops,
ipv4, address, port,
@@ -481,22 +477,7 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- /* Query cn=ntds settings, */
- ret = ldb_search(ldb, samdb_ntds_settings_dn(ldb), LDB_SCOPE_BASE,
NULL, attrs, res);
- if (ret) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- if (res-count != 1) {
- talloc_free(res);
- return NT_STATUS_NOT_FOUND;
- }
-
- options = ldb_msg_find_attr_as_int(res-msgs[0], options, 0);
- talloc_free(res);
- talloc_free(ldb);
-
- /* if options attribute has the 0x0001 flag set, then enable the
global catlog */
- if (options 0x1) {
+ if (samdb_is_gc(ldb)) {
port = 3268;
status = stream_setup_socket(event_context, model_ops,
ldap_stream_ops,
ipv4, address, port,
svn commit: samba r26649 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet
Date: 2008-01-03 06:00:38 + (Thu, 03 Jan 2008)
New Revision: 26649
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26649
Log:
Only claim to be a PDC if we are a PDC.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/cldap_server/netlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c
===
--- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-03 04:40:24 UTC
(rev 26648)
+++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2008-01-03 06:00:38 UTC
(rev 26649)
@@ -162,11 +162,15 @@
}
server_type =
- NBT_SERVER_PDC | NBT_SERVER_GC |
+ NBT_SERVER_GC |
NBT_SERVER_DS | NBT_SERVER_TIMESERV |
NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE |
NBT_SERVER_GOOD_TIMESERV;
+ if (samdb_is_pdc(cldapd-samctx)) {
+ server_type |= NBT_SERVER_PDC;
+ }
+
if (str_list_check(services, ldap)) {
server_type |= NBT_SERVER_LDAP;
}
svn commit: samba r26635 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2008-01-01 03:27:53 + (Tue, 01 Jan 2008) New Revision: 26635 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26635 Log: The OpenLDAP folks have been very accommodating, and their memberof plugin allows the error being returned to be adjusted. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/provision-backend Changeset: Modified: branches/SAMBA_4_0/source/setup/provision-backend === --- branches/SAMBA_4_0/source/setup/provision-backend 2007-12-30 19:18:17 UTC (rev 26634) +++ branches/SAMBA_4_0/source/setup/provision-backend 2008-01-01 03:27:53 UTC (rev 26635) @@ -161,6 +161,7 @@ memberof-group-oc top memberof-member-ad + res.msgs[i].lDAPDisplayName + memberof-memberof-ad + target + +memberof-dangling-error 32 ; }
svn commit: samba r26636 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet
Date: 2008-01-01 04:01:07 + (Tue, 01 Jan 2008)
New Revision: 26636
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26636
Log:
Remove useless 'backend' parameter, and make the memberof overlay use global.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/setup/slapd.conf
Changeset:
Modified: branches/SAMBA_4_0/source/setup/slapd.conf
===
--- branches/SAMBA_4_0/source/setup/slapd.conf 2008-01-01 03:27:53 UTC (rev
26635)
+++ branches/SAMBA_4_0/source/setup/slapd.conf 2008-01-01 04:01:07 UTC (rev
26636)
@@ -21,7 +21,8 @@
defaultsearchbase ${DOMAINDN}
-backendhdb
+include ${LDAPDIR}/memberof.conf
+
databasehdb
suffix ${SCHEMADN}
directory ${LDAPDIR}/db/schema
@@ -74,5 +75,3 @@
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
-
-include ${LDAPDIR}/memberof.conf
svn commit: samba r26609 - in branches/SAMBA_4_0/source/selftest/env: .
Author: abartlet
Date: 2007-12-27 04:17:28 + (Thu, 27 Dec 2007)
New Revision: 26609
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26609
Log:
Try a few more variatations to get the selftest to run against
OpenLDAP.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/selftest/env/Samba4.pm
Changeset:
Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm
===
--- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-27 03:09:49 UTC
(rev 26608)
+++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-27 04:17:28 UTC
(rev 26609)
@@ -241,9 +241,20 @@
open(CONF, $modconf);
# enable slapd modules
print CONF
-modulepath $olpath/libexec/openldap
+modulepath $olroot/libexec/openldap
+moduleload syncprov
+moduleload memberof
+;
+ close(CONF);
+ }
+ if (system(slaptest -u -f $slapd_conf 2) != 0) {
+ open(CONF, $modconf);
+ # enable slapd modules
+ print CONF
+modulepath $olroot/libexec/openldap
moduleload back_hdb
moduleload syncprov
+moduleload memberof
;
close(CONF);
}
@@ -254,6 +265,7 @@
print CONF
moduleload back_hdb
moduleload syncprov
+moduleload memberof
;
close(CONF);
}
@@ -265,6 +277,7 @@
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
+moduleload memberof
;
close(CONF);
}
@@ -275,6 +288,7 @@
print CONF
modulepath /usr/lib/openldap
moduleload syncprov
+moduleload memberof
;
close(CONF);
}
@@ -285,6 +299,7 @@
print CONF
modulepath /usr/lib64/openldap
moduleload syncprov
+moduleload memberof
;
close(CONF);
}
svn commit: samba r26610 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet
Date: 2007-12-27 04:18:54 + (Thu, 27 Dec 2007)
New Revision: 26610
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26610
Log:
Write out a memberof.conf, to run the memberof plugin on all linked
attributes, as found in the schema.
Index 'cn', as otherwise exact match searches on this attribute always
fail (need to figure out what is so special about cn in OpenLDAP).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/setup/provision-backend
branches/SAMBA_4_0/source/setup/slapd.conf
Changeset:
Modified: branches/SAMBA_4_0/source/setup/provision-backend
===
--- branches/SAMBA_4_0/source/setup/provision-backend 2007-12-27 04:17:28 UTC
(rev 26609)
+++ branches/SAMBA_4_0/source/setup/provision-backend 2007-12-27 04:18:54 UTC
(rev 26610)
@@ -141,6 +141,36 @@
} else {
slapd_command = slapd -f + subobj.LDAPDIR + /slapd.conf -h
+ subobj.LDAPI_URI;
}
+
+ var ldb = ldb_init();
+ ldb.filename = tmp_schema_ldb;
+
+ var connect_ok = ldb.connect(ldb.filename);
+ assert(connect_ok);
+ var attrs = new Array(linkID, lDAPDisplayName);
+ var res =
ldb.searchlinkID=*)(!(linkID:1.2.840.113556.1.4.803:=1)))(objectclass=attributeSchema)),
subobj.SCHEMADN, ldb.SCOPE_SUBTREE, attrs);
+ assert(res.error == 0);
+ var memberof_config = ;
+ for (i=0; i res.msgs.length; i++) {
+searchone(ldb, subobj.DOMAINDN, ((objectClass=computer)(cn= +
subobj.NETBIOSNAME + )), objectGUID);
+ var target = searchone(ldb, subobj.SCHEMADN,
((objectclass=attributeSchema)(linkID= + (res.msgs[i].linkID + 1) + )),
lDAPDisplayName);
+ if (target != undefined) {
+ memberof_config = memberof_config + overlay memberof
+memberof-dangling error
+memberof-refint TRUE
+memberof-group-oc top
+memberof-member-ad + res.msgs[i].lDAPDisplayName +
+memberof-memberof-ad + target +
+
+;
+ }
+ }
+ ok = sys.file_save(subobj.LDAPDIR + /memberof.conf, memberof_config);
+ if (!ok) {
+ message(failed to create file: + f + \n);
+ assert(ok);
+ }
+
}
var schema_command = ad2oLschema --option=convert:target= +
options[ldap-backend-type] + -I + lp.get(setup directory) + / +
mapping + -H tdb:// + tmp_schema_ldb + -O + subobj.LDAPDIR + / +
backend_schema;
Modified: branches/SAMBA_4_0/source/setup/slapd.conf
===
--- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-27 04:17:28 UTC (rev
26609)
+++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-27 04:18:54 UTC (rev
26610)
@@ -31,6 +31,7 @@
index objectCategory eq
index lDAPDisplayName eq
index subClassOf eq
+index cn eq
databasehdb
suffix ${CONFIGDN}
@@ -44,6 +45,7 @@
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
+index cn eq
databasehdb
suffix ${DOMAINDN}
@@ -65,9 +67,12 @@
index subClassOf eq
index dnsRoot eq
index nETBIOSName eq
+index cn eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+
+include ${LDAPDIR}/memberof.conf
svn commit: samba r26613 - in branches/SAMBA_4_0/source/libcli: ldap util
Author: abartlet
Date: 2007-12-27 07:47:11 + (Thu, 27 Dec 2007)
New Revision: 26613
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26613
Log:
Add a function to write a DATA_BLOB into an LDAPString.
This respects the length set in the DATA_BLOB, rather than hoping to
see NULL termination of the data pointer.
(found testing the Ambigious Name Resolution code against OpenLDAP).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/ldap/ldap.c
branches/SAMBA_4_0/source/libcli/util/asn1.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c
===
--- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-12-27 07:45:22 UTC
(rev 26612)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-12-27 07:47:11 UTC
(rev 26613)
@@ -77,7 +77,7 @@
i = 0;
if ( ! tree-u.substring.start_with_wildcard) {
asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(0));
- asn1_write_LDAPString(data, (char
*)tree-u.substring.chunks[i]-data);
+ asn1_write_DATA_BLOB_LDAPString(data,
tree-u.substring.chunks[i]);
asn1_pop_tag(data);
i++;
}
@@ -91,7 +91,7 @@
ctx = 1;
}
asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(ctx));
- asn1_write_LDAPString(data, (char
*)tree-u.substring.chunks[i]-data);
+ asn1_write_DATA_BLOB_LDAPString(data,
tree-u.substring.chunks[i]);
asn1_pop_tag(data);
i++;
}
@@ -157,7 +157,7 @@
asn1_pop_tag(data);
}
asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(3));
- asn1_write_LDAPString(data, (char
*)tree-u.extended.value.data);
+ asn1_write_DATA_BLOB_LDAPString(data, tree-u.extended.value);
asn1_pop_tag(data);
asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(4));
asn1_write_uint8(data, tree-u.extended.dnAttributes);
Modified: branches/SAMBA_4_0/source/libcli/util/asn1.c
===
--- branches/SAMBA_4_0/source/libcli/util/asn1.c2007-12-27 07:45:22 UTC
(rev 26612)
+++ branches/SAMBA_4_0/source/libcli/util/asn1.c2007-12-27 07:47:11 UTC
(rev 26613)
@@ -285,6 +285,13 @@
return !data-has_error;
}
+/* write a LDAP string from a DATA_BLOB */
+bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB
*s)
+{
+ asn1_write(data, s-data, s-length);
+ return !data-has_error;
+}
+
/* write a general string */
bool asn1_write_GeneralString(struct asn1_data *data, const char *s)
{
svn commit: samba r26611 - in branches/SAMBA_4_0/source/lib/ldb/tools: .
Author: abartlet Date: 2007-12-27 07:44:57 + (Thu, 27 Dec 2007) New Revision: 26611 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26611 Log: Tridge didn't write this... Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c === --- branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c 2007-12-27 04:18:54 UTC (rev 26610) +++ branches/SAMBA_4_0/source/lib/ldb/tools/ad2oLschema.c 2007-12-27 07:44:57 UTC (rev 26611) @@ -28,7 +28,7 @@ * * Description: utility to convert an AD schema into the format required by OpenLDAP * - * Author: Andrew Tridgell + * Author: Andrew Bartlett */ #include includes.h
svn commit: samba r26612 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-27 07:45:22 + (Thu, 27 Dec 2007) New Revision: 26612 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26612 Log: Tests show that we don't need to use a callback. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-27 07:44:57 UTC (rev 26611) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-27 07:45:22 UTC (rev 26612) @@ -292,9 +292,6 @@ req-op.search.tree = talloc_steal(req, anr_tree); } - - /* TODO: Add a callback, and ensure we retry the search with surname and given name if we fail to match */ - return ldb_next_request(module, req); }
svn commit: samba r26557 - in branches/SAMBA_4_0: .
Author: abartlet Date: 2007-12-21 22:55:02 + (Fri, 21 Dec 2007) New Revision: 26557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26557 Log: sync WHATSNEW with release branch of Samba4 Modified: branches/SAMBA_4_0/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0/WHATSNEW.txt === --- branches/SAMBA_4_0/WHATSNEW.txt 2007-12-21 02:33:43 UTC (rev 26556) +++ branches/SAMBA_4_0/WHATSNEW.txt 2007-12-21 22:55:02 UTC (rev 26557) @@ -1,4 +1,4 @@ -What's new in Samba 4 alpha1 +What's new in Samba 4 alpha2 Samba 4 is the ambitious next version of the Samba suite that is being @@ -10,17 +10,14 @@ production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. -Samba4 alpha1 is the culmination of 4.5 years of development under our -belt since Tridge first proposed a new Virtual File System (VFS) layer -for Samba3 (a project which eventually lead to our Active Directory -efforts), and 1.5 years since we first released a Technology Preview, -we wish to allow users, managers and developers to see how we have -progressed, and to invite feedback and support. +Samba4 alpha2 follows on from our first alpha release, made in +September, and the Technology Preview series we have offered for some +time now. WARNINGS -Samba4 alpha1 is not a final Samba release. That is more a reference +Samba4 alpha2 is not a final Samba release. That is more a reference to Samba4's lack of the features we expect you will need than a statement of code quality, but clearly it hasn't seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to @@ -58,7 +55,7 @@ VFS is backed with an extensive automated test suite. A new scripting interface has been added to Samba 4, allowing -JavaScript programs to interface to Samba's internals. +Python programs to interface to Samba's internals. The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports @@ -67,27 +64,27 @@ We are aiming for Samba 4 to be powerful frontend to large directories. -CHANGES SINCE TP5 -= +CHANGES SINCE Alpha 1 += -In the time since TP5 was released in June 2007, Samba has +In the time since Samba4 Alpha1 was released in September 2007, Samba has continued to evolve, but you may particularly notice these areas: - Group Policy Support: Basic group policies may be defined, and are - enforced by Windows clients - MMC Support: The Active Directory Users and Computers console now - works, supporting most operations. + handles group membership correctly. - Winbind: Kai Blin has been working hard on his Google Summer of - Code project, creating a winbind implementation for Samba4. + member/memberOf: These and other linked attributes are now kept in + sync - Heimdal update: A Heimdal 1.0 snapshot is now included as the - internal Kerberos library in Samba4. + subtree renames: Renaming a subtree of LDAP objects is now possible, + with all linked attributes being kept consistant. - In the past few weeks, many small but significant bugs have been - fixed, particularly thanks to Matthias Dieter Wallnöfer [EMAIL PROTECTED] + Python Bindings: Bindings for a future move to Python as the + internal scripting language have been created. + Shared library use: In support of projects such as OpenChange, + which depend on Samba4, more of Samba4 is built as shared libraries. + These are just some of the highlights of the work done in the past few months. More details can be found in our SVN history. @@ -106,12 +103,6 @@ - There is no printing support in the current release. -- Support for managing groups is currently poor (as the - memberOf/member linked attributes are not kept in sync). - -- Renaming and deleting subtrees (containers) in the the LDB tree will - have unexpected results. - - The Samba4 port of the CTDB clustering support is not yet complete - Clock Synchronisation is critical. Many 'wrong password' errors are
svn commit: samba r26556 - in branches/SAMBA_4_0/source/selftest: . env
Author: abartlet
Date: 2007-12-21 02:33:43 + (Fri, 21 Dec 2007)
New Revision: 26556
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26556
Log:
Make Fedora DS consistant use FEDORA_DS_ROOT, now we use OPENLDAP_ROOT.
Add in another varient to test with in the OpenLDAP module-guessing
game, from Howard Chu.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/selftest/env/Samba4.pm
branches/SAMBA_4_0/source/selftest/selftest.pl
Changeset:
Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm
===
--- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-21 00:36:17 UTC
(rev 26555)
+++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-21 02:33:43 UTC
(rev 26556)
@@ -46,7 +46,7 @@
# running slapd in the background means it stays in the same process
group, so it can be
# killed by timelimit
if ($self-{ldap} eq fedora-ds) {
- system($ENV{FEDORA_DS_PREFIX}/sbin/ns-slapd -D
$env_vars-{FEDORA_DS_DIR} -d0 -i $env_vars-{FEDORA_DS_PIDFILE}
$env_vars-{LDAPDIR}/logs 21 );
+ system($ENV{FEDORA_DS_ROOT}/sbin/ns-slapd -D
$env_vars-{FEDORA_DS_DIR} -d0 -i $env_vars-{FEDORA_DS_PIDFILE}
$env_vars-{LDAPDIR}/logs 21 );
} elsif ($self-{ldap} eq openldap) {
openldap_start($env_vars-{SLAPD_CONF}, $uri,
$env_vars-{LDAPDIR}/logs);
}
@@ -204,10 +204,10 @@
system($self-{bindir}/ad2oLschema $configuration -H
$ldapdir/schema-tmp.ldb --option=convert:target=fedora-ds -I
$self-{setupdir}/schema-map-fedora-ds-1.0 -O $ldapdir/99_ad.ldif 2) == 0 or
die(schema conversion for Fedora DS failed);
my $dir = getcwd();
-chdir $ENV{FEDORA_DS_PREFIX}/bin || die;
- if (system(perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent
--file=$fedora_ds_inf 2) != 0) {
+chdir $ENV{FEDORA_DS_ROOT}/bin || die;
+ if (system(perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent
--file=$fedora_ds_inf 2) != 0) {
chdir $dir;
-die(perl $ENV{FEDORA_DS_PREFIX}/sbin/setup-ds.pl --silent
--file=$fedora_ds_inf FAILED: $?);
+die(perl $ENV{FEDORA_DS_ROOT}/sbin/setup-ds.pl --silent
--file=$fedora_ds_inf FAILED: $?);
}
chdir $dir || die;
@@ -227,10 +227,10 @@
my $oldpath = $ENV{PATH};
my $olpath = ;
- my $olroot = ;
- if (defined $ENV{OPENLDAP_ROOT}) {
+ my $olroot = ;
+ if (defined $ENV{OPENLDAP_ROOT}) {
$olroot = $ENV{OPENLDAP_ROOT};
- $olpath = $olroot/libexec:$olroot/sbin:;
+ $olpath = $olroot/libexec:$olroot/sbin:;
}
$ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH};
@@ -241,6 +241,7 @@
open(CONF, $modconf);
# enable slapd modules
print CONF
+modulepath $olpath/libexec/openldap
moduleload back_hdb
moduleload syncprov
;
@@ -251,6 +252,16 @@
open(CONF, $modconf);
# enable slapd modules
print CONF
+moduleload back_hdb
+moduleload syncprov
+;
+ close(CONF);
+ }
+
+ if (system(slaptest -u -f $slapd_conf 2) != 0) {
+ open(CONF, $modconf);
+ # enable slapd modules
+ print CONF
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
Modified: branches/SAMBA_4_0/source/selftest/selftest.pl
===
--- branches/SAMBA_4_0/source/selftest/selftest.pl 2007-12-21 00:36:17 UTC
(rev 26555)
+++ branches/SAMBA_4_0/source/selftest/selftest.pl 2007-12-21 02:33:43 UTC
(rev 26556)
@@ -356,7 +356,7 @@
# Backwards compatibility:
if (defined($ENV{TEST_LDAP}) and $ENV{TEST_LDAP} eq yes) {
- if (defined($ENV{FEDORA_DS_PREFIX})) {
+ if (defined($ENV{FEDORA_DS_ROOT})) {
$ldap = fedora-ds;
} else {
$ldap = openldap;
svn commit: samba r26541 - in branches/SAMBA_4_0_RELEASE/source: .
Author: abartlet Date: 2007-12-20 03:44:06 + (Thu, 20 Dec 2007) New Revision: 26541 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26541 Log: Mark this as the release Modified: branches/SAMBA_4_0_RELEASE/source/VERSION Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/VERSION === --- branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 00:02:15 UTC (rev 26540) +++ branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 03:44:06 UTC (rev 26541) @@ -89,7 +89,7 @@ # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_SVN_SNAPSHOT=yes +SAMBA_VERSION_IS_SVN_SNAPSHOT=no # This is for specifying a release nickname#
svn commit: samba r26542 - in tags: .
Author: abartlet Date: 2007-12-20 03:56:41 + (Thu, 20 Dec 2007) New Revision: 26542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26542 Log: Tag alpha2 release. Andrew Bartlett Added: tags/release-4-0-0alpha2/ Changeset: Copied: tags/release-4-0-0alpha2 (from rev 26541, branches/SAMBA_4_0_RELEASE)
svn commit: samba r26543 - in tags: .
Author: abartlet Date: 2007-12-20 04:03:33 + (Thu, 20 Dec 2007) New Revision: 26543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26543 Log: Tag Samba4 alpha1 release Andrew Bartlett Added: tags/release-4-0-0alpha1/ Changeset: Copied: tags/release-4-0-0alpha1 (from rev 26542, branches/SAMBA_4_0_RELEASE_ALPHA1)
svn commit: samba r26544 - in tags: .
Author: abartlet Date: 2007-12-20 04:10:28 + (Thu, 20 Dec 2007) New Revision: 26544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26544 Log: Tag Samba4 tp5 release. Andrew Bartlett Added: tags/release-4-0-0tp5/ Changeset: Copied: tags/release-4-0-0tp5 (from rev 26543, branches/SAMBA_4_0_RELEASE_TP5)
svn commit: samba r26529 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet
Date: 2007-12-19 00:39:27 + (Wed, 19 Dec 2007)
New Revision: 26529
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26529
Log:
Indeed, this belongs in the schema module. Ranged results need to use
an attribute with ';' in the name.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-12-18 22:50:49 UTC
(rev 26528)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c 2007-12-19 00:39:27 UTC
(rev 26529)
@@ -124,11 +124,6 @@
{
struct ldb_message_element *els;
- /* FIXME: we should probably leave this to the schema module to check */
- if (! ldb_valid_attr_name(attr_name)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
els = talloc_realloc(msg, msg-elements,
struct ldb_message_element, msg-num_elements+1);
if (!els) {
svn commit: samba r26501 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-17 10:26:56 + (Mon, 17 Dec 2007) New Revision: 26501 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26501 Log: Merge kblin's updated README Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/README Changeset: Modified: branches/SAMBA_4_0_RELEASE/README === --- branches/SAMBA_4_0_RELEASE/README 2007-12-17 10:24:26 UTC (rev 26500) +++ branches/SAMBA_4_0_RELEASE/README 2007-12-17 10:26:56 UTC (rev 26501) @@ -3,8 +3,9 @@ this branch is support for the Active Directory logon protocols used by Windows 2000 and above. -While we welcome your interest in Samba 4, we don't want you to run your network with it quite yet. Please note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work. +While we welcome your interest in Samba 4, we don't want you to run your +network with it quite yet. Please note the WARNINGS below, and the +STATUS file, which aims to document what should and should not work. With 4 years of development under our belt since Tridge first proposed a new Virtual File System (VFS) layer for Samba3 (a project which @@ -17,12 +18,12 @@ WARNINGS -Samba4 TP is currently a pre-alpha technology. That is more a -reference to Samba4's lack of the features we expect you will need -than a statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. +Samba4 is currently at alpha stage. That is more a reference to +Samba4's lack of the features we expect you will need than a statement +of code quality, but clearly it hasn't seen a broad deployment yet. If +you were to upgrade Samba3 (or indeed Windows) to Samba4, you would find +many things work, but that other key features you may have relied on +simply are not there yet. For example, while Samba 3.0 is an excellent member of a Active Directory domain, Samba4 is happier as a domain controller: (This is @@ -98,10 +99,10 @@ Those familiar with Samba 3 can find a list of user-visible changes since that release series in the NEWS file. - - An optional password is no longer supported as the second argument to + - An optional password is no longer supported as the second argument to smbclient. - - The default location of smb.conf in non-FHS builds has changed from the + - The default location of smb.conf in non-FHS builds has changed from the PREFIX/lib directory to the PREFIX/etc directory. KNOWN ISSUES @@ -109,7 +110,7 @@ - Standalone server and domain member roles are not currently supported. While we have much of the infrastructure required, we - have not collected these pieces together. + have not collected these pieces together. - There is no printing support in the current release.
svn commit: samba r26479 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet
Date: 2007-12-17 02:13:41 + (Mon, 17 Dec 2007)
New Revision: 26479
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26479
Log:
Further test behaviour of 'attribute or value exists'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-17 01:03:08 UTC (rev
26478)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-17 02:13:41 UTC (rev
26479)
@@ -137,6 +137,7 @@
}
}
+ println(Testing attribute or value exists behaviour);
ok = ldb.modify(
dn: cn=ldaptest2computer,cn=computers, + base_dn +
changetype: modify
@@ -152,6 +153,32 @@
assert(ok.error == 20);
}
+ ok = ldb.modify(
+dn: cn=ldaptest2computer,cn=computers, + base_dn +
+changetype: modify
+replace: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer
+servicePrincipalName: cifs/ldaptest2computer
+);
+
+ if (ok.error != 0) {
+ println(Failed to replace servicePrincpalName: +
ok.errstr);
+ assert(ok.error == 20);
+ }
+
+ ok = ldb.modify(
+dn: cn=ldaptest2computer,cn=computers, + base_dn +
+changetype: modify
+add: servicePrincipalName
+servicePrincipalName: host/ldaptest2computer
+);
+
+//LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
+ if (ok.error != 20) {
+ println(Expected error
LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS, got : + ok.errstr);
+ assert(ok.error == 20);
+ }
+
ok = ldb.add(
dn: cn=ldaptestuser2,cn=useRs, + base_dn +
objectClass: person
svn commit: samba r26485 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-12-17 05:19:48 + (Mon, 17 Dec 2007)
New Revision: 26485
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26485
Log:
Fix indent, remove left-over debug.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-17
04:56:54 UTC (rev 26484)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c 2007-12-17
05:19:48 UTC (rev 26485)
@@ -229,7 +229,7 @@
case LDB_OP_OR:
for (i=0;itree-u.list.num_elements;i++) {
tree-u.list.elements[i] =
anr_replace_subtrees(tree-u.list.elements[i],
-
attr, callback, context);
+ attr,
callback, context);
if (!tree-u.list.elements[i]) {
return NULL;
}
@@ -291,7 +291,6 @@
* point just setting this on the down_req */
req-op.search.tree = talloc_steal(req, anr_tree);
- DEBUG(0, (anr: %s\n, ldb_filter_from_tree(req, anr_tree)));
}
/* TODO: Add a callback, and ensure we retry the search with surname
and given name if we fail to match */
svn commit: samba r26488 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet
Date: 2007-12-17 05:56:42 + (Mon, 17 Dec 2007)
New Revision: 26488
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26488
Log:
Implement tests for the ranged_results module.
Untested code is broken code, so rework the module until it passes...
It turns out that AD puts search attributes onto the wire in the
reverse order to what Samba does. This complicates exact value
matching, so this is skipped for now.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-17 05:53:37 UTC (rev 26487)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-17 05:56:42 UTC (rev 26488)
@@ -60,9 +60,10 @@
if (strncasecmp(p, ;range=, strlen(;range=)) != 0) {
continue;
}
- if (sscanf(p, ;range=%u-*, start) == 1) {
+ if (sscanf(p, ;range=%u-%u, start, end) == 2) {
+ } else if (sscanf(p, ;range=%u-*, start) == 1) {
end = (unsigned int)-1;
- } else if (sscanf(p, ;range=%u-%u, start, end) != 2) {
+ } else {
continue;
}
new_attr = talloc_strndup(orig_req,
@@ -82,39 +83,44 @@
ldb_asprintf_errstring(ldb, range request error: start
must not be greater than end);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- if (end = el-num_values) {
+ if (end = (el-num_values - 1)) {
/* Need to leave the requested attribute in
* there (so add an empty one to match) */
end_str = *;
- end = el-num_values;
- ret = ldb_msg_add_empty(ares-message,
orig_req-op.search.attrs[i],
- 0, NULL);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ end = el-num_values - 1;
} else {
end_str = talloc_asprintf(el, %u, end);
+ if (!end_str) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
- orig_values = el-values;
- orig_num_values = el-num_values;
-
- if ((start + end start) || (start + end end)) {
- ldb_asprintf_errstring(ldb, range request error: start
or end would overflow!);
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ /* If start is greater then where we noe find the end to be */
+ if (start end) {
+ el-num_values = 0;
+ el-values = NULL;
+ } else {
+ orig_values = el-values;
+ orig_num_values = el-num_values;
+
+ if ((start + end start) || (start + end end)) {
+ ldb_asprintf_errstring(ldb, range request
error: start or end would overflow!);
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ el-num_values = 0;
+
+ el-values = talloc_array(el, struct ldb_val, (end -
start) + 1);
+ if (!el-values) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ for (j=start; j = end; j++) {
+ el-values[el-num_values] = orig_values[j];
+ el-num_values++;
+ }
}
-
- el-values = talloc_array(el, struct ldb_val, end - start);
- el-num_values = 0;
-
- if (!el-values) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- for (j=start; j end; j++) {
- el-values[el-num_values] = orig_values[j];
- el-num_values++;
- }
- el-name = talloc_asprintf(el, %s;Range=%u-%s, el-name,
start, end_str);
+ el-name = talloc_asprintf(el, %s;range=%u-%s, el-name,
start, end_str);
if (!el-name) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
Modified: branches/SAMBA_4_0/testprogs
svn commit: samba r26489 - in branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-12-17 06:02:54 + (Mon, 17 Dec 2007)
New Revision: 26489
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26489
Log:
Merge fixed ranged results module to release branch.
This is the last blocker for the release that I know of.
Andrew Bartlett
Modified:
branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c
Changeset:
Modified:
branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c
===
--- branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-17 05:56:42 UTC (rev 26488)
+++ branches/SAMBA_4_0_RELEASE/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-17 06:02:54 UTC (rev 26489)
@@ -60,9 +60,10 @@
if (strncasecmp(p, ;range=, strlen(;range=)) != 0) {
continue;
}
- if (sscanf(p, ;range=%u-*, start) == 1) {
+ if (sscanf(p, ;range=%u-%u, start, end) == 2) {
+ } else if (sscanf(p, ;range=%u-*, start) == 1) {
end = (unsigned int)-1;
- } else if (sscanf(p, ;range=%u-%u, start, end) != 2) {
+ } else {
continue;
}
new_attr = talloc_strndup(orig_req,
@@ -82,39 +83,44 @@
ldb_asprintf_errstring(ldb, range request error: start
must not be greater than end);
return LDB_ERR_UNWILLING_TO_PERFORM;
}
- if (end = el-num_values) {
+ if (end = (el-num_values - 1)) {
/* Need to leave the requested attribute in
* there (so add an empty one to match) */
end_str = *;
- end = el-num_values;
- ret = ldb_msg_add_empty(ares-message,
orig_req-op.search.attrs[i],
- 0, NULL);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
+ end = el-num_values - 1;
} else {
end_str = talloc_asprintf(el, %u, end);
+ if (!end_str) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
}
- orig_values = el-values;
- orig_num_values = el-num_values;
-
- if ((start + end start) || (start + end end)) {
- ldb_asprintf_errstring(ldb, range request error: start
or end would overflow!);
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ /* If start is greater then where we noe find the end to be */
+ if (start end) {
+ el-num_values = 0;
+ el-values = NULL;
+ } else {
+ orig_values = el-values;
+ orig_num_values = el-num_values;
+
+ if ((start + end start) || (start + end end)) {
+ ldb_asprintf_errstring(ldb, range request
error: start or end would overflow!);
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ el-num_values = 0;
+
+ el-values = talloc_array(el, struct ldb_val, (end -
start) + 1);
+ if (!el-values) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ for (j=start; j = end; j++) {
+ el-values[el-num_values] = orig_values[j];
+ el-num_values++;
+ }
}
-
- el-values = talloc_array(el, struct ldb_val, end - start);
- el-num_values = 0;
-
- if (!el-values) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- for (j=start; j end; j++) {
- el-values[el-num_values] = orig_values[j];
- el-num_values++;
- }
- el-name = talloc_asprintf(el, %s;Range=%u-%s, el-name,
start, end_str);
+ el-name = talloc_asprintf(el, %s;range=%u-%s, el-name,
start, end_str);
if (!el-name) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
svn commit: samba r26490 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-17 06:03:53 + (Mon, 17 Dec 2007) New Revision: 26490 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26490 Log: Update WHATSNEW. Unless some fancy new words arive soon, this is what we will put out... Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-17 06:02:54 UTC (rev 26489) +++ branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-17 06:03:53 UTC (rev 26490) @@ -10,12 +10,9 @@ production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. -Samba4 alpha2 is the culmination of 4.5 years of development under our -belt since Tridge first proposed a new Virtual File System (VFS) layer -for Samba3 (a project which eventually lead to our Active Directory -efforts), and 1.5 years since we first released a Technology Preview, -we wish to allow users, managers and developers to see how we have -progressed, and to invite feedback and support. +Samba4 alpha2 follows on from our first alpha release, made in +September, and the Technology Preview series we have offered for some +time now. WARNINGS @@ -58,7 +55,7 @@ VFS is backed with an extensive automated test suite. A new scripting interface has been added to Samba 4, allowing -JavaScript programs to interface to Samba's internals. +Python programs to interface to Samba's internals. The Samba 4 architecture is based around an LDAP-like database that can use a range of modular backends. One of the backends supports
svn commit: samba r26424 - in branches/SAMBA_4_0/source: selftest/env setup
Author: abartlet
Date: 2007-12-13 09:46:41 + (Thu, 13 Dec 2007)
New Revision: 26424
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26424
Log:
Patch and hits from Howard Chu [EMAIL PROTECTED] for our automated setup
of OpenLDAP.
This makes it consistant with the Fedora DS setup, and doesn't mix
both hdb and bdb.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/selftest/env/Samba4.pm
branches/SAMBA_4_0/source/setup/slapd.conf
Changeset:
Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm
===
--- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-13 09:13:35 UTC
(rev 26423)
+++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-13 09:46:41 UTC
(rev 26424)
@@ -25,9 +25,11 @@
sub openldap_start($$$) {
my ($slapd_conf, $uri, $logs) = @_;
my $oldpath = $ENV{PATH};
+ my $olroot = ;
my $olpath = ;
- if (defined $ENV{OPENLDAP_PATH}) {
- $olpath = $ENV{OPENLDAP_PATH}:
+ if (defined $ENV{OPENLDAP_ROOT}) {
+ $olroot = $ENV{OPENLDAP_ROOT};
+ $olpath = $olroot/libexec:$olroot/sbin:;
}
$ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH};
system(slapd -d63 -f $slapd_conf -h $uri $logs 21 );
@@ -225,8 +227,10 @@
my $oldpath = $ENV{PATH};
my $olpath = ;
- if (defined $ENV{OPENLDAP_PATH}) {
- $olpath = $ENV{OPENLDAP_PATH}:
+ my $olroot = ;
+ if (defined $ENV{OPENLDAP_ROOT}) {
+ $olroot = $ENV{OPENLDAP_ROOT};
+ $olpath = $olroot/libexec:$olroot/sbin:;
}
$ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH};
Modified: branches/SAMBA_4_0/source/setup/slapd.conf
===
--- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-13 09:13:35 UTC (rev
26423)
+++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-13 09:46:41 UTC (rev
26424)
@@ -22,7 +22,7 @@
defaultsearchbase ${DOMAINDN}
backendhdb
-databasebdb
+databasehdb
suffix ${SCHEMADN}
directory ${LDAPDIR}/db/schema
index objectClass eq
svn commit: samba r26419 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules source/scripting/libjs testprogs/ejs
Author: abartlet Date: 2007-12-13 03:07:38 + (Thu, 13 Dec 2007) New Revision: 26419 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26419 Log: Add a module to implement 'ambigious name resolution' by munging the incoming LDAP filter. Warning: Any anr search will perform a full index search. Untill ldb gets substring indexes, this is unavoidable. Also implement a testsutie to show we match AD behaviour for this important extension (used in the Active Directory Users and Computers MMC plugin, as a genereral 'find'). This will also be useful to OpenChange, as their server needs to implement this. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/anr.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Sorry, the patch is too large (566 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26419
svn commit: samba r26420 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet
Date: 2007-12-13 07:04:57 + (Thu, 13 Dec 2007)
New Revision: 26420
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26420
Log:
Don't print a blow-by-blow description of every search we do, just the
errors that occour.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-13 03:07:38 UTC (rev
26419)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-12-13 07:04:57 UTC (rev
26420)
@@ -182,7 +182,7 @@
println(Testing Ambigious Name Resolution);
- println(Testing ldb.search for ((anr=ldap testy)(objectClass=user)));
+// Testing ldb.search for ((anr=ldap testy)(objectClass=user))
var res = ldb.search(((anr=ldap testy)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 3) {
println(Could not find ((anr=ldap testy)(objectClass=user)));
@@ -190,15 +190,15 @@
assert(res.msgs.length == 3);
}
- println(Testing ldb.search for ((anr=testy ldap)(objectClass=user)));
+// Testing ldb.search for ((anr=testy ldap)(objectClass=user))
var res = ldb.search(((anr=testy ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 2) {
- println(Could not find ((anr=testy ldap)(objectClass=user)));
+ println(Found only + res.msgs.length + for ((anr=testy
ldap)(objectClass=user)));
assert(res.error == 0);
assert(res.msgs.length == 2);
}
- println(Testing ldb.search for ((anr=ldap)(objectClass=user)));
+// Testing ldb.search for ((anr=ldap)(objectClass=user))
var res = ldb.search(((anr=ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 4) {
println(Found only + res.msgs.length + for
((anr=ldap)(objectClass=user)));
@@ -206,9 +206,10 @@
assert(res.msgs.length == 4);
}
- println(Testing ldb.search for ((anr==ldap)(objectClass=user)));
+// Testing ldb.search for ((anr==ldap)(objectClass=user))
var res = ldb.search(((anr==ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 1) {
+ println(Found only + res.msgs.length + for
((anr=ldap)(objectClass=user)));
println(Could not find ((anr==ldap)(objectClass=user)));
assert(res.error == 0);
assert(res.msgs.length == 1);
@@ -218,26 +219,26 @@
assert(res.msgs[0].cn == ldaptestuser);
assert(res.msgs[0].name == ldaptestuser);
- println(Testing ldb.search for ((anr=testy)(objectClass=user)));
+// Testing ldb.search for ((anr=testy)(objectClass=user))
var res = ldb.search(((anr=testy)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 2) {
- println(Could not find ((anr=testy)(objectClass=user)));
+ println(Found only + res.msgs.length + for
((anr=testy)(objectClass=user)));
assert(res.error == 0);
assert(res.msgs.length == 2);
}
- println(Testing ldb.search for ((anr=ldap testy)(objectClass=user)));
+// Testing ldb.search for ((anr=ldap testy)(objectClass=user))
var res = ldb.search(((anr=testy ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 2) {
- println(Could not find ((anr=ldap testy)(objectClass=user)));
+ println(Found only + res.msgs.length + for ((anr=ldap
testy)(objectClass=user)));
assert(res.error == 0);
assert(res.msgs.length == 2);
}
- println(Testing ldb.search for ((anr==ldap
testy)(objectClass=user)));
+// Testing ldb.search for ((anr==ldap testy)(objectClass=user))
var res = ldb.search(((anr==testy ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 1) {
- println(Could not find ((anr==ldap
testy)(objectClass=user)));
+ println(Found only + res.msgs.length + for ((anr==ldap
testy)(objectClass=user)));
assert(res.error == 0);
assert(res.msgs.length == 1);
}
@@ -246,7 +247,7 @@
assert(res.msgs[0].cn == ldaptestuser);
assert(res.msgs[0].name == ldaptestuser);
- println(Testing ldb.search for ((anr==testy
ldap)(objectClass=user)));
+// Testing ldb.search for ((anr==testy ldap)(objectClass=user))
var res = ldb.search(((anr==testy ldap)(objectClass=user)));
if (res.error != 0 || res.msgs.length != 1) {
println(Could not find ((anr==testy
ldap)(objectClass=user)));
@@ -258,7 +259,7 @@
assert(res.msgs[0].cn == ldaptestuser);
assert(res.msgs[0].name == ldaptestuser);
- println(Testing ldb.search for ((anr=testy ldap
user)(objectClass=user
svn commit: samba r26412 - in branches/SAMBA_4_0/source/dsdb/schema: .
Author: abartlet
Date: 2007-12-12 07:02:07 + (Wed, 12 Dec 2007)
New Revision: 26412
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26412
Log:
Add comments and refactor to reuse common code.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
===
--- branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-12-12 03:02:18 UTC
(rev 26411)
+++ branches/SAMBA_4_0/source/dsdb/schema/schema_init.c 2007-12-12 07:02:07 UTC
(rev 26412)
@@ -3,7 +3,8 @@
DSDB schema header
Copyright (C) Stefan Metzmacher [EMAIL PROTECTED] 2006
-
+ Copyright (C) Andrew Bartlett [EMAIL PROTECTED] 2007
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
@@ -1038,6 +1039,11 @@
return WERR_OK;
}
+/**
+ * Attach the schema to an opaque pointer on the ldb, so ldb modules
+ * can find it
+ */
+
int dsdb_set_schema(struct ldb_context *ldb, struct dsdb_schema *schema)
{
int ret;
@@ -1052,8 +1058,14 @@
return LDB_SUCCESS;
}
+/**
+ * Global variable to hold one copy of the schema, used to avoid memory bloat
+ */
static struct dsdb_schema *global_schema;
+/**
+ * Make this ldb use the 'global' schema, setup to avoid having multiple
copies in this process
+ */
int dsdb_set_global_schema(struct ldb_context *ldb)
{
int ret;
@@ -1068,6 +1080,10 @@
return LDB_SUCCESS;
}
+/**
+ * Find the schema object for this ldb
+ */
+
const struct dsdb_schema *dsdb_get_schema(struct ldb_context *ldb)
{
const void *p;
@@ -1087,18 +1103,14 @@
return schema;
}
+/**
+ * Make the schema found on this ldb the 'global' schema
+ */
+
void dsdb_make_schema_global(struct ldb_context *ldb)
{
const void *p;
- const struct dsdb_schema *schema;
-
- /* see if we have a cached copy */
- p = ldb_get_opaque(ldb, dsdb_schema);
- if (!p) {
- return;
- }
-
- schema = talloc_get_type(p, struct dsdb_schema);
+ const struct dsdb_schema *schema = dsdb_get_schema(ldb);
if (!schema) {
return;
}
@@ -1109,6 +1121,13 @@
dsdb_set_global_schema(ldb);
}
+
+/**
+ * Rather than read a schema from the LDB itself, read it from an ldif
+ * file. This allows schema to be loaded and used while adding the
+ * schema itself to the directory.
+ */
+
WERROR dsdb_attach_schema_from_ldif_file(struct ldb_context *ldb, const char
*pf, const char *df)
{
struct ldb_ldif *ldif;
svn commit: samba r26386 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet
Date: 2007-12-11 00:22:05 + (Tue, 11 Dec 2007)
New Revision: 26386
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26386
Log:
We need to test in more than just 'interactive' mode...
Fix segfault found when running smbd without options.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/util/debug.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/util/debug.c
===
--- branches/SAMBA_4_0/source/lib/util/debug.c 2007-12-10 18:42:07 UTC (rev
26385)
+++ branches/SAMBA_4_0/source/lib/util/debug.c 2007-12-11 00:22:05 UTC (rev
26386)
@@ -137,7 +137,7 @@
break;
case DEBUG_FILE:
- if ((*logfile) == '/') {
+ if (logfile (*logfile) == '/') {
fname = strdup(logfile);
} else {
asprintf(fname, %s/%s.log, dyn_LOGFILEBASE,
state.prog_name);
svn commit: samba r26387 - in branches/SAMBA_4_0_RELEASE/source/lib/util: .
Author: abartlet
Date: 2007-12-11 00:23:08 + (Tue, 11 Dec 2007)
New Revision: 26387
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26387
Log:
Merge logfile segfault into alpha2 branch.
Andrew Bartlett
Modified:
branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c
Changeset:
Modified: branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c
===
--- branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c 2007-12-11 00:22:05 UTC
(rev 26386)
+++ branches/SAMBA_4_0_RELEASE/source/lib/util/debug.c 2007-12-11 00:23:08 UTC
(rev 26387)
@@ -137,7 +137,7 @@
break;
case DEBUG_FILE:
- if ((*logfile) == '/') {
+ if (logfile (*logfile) == '/') {
fname = strdup(logfile);
} else {
asprintf(fname, %s/%s.log, dyn_LOGFILEBASE,
state.prog_name);
svn commit: samba r26388 - in branches/SAMBA_4_0_RELEASE/swat/install: .
Author: abartlet
Date: 2007-12-11 02:09:37 + (Tue, 11 Dec 2007)
New Revision: 26388
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26388
Log:
Fix up SWAT provision (again...), after changes I made to the
command-line version a while back.
Andrew Bartlett
Modified:
branches/SAMBA_4_0_RELEASE/swat/install/provision.esp
branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp
Changeset:
Modified: branches/SAMBA_4_0_RELEASE/swat/install/provision.esp
===
--- branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-11
00:23:08 UTC (rev 26387)
+++ branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-11
02:09:37 UTC (rev 26388)
@@ -11,7 +11,6 @@
var f = FormObj(Provisioning, 0, 2);
var i;
var lp = loadparm_init();
-
if ((session.authinfo.user_class == ADMINISTRATOR)
|| (session.authinfo.user_class == SYSTEM)) {
@@ -56,6 +55,9 @@
lp.reload();
var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
+ var paths = provision_default_paths(subobj);
+ provision_fix_subobj(subobj, paths);
+
if (!goodpass) {
write(h3Passwords don't match. Please try
again./h3);
f.display();
@@ -65,7 +67,6 @@
} else if (!provision_validate(subobj, writefln)) {
f.display();
} else {
- var paths = provision_default_paths(subobj);
if (!provision(subobj, writefln, false, paths,
session.authinfo.session_info,
session.authinfo.credentials, false)) {
writefln(Provision failed!);
Modified: branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp
===
--- branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-11 00:23:08 UTC
(rev 26387)
+++ branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-11 02:09:37 UTC
(rev 26388)
@@ -76,7 +76,8 @@
var session_info = session.authinfo.session_info;
var credentials = session.authinfo.credentials;
- info.credentials = credentials;
+ provision_fix_subobj(subobj, paths);
+
info.session_info = session_info;
info.message = writefln;
info.subobj = subobj;
svn commit: samba r26389 - in branches/SAMBA_4_0/swat/install: .
Author: abartlet
Date: 2007-12-11 02:10:46 + (Tue, 11 Dec 2007)
New Revision: 26389
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26389
Log:
Merge SWAT changes from alpha2 back into main Samba4 tree.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/swat/install/index.esp
branches/SAMBA_4_0/swat/install/provision.esp
branches/SAMBA_4_0/swat/install/samba3.esp
branches/SAMBA_4_0/swat/install/vampire.esp
Changeset:
Modified: branches/SAMBA_4_0/swat/install/index.esp
===
--- branches/SAMBA_4_0/swat/install/index.esp 2007-12-11 02:09:37 UTC (rev
26388)
+++ branches/SAMBA_4_0/swat/install/index.esp 2007-12-11 02:10:46 UTC (rev
26389)
@@ -1,7 +1,7 @@
% page_header(columns, Server Installation, install);
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
%
Modified: branches/SAMBA_4_0/swat/install/provision.esp
===
--- branches/SAMBA_4_0/swat/install/provision.esp 2007-12-11 02:09:37 UTC
(rev 26388)
+++ branches/SAMBA_4_0/swat/install/provision.esp 2007-12-11 02:10:46 UTC
(rev 26389)
@@ -11,10 +11,9 @@
var f = FormObj(Provisioning, 0, 2);
var i;
var lp = loadparm_init();
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
-
if (lp.get(realm) == ) {
lp.set(realm, lp.get(workgroup) + .example.com);
}
@@ -56,6 +55,9 @@
lp.reload();
var goodpass = (subobj.CONFIRM == subobj.ADMINPASS);
+ var paths = provision_default_paths(subobj);
+ provision_fix_subobj(subobj, paths);
+
if (!goodpass) {
write(h3Passwords don't match. Please try
again./h3);
f.display();
@@ -65,7 +67,6 @@
} else if (!provision_validate(subobj, writefln)) {
f.display();
} else {
- var paths = provision_default_paths(subobj);
if (!provision(subobj, writefln, false, paths,
session.authinfo.session_info,
session.authinfo.credentials, false)) {
writefln(Provision failed!);
Modified: branches/SAMBA_4_0/swat/install/samba3.esp
===
--- branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-11 02:09:37 UTC (rev
26388)
+++ branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-11 02:10:46 UTC (rev
26389)
@@ -15,8 +15,8 @@
h1Import from Samba3/h1
%
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
if (form['submit'] == Cancel) {
redirect(/);
Modified: branches/SAMBA_4_0/swat/install/vampire.esp
===
--- branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-11 02:09:37 UTC (rev
26388)
+++ branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-11 02:10:46 UTC (rev
26389)
@@ -14,8 +14,8 @@
var i;
var lp = loadparm_init();
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
if (lp.get(realm) == ) {
lp.set(realm, lp.get(workgroup) + .example.com);
@@ -76,7 +76,8 @@
var session_info = session.authinfo.session_info;
var credentials = session.authinfo.credentials;
- info.credentials = credentials;
+ provision_fix_subobj(subobj, paths);
+
info.session_info = session_info;
info.message = writefln;
info.subobj = subobj;
svn commit: samba r26390 - in branches/SAMBA_4_0_RELEASE: .
Author: abartlet Date: 2007-12-11 02:53:40 + (Tue, 11 Dec 2007) New Revision: 26390 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26390 Log: Start on a WHATSNEW for the alpah2 release. Andrew Bartlett Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_4_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-11 02:10:46 UTC (rev 26389) +++ branches/SAMBA_4_0_RELEASE/WHATSNEW.txt 2007-12-11 02:53:40 UTC (rev 26390) @@ -70,24 +70,24 @@ CHANGES SINCE TP5 = -In the time since TP5 was released in June 2007, Samba has +In the time since Sama4 Alpha1 was released in September 2007, Samba has continued to evolve, but you may particularly notice these areas: - Group Policy Support: Basic group policies may be defined, and are - enforced by Windows clients - MMC Support: The Active Directory Users and Computers console now - works, supporting most operations. + handles group membership correctly. - Winbind: Kai Blin has been working hard on his Google Summer of - Code project, creating a winbind implementation for Samba4. + member/memberOf: These and other linked attributes are now kept in + sync - Heimdal update: A Heimdal 1.0 snapshot is now included as the - internal Kerberos library in Samba4. + subtree renames: Renaming a subtree of LDAP objects is now possible, + with all linked attributes being kept consistant. - In the past few weeks, many small but significant bugs have been - fixed, particularly thanks to Matthias Dieter Wallnöfer [EMAIL PROTECTED] + Python Bindings: Bindings for a future move to python as the + internal scripting language have been created. + Shared library use: In support of projects such as OpenChange, + which depend on Samba4, more of Samba4 is built as shared libraries. + These are just some of the highlights of the work done in the past few months. More details can be found in our SVN history. @@ -106,12 +106,6 @@ - There is no printing support in the current release. -- Support for managing groups is currently poor (as the - memberOf/member linked attributes are not kept in sync). - -- Renaming and deleting subtrees (containers) in the the LDB tree will - have unexpected results. - - The Samba4 port of the CTDB clustering support is not yet complete - Clock Synchronisation is critical. Many 'wrong password' errors are
svn commit: samba r26354 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet
Date: 2007-12-10 01:45:04 + (Mon, 10 Dec 2007)
New Revision: 26354
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26354
Log:
In trying to chase down why we have reports that WinXP won't join
Samba4, rule out incorrect sid types in LSA LookupName returns.
Also fix the test to pass against Win2k3 Native mode.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/rpc/lsa.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c
===
--- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2007-12-08 23:32:43 UTC (rev
26353)
+++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2007-12-10 01:45:04 UTC (rev
26354)
@@ -29,6 +29,8 @@
#include torture/rpc/rpc.h
#include param/param.h
+#define TEST_MACHINENAME lsatestmach
+
static void init_lsa_String(struct lsa_String *name, const char *s)
{
name-string = s;
@@ -125,9 +127,27 @@
return true;
}
+
+static const char *sid_type_lookup(enum lsa_SidType r)
+{
+ switch (r) {
+ case SID_NAME_USE_NONE: return SID_NAME_USE_NONE; break;
+ case SID_NAME_USER: return SID_NAME_USER; break;
+ case SID_NAME_DOM_GRP: return SID_NAME_DOM_GRP; break;
+ case SID_NAME_DOMAIN: return SID_NAME_DOMAIN; break;
+ case SID_NAME_ALIAS: return SID_NAME_ALIAS; break;
+ case SID_NAME_WKN_GRP: return SID_NAME_WKN_GRP; break;
+ case SID_NAME_DELETED: return SID_NAME_DELETED; break;
+ case SID_NAME_INVALID: return SID_NAME_INVALID; break;
+ case SID_NAME_UNKNOWN: return SID_NAME_UNKNOWN; break;
+ case SID_NAME_COMPUTER: return SID_NAME_COMPUTER; break;
+ }
+ return Invalid sid type\n;
+}
+
static bool test_LookupNames(struct dcerpc_pipe *p,
- TALLOC_CTX *mem_ctx,
- struct policy_handle *handle,
+TALLOC_CTX *mem_ctx,
+struct policy_handle *handle,
struct lsa_TransNameArray *tnames)
{
struct lsa_LookupNames r;
@@ -157,11 +177,34 @@
r.out.sids = sids;
status = dcerpc_lsa_LookupNames(p, mem_ctx, r);
- if (!NT_STATUS_IS_OK(status)) {
+
+ if (NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) ||
+ NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+ for (i=0;i tnames-count;i++) {
+ if (i count sids.sids[i].sid_type ==
SID_NAME_UNKNOWN) {
+ printf(LookupName of %s was unmapped\n,
+ tnames-names[i].name.string);
+ } else if (i =count) {
+ printf(LookupName of %s failed to return a
result\n,
+ tnames-names[i].name.string);
+ }
+ }
printf(LookupNames failed - %s\n, nt_errstr(status));
return false;
+ } else if (!NT_STATUS_IS_OK(status)) {
+ printf(LookupNames failed - %s\n, nt_errstr(status));
+ return false;
}
-
+
+ for (i=0;i tnames-count;i++) {
+ if (i count sids.sids[i].sid_type !=
tnames-names[i].sid_type) {
+ printf(LookupName of %s got unexpected name type:
%s\n,
+ tnames-names[i].name.string,
sid_type_lookup(sids.sids[i].sid_type));
+ } else if (i =count) {
+ printf(LookupName of %s failed to return a result\n,
+ tnames-names[i].name.string);
+ }
+ }
printf(\n);
return true;
@@ -228,30 +271,39 @@
tnames.names = name;
tnames.count = 1;
name.name.string = NT AUTHORITY\\SYSTEM;
+ name.sid_type = SID_NAME_WKN_GRP;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
name.name.string = NT AUTHORITY\\ANONYMOUS LOGON;
+ name.sid_type = SID_NAME_WKN_GRP;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
name.name.string = NT AUTHORITY\\Authenticated Users;
+ name.sid_type = SID_NAME_WKN_GRP;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
+#if 0
name.name.string = NT AUTHORITY;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
name.name.string = NT AUTHORITY\\;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
+#endif
name.name.string = BUILTIN\\;
+ name.sid_type = SID_NAME_DOMAIN;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
name.name.string = BUILTIN\\Administrators;
ret = test_LookupNames(p, mem_ctx, handle, tnames);
+ name.sid_type = SID_NAME_ALIAS;
name.name.string = SYSTEM;
+ name.sid_type = SID_NAME_WKN_GRP;
ret
svn commit: samba r26361 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: abartlet
Date: 2007-12-10 05:45:41 + (Mon, 10 Dec 2007)
New Revision: 26361
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26361
Log:
Ensure this test cannot proceed if the pipe connection failed.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/libnet/libnet_share.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c
===
--- branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10
04:33:39 UTC (rev 26360)
+++ branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10
05:45:41 UTC (rev 26361)
@@ -216,6 +216,8 @@
p,
ndr_table_srvsvc);
+ torture_assert_ntstatus_ok(torture, status, Failed to get rpc
connection);
+
if (!test_addshare(p, torture, host, TEST_SHARENAME)) {
return false;
}
svn commit: samba r26362 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: abartlet
Date: 2007-12-10 06:21:29 + (Mon, 10 Dec 2007)
New Revision: 26362
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26362
Log:
Fix segfault in NET-API-DELSHARE torture test.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/libnet/libnet_share.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_share.c
===
--- branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10
05:45:41 UTC (rev 26361)
+++ branches/SAMBA_4_0/source/torture/libnet/libnet_share.c 2007-12-10
06:21:29 UTC (rev 26362)
@@ -183,6 +183,7 @@
add.in.server_unc = host;
add.in.level = 2;
add.in.info.info2 = i;
+ add.in.parm_error = NULL;
status = dcerpc_srvsvc_NetShareAdd(svc_pipe, mem_ctx, add);
if (!NT_STATUS_IS_OK(status)) {
svn commit: samba r26363 - in branches: .
Author: abartlet Date: 2007-12-10 06:38:59 + (Mon, 10 Dec 2007) New Revision: 26363 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26363 Log: Move alpha1 release aside in preperation for cutting an alpha2 release. Andrew Bartlett Added: branches/SAMBA_4_0_RELEASE_ALPHA1/ Removed: branches/SAMBA_4_0_RELEASE/ Changeset: Copied: branches/SAMBA_4_0_RELEASE_ALPHA1 (from rev 26362, branches/SAMBA_4_0_RELEASE)
svn commit: samba r26364 - in branches: . SAMBA_4_0_RELEASE/source/lib/util SAMBA_4_0_RELEASE/swat/install
Author: abartlet
Date: 2007-12-10 06:39:42 + (Mon, 10 Dec 2007)
New Revision: 26364
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26364
Log:
Branch Samba 4.0 for an alpha2 release.
Andrew Bartlett
Added:
branches/SAMBA_4_0_RELEASE/
branches/SAMBA_4_0_RELEASE/source/lib/util/smbrun.c
Modified:
branches/SAMBA_4_0_RELEASE/swat/install/index.esp
branches/SAMBA_4_0_RELEASE/swat/install/provision.esp
branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp
branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp
Changeset:
Copied: branches/SAMBA_4_0_RELEASE (from rev 26362, branches/SAMBA_4_0)
Copied: branches/SAMBA_4_0_RELEASE/source/lib/util/smbrun.c (from rev 25225,
branches/SAMBA_3_2/source/lib/smbrun.c)
Modified: branches/SAMBA_4_0_RELEASE/swat/install/index.esp
===
--- branches/SAMBA_4_0/swat/install/index.esp 2007-12-10 06:21:29 UTC (rev
26362)
+++ branches/SAMBA_4_0_RELEASE/swat/install/index.esp 2007-12-10 06:39:42 UTC
(rev 26364)
@@ -1,7 +1,7 @@
% page_header(columns, Server Installation, install);
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
%
Modified: branches/SAMBA_4_0_RELEASE/swat/install/provision.esp
===
--- branches/SAMBA_4_0/swat/install/provision.esp 2007-12-10 06:21:29 UTC
(rev 26362)
+++ branches/SAMBA_4_0_RELEASE/swat/install/provision.esp 2007-12-10
06:39:42 UTC (rev 26364)
@@ -12,8 +12,8 @@
var i;
var lp = loadparm_init();
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
if (lp.get(realm) == ) {
lp.set(realm, lp.get(workgroup) + .example.com);
Modified: branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp
===
--- branches/SAMBA_4_0/swat/install/samba3.esp 2007-12-10 06:21:29 UTC (rev
26362)
+++ branches/SAMBA_4_0_RELEASE/swat/install/samba3.esp 2007-12-10 06:39:42 UTC
(rev 26364)
@@ -15,8 +15,8 @@
h1Import from Samba3/h1
%
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
if (form['submit'] == Cancel) {
redirect(/);
Modified: branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp
===
--- branches/SAMBA_4_0/swat/install/vampire.esp 2007-12-10 06:21:29 UTC (rev
26362)
+++ branches/SAMBA_4_0_RELEASE/swat/install/vampire.esp 2007-12-10 06:39:42 UTC
(rev 26364)
@@ -14,8 +14,8 @@
var i;
var lp = loadparm_init();
-if (session.authinfo.user_class == ADMINISTRATOR
-|| session.authinfo.user_class == SYSTEM) {
+if ((session.authinfo.user_class == ADMINISTRATOR)
+|| (session.authinfo.user_class == SYSTEM)) {
if (lp.get(realm) == ) {
lp.set(realm, lp.get(workgroup) + .example.com);
svn commit: samba r26365 - in branches/SAMBA_4_0/source: .
Author: abartlet Date: 2007-12-10 06:40:37 + (Mon, 10 Dec 2007) New Revision: 26365 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26365 Log: This will now be the alpha3 tree (once I release alpha2). Andrew Bartlett Modified: branches/SAMBA_4_0/source/VERSION Changeset: Modified: branches/SAMBA_4_0/source/VERSION === --- branches/SAMBA_4_0/source/VERSION 2007-12-10 06:39:42 UTC (rev 26364) +++ branches/SAMBA_4_0/source/VERSION 2007-12-10 06:40:37 UTC (rev 26365) @@ -57,7 +57,7 @@ # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # - 4.0.0alpha1 # -SAMBA_VERSION_ALPHA_RELEASE=2 +SAMBA_VERSION_ALPHA_RELEASE=3 # For 'pre' releases the version will be #
svn commit: samba r26324 - in branches/SAMBA_4_0/source/dsdb: common samdb
Author: abartlet Date: 2007-12-06 23:15:37 + (Thu, 06 Dec 2007) New Revision: 26324 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26324 Log: Fix includes for Jelmer. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/common/sidmap.c === --- branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-12-06 22:39:44 UTC (rev 26323) +++ branches/SAMBA_4_0/source/dsdb/common/sidmap.c 2007-12-06 23:15:37 UTC (rev 26324) @@ -25,7 +25,7 @@ #include dsdb/samdb/samdb.h #include auth/auth.h #include libcli/ldap/ldap_ndr.h -#include ldb.h +#include lib/ldb/include/ldb.h #include util/util_ldb.h #include libcli/security/security.h #include param/param.h Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-12-06 22:39:44 UTC (rev 26323) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-12-06 23:15:37 UTC (rev 26324) @@ -24,6 +24,7 @@ #include includes.h #include librpc/gen_ndr/drsuapi.h #include rpc_server/common/common.h +#include lib/ldb/include/ldb.h #include lib/ldb/include/ldb_errors.h #include system/kerberos.h #include auth/kerberos/kerberos.h @@ -31,7 +32,6 @@ #include libcli/security/security.h #include librpc/gen_ndr/ndr_misc.h #include auth/auth.h -#include ldb.h #include util/util_ldb.h #include dsdb/samdb/samdb.h #include param/param.h
svn commit: samba r26297 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-12-05 00:35:19 + (Wed, 05 Dec 2007)
New Revision: 26297
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26297
Log:
Correct error message. This function verifies attributes, not
objectclasses.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
2007-12-04 20:05:00 UTC (rev 26296)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
2007-12-05 00:35:19 UTC (rev 26297)
@@ -349,7 +349,7 @@
for (i=0; i msg-num_elements; i++) {
const struct dsdb_attribute *attribute =
dsdb_attribute_by_lDAPDisplayName(schema, msg-elements[i].name);
if (!attribute) {
- ldb_asprintf_errstring(ldb, objectclass %s is not a
valid objectClass in schema, msg-elements[i].name);
+ ldb_asprintf_errstring(ldb, attribute %s is not a
valid attribute in schema, msg-elements[i].name);
return LDB_ERR_UNDEFINED_ATTRIBUTE_TYPE;
}
msg-elements[i].name = attribute-lDAPDisplayName;
svn commit: samba r26298 - in branches/SAMBA_4_0/source: dsdb/samdb rpc_server/netlogon scripting/ejs scripting/libjs setup
Author: abartlet
Date: 2007-12-05 00:40:48 + (Wed, 05 Dec 2007)
New Revision: 26298
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26298
Log:
Use metze's schema loading code to pre-initialise the schema into the
samdb before we start writing entries into it.
In doing so, I realised we still used 'dnsDomain', which is not part
of the standard schema (now removed).
We also set the 'wrong' side of the linked attributes for the
masteredBy on each partition - this is now set in provision_self_join
and backlinks via the linked attributes code.
When we have the schema loaded, we must also have a valid domain SID
loaded, so that the objectclass module works. This required some ejs
glue.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision_basedn_modify.ldif
branches/SAMBA_4_0/source/setup/provision_configuration_basedn_modify.ldif
branches/SAMBA_4_0/source/setup/provision_schema_basedn_modify.ldif
branches/SAMBA_4_0/source/setup/provision_self_join.ldif
branches/SAMBA_4_0/source/setup/schema_samba4.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-12-05 00:35:19 UTC
(rev 26297)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-12-05 00:40:48 UTC
(rev 26298)
@@ -1136,6 +1136,43 @@
return NULL;
}
+bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid
*dom_sid_in)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct dom_sid *dom_sid_new;
+ struct dom_sid *dom_sid_old;
+
+ /* see if we have a cached copy */
+ dom_sid_old = talloc_get_type(ldb_get_opaque(ldb,
+cache.domain_sid),
struct dom_sid);
+
+ tmp_ctx = talloc_new(ldb);
+ if (tmp_ctx == NULL) {
+ goto failed;
+ }
+
+ dom_sid_new = dom_sid_dup(tmp_ctx, dom_sid_in);
+ if (!dom_sid_new) {
+ goto failed;
+ }
+
+ /* cache the domain_sid in the ldb */
+ if (ldb_set_opaque(ldb, cache.domain_sid, dom_sid_new) !=
LDB_SUCCESS) {
+ goto failed;
+ }
+
+ talloc_steal(ldb, dom_sid_new);
+ talloc_free(tmp_ctx);
+ talloc_free(dom_sid_old);
+
+ return true;
+
+failed:
+ DEBUG(1,(Failed to set our own cached domain SID in the ldb!\n));
+ talloc_free(tmp_ctx);
+ return false;
+}
+
/* Obtain the short name of the flexible single master operator
* (FSMO), such as the PDC Emulator */
const char *samdb_result_fsmo_name(struct ldb_context *ldb, TALLOC_CTX
*mem_ctx, const struct ldb_message *msg,
Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
===
--- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
2007-12-05 00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c
2007-12-05 00:40:48 UTC (rev 26298)
@@ -985,6 +985,7 @@
const char * const attrs[] = { dnsDomain, objectGUID, NULL };
void *sam_ctx;
struct ldb_message **res;
+ struct ldb_dn *domain_dn;
int ret;
ZERO_STRUCT(r-out);
@@ -994,9 +995,13 @@
return WERR_DS_SERVICE_UNAVAILABLE;
}
- ret = gendb_search(sam_ctx, mem_ctx, NULL, res, attrs,
- ((objectClass=domainDNS)(dnsDomain=%s)),
- r-in.domain_name);
+ domain_dn = samdb_dns_domain_to_dn(sam_ctx, mem_ctx,
+ r-in.domain_name);
+ if (domain_dn == NULL) {
+ return WERR_DS_SERVICE_UNAVAILABLE;
+ }
+
+ ret = gendb_search_dn(sam_ctx, mem_ctx, domain_dn, res, attrs);
if (ret != 1) {
return WERR_NO_SUCH_DOMAIN;
}
Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c
===
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2007-12-05
00:35:19 UTC (rev 26297)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_ldb.c 2007-12-05
00:40:48 UTC (rev 26298)
@@ -28,6 +28,7 @@
#include ldb_wrap.h
#include dsdb/samdb/samdb.h
#include librpc/ndr/libndr.h
+#include libcli/security/security.h
/*
get the connected db
@@ -598,7 +599,7 @@
}
/*
- commit a ldb attach a dsdb_schema from ldif files
+ set a particular invocationId against the running LDB
usage:
ok = ldb.set_ntds_invocationId(7729aa4b-f990-41ad-b81a-8b6a14090f41);
*/
@@ -640,9 +641,9 @@
}
/*
- commit a ldb attach a dsdb_schema from
svn commit: samba r26299 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet
Date: 2007-12-05 00:56:11 + (Wed, 05 Dec 2007)
New Revision: 26299
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26299
Log:
Print out which module failed to initialise.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
===
--- branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2007-12-05
00:40:48 UTC (rev 26298)
+++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c 2007-12-05
00:56:11 UTC (rev 26299)
@@ -281,7 +281,7 @@
if (module module-ops-init_context
module-ops-init_context(module) != LDB_SUCCESS) {
- ldb_debug(ldb, LDB_DEBUG_FATAL, module initialization
failed\n);
+ ldb_debug(ldb, LDB_DEBUG_FATAL, module %s initialization
failed\n, module-ops-name);
return LDB_ERR_OPERATIONS_ERROR;
}
svn commit: samba r26300 - in branches/SAMBA_4_0/source/rpc_server/common: .
Author: abartlet
Date: 2007-12-05 01:20:53 + (Wed, 05 Dec 2007)
New Revision: 26300
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26300
Log:
Don't segfault when called from the ntptr libs.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/rpc_server/common/server_info.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/common/server_info.c
===
--- branches/SAMBA_4_0/source/rpc_server/common/server_info.c 2007-12-05
00:56:11 UTC (rev 26299)
+++ branches/SAMBA_4_0/source/rpc_server/common/server_info.c 2007-12-05
01:20:53 UTC (rev 26300)
@@ -66,19 +66,19 @@
/* This hardcoded value should go into a ldb database! */
_PUBLIC_ uint32_t dcesrv_common_get_version_major(TALLOC_CTX *mem_ctx, struct
dcesrv_context *dce_ctx)
{
- return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info,
version_major, 5);
+ return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL,
server_info, version_major, 5);
}
/* This hardcoded value should go into a ldb database! */
_PUBLIC_ uint32_t dcesrv_common_get_version_minor(TALLOC_CTX *mem_ctx, struct
dcesrv_context *dce_ctx)
{
- return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info,
version_minor, 2);
+ return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL,
server_info, version_minor, 2);
}
/* This hardcoded value should go into a ldb database! */
_PUBLIC_ uint32_t dcesrv_common_get_version_build(TALLOC_CTX *mem_ctx, struct
dcesrv_context *dce_ctx)
{
- return lp_parm_int(dce_ctx-lp_ctx, NULL, server_info,
version_build, 3790);
+ return lp_parm_int(dce_ctx ? dce_ctx-lp_ctx : global_loadparm, NULL,
server_info, version_build, 3790);
}
/* This hardcoded value should go into a ldb database! */
svn commit: samba r26302 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet
Date: 2007-12-05 01:25:39 + (Wed, 05 Dec 2007)
New Revision: 26302
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26302
Log:
Print the error string for failed rootdse searches.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
01:25:07 UTC (rev 26301)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
01:25:39 UTC (rev 26302)
@@ -198,7 +198,10 @@
var j;
var res = ldb.search((objectClass=*), , ldb.SCOPE_BASE,
rootDSE_attrs);
- assert(res.error == 0);
+ if (res.error != 0) {
+ info.message(rootdse search failed: + res.errstr + \n);
+ assert(res.error == 0);
+ }
assert(res.msgs.length == 1);
if (typeof(res.msgs[0].namingContexts) == undefined) {
return;
svn commit: samba r26303 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet
Date: 2007-12-05 03:00:48 + (Wed, 05 Dec 2007)
New Revision: 26303
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26303
Log:
Fix up error reporting during the delete of previous entries in the
provision, and ignore 'no such entry' as an error (it is normal, and
just means the partition is compleatly empty).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
01:25:39 UTC (rev 26302)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
03:00:48 UTC (rev 26303)
@@ -224,7 +224,10 @@
var res2 = ldb.search(anything, basedn,
ldb.SCOPE_SUBTREE, attrs);
var i;
if (res2.error != 0) {
- info.message(ldb search failed: + res.errstr
+ \n);
+ if (res2.error == 32) {
+ break;
+ }
+ info.message(ldb search failed: +
res2.errstr + \n);
continue;
}
previous_remaining = current_remaining;
@@ -235,7 +238,7 @@
var res3 = ldb.search(anything, basedn,
ldb.SCOPE_SUBTREE, attrs);
if (res3.error != 0) {
- info.message(ldb search failed: + res.errstr
+ \n);
+ info.message(ldb search failed: +
res3.errstr + \n);
continue;
}
if (res3.msgs.length != 0) {
svn commit: samba r26304 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet
Date: 2007-12-05 03:03:33 + (Wed, 05 Dec 2007)
New Revision: 26304
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26304
Log:
More work to remove silly error printouts.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
03:00:48 UTC (rev 26303)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-05
03:03:33 UTC (rev 26304)
@@ -226,9 +226,10 @@
if (res2.error != 0) {
if (res2.error == 32) {
break;
+ } else {
+ info.message(ldb search(2) failed: +
res2.errstr + \n);
+ continue;
}
- info.message(ldb search failed: +
res2.errstr + \n);
- continue;
}
previous_remaining = current_remaining;
current_remaining = res2.msgs.length;
@@ -238,7 +239,7 @@
var res3 = ldb.search(anything, basedn,
ldb.SCOPE_SUBTREE, attrs);
if (res3.error != 0) {
- info.message(ldb search failed: +
res3.errstr + \n);
+ info.message(ldb search(3) failed: +
res3.errstr + \n);
continue;
}
if (res3.msgs.length != 0) {
svn commit: samba r26305 - in branches/SAMBA_4_0/source: selftest/env setup
Author: abartlet
Date: 2007-12-05 04:26:28 + (Wed, 05 Dec 2007)
New Revision: 26305
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26305
Log:
Update template files and testsuite to try and work with current
openldap, and fully support different LDAP server locations.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/selftest/env/Samba4.pm
branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3
branches/SAMBA_4_0/source/setup/slapd.conf
Changeset:
Modified: branches/SAMBA_4_0/source/selftest/env/Samba4.pm
===
--- branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-05 03:03:33 UTC
(rev 26304)
+++ branches/SAMBA_4_0/source/selftest/env/Samba4.pm2007-12-05 04:26:28 UTC
(rev 26305)
@@ -24,9 +24,13 @@
sub openldap_start($$$) {
my ($slapd_conf, $uri, $logs) = @_;
-my $oldpath = $ENV{PATH};
-$ENV{PATH} = /usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH};
-system(slapd -d0 -f $slapd_conf -h $uri $logs 21 );
+ my $oldpath = $ENV{PATH};
+ my $olpath = ;
+ if (defined $ENV{OPENLDAP_PATH}) {
+ $olpath = $ENV{OPENLDAP_PATH}:
+ }
+ $ENV{PATH} = $olpath/usr/local/sbin:/usr/sbin:/sbin:$ENV{PATH};
+system(slapd -d63 -f $slapd_conf -h $uri $logs 21 );
$ENV{PATH} = $oldpath;
}
Modified: branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3
===
--- branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 2007-12-05
03:03:33 UTC (rev 26304)
+++ branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 2007-12-05
04:26:28 UTC (rev 26305)
@@ -11,6 +11,7 @@
description
cn
top
+memberOf
#This shouldn't make it to the ldap server
sambaPassword
#These conflict with OpenLDAP builtins
Modified: branches/SAMBA_4_0/source/setup/slapd.conf
===
--- branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-05 03:03:33 UTC (rev
26304)
+++ branches/SAMBA_4_0/source/setup/slapd.conf 2007-12-05 04:26:28 UTC (rev
26305)
@@ -40,10 +40,10 @@
index name eq
index objectSid eq
index objectCategory eq
-index nCName eq pres
+index nCName eq
index subClassOf eq
index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
databasehdb
suffix ${DOMAINDN}
@@ -60,11 +60,11 @@
index gidNumber eq
index unixName eq
index privilege eq
-index nCName eq pres
+index nCName eq
index lDAPDisplayName eq
index subClassOf eq
index dnsRoot eq
-index nETBIOSName eq pres
+index nETBIOSName eq
#syncprov is stable in OpenLDAP 2.3, and available in 2.2.
#We only need this for the contextCSN attribute anyway
svn commit: samba r26282 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-12-04 03:37:41 + (Tue, 04 Dec 2007)
New Revision: 26282
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26282
Log:
These modules expect errors, but if we don't wipe the error string, we
get phony error strings at the caller, which is very confusing.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
2007-12-04 03:13:12 UTC (rev 26281)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c
2007-12-04 03:37:41 UTC (rev 26282)
@@ -453,6 +453,9 @@
if (ac-search_res == NULL) {
if (ldb_dn_compare(ldb_get_root_basedn(ac-module-ldb),
ac-orig_req-op.add.message-dn) == 0) {
/* Allow the tree to be started */
+
+ /* but don't keep any error string, it's meaningless */
+ ldb_set_errstring(ac-module-ldb, NULL);
} else {
ldb_asprintf_errstring(ac-module-ldb, objectclass:
Cannot add %s, parent does not exist!,
ldb_dn_get_linearized(ac-orig_req-op.add.message-dn));
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c
2007-12-04 03:13:12 UTC (rev 26281)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c
2007-12-04 03:37:41 UTC (rev 26282)
@@ -89,6 +89,10 @@
}
*req = *ac-orig_req;
+ /* Ensure any (io) errors during the search for
+* children don't propgate back in the error string */
+ ldb_set_errstr(ac-module-ldb, NULL);
+
ac-down_req = req;
ac-step = SD_DO_DEL;
return ldb_next_request(ac-module, req);
svn commit: samba r26283 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet Date: 2007-12-04 03:38:35 + (Tue, 04 Dec 2007) New Revision: 26283 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26283 Log: fix typo Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:37:41 UTC (rev 26282) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/subtree_delete.c 2007-12-04 03:38:35 UTC (rev 26283) @@ -91,7 +91,7 @@ /* Ensure any (io) errors during the search for * children don't propgate back in the error string */ - ldb_set_errstr(ac-module-ldb, NULL); + ldb_set_errstring(ac-module-ldb, NULL); ac-down_req = req; ac-step = SD_DO_DEL;
svn commit: samba r26284 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-12-04 05:32:23 + (Tue, 04 Dec 2007)
New Revision: 26284
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26284
Log:
Rather than just debug, push the error back up the stack as the error
string, if we fail to load the schema.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c
2007-12-04 03:38:35 UTC (rev 26283)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c
2007-12-04 05:32:23 UTC (rev 26284)
@@ -54,7 +54,7 @@
};
if (dsdb_get_schema(module-ldb)) {
- return ldb_next_init(module);
+ return ldb_next_init(module);
}
schema_dn = samdb_schema_dn(module-ldb);
@@ -96,9 +96,9 @@
talloc_free(mem_ctx);
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
- ldb_debug_set(module-ldb, LDB_DEBUG_FATAL,
- schema_fsmo_init: failed to search the schema
head: %d:%s,
- ret, ldb_strerror(ret));
+ ldb_asprintf_errstring(module-ldb,
+ schema_fsmo_init: failed to search the
schema head: %s,
+ ldb_errstring(module-ldb));
talloc_free(mem_ctx);
return ret;
}
@@ -151,9 +151,9 @@
(objectClass=attributeSchema), NULL,
a_res);
if (ret != LDB_SUCCESS) {
- ldb_debug_set(module-ldb, LDB_DEBUG_FATAL,
- schema_fsmo_init: failed to search
attributeSchema objects: %d:%s,
- ret, ldb_strerror(ret));
+ ldb_asprintf_errstring(module-ldb,
+ schema_fsmo_init: failed to search
attributeSchema objects: %s,
+ ldb_errstring(module-ldb));
talloc_free(mem_ctx);
return ret;
}
@@ -190,9 +190,9 @@
(objectClass=classSchema), NULL,
c_res);
if (ret != LDB_SUCCESS) {
- ldb_debug_set(module-ldb, LDB_DEBUG_FATAL,
- schema_fsmo_init: failed to search classSchema
objects: %d:%s,
- ret, ldb_strerror(ret));
+ ldb_asprintf_errstring(module-ldb,
+ schema_fsmo_init: failed to search
classSchema objects: %s,
+ ldb_errstring(module-ldb));
talloc_free(mem_ctx);
return ret;
}
svn commit: samba r26245 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: abartlet
Date: 2007-12-03 05:51:04 + (Mon, 03 Dec 2007)
New Revision: 26245
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26245
Log:
Make it easier to handle the LDAP backend, with it's differing needs,
by seperating the modules list into parts. That way, we can remove
the modules that the backend will provide.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision
branches/SAMBA_4_0/source/setup/provision_partitions.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03
05:49:06 UTC (rev 26244)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03
05:51:04 UTC (rev 26245)
@@ -977,23 +977,25 @@
// module when expanding the objectclass list)
// - partition must be last
// - each partition has its own module list then
- modules_list= new Array(rootdse,
- paged_results,
- ranged_results,
- server_sort,
- extended_dn,
- asq,
- samldb,
- rdn_name,
- objectclass,
- kludge_acl,
- operational,
- subtree_rename,
- subtree_delete,
- linked_attributes,
- show_deleted,
- partition);
+ var modules_list = new Array(rootdse,
+paged_results,
+ranged_results,
+server_sort,
+extended_dn,
+asq,
+samldb,
+rdn_name,
+objectclass,
+kludge_acl,
+operational);
+ var tdb_modules_list = new Array(subtree_rename,
+subtree_delete,
+linked_attributes);
+ var modules_list2= new Array(show_deleted,
+partition);
subobj.MODULES_LIST = join(,, modules_list);
+ subobj.TDB_MODULES_LIST = , + join(,, tdb_modules_list);
+ subobj.MODULES_LIST2 = join(,, modules_list2);
subobj.DOMAINDN_LDB = users.ldb;
subobj.CONFIGDN_LDB = configuration.ldb;
subobj.SCHEMADN_LDB = schema.ldb;
Modified: branches/SAMBA_4_0/source/setup/provision
===
--- branches/SAMBA_4_0/source/setup/provision 2007-12-03 05:49:06 UTC (rev
26244)
+++ branches/SAMBA_4_0/source/setup/provision 2007-12-03 05:51:04 UTC (rev
26245)
@@ -142,6 +142,7 @@
}
if (!ldapmodule) {
subobj.LDAPMODULE = entryuuid;
+ subobj.TDB_MODULES_LIST = ;
}
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
subobj.DOMAINDN_MOD2 = , + subobj.LDAPMODULE + ,paged_searches;
Modified: branches/SAMBA_4_0/source/setup/provision_partitions.ldif
===
--- branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-12-03
05:49:06 UTC (rev 26244)
+++ branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-12-03
05:51:04 UTC (rev 26245)
@@ -10,4 +10,4 @@
modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
dn: @MODULES
[EMAIL PROTECTED]: ${MODULES_LIST}
[EMAIL PROTECTED]: ${MODULES_LIST}${TDB_MODULES_LIST},${MODULES_LIST2}
svn commit: samba r26244 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules scripting/libjs
Author: abartlet
Date: 2007-12-03 05:49:06 + (Mon, 03 Dec 2007)
New Revision: 26244
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26244
Log:
Add a module (sans tests for the moment) that implements ranged
results, as used particularly by MMC's Active Directory Users and
Computers to list group members.
This may be used on any attribute, but is useful to obtain attributes
that may be lengthy in 'pages'. The implementation presumes that
attributes will always be returned by the DB in the same order.
Andrew Bartlett
Added:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk
branches/SAMBA_4_0/source/scripting/libjs/provision.js
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-12-03
04:14:24 UTC (rev 26243)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk 2007-12-03
05:49:06 UTC (rev 26244)
@@ -291,3 +291,16 @@
# End MODULE ldb_linked_attributes
+
+# Start MODULE ldb_ranged_results
+[MODULE::ldb_ranged_results]
+INIT_FUNCTION = ldb_ranged_results_init
+CFLAGS = -Ilib/ldb/include
+OUTPUT_TYPE = SHARED_LIBRARY
+PRIVATE_DEPENDENCIES = LIBTALLOC
+SUBSYSTEM = LIBLDB
+OBJ_FILES = \
+ ranged_results.o
+# End MODULE ldb_ranged_results
+
+
Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-03 04:14:24 UTC (rev 26243)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c
2007-12-03 05:49:06 UTC (rev 26244)
@@ -0,0 +1,204 @@
+/*
+ ldb database library
+
+ Copyright (C) Andrew Bartlett 2007
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see http://www.gnu.org/licenses/.
+*/
+
+/*
+ * Name: ldb
+ *
+ * Component: ldb ranged results module
+ *
+ * Description: munge AD-style 'ranged results' requests into
+ * requests for all values in an attribute, then return the range to
+ * the client.
+ *
+ * Author: Andrew Bartlett
+ */
+
+#include ldb_includes.h
+
+struct rr_context {
+ struct ldb_request *orig_req;
+ struct ldb_request *down_req;
+};
+
+static int rr_search_callback(struct ldb_context *ldb, void *context, struct
ldb_reply *ares)
+{
+ struct rr_context *rr_context = talloc_get_type(context, struct
rr_context);
+ struct ldb_request *orig_req = rr_context-orig_req;
+ int i, j, ret;
+
+ if (ares-type != LDB_REPLY_ENTRY) {
+ return rr_context-orig_req-callback(ldb,
rr_context-orig_req-context, ares);
+ }
+
+ /* Find those that are range requests from the attribute list */
+ for (i = 0; orig_req-op.search.attrs[i]; i++) {
+ char *p, *new_attr;
+ const char *end_str;
+ unsigned int start, end, orig_num_values;
+ struct ldb_message_element *el;
+ struct ldb_val *orig_values;
+ p = strchr(orig_req-op.search.attrs[i], ';');
+ if (!p) {
+ continue;
+ }
+ if (strncasecmp(p, ;range=, strlen(;range=)) != 0) {
+ continue;
+ }
+ if (sscanf(p, ;range=%u-*, start) == 1) {
+ end = (unsigned int)-1;
+ } else if (sscanf(p, ;range=%u-%u, start, end) != 2) {
+ continue;
+ }
+ new_attr = talloc_strndup(orig_req,
+ orig_req-op.search.attrs[i],
+ (unsigned
int)(p-orig_req-op.search.attrs[i]));
+
+ if (!new_attr) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ el = ldb_msg_find_element(ares-message, new_attr);
+ talloc_free(new_attr);
+ if (!el) {
+ continue;
+ }
+ if (start end
svn commit: samba r26246 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet
Date: 2007-12-03 07:03:52 + (Mon, 03 Dec 2007)
New Revision: 26246
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26246
Log:
Make it easier to debug assert()s in the provision, if messages are
suppressed with --quiet. Hopefully this will be easier with python.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03
05:51:04 UTC (rev 26245)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-12-03
07:03:52 UTC (rev 26246)
@@ -653,40 +653,38 @@
message(Adding DomainDN: + subobj.DOMAINDN + (permitted to
fail)\n);
var add_ok = setup_add_ldif(provision_basedn.ldif, info, samdb, true);
message(Modifying DomainDN: + subobj.DOMAINDN + \n);
- var modify_ok = setup_ldb_modify(provision_basedn_modify.ldif, info,
samdb);
- if (!modify_ok) {
+ var modify_basedn_ok = setup_ldb_modify(provision_basedn_modify.ldif,
info, samdb);
+ if (!modify_basedn_ok) {
if (!add_ok) {
message(%s, Failed to both add and modify +
subobj.DOMAINDN + in target + subobj.DOMAINDN_LDB + : +
samdb.errstring() + \n);
message(Perhaps you need to run the provision script
with the --ldap-base-dn option, and add this record to the backend
manually\n);
};
- assert(modify_ok);
+ assert(modify_basedn_ok);
};
message(Adding configuration container (permitted to fail)\n);
- var add_ok = setup_add_ldif(provision_configuration_basedn.ldif,
info, samdb, true);
+ var add_config_ok =
setup_add_ldif(provision_configuration_basedn.ldif, info, samdb, true);
message(Modifying configuration container\n);
- var modify_ok =
setup_ldb_modify(provision_configuration_basedn_modify.ldif, info, samdb);
- if (!modify_ok) {
- if (!add_ok) {
+ var modify_config_ok =
setup_ldb_modify(provision_configuration_basedn_modify.ldif, info, samdb);
+ if (!modify_config_ok) {
+ if (!add_config_ok) {
message(%s, Failed to both add and modify +
subobj.CONFIGDN + in target + subobj.CONFIGDN_LDB + : +
samdb.errstring() + \n);
message(Perhaps you need to run the provision script
with the --ldap-base-dn option, and add this record to the backend
manually\n);
- assert(modify_ok);
}
- assert(modify_ok);
+ assert(modify_config_ok);
}
message(Adding schema container (permitted to fail)\n);
- var add_ok = setup_add_ldif(provision_schema_basedn.ldif, info,
samdb, true);
+ var add_schema_ok = setup_add_ldif(provision_schema_basedn.ldif,
info, samdb, true);
message(Modifying schema container\n);
- var modify_ok = setup_ldb_modify(provision_schema_basedn_modify.ldif,
info, samdb);
- if (!modify_ok) {
- if (!add_ok) {
+ var modify_schema_ok =
setup_ldb_modify(provision_schema_basedn_modify.ldif, info, samdb);
+ if (!modify_schema_ok) {
+ if (!add_schema_ok) {
message(%s, Failed to both add and modify +
subobj.SCHEMADN + in target + subobj.SCHEMADN_LDB + : +
samdb.errstring() + \n);
message(Perhaps you need to run the provision script
with the --ldap-base-dn option, and add this record to the backend
manually\n);
- assert(modify_ok);
}
message(Failed to modify the schema container: +
samdb.errstring() + \n);
- assert(modify_ok);
+ assert(modify_schema_ok);
}
message(Setting up sam.ldb Samba4 schema\n);
@@ -711,26 +709,24 @@
setup_add_ldif(display_specifiers.ldif, info, samdb, false);
message(Adding users container (permitted to fail)\n);
- var add_ok = setup_add_ldif(provision_users_add.ldif, info, samdb,
true);
+ var add_users_ok = setup_add_ldif(provision_users_add.ldif, info,
samdb, true);
message(Modifying users container\n);
- var modify_ok = setup_ldb_modify(provision_users_modify.ldif, info,
samdb);
- if (!modify_ok) {
- if (!add_ok) {
+ var modify_users_ok = setup_ldb_modify(provision_users_modify.ldif,
info, samdb);
+ if (!modify_users_ok) {
+ if (!add_users_ok) {
message(Failed to both add and modify the users
container\n);
- assert(modify_ok);
}
- assert(modify_ok);
+ assert(modify_users_ok);
}
message(Adding computers container (permitted to fail
svn commit: samba r26192 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules source/lib/ldb/common source/libcli/ldap testprogs/blackbox
Author: abartlet
Date: 2007-11-29 08:00:04 + (Thu, 29 Nov 2007)
New Revision: 26192
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26192
Log:
Handle, test and implement the style of extended_dn requiest that MMC uses.
It appears that the control value is optional, implying type 0 responses.
Failing to parse this was causing LDAP disconnects with 'unavailable
critical extension'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c
branches/SAMBA_4_0/source/lib/ldb/common/ldb_controls.c
branches/SAMBA_4_0/source/libcli/ldap/ldap.c
branches/SAMBA_4_0/source/libcli/ldap/ldap.h
branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c
branches/SAMBA_4_0/source/libcli/ldap/ldap_controls.c
branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c
2007-11-29 01:36:41 UTC (rev 26191)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/extended_dn.c
2007-11-29 08:00:04 UTC (rev 26192)
@@ -104,35 +104,58 @@
const struct ldb_val *val;
struct GUID guid;
struct dom_sid *sid;
+ const DATA_BLOB *guid_blob;
+ const DATA_BLOB *sid_blob;
char *object_guid;
char *object_sid;
char *new_dn;
- /* retrieve object_guid */
- guid = samdb_result_guid(msg, objectGUID);
- object_guid = GUID_string(msg, guid);
- if (!object_guid)
+ guid_blob = ldb_msg_find_ldb_val(msg, objectGUID);
+ sid_blob = ldb_msg_find_ldb_val(msg, objectSID);
+
+ if (!guid_blob)
return false;
- if (remove_guid)
- ldb_msg_remove_attr(msg, objectGUID);
-
- /* retrieve object_sid */
- object_sid = NULL;
- sid = samdb_result_dom_sid(msg, msg, objectSID);
- if (sid) {
- object_sid = dom_sid_string(msg, sid);
- if (!object_sid)
- return false;
-
- if (remove_sid)
- ldb_msg_remove_attr(msg, objectSID);
- }
-
- /* TODO: handle type */
switch (type) {
case 0:
+ /* return things in hexadecimal format */
+ if (sid_blob) {
+ const char *lower_guid_hex =
strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
+ const char *lower_sid_hex =
strlower_talloc(msg, data_blob_hex_string(msg, sid_blob));
+ if (!lower_guid_hex || !lower_sid_hex) {
+ return false;
+ }
+ new_dn = talloc_asprintf(msg,
GUID=%s;SID=%s;%s,
+lower_guid_hex,
+lower_sid_hex,
+
ldb_dn_get_linearized(msg-dn));
+ } else {
+ const char *lower_guid_hex =
strlower_talloc(msg, data_blob_hex_string(msg, guid_blob));
+ if (!lower_guid_hex) {
+ return false;
+ }
+ new_dn = talloc_asprintf(msg, GUID=%s;%s,
+lower_guid_hex,
+
ldb_dn_get_linearized(msg-dn));
+ }
+
+ break;
case 1:
+ /* retrieve object_guid */
+ guid = samdb_result_guid(msg, objectGUID);
+ object_guid = GUID_string(msg, guid);
+
+ /* retrieve object_sid */
+ object_sid = NULL;
+ sid = samdb_result_dom_sid(msg, msg, objectSID);
+ if (sid) {
+ object_sid = dom_sid_string(msg, sid);
+ if (!object_sid)
+ return false;
+
+ }
+
+ /* Normal, sane format */
if (object_sid) {
new_dn = talloc_asprintf(msg,
GUID=%s;SID=%s;%s,
object_guid,
object_sid,
@@ -147,9 +170,18 @@
return false;
}
- if (!new_dn)
+ if (!new_dn) {
return false;
+ }
+ if (remove_guid) {
+ ldb_msg_remove_attr(msg, objectGUID);
+ }
+
+ if (sid_blob remove_sid
svn commit: samba r26193 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet
Date: 2007-11-29 08:02:36 + (Thu, 29 Nov 2007)
New Revision: 26193
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26193
Log:
In the LDAP server, use the new 'controls_decoded' element to
determine if this (possibly critical) control has been decoded. This
allows us to return an error, rather than just dropping the socket.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-29
08:00:04 UTC (rev 26192)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-29
08:02:36 UTC (rev 26193)
@@ -720,6 +720,18 @@
NTSTATUS ldapsrv_do_call(struct ldapsrv_call *call)
{
+ int i;
+ struct ldap_message *msg = call-request;
+ /* Check for undecoded critical extensions */
+ for (i=0; msg-controls msg-controls[i]; i++) {
+ if (!msg-controls_decoded[i]
+ msg-controls[i]-critical) {
+ DEBUG(3, (ldapsrv_do_call: Critical extension %s is
not known to this server\n,
+ msg-controls[i]-oid));
+ return ldapsrv_unwilling(call,
LDAP_UNAVAILABLE_CRITICAL_EXTENSION);
+ }
+ }
+
switch(call-request-type) {
case LDAP_TAG_BindRequest:
return ldapsrv_BindRequest(call);
svn commit: samba r26182 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet Date: 2007-11-28 04:24:12 + (Wed, 28 Nov 2007) New Revision: 26182 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26182 Log: Extend our linked attribute testsuite to cover many more possible modifications, and then extend our implementation to match. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c branches/SAMBA_4_0/testprogs/ejs/ldap.js Changeset: Sorry, the patch is too large (605 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26182
svn commit: samba r26135 - in branches/SAMBA_4_0/source: dsdb/samdb libnet ntptr/simple_ldb rpc_server/drsuapi rpc_server/lsa rpc_server/samr
Author: abartlet
Date: 2007-11-27 01:25:11 + (Tue, 27 Nov 2007)
New Revision: 26135
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26135
Log:
Remove samdb_add(), samdb_delete() and samdb_modify(), which were just
wrappers to ldb_add() etc. samdb_replace() remains, as it sets flags on
all entries as 'replace'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
branches/SAMBA_4_0/source/libnet/libnet_join.c
branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c
branches/SAMBA_4_0/source/ntptr/simple_ldb/ntptr_simple_ldb.c
branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c
branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c
branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-11-27 01:14:54 UTC
(rev 26134)
+++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-11-27 01:25:11 UTC
(rev 26135)
@@ -1022,30 +1022,6 @@
}
/*
- add a record
-*/
-int samdb_add(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct
ldb_message *msg)
-{
- return ldb_add(sam_ldb, msg);
-}
-
-/*
- delete a record
-*/
-int samdb_delete(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct
ldb_dn *dn)
-{
- return ldb_delete(sam_ldb, dn);
-}
-
-/*
- modify a record
-*/
-int samdb_modify(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct
ldb_message *msg)
-{
- return ldb_modify(sam_ldb, msg);
-}
-
-/*
replace elements in a record
*/
int samdb_replace(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct
ldb_message *msg)
@@ -1058,7 +1034,7 @@
}
/* modify the samdb record */
- return samdb_modify(sam_ldb, mem_ctx, msg);
+ return ldb_modify(sam_ldb, msg);
}
/*
@@ -1992,7 +1968,7 @@
foreignSecurityPrincipal);
/* create the alias */
- ret = samdb_add(sam_ctx, mem_ctx, msg);
+ ret = ldb_add(sam_ctx, msg);
if (ret != 0) {
DEBUG(0,(Failed to create foreignSecurityPrincipal
record %s: %s\n,
Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c
===
--- branches/SAMBA_4_0/source/libnet/libnet_join.c 2007-11-27 01:14:54 UTC
(rev 26134)
+++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2007-11-27 01:25:11 UTC
(rev 26135)
@@ -1136,7 +1136,7 @@
}
/* create the secret */
- ret = samdb_add(ldb, tmp_mem, msg);
+ ret = ldb_add(ldb, msg);
if (ret != 0) {
r-out.error_string = talloc_asprintf(mem_ctx, Failed to
create secret record %s,
ldb_dn_get_linearized(msg-dn));
Modified: branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c
===
--- branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c 2007-11-27
01:14:54 UTC (rev 26134)
+++ branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c 2007-11-27
01:25:11 UTC (rev 26135)
@@ -101,7 +101,7 @@
*fsp_dn = msg-dn;
/* create the alias */
- ret = samdb_add(state-sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state-sam_ldb, msg);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, Failed to create
foreignSecurityPrincipal
record %s: %s,
@@ -429,7 +429,7 @@
}
}
- ret = samdb_add(state-sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state-sam_ldb, msg);
if (ret != 0) {
struct ldb_dn *first_try_dn = msg-dn;
/* Try again with the default DN */
@@ -440,7 +440,7 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else {
msg-dn = talloc_steal(msg, remote_msgs[0]-dn);
- ret = samdb_add(state-sam_ldb, mem_ctx, msg);
+ ret = ldb_add(state-sam_ldb, msg);
if (ret != 0) {
*error_string =
talloc_asprintf(mem_ctx, Failed to create user record. Tried both %s and %s:
%s,
ldb_dn_get_linearized(first_try_dn),
@@ -493,7 +493,7 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- ret = samdb_delete(state-sam_ldb, mem_ctx, msgs[0]-dn);
+ ret = ldb_delete(state-sam_ldb, msgs[0]-dn);
if (ret != 0) {
*error_string = talloc_asprintf(mem_ctx, Failed to delete user
record %s: %s
svn commit: samba r26137 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules selftest/env setup
Author: abartlet Date: 2007-11-27 02:26:47 + (Tue, 27 Nov 2007) New Revision: 26137 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26137 Log: Rename the entryUUID module to better match it's purpose: being a simple ldap mapping (a complex mapping will follow). Fix the module to handle 'name' better, rather than using the 'name' attribute built into OpenLDAP, rename to samba4RDN. We need to see if this can be handled in the backend. Also rename the functions and inernal module name to entryuuid for consistancy. Andrew Bartlett Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c Removed: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/config.mk branches/SAMBA_4_0/source/selftest/env/Samba4.pm branches/SAMBA_4_0/source/setup/provision branches/SAMBA_4_0/source/setup/schema-map-openldap-2.3 Changeset: Sorry, the patch is too large (1750 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26137
svn commit: samba r26138 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet
Date: 2007-11-27 02:47:57 + (Tue, 27 Nov 2007)
New Revision: 26138
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26138
Log:
Don't talloc_free() res if an error occoured.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-27 02:26:47 UTC
(rev 26137)
+++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-27 02:47:57 UTC
(rev 26138)
@@ -110,7 +110,10 @@
if (ret != LDB_SUCCESS ret != LDB_ERR_NO_SUCH_OBJECT) {
DEBUG(1, (ldb_search: dn: %s not found: %s, service_dn_str,
ldb_errstring(ldb_ctx)));
return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
- } else if (ret == LDB_ERR_NO_SUCH_OBJECT || res-count != 1) {
+ } else if (ret == LDB_ERR_NO_SUCH_OBJECT) {
+ DEBUG(1, (ldb_search: dn: %s not found, service_dn_str));
+ return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+ } else if (res-count != 1) {
talloc_free(res);
DEBUG(1, (ldb_search: dn: %s not found, service_dn_str));
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
svn commit: samba r26139 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2007-11-27 02:49:37 + (Tue, 27 Nov 2007) New Revision: 26139 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26139 Log: Based on a report by Theodor Chirana, don't assert() on invalid netbios names at this point, the calling order has changed, and we have a more informative place to do it. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-11-27 02:47:57 UTC (rev 26138) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2007-11-27 02:49:37 UTC (rev 26139) @@ -464,9 +464,7 @@ subobj.REALM = strupper(subobj.REALM); subobj.HOSTNAME= strlower(subobj.HOSTNAME); subobj.DOMAIN = strupper(subobj.DOMAIN); - assert(valid_netbios_name(subobj.DOMAIN)); subobj.NETBIOSNAME = strupper(subobj.HOSTNAME); - assert(valid_netbios_name(subobj.NETBIOSNAME)); subobj.DNSDOMAIN= strlower(subobj.REALM); subobj.DNSNAME = sprintf(%s.%s, strlower(subobj.HOSTNAME),
svn commit: samba r26140 - in branches/SAMBA_4_0: source/dsdb/samdb/ldb_modules testprogs/ejs
Author: abartlet
Date: 2007-11-27 04:43:20 + (Tue, 27 Nov 2007)
New Revision: 26140
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26140
Log:
Add a new test for searches by distinguieshedName and dn, and
implement these in the simple ldap mapping module.
We still don't pass this test, because we must get linked attributes
into OpenLDAP.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
2007-11-27 02:49:37 UTC (rev 26139)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c
2007-11-27 04:43:20 UTC (rev 26140)
@@ -376,6 +376,15 @@
}
},
{
+ .local_name = dn,
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+.remote_name = entryDN
+}
+ }
+ },
+ {
.local_name = groupType,
.type = MAP_CONVERT,
.u = {
@@ -525,6 +534,15 @@
}
},
{
+ .local_name = dn,
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+.remote_name = entryDN
+}
+ }
+ },
+ {
.local_name = groupType,
.type = MAP_CONVERT,
.u = {
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-27 02:49:37 UTC (rev
26139)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-27 04:43:20 UTC (rev
26140)
@@ -230,6 +230,28 @@
assert(res.msgs[0].cn == ldaptestUSER3);
assert(res.msgs[0].name == ldaptestUSER3);
+ println(Testing ldb.search for (dn=CN=ldaptestUSER3,CN=Users, +
base_dn + ));
+ var res = ldb.search((dn=CN=ldaptestUSER3,CN=Users, + base_dn + ));
+ if (res.error != 0 || res.msgs.length != 1) {
+ println(Could not find (dn=CN=ldaptestUSER3,CN=Users, +
base_dn + ));
+ assert(res.error == 0);
+ assert(res.msgs.length == 1);
+ }
+ assert(res.msgs[0].dn == (CN=ldaptestUSER3,CN=Users, + base_dn));
+ assert(res.msgs[0].cn == ldaptestUSER3);
+ assert(res.msgs[0].name == ldaptestUSER3);
+
+ println(Testing ldb.search for
(distinguishedName=CN=ldaptestUSER3,CN=Users, + base_dn + ));
+ var res = ldb.search((distinguishedName=CN=ldaptestUSER3,CN=Users, +
base_dn + ));
+ if (res.error != 0 || res.msgs.length != 1) {
+ println(Could not find (dn=CN=ldaptestUSER3,CN=Users, +
base_dn + ));
+ assert(res.error == 0);
+ assert(res.msgs.length == 1);
+ }
+ assert(res.msgs[0].dn == (CN=ldaptestUSER3,CN=Users, + base_dn));
+ assert(res.msgs[0].cn == ldaptestUSER3);
+ assert(res.msgs[0].name == ldaptestUSER3);
+
// ensure we cannot add it again
ok = ldb.add(
dn: cn=ldaptestuser3,cn=userS, + base_dn +
svn commit: samba r26131 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2007-11-26 06:12:01 + (Mon, 26 Nov 2007) New Revision: 26131 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26131 Log: Ensure we show the right errors in the NULL base DN case. Based on bug 5090 by Matthias Dieter Walln?\195?\182fer [EMAIL PROTECTED] Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-26 03:14:57 UTC (rev 26130) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-26 06:12:01 UTC (rev 26131) @@ -530,10 +530,12 @@ ldb_asprintf_errstring(module-ldb, NULL Base DN invalid for a base search); ret = LDB_ERR_INVALID_DN_SYNTAX; + break; case LDB_SCOPE_ONELEVEL: ldb_asprintf_errstring(module-ldb, NULL Base DN invalid for a one-level search); ret = LDB_ERR_INVALID_DN_SYNTAX; + break; case LDB_SCOPE_SUBTREE: default: /* We accept subtree searches from a NULL base DN, ie over the whole DB */
svn commit: samba r25965 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet
Date: 2007-11-15 11:05:22 + (Thu, 15 Nov 2007)
New Revision: 25965
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25965
Log:
Remove duplicate block - thanks metze!
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15
11:01:14 UTC (rev 25964)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15
11:05:22 UTC (rev 25965)
@@ -547,24 +547,6 @@
ldb_dn_get_linearized(req-op.search.base));
ret = LDB_ERR_INVALID_DN_SYNTAX;
- } else if (ldb_dn_is_null(req-op.search.base) == true) {
-
- /* Check what we should do with a NULL dn */
- switch (req-op.search.scope) {
- case LDB_SCOPE_BASE:
- ldb_asprintf_errstring(module-ldb,
- NULL Base DN invalid for a base
search);
- ret = LDB_ERR_INVALID_DN_SYNTAX;
- case LDB_SCOPE_ONELEVEL:
- ldb_asprintf_errstring(module-ldb,
- NULL Base DN invalid for a
one-level search);
- ret = LDB_ERR_INVALID_DN_SYNTAX;
- case LDB_SCOPE_SUBTREE:
- default:
- /* We accept subtree searches from a NULL base DN, ie
over the whole DB */
- ret = LDB_SUCCESS;
- }
-
} else if (ltdb-check_base) {
/* This database has been marked as 'checkBaseOnSearch', so do
a spot check of the base dn */
ret = ltdb_search_base(module, req-op.search.base);
svn commit: samba r25964 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet
Date: 2007-11-15 11:01:14 + (Thu, 15 Nov 2007)
New Revision: 25964
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25964
Log:
Fix comment and use talloc hirachy in ldb_tdb initialisation.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15
10:20:55 UTC (rev 25963)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15
11:01:14 UTC (rev 25964)
@@ -307,7 +307,7 @@
options = talloc(ltdb-cache, struct ldb_message);
if (options == NULL) goto failed;
- options_dn = ldb_dn_new(module, module-ldb, LTDB_OPTIONS);
+ options_dn = ldb_dn_new(options, module-ldb, LTDB_OPTIONS);
if (options_dn == NULL) goto failed;
r= ltdb_search_dn1(module, options_dn, options);
@@ -315,7 +315,7 @@
goto failed;
}
- /* possibly initialise the baseinfo */
+ /* set flag for checking base DN on searches */
if (r == LDB_SUCCESS) {
ltdb-check_base = ldb_msg_find_attr_as_bool(options,
LTDB_CHECK_BASE, false);
} else {
@@ -350,7 +350,6 @@
done:
talloc_free(options);
- talloc_free(options_dn);
talloc_free(baseinfo);
talloc_free(baseinfo_dn);
talloc_free(indexlist_dn);
@@ -358,7 +357,6 @@
failed:
talloc_free(options);
- talloc_free(options_dn);
talloc_free(baseinfo);
talloc_free(baseinfo_dn);
talloc_free(indexlist_dn);
svn commit: samba r25966 - in branches/SAMBA_4_0/source/scripting/ejs: .
Author: abartlet
Date: 2007-11-15 11:37:41 + (Thu, 15 Nov 2007)
New Revision: 25966
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25966
Log:
Don't force an 8 byte width to generated SIDs, as this can actually
end up with a SID with a space in it.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c
===
--- branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15
11:05:22 UTC (rev 25965)
+++ branches/SAMBA_4_0/source/scripting/ejs/smbcalls_rand.c 2007-11-15
11:37:41 UTC (rev 25966)
@@ -70,7 +70,7 @@
*/
static int ejs_randsid(MprVarHandle eid, int argc, struct MprVar **argv)
{
- char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%8u-%8u-%8u,
+ char *s = talloc_asprintf(mprMemCtx(), S-1-5-21-%u-%u-%u,
(unsigned)generate_random(),
(unsigned)generate_random(),
(unsigned)generate_random());
svn commit: samba r25981 - in branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules: .
Author: abartlet
Date: 2007-11-16 04:18:22 + (Fri, 16 Nov 2007)
New Revision: 25981
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25981
Log:
Don't create an ldb_request on NULL.
A re-arrangment of the code due to the base DN checking meant that the
ac-down_req array wasn't started, so was NULL
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-15 23:40:46 UTC (rev 25980)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/linked_attributes.c
2007-11-16 04:18:22 UTC (rev 25981)
@@ -127,8 +127,18 @@
for (j=0; j el-num_values; j++) {
struct ldb_message_element *ret_el;
struct ldb_request *new_req;
+ struct ldb_message *new_msg;
+
+ /* Create a spot in the list for the requests */
+ ac-down_req = talloc_realloc(ac, ac-down_req,
+ struct ldb_request *,
ac-num_requests + 1);
+ if (!ac-down_req) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
/* Create the modify request */
- struct ldb_message *new_msg = ldb_msg_new(ac-down_req);
+ new_msg = ldb_msg_new(ac-down_req);
if (!new_msg) {
ldb_oom(ldb);
return LDB_ERR_OPERATIONS_ERROR;
@@ -184,13 +194,6 @@
ldb_set_timeout_from_prev_req(ldb, ac-orig_req,
new_req);
- /* Now add it to the list */
- ac-down_req = talloc_realloc(ac, ac-down_req,
- struct ldb_request *,
ac-num_requests + 1);
- if (!ac-down_req) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
ac-down_req[ac-num_requests] = new_req;
ac-num_requests++;
svn commit: samba r25952 - in branches/SAMBA_4_0/testdata/samba3: .
Author: abartlet
Date: 2007-11-14 10:40:58 + (Wed, 14 Nov 2007)
New Revision: 25952
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25952
Log:
Add in new data file required by samba3sam test.
Andrew Bartlett
Added:
branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif
Changeset:
Added: branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif
===
--- branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif
2007-11-14 09:48:12 UTC (rev 25951)
+++ branches/SAMBA_4_0/testdata/samba3/provision_samba3sam_templates.ldif
2007-11-14 10:40:58 UTC (rev 25952)
@@ -0,0 +1,123 @@
+dn: CN=Templates
+objectClass: top
+objectClass: container
+cn: Templates
+description: Container for SAM account templates
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+systemFlags: 2348810240
+objectCategory: CN=Container,CN=Schema,CN=Configuration,${BASEDN}
+isCriticalSystemObject: TRUE
+
+###
+# note! the template users must not match normal searches. Be careful
+# with what classes you put them in
+###
+
+dn: CN=TemplateUser,CN=Templates
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateUser
+instanceType: 4
+userAccountControl: 514
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 805306368
+objectCategory: CN=Person,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateComputer,CN=Templates
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateComputer
+instanceType: 4
+userAccountControl: 4098
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+pwdLastSet: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 805306369
+objectCategory: CN=Computer,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateTrustingDomain,CN=Templates
+objectClass: top
+objectClass: Template
+objectClass: userTemplate
+cn: TemplateTrustingDomain
+instanceType: 4
+userAccountControl: 2080
+badPwdCount: 0
+codePage: 0
+countryCode: 0
+badPasswordTime: 0
+lastLogoff: 0
+lastLogon: 0
+primaryGroupID: 513
+accountExpires: -1
+logonCount: 0
+sAMAccountType: 805306370
+
+dn: CN=TemplateGroup,CN=Templates
+objectClass: top
+objectClass: Template
+objectClass: groupTemplate
+cn: TemplateGroup
+instanceType: 4
+groupType: -2147483646
+sAMAccountType: 268435456
+objectCategory: CN=Group,CN=Schema,CN=Configuration,${BASEDN}
+
+# Currently this isn't used, we don't have a way to detect it different from
an incoming alias
+#
+# dn: CN=TemplateAlias,CN=Templates
+# objectClass: top
+# objectClass: Template
+# objectClass: aliasTemplate
+# cn: TemplateAlias
+# instanceType: 4
+# groupType: -2147483644
+# sAMAccountType: 268435456
+
+dn: CN=TemplateForeignSecurityPrincipal,CN=Templates
+objectClass: top
+objectClass: Template
+objectClass: foreignSecurityPrincipalTemplate
+cn: TemplateForeignSecurityPrincipal
+instanceType: 4
+showInAdvancedViewOnly: TRUE
+objectCategory:
CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,${BASEDN}
+
+dn: CN=TemplateSecret,CN=Templates
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: secretTemplate
+cn: TemplateSecret
+instanceType: 4
+
+dn: CN=TemplateTrustedDomain,CN=Templates
+objectClass: top
+objectClass: leaf
+objectClass: Template
+objectClass: trustedDomainTemplate
+cn: TemplateTrustedDomain
+instanceType: 4
svn commit: samba r25957 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: abartlet
Date: 2007-11-15 01:12:10 + (Thu, 15 Nov 2007)
New Revision: 25957
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25957
Log:
Rework the cracknames code to use less gendb_search() and instead call
ldb_search_exp_fmt(). While it is a bit more verbose to code with, it
returns better error codes, and allows us to handle the case where the
base DN doesn't exist better.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-14 22:46:29 UTC
(rev 25956)
+++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2007-11-15 01:12:10 UTC
(rev 25957)
@@ -107,12 +107,12 @@
ret = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE,
(objectClass=nTDSService),
directory_attrs, res);
- if (ret != LDB_SUCCESS) {
+ if (ret != LDB_SUCCESS ret != LDB_ERR_NO_SUCH_OBJECT) {
DEBUG(1, (ldb_search: dn: %s not found: %s, service_dn_str,
ldb_errstring(ldb_ctx)));
return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
- } else if (res-count != 1) {
+ } else if (ret == LDB_ERR_NO_SUCH_OBJECT || res-count != 1) {
talloc_free(res);
- DEBUG(1, (ldb_search: dn: %s found %d times!, service_dn_str,
res-count));
+ DEBUG(1, (ldb_search: dn: %s not found, service_dn_str));
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
talloc_steal(tmp_ctx, res);
@@ -269,7 +269,7 @@
char **realm;
char *unparsed_name_short;
const char *domain_attrs[] = { NULL };
- struct ldb_message **domain_res = NULL;
+ struct ldb_result *domain_res = NULL;
/* Prevent recursion */
if (!name) {
@@ -284,26 +284,28 @@
return WERR_OK;
}
- domain_filter = NULL;
realm = krb5_princ_realm(smb_krb5_context-krb5_context, principal);
- domain_filter = talloc_asprintf(mem_ctx,
-
(((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)),
- ldb_binary_encode_string(mem_ctx,
*realm),
- ldb_binary_encode_string(mem_ctx,
*realm));
- ldb_ret = gendb_search(sam_ctx, mem_ctx, samdb_partitions_dn(sam_ctx,
mem_ctx),
- domain_res, domain_attrs,
- %s, domain_filter);
- switch (ldb_ret) {
+ ldb_ret = ldb_search_exp_fmt(sam_ctx, mem_ctx, domain_res,
+samdb_partitions_dn(sam_ctx, mem_ctx),
+LDB_SCOPE_ONELEVEL,
+domain_attrs,
+
(((|((dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*)),
+ldb_binary_encode_string(mem_ctx, *realm),
+ldb_binary_encode_string(mem_ctx, *realm));
+
+ if (ldb_ret != LDB_SUCCESS) {
+ DEBUG(2, (DsCrackNameUPN domain ref search failed: %s,
ldb_errstring(sam_ctx)));
+ info1-status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+ return WERR_OK;
+ }
+
+ switch (domain_res-count) {
case 1:
break;
case 0:
return dns_domain_from_principal(mem_ctx, smb_krb5_context,
name, info1);
- case -1:
- DEBUG(2, (DsCrackNameUPN domain ref search failed: %s,
ldb_errstring(sam_ctx)));
- info1-status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
- return WERR_OK;
default:
info1-status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
return WERR_OK;
@@ -321,6 +323,9 @@
/* This may need to be extended for more userPrincipalName variations */
result_filter = talloc_asprintf(mem_ctx,
((objectClass=user)(samAccountName=%s)),
ldb_binary_encode_string(mem_ctx,
unparsed_name_short));
+
+ domain_filter = talloc_asprintf(mem_ctx, (dn=%s),
ldb_dn_get_linearized(domain_res-msgs[0]-dn));
+
if (!result_filter || !domain_filter) {
free(unparsed_name_short);
return WERR_NOMEM;
@@ -666,15 +671,15 @@
struct drsuapi_DsNameInfo1 *info1)
{
int ldb_ret;
- struct ldb_message **domain_res = NULL;
+ struct ldb_result *domain_res = NULL;
const char * const *domain_attrs;
const char * const *result_attrs;
struct ldb_message **result_res = NULL;
struct ldb_message *result = NULL;
struct ldb_dn
svn commit: samba r25959 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet
Date: 2007-11-15 01:53:44 + (Thu, 15 Nov 2007)
New Revision: 25959
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25959
Log:
Add a new special DN to LDB: @OPTIONS
Use the checkBaseOnSearch attribute to control if we should check the
base DN on search requests.
Also ensure we honour any errors in searching, not just errors in the
supplied 'done' callback.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.h
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15
01:13:24 UTC (rev 25958)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2007-11-15
01:53:44 UTC (rev 25959)
@@ -113,11 +113,13 @@
if (dn == NULL) goto failed;
r = ltdb_search_dn1(module, dn, msg);
+ talloc_free(dn);
if (r != LDB_SUCCESS r != LDB_ERR_NO_SUCH_OBJECT) {
- talloc_free(dn);
goto failed;
}
- talloc_free(dn);
+ if (r == LDB_ERR_NO_SUCH_OBJECT) {
+ return 0;
+ }
/* mapping these flags onto ldap 'syntaxes' isn't strictly correct,
but its close enough for now */
for (i=0;imsg-num_elements;i++) {
@@ -247,10 +249,10 @@
int ltdb_cache_load(struct ldb_module *module)
{
struct ltdb_private *ltdb = (struct ltdb_private *)module-private_data;
- struct ldb_dn *baseinfo_dn = NULL;
+ struct ldb_dn *baseinfo_dn = NULL, *options_dn = NULL;
struct ldb_dn *indexlist_dn = NULL;
uint64_t seq;
- struct ldb_message *baseinfo = NULL;
+ struct ldb_message *baseinfo = NULL, *options = NULL;
int r;
/* a very fast check to avoid extra database reads */
@@ -282,7 +284,7 @@
}
/* possibly initialise the baseinfo */
- if (!baseinfo-dn) {
+ if (r == LDB_ERR_NO_SUCH_OBJECT) {
if (ltdb_baseinfo_init(module) != LDB_SUCCESS) {
goto failed;
}
@@ -301,6 +303,25 @@
}
ltdb-sequence_number = seq;
+ /* Read an interpret database options */
+ options = talloc(ltdb-cache, struct ldb_message);
+ if (options == NULL) goto failed;
+
+ options_dn = ldb_dn_new(module, module-ldb, LTDB_OPTIONS);
+ if (options_dn == NULL) goto failed;
+
+ r= ltdb_search_dn1(module, options_dn, options);
+ if (r != LDB_SUCCESS r != LDB_ERR_NO_SUCH_OBJECT) {
+ goto failed;
+ }
+
+ /* possibly initialise the baseinfo */
+ if (r == LDB_SUCCESS) {
+ ltdb-check_base = ldb_msg_find_attr_as_bool(options,
LTDB_CHECK_BASE, false);
+ } else {
+ ltdb-check_base = false;
+ }
+
talloc_free(ltdb-cache-last_attribute.name);
memset(ltdb-cache-last_attribute, 0,
sizeof(ltdb-cache-last_attribute));
@@ -328,12 +349,16 @@
}
done:
+ talloc_free(options);
+ talloc_free(options_dn);
talloc_free(baseinfo);
talloc_free(baseinfo_dn);
talloc_free(indexlist_dn);
return 0;
failed:
+ talloc_free(options);
+ talloc_free(options_dn);
talloc_free(baseinfo);
talloc_free(baseinfo_dn);
talloc_free(indexlist_dn);
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15
01:13:24 UTC (rev 25958)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2007-11-15
01:53:44 UTC (rev 25959)
@@ -200,7 +200,36 @@
return ret;
}
+/*
+ search the database for a single simple dn.
+ return LDB_ERR_NO_SUCH_OBJECT on record-not-found
+ and LDB_SUCCESS on success
+*/
+int ltdb_search_base(struct ldb_module *module, struct ldb_dn *dn)
+{
+ struct ltdb_private *ltdb = (struct ltdb_private *)module-private_data;
+ TDB_DATA tdb_key, tdb_data;
+ if (ldb_dn_is_null(dn)) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ /* form the key */
+ tdb_key = ltdb_key(module, dn);
+ if (!tdb_key.dptr) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ tdb_data = tdb_fetch(ltdb-tdb, tdb_key);
+ talloc_free(tdb_key.dptr);
+ if (!tdb_data.dptr) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ free(tdb_data.dptr);
+ return LDB_SUCCESS;
+}
+
/*
search the database for a single simple dn, returning all attributes
in a single message
@@ -227,7 +256,7 @@
if (!tdb_data.dptr) {
return LDB_ERR_NO_SUCH_OBJECT;
}
-
+
msg-num_elements = 0
svn commit: samba r25960 - in branches/SAMBA_4_0/source: ldap_server setup
Author: abartlet
Date: 2007-11-15 02:45:31 + (Thu, 15 Nov 2007)
New Revision: 25960
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25960
Log:
Enable checks on the validity of the search base on sam.ldb in Samba4.
Remove bogus check to return NO_SUCH_ENTRY in ldap_backend.c, as this
error is now correctly emited from ldb.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
branches/SAMBA_4_0/source/setup/provision_init.ldif
branches/SAMBA_4_0/source/setup/provision_partitions.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-15
01:53:44 UTC (rev 25959)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-11-15
02:45:31 UTC (rev 25960)
@@ -300,10 +300,6 @@
DEBUG(10,(SearchRequest: results: [%d]\n,
res-count));
result = LDAP_SUCCESS;
errstr = NULL;
- } else if (res-count == 0) {
- DEBUG(10,(SearchRequest: no results\n));
- result = LDAP_NO_SUCH_OBJECT;
- errstr = ldb_errstring(samdb);
}
if (res-controls) {
done_r-msg-controls = res-controls;
Modified: branches/SAMBA_4_0/source/setup/provision_init.ldif
===
--- branches/SAMBA_4_0/source/setup/provision_init.ldif 2007-11-15 01:53:44 UTC
(rev 25959)
+++ branches/SAMBA_4_0/source/setup/provision_init.ldif 2007-11-15 02:45:31 UTC
(rev 25960)
@@ -23,6 +23,9 @@
systemFlags: INTEGER
userAccountControl: INTEGER
+dn: @OPTIONS
+checkBaseOnSearch: TRUE
+
dn: @KLUDGEACL
passwordAttribute: sambaPassword
passwordAttribute: ntPwdHash
Modified: branches/SAMBA_4_0/source/setup/provision_partitions.ldif
===
--- branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-11-15
01:53:44 UTC (rev 25959)
+++ branches/SAMBA_4_0/source/setup/provision_partitions.ldif 2007-11-15
02:45:31 UTC (rev 25960)
@@ -4,6 +4,7 @@
partition: ${DOMAINDN}:${DOMAINDN_LDB}
replicateEntries: @ATTRIBUTES
replicateEntries: @INDEXLIST
+replicateEntries: @OPTIONS
modules:${SCHEMADN}:${SCHEMADN_MOD}${SCHEMADN_MOD2}
modules:${CONFIGDN}:${CONFIGDN_MOD}${CONFIGDN_MOD2}
modules:${DOMAINDN}:${DOMAINDN_MOD}${DOMAINDN_MOD2}
svn commit: samba r25958 - in branches/SAMBA_4_0/source/lib: .
Author: abartlet
Date: 2007-11-15 01:13:24 + (Thu, 15 Nov 2007)
New Revision: 25958
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25958
Log:
Callers of gendb_search_dn() don't expect to get
LDB_ERR_NO_SUCH_OBJECT for base searches. Return 0 in this case.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/gendb.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/gendb.c
===
--- branches/SAMBA_4_0/source/lib/gendb.c 2007-11-15 01:12:10 UTC (rev
25957)
+++ branches/SAMBA_4_0/source/lib/gendb.c 2007-11-15 01:13:24 UTC (rev
25958)
@@ -64,6 +64,9 @@
ret = res-count;
*msgs = res-msgs;
talloc_free(res);
+ } else if (scope == LDB_SCOPE_BASE ret == LDB_ERR_NO_SUCH_OBJECT) {
+ ret = 0;
+ *msgs = NULL;
} else {
DEBUG(4,(gendb_search_v: search failed: %s,
ldb_errstring(ldb)));
ret = -1;
svn commit: samba r25961 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: abartlet
Date: 2007-11-15 02:46:13 + (Thu, 15 Nov 2007)
New Revision: 25961
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25961
Log:
Add new tests to verify basedn validation in LDAP searches.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/testprogs/ejs/ldap.js
Changeset:
Modified: branches/SAMBA_4_0/testprogs/ejs/ldap.js
===
--- branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-15 02:45:31 UTC (rev
25960)
+++ branches/SAMBA_4_0/testprogs/ejs/ldap.js2007-11-15 02:46:13 UTC (rev
25961)
@@ -45,6 +45,7 @@
assert(ok.error == 32);
}
+ println(Testing user add);
var ok = ldb.add(
dn: cn=ldaptestuser,cn=uSers, + base_dn +
objectclass: user
@@ -339,8 +340,20 @@
assert(res.msgs.length == 1);
}
- assert(res.msgs[0].dn == (CN=ldaptestuser4,CN=ldaptestcontainer2, +
base_dn));
+ println(Testing subtree ldb.search for
((cn=ldaptestuser4)(objectClass=user)) in (just renamed from)
cn=ldaptestcontainer, + base_dn);
+ var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)),
cn=ldaptestcontainer, + base_dn, ldb.SCOPE_SUBTREE);
+ if (res.error != 32) {
+ println(res.errstr);
+ assert(res.error == 32);
+ }
+ println(Testing one-level ldb.search for
((cn=ldaptestuser4)(objectClass=user)) in (just renamed from)
cn=ldaptestcontainer, + base_dn);
+ var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)),
cn=ldaptestcontainer, + base_dn, ldb.SCOPE_ONELEVEL);
+ if (res.error != 32) {
+ println(res.errstr);
+ assert(res.error == 32);
+ }
+
println(Testing ldb.search for ((cn=ldaptestuser4)(objectClass=user))
in renamed container);
var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)),
cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_SUBTREE);
if (res.error != 0 || res.msgs.length != 1) {
@@ -371,8 +384,31 @@
println(ok.errstr);
assert(ok.error == 66);
}
- println(Testing delete of subtree renamed +res.msgs[0].dn);
- ok = ldb.del(res.msgs[0].dn);
+
+ println(Testing base ldb.search for
CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn);
+ var res = ldb.search((objectclass=*),
(CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn), ldb.SCOPE_BASE);
+ if (res.error == 0 res.count == 1) {
+ assert(res.error == 0 res.count == 1);
+ }
+ var res = ldb.search((cn=ldaptestuser40),
(CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn), ldb.SCOPE_BASE);
+ if (res.error == 0 res.count == 0) {
+ assert(res.error == 0 res.count == 0);
+ }
+
+ println(Testing one-level ldb.search for
((cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2, + base_dn);
+ var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)),
cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_ONELEVEL);
+ if (res.error == 0 res.count == 0) {
+ assert(res.error == 0 res.count == 0);
+ }
+
+ println(Testing one-level ldb.search for
((cn=ldaptestuser4)(objectClass=user)) in cn=ldaptestcontainer2, + base_dn);
+ var res = ldb.search(((cn=ldaptestuser4)(objectClass=user)),
cn=ldaptestcontainer2, + base_dn, ldb.SCOPE_SUBTREE);
+ if (res.error == 0 res.count == 0) {
+ assert(res.error == 0 res.count == 0);
+ }
+
+ println(Testing delete of subtree renamed
+(CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn));
+ ok = ldb.del((CN=ldaptestuser4,CN=ldaptestcontainer2, + base_dn));
if (ok.error != 0) {
println(ok.errstr);
assert(ok.error == 0);
@@ -904,6 +940,7 @@
var ok = ldb.connect(ldap://; + host);
var base_dn = find_basedn(ldb);
+
var configuration_dn = find_configurationdn(ldb);
var schema_dn = find_schemadn(ldb);
svn commit: samba r25938 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet
Date: 2007-11-13 22:26:24 + (Tue, 13 Nov 2007)
New Revision: 25938
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25938
Log:
We don't need the CLDAP server unless we are a DC.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/cldap_server/cldap_server.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/cldap_server.c
===
--- branches/SAMBA_4_0/source/cldap_server/cldap_server.c 2007-11-13
21:27:37 UTC (rev 25937)
+++ branches/SAMBA_4_0/source/cldap_server/cldap_server.c 2007-11-13
22:26:24 UTC (rev 25938)
@@ -159,6 +159,18 @@
return;
}
+ switch (lp_server_role(global_loadparm)) {
+ case ROLE_STANDALONE:
+ task_server_terminate(task, cldap_server: no CLDAP server
required in standalone configuration);
+ return;
+ case ROLE_DOMAIN_MEMBER:
+ task_server_terminate(task, cldap_server: no CLDAP server
required in member server configuration);
+ return;
+ case ROLE_DOMAIN_CONTROLLER:
+ /* Yes, we want an CLDAP server */
+ break;
+ }
+
task_server_set_title(task, task[cldapd]);
cldapd = talloc(task, struct cldapd_server);
svn commit: samba r25939 - in branches/SAMBA_4_0/source/cldap_server: .
Author: abartlet
Date: 2007-11-13 22:30:33 + (Tue, 13 Nov 2007)
New Revision: 25939
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25939
Log:
Rework the CLDAP server not to use gendb_search but to call ldb_search
directly.
Handle the errors from ldb_search (now that we get more than just -1),
including NO_SUCH_ENTRY when the base DN doesn't exist.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/cldap_server/netlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c
===
--- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2007-11-13 22:26:24 UTC
(rev 25938)
+++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2007-11-13 22:30:33 UTC
(rev 25939)
@@ -49,8 +49,8 @@
{
const char *ref_attrs[] = {nETBIOSName, dnsRoot, ncName, NULL};
const char *dom_attrs[] = {objectGUID, NULL};
- struct ldb_message **ref_res, **dom_res;
- int ret, count = 0;
+ struct ldb_result *ref_res = NULL, *dom_res = NULL;
+ int ret;
const char **services = lp_server_services(global_loadparm);
uint32_t server_type;
const char *pdc_name;
@@ -72,52 +72,89 @@
}
if (domain) {
- struct ldb_result *dom_ldb_result;
struct ldb_dn *dom_dn;
/* try and find the domain */
- count = gendb_search(cldapd-samctx, mem_ctx,
partitions_basedn, ref_res, ref_attrs,
-
(((objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*)),
- domain);
- if (count == 1) {
- dom_dn = samdb_result_dn(cldapd-samctx, mem_ctx,
ref_res[0], ncName, NULL);
+
+ ret = ldb_search_exp_fmt(cldapd-samctx, mem_ctx, ref_res,
+partitions_basedn, LDB_SCOPE_ONELEVEL,
+ref_attrs,
+
(((objectClass=crossRef)(dnsRoot=%s))(nETBIOSName=*)),
+domain);
+
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2,(Unable to find referece to '%s' in sam: %s\n,
+domain,
+ldb_errstring(cldapd-samctx)));
+ return NT_STATUS_NO_SUCH_DOMAIN;
+ } else if (ref_res-count == 1) {
+ talloc_steal(mem_ctx, dom_res);
+ dom_dn = ldb_msg_find_attr_as_dn(cldapd-samctx,
mem_ctx, ref_res-msgs[0], ncName);
if (!dom_dn) {
return NT_STATUS_NO_SUCH_DOMAIN;
}
ret = ldb_search(cldapd-samctx, dom_dn,
LDB_SCOPE_BASE, objectClass=domain,
-dom_attrs, dom_ldb_result);
+dom_attrs, dom_res);
if (ret != LDB_SUCCESS) {
DEBUG(2,(Error finding domain '%s'/'%s' in
sam: %s\n, domain, ldb_dn_get_linearized(dom_dn),
ldb_errstring(cldapd-samctx)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- talloc_steal(mem_ctx, dom_ldb_result);
- if (dom_ldb_result-count != 1) {
+ talloc_steal(mem_ctx, dom_res);
+ if (dom_res-count != 1) {
DEBUG(2,(Error finding domain '%s'/'%s' in
sam\n, domain, ldb_dn_get_linearized(dom_dn)));
return NT_STATUS_NO_SUCH_DOMAIN;
}
- dom_res = dom_ldb_result-msgs;
+ } else if (ref_res-count 1) {
+ talloc_free(ref_res);
+ return NT_STATUS_NO_SUCH_DOMAIN;
}
}
- if (count == 0 domain_guid) {
- /* OK, so no dice with the name, try and find the domain with
the GUID */
- count = gendb_search(cldapd-samctx, mem_ctx, NULL, dom_res,
dom_attrs,
- ((objectClass=domainDNS)(objectGUID=%s)),
- domain_guid);
- if (count == 1) {
+ if ((dom_res == NULL || dom_res-count == 0) domain_guid) {
+ ref_res = NULL;
+
+ ret = ldb_search_exp_fmt(cldapd-samctx, mem_ctx, dom_res,
+NULL, LDB_SCOPE_SUBTREE,
+dom_attrs,
+((objectClass=domainDNS)(objectGUID=%s)),
+domain_guid);
+
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2,(Unable to find referece to GUID '%s' in sam:
%s\n
svn commit: samba r25940 - in branches/SAMBA_4_0/source: dsdb/samdb dsdb/samdb/ldb_modules rpc_server/drsuapi scripting/libjs setup
Author: abartlet
Date: 2007-11-13 22:38:55 + (Tue, 13 Nov 2007)
New Revision: 25940
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=25940
Log:
Rework the samldb and templates handling.
Templates just don't belong in the sam.ldb, as they don't obey any of
the other rules. This moves them to a seperate templates.ldb.
In samldb, this patch reworks the duplicate SID and Name detection
code, to use ldb_search_exp_fmt() rather than gendb_search. This
returns far more useful errors, which we now handle and report better.
The call to samdb_search_for_parent_domain() has been moved in samldb,
to allow both the account and SID uniqueness checks to be in the same
domain. This function also returns better errors.
dcesrv_drsuapi.c is updated for the new prototype of
samdb_search_for_parent_domain()
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
branches/SAMBA_4_0/source/dsdb/samdb/samdb.c
branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision_templates.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-13
22:30:33 UTC (rev 25939)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c 2007-11-13
22:38:55 UTC (rev 25940)
@@ -190,24 +190,16 @@
*/
static int samldb_get_new_sid(struct ldb_module *module,
TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn,
+ struct ldb_dn *dom_dn,
struct dom_sid **sid)
{
const char * const attrs[2] = { objectSid, NULL };
struct ldb_result *res = NULL;
- struct ldb_dn *dom_dn;
int ret;
struct dom_sid *dom_sid;
/* get the domain component part of the provided dn */
- dom_dn = samdb_search_for_parent_domain(module-ldb, mem_ctx, obj_dn);
- if (dom_dn == NULL) {
- ldb_asprintf_errstring(module-ldb,
- Invalid dn (%s) not child of a domain
object!\n,
- ldb_dn_get_linearized(obj_dn));
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
/* find the domain sid */
ret = ldb_search(module-ldb, dom_dn, LDB_SCOPE_BASE, objectSid=*,
attrs, res);
@@ -338,13 +330,14 @@
}
static int samldb_handle_sid(struct ldb_module *module,
-TALLOC_CTX *mem_ctx, struct
ldb_message *msg2)
+TALLOC_CTX *mem_ctx, struct ldb_message *msg2,
+struct ldb_dn *parent_dn)
{
int ret;
struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, objectSid);
if (sid == NULL) {
- ret = samldb_get_new_sid(module, msg2, msg2-dn, sid);
+ ret = samldb_get_new_sid(module, msg2, msg2-dn, parent_dn,
sid);
if (ret != 0) {
return ret;
}
@@ -361,31 +354,35 @@
return ret;
}
-static char *samldb_generate_samAccountName(struct ldb_module *module,
TALLOC_CTX *mem_ctx)
+static int samldb_generate_samAccountName(struct ldb_module *module,
TALLOC_CTX *mem_ctx,
+ struct ldb_dn *dom_dn, char **name)
{
- char *name;
const char *attrs[] = { NULL };
- struct ldb_message **msgs;
+ struct ldb_result *res;
int ret;
/* Format: $00- */
do {
- name = talloc_asprintf(mem_ctx, $%.6X-%.6X%.6X, (unsigned
int)random(), (unsigned int)random(), (unsigned int)random());
+ *name = talloc_asprintf(mem_ctx, $%.6X-%.6X%.6X, (unsigned
int)random(), (unsigned int)random(), (unsigned int)random());
/* TODO: Figure out exactly what this is meant to conflict with
*/
- ret = gendb_search(module-ldb,
- mem_ctx, NULL, msgs, attrs,
- samAccountName=%s,
- ldb_binary_encode_string(mem_ctx, name));
- if (ret == 0) {
+ ret = ldb_search_exp_fmt(module-ldb,
+mem_ctx, res, dom_dn,
LDB_SCOPE_SUBTREE, attrs,
+samAccountName=%s,
+ldb_binary_encode_string(mem_ctx,
*name));
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(module-ldb, samldb: Failure
searching to determine if samAccountName %s is unique: %s,
+ *name,
ldb_errstring(module-ldb));
+ return ret
