[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-283-g7361821

Fri Aug 15 11:20:33 GMT 2008

The branch, v4-0-test has been updated
       via  7361821b21ef78c564c41466783048606a0b6e98 (commit)
       via  fa03d750e4577a610dc410d45d49789110b1b4f1 (commit)
       via  e85abe7db21eec47adecae8243a25f145aa7ec9a (commit)
       via  7ad0d8dd4dab6119ca6f94b64b35c8f975a27d0a (commit)
       via  30da1b534f00ba6ef6cf86cba603732bc6e1ad43 (commit)
      from  b4b14b748e6babc93faee23fe8f5c03ec2d25cbb (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit 7361821b21ef78c564c41466783048606a0b6e98
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Aug 15 21:20:05 2008 +1000

    Fix the build, after the ad2oLschema changes.

commit fa03d750e4577a610dc410d45d49789110b1b4f1
Merge: e85abe7db21eec47adecae8243a25f145aa7ec9a b4b14b748e6babc93faee23fe8f5c03ec2d25cbb
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Aug 15 21:16:40 2008 +1000

    Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

commit e85abe7db21eec47adecae8243a25f145aa7ec9a
Merge: 7ad0d8dd4dab6119ca6f94b64b35c8f975a27d0a 9246924effd4d0b08ca1ef87e45ad510020df93e
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Aug 13 09:47:18 2008 +1000

    Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

commit 7ad0d8dd4dab6119ca6f94b64b35c8f975a27d0a
Merge: 30da1b534f00ba6ef6cf86cba603732bc6e1ad43 54b873e49ff363609632fa2862208bf6b4c1b6ed
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Aug 12 17:46:48 2008 +1000

    Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Aug 11 11:45:45 2008 +1000

    Only allow trust accounts access to the NTP signing service.

-----------------------------------------------------------------------

Summary of changes:
 source/ntp_signd/ntp_signd.c |   12 +++++++++---
 source/utils/oLschema2ldif.c |    5 +++--
 2 files changed, 12 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/ntp_signd/ntp_signd.c b/source/ntp_signd/ntp_signd.c
index c1ac7db..546743e 100644
--- a/source/ntp_signd/ntp_signd.c
+++ b/source/ntp_signd/ntp_signd.c
@@ -123,7 +123,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 	struct signed_reply signed_reply;
 	enum ndr_err_code ndr_err;
 	struct ldb_result *res;
-	const char *attrs[] = { "unicodePwd", "userAccountControl", NULL };
+	const char *attrs[] = { "unicodePwd", "userAccountControl", "cn", NULL };
 	struct MD5Context ctx;
 	struct samr_Password *nt_hash;
 	uint32_t user_account_control;
@@ -168,7 +168,7 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 
 	ret = ldb_search_exp_fmt(ntp_signdconn->ntp_signd->samdb, tmp_ctx,
 				 &res, samdb_base_dn(ntp_signdconn->ntp_signd->samdb),
-				 LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=computer))",
+				 LDB_SCOPE_SUBTREE, attrs, "(&(objectSid=%s)(objectClass=user))",
 				 dom_sid_string(tmp_ctx, sid));
 	if (ret != LDB_SUCCESS) {
 		DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: %s\n", dom_sid_string(tmp_ctx, sid),
@@ -188,7 +188,13 @@ static NTSTATUS ntp_signd_recv(void *private, DATA_BLOB wrapped_input)
 	user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0], "userAccountControl", 0);
 
 	if (user_account_control & UF_ACCOUNTDISABLE) {
-		DEBUG(1, ("Account for SID [%s] is disabled\n", dom_sid_string(tmp_ctx, sid)));
+		DEBUG(1, ("Account %s for SID [%s] is disabled\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid)));
+		talloc_free(tmp_ctx);
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	if (!(user_account_control & (UF_INTERDOMAIN_TRUST_ACCOUNT|UF_SERVER_TRUST_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT))) {
+		DEBUG(1, ("Account %s for SID [%s] is not a trust account\n", ldb_dn_get_linearized(res->msgs[0]->dn), dom_sid_string(tmp_ctx, sid)));
 		talloc_free(tmp_ctx);
 		return NT_STATUS_ACCESS_DENIED;
 	}
diff --git a/source/utils/oLschema2ldif.c b/source/utils/oLschema2ldif.c
index b501b75..d045b08 100644
--- a/source/utils/oLschema2ldif.c
+++ b/source/utils/oLschema2ldif.c
@@ -31,9 +31,10 @@
  *  Author: Simo Sorce
  */
 
+#include "includes.h"
 #include "ldb_includes.h"
 #include "tools/cmdline.h"
-#include "utils/schema_convert.h"
+#include "dsdb/samdb/samdb.h"
 
 #define SCHEMA_UNKNOWN 0
 #define SCHEMA_NAME 1
@@ -432,7 +433,7 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
 
 		case SCHEMA_SYNTAX:
 		{
-			const struct syntax_map *map = 
+			const struct dsdb_syntax_map *map = 
 				find_syntax_map_by_standard_oid(token->value);
 			if (!map) {
 				break;


-- 
Samba Shared Repository
