[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Oct 16 06:27:31 MDT 2009
The branch, master has been updated
via aaca10b... s4:provision - fixed invalid creationTime format
via 6cb652e... s4:ldb - fixed dangling pointer in ldb_request_add_control()
via 180ca8e... s4:auth - fixed problem reading bind DN from secrets database
via cf77bf3... s4:provision - replaced linked_attributes with FDS plugins
via 925e960... s4:auth_sam: Restructure tail in "authsam_get_server_info_principal" and fix a memory leak
via ba77071... s4:winsdb - Substitute LDB result numbers with constants
from 441f032... s3: Try to fix the build on Solaris & AIX regarding the password change reject reason
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aaca10b3e13d5a6119d7f47bc21bbf0cac3efb96
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Oct 14 01:04:00 2009 -0500
s4:provision - fixed invalid creationTime format
commit 6cb652e05c177377ba67b63d7d820f087cc05a46
Author: Endi S. Dewata <edewata at redhat.com>
Date: Wed Oct 14 00:54:52 2009 -0500
s4:ldb - fixed dangling pointer in ldb_request_add_control()
commit 180ca8ed881593e08c291b504e26ea7b8adf7705
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Oct 9 14:30:51 2009 -0500
s4:auth - fixed problem reading bind DN from secrets database
commit cf77bf338260e33e7353f1176210d5cac5a6048d
Author: Endi S. Dewata <edewata at redhat.com>
Date: Fri Oct 9 13:36:04 2009 -0500
s4:provision - replaced linked_attributes with FDS plugins
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
commit 925e96029e8854a1a3ad59fb4844c02b5aa77527
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 16 13:48:17 2009 +0200
s4:auth_sam: Restructure tail in "authsam_get_server_info_principal" and fix a memory leak
commit ba7707176d6c4e6ee89b18c3070ec7be83079f9e
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Oct 16 13:42:58 2009 +0200
s4:winsdb - Substitute LDB result numbers with constants
-----------------------------------------------------------------------
Summary of changes:
source4/auth/credentials/credentials.c | 5 ++
source4/auth/credentials/credentials_files.c | 3 +
source4/auth/ntlm/auth_sam.c | 11 +++-
source4/lib/ldb/common/ldb_controls.c | 9 +++-
source4/nbt_server/wins/winsdb.c | 39 ++++++++--------
source4/scripting/python/samba/provision.py | 61 +++++++++++++++++++++++--
source4/setup/fedorads-index.ldif | 7 +++
source4/setup/fedorads-linked-attributes.ldif | 7 +++
source4/setup/fedorads-pam.ldif | 2 +
source4/setup/fedorads-refint-add.ldif | 6 +++
source4/setup/fedorads-refint-delete.ldif | 20 ++++++++
source4/setup/fedorads.inf | 4 ++
12 files changed, 145 insertions(+), 29 deletions(-)
create mode 100644 source4/setup/fedorads-index.ldif
create mode 100644 source4/setup/fedorads-linked-attributes.ldif
create mode 100644 source4/setup/fedorads-pam.ldif
create mode 100644 source4/setup/fedorads-refint-add.ldif
create mode 100644 source4/setup/fedorads-refint-delete.ldif
Changeset truncated at 500 lines:
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 09366e8..549c269 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -750,6 +750,11 @@ _PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
{
const char *username;
+ /* if bind dn is set it's not anonymous */
+ if (cred->bind_dn) {
+ return false;
+ }
+
if (cred->machine_account_pending) {
cli_credentials_set_machine_account(cred,
cred->machine_account_pending_lp_ctx);
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index 3fe38d5..42e8ea0 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -266,6 +266,9 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
cli_credentials_set_anonymous(cred);
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+ } else {
+ /* store bind dn in credentials */
+ cli_credentials_set_bind_dn(cred, ldap_bind_dn);
}
}
}
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index a64c56d..58a21d2 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -332,6 +332,7 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
nt_status = sam_get_results_principal(sam_ctx, tmp_ctx, principal,
user_attrs, &domain_dn, &msg);
if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
return nt_status;
}
@@ -342,11 +343,15 @@ NTSTATUS authsam_get_server_info_principal(TALLOC_CTX *mem_ctx,
msg,
user_sess_key, lm_sess_key,
server_info);
- if (NT_STATUS_IS_OK(nt_status)) {
- talloc_steal(mem_ctx, *server_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
}
+
+ talloc_steal(mem_ctx, *server_info);
talloc_free(tmp_ctx);
- return nt_status;
+
+ return NT_STATUS_OK;
}
static const struct auth_operations sam_ignoredomain_ops = {
diff --git a/source4/lib/ldb/common/ldb_controls.c b/source4/lib/ldb/common/ldb_controls.c
index 32b2c0f..a8dd6b5 100644
--- a/source4/lib/ldb/common/ldb_controls.c
+++ b/source4/lib/ldb/common/ldb_controls.c
@@ -123,7 +123,7 @@ int check_critical_controls(struct ldb_control **controls)
int ldb_request_add_control(struct ldb_request *req, const char *oid, bool critical, void *data)
{
- unsigned n;
+ unsigned i, n;
struct ldb_control **ctrls;
struct ldb_control *ctrl;
@@ -135,10 +135,15 @@ int ldb_request_add_control(struct ldb_request *req, const char *oid, bool criti
n++;
}
- ctrls = talloc_realloc(req, req->controls,
+ ctrls = talloc_array(req,
struct ldb_control *,
n + 2);
if (!ctrls) return LDB_ERR_OPERATIONS_ERROR;
+
+ for (i=0; i<n; i++) {
+ ctrls[i] = req->controls[i];
+ }
+
req->controls = ctrls;
ctrls[n] = NULL;
ctrls[n+1] = NULL;
diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c
index 389995e..a502050 100644
--- a/source4/nbt_server/wins/winsdb.c
+++ b/source4/nbt_server/wins/winsdb.c
@@ -100,17 +100,17 @@ uint64_t winsdb_set_maxVersion(struct winsdb_handle *h, uint64_t newMaxVersion)
ret = ldb_msg_add_empty(msg, "objectClass", LDB_FLAG_MOD_REPLACE, NULL);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
ret = ldb_msg_add_string(msg, "objectClass", "winsMaxVersion");
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
ret = ldb_msg_add_empty(msg, "maxVersion", LDB_FLAG_MOD_REPLACE, NULL);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
ret = ldb_msg_add_fmt(msg, "maxVersion", "%llu", (long long)newMaxVersion);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
ret = ldb_modify(wins_db, msg);
- if (ret != 0) ret = ldb_add(wins_db, msg);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) ret = ldb_add(wins_db, msg);
+ if (ret != LDB_SUCCESS) goto failed;
trans = ldb_transaction_commit(wins_db);
if (trans != LDB_SUCCESS) goto failed;
@@ -259,7 +259,7 @@ static NTSTATUS winsdb_addr_decode(struct winsdb_handle *h, struct winsdb_record
return NT_STATUS_OK;
}
- *p = '\0';p++;
+ *p = '\0'; p++;
addr->address = talloc_strdup(addr, address);
if (!addr->address) {
status = NT_STATUS_NO_MEMORY;
@@ -324,16 +324,16 @@ static int ldb_msg_add_winsdb_addr(struct ldb_message *msg, struct winsdb_record
if (rec->is_static) {
str = talloc_strdup(msg, addr->address);
- if (!str) return -1;
+ if (!str) return LDB_ERR_OPERATIONS_ERROR;
} else {
char *expire_time;
expire_time = ldb_timestring(msg, addr->expire_time);
- if (!expire_time) return -1;
+ if (!expire_time) return LDB_ERR_OPERATIONS_ERROR;
str = talloc_asprintf(msg, "%s;winsOwner:%s;expireTime:%s;",
addr->address, addr->wins_owner,
expire_time);
talloc_free(expire_time);
- if (!str) return -1;
+ if (!str) return LDB_ERR_OPERATIONS_ERROR;
}
val.data = discard_const_p(uint8_t, str);
@@ -750,7 +750,7 @@ static struct ldb_message *winsdb_message(struct ldb_context *ldb,
struct winsdb_record *rec,
TALLOC_CTX *mem_ctx)
{
- int i, ret=0;
+ int i, ret;
size_t addr_count;
const char *expire_time;
struct ldb_message *msg = ldb_msg_new(mem_ctx);
@@ -772,7 +772,7 @@ static struct ldb_message *winsdb_message(struct ldb_context *ldb,
msg->dn = winsdb_dn(msg, ldb, rec->name);
if (msg->dn == NULL) goto failed;
- ret |= ldb_msg_add_fmt(msg, "type", "0x%02X", rec->name->type);
+ ret = ldb_msg_add_fmt(msg, "type", "0x%02X", rec->name->type);
if (rec->name->name && *rec->name->name) {
ret |= ldb_msg_add_string(msg, "name", rec->name->name);
}
@@ -798,7 +798,7 @@ static struct ldb_message *winsdb_message(struct ldb_context *ldb,
ret |= ldb_msg_add_empty(msg, "registeredBy", 0, NULL);
ret |= ldb_msg_add_string(msg, "registeredBy", rec->registered_by);
}
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
return msg;
failed:
@@ -815,7 +815,7 @@ uint8_t winsdb_add(struct winsdb_handle *h, struct winsdb_record *rec, uint32_t
struct ldb_context *wins_db = h->ldb;
TALLOC_CTX *tmp_ctx = talloc_new(wins_db);
int trans = -1;
- int ret = 0;
+ int ret;
trans = ldb_transaction_start(wins_db);
if (trans != LDB_SUCCESS) goto failed;
@@ -832,7 +832,7 @@ uint8_t winsdb_add(struct winsdb_handle *h, struct winsdb_record *rec, uint32_t
msg = winsdb_message(wins_db, rec, tmp_ctx);
if (msg == NULL) goto failed;
ret = ldb_add(wins_db, msg);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
trans = ldb_transaction_commit(wins_db);
if (trans != LDB_SUCCESS) goto failed;
@@ -881,7 +881,7 @@ uint8_t winsdb_modify(struct winsdb_handle *h, struct winsdb_record *rec, uint32
}
ret = ldb_modify(wins_db, msg);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
trans = ldb_transaction_commit(wins_db);
if (trans != LDB_SUCCESS) goto failed;
@@ -916,7 +916,7 @@ uint8_t winsdb_delete(struct winsdb_handle *h, struct winsdb_record *rec)
if (dn == NULL) goto failed;
ret = ldb_delete(wins_db, dn);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
trans = ldb_transaction_commit(wins_db);
if (trans != LDB_SUCCESS) goto failed;
@@ -962,10 +962,10 @@ static bool winsdb_check_or_add_module_list(struct tevent_context *ev_ctx,
msg->dn = dn;
ret = ldb_msg_add_string(msg, "@LIST", "wins_ldb");
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
ret = ldb_add(h->ldb, msg);
- if (ret != 0) goto failed;
+ if (ret != LDB_SUCCESS) goto failed;
trans = ldb_transaction_commit(h->ldb);
if (trans != LDB_SUCCESS) goto failed;
@@ -1037,3 +1037,4 @@ failed:
talloc_free(h);
return NULL;
}
+
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index bf2e220..fdf1fe9 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -144,6 +144,11 @@ class ProvisionPaths(object):
self.fedoradsinf = None
self.fedoradspartitions = None
self.fedoradssasl = None
+ self.fedoradspam = None
+ self.fedoradsrefint = None
+ self.fedoradslinkedattributes = None
+ self.fedoradsindex = None
+ self.fedoradssamba = None
self.olmmron = None
self.olmmrserveridsconf = None
self.olmmrsyncreplconf = None
@@ -334,7 +339,7 @@ def setup_ldb(ldb, ldif_path, subst_vars):
ldb.transaction_commit()
-def setup_file(template, fname, subst_vars):
+def setup_file(template, fname, subst_vars=None):
"""Setup a file in the private dir.
:param template: Path of the template file.
@@ -388,8 +393,16 @@ def provision_paths_from_lp(lp, dnsdomain):
"fedorads-partitions.ldif")
paths.fedoradssasl = os.path.join(paths.ldapdir,
"fedorads-sasl.ldif")
+ paths.fedoradspam = os.path.join(paths.ldapdir,
+ "fedorads-pam.ldif")
+ paths.fedoradsrefint = os.path.join(paths.ldapdir,
+ "fedorads-refint.ldif")
+ paths.fedoradslinkedattributes = os.path.join(paths.ldapdir,
+ "fedorads-linked-attributes.ldif")
+ paths.fedoradsindex = os.path.join(paths.ldapdir,
+ "fedorads-index.ldif")
paths.fedoradssamba = os.path.join(paths.ldapdir,
- "fedorads-samba.ldif")
+ "fedorads-samba.ldif")
paths.olmmrserveridsconf = os.path.join(paths.ldapdir,
"mmr_serverids.conf")
paths.olmmrsyncreplconf = os.path.join(paths.ldapdir,
@@ -651,7 +664,7 @@ def setup_samdb_partitions(samdb_path, setup_path, message, lp, session_info,
if ldap_backend.ldap_backend_type == "fedora-ds":
backend_modules = ["nsuniqueid", "paged_searches"]
# We can handle linked attributes here, as we don't have directory-side subtree operations
- tdb_modules_list = ["linked_attributes", "extended_dn_out_dereference"]
+ tdb_modules_list = ["extended_dn_out_dereference"]
elif ldap_backend.ldap_backend_type == "openldap":
backend_modules = ["entryuuid", "paged_searches"]
# OpenLDAP handles subtree renames, so we don't want to do any of these things
@@ -1024,7 +1037,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
- "CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks
+ "CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
"DOMAINSID": str(domainsid),
"SCHEMADN": names.schemadn,
"NETBIOSNAME": names.netbiosname,
@@ -1091,7 +1104,7 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
"DOMAINDN": names.domaindn})
message("Setting up sam.ldb data")
setup_add_ldif(samdb, setup_path("provision.ldif"), {
- "CREATTIME": str(int(time.time()) * 1e7), # seconds -> ticks
+ "CREATTIME": str(int(time.time() * 1e7)), # seconds -> ticks
"DOMAINDN": names.domaindn,
"NETBIOSNAME": names.netbiosname,
"DEFAULTSITE": names.sitename,
@@ -1913,6 +1926,44 @@ def provision_fds_backend(result, paths=None, setup_path=None, names=None,
{"SAMBADN": names.sambadn,
})
+ setup_file(setup_path("fedorads-pam.ldif"), paths.fedoradspam)
+
+ lnkattr = get_linked_attributes(names.schemadn,schema.ldb)
+
+ refint_config = data = open(setup_path("fedorads-refint-delete.ldif"), 'r').read()
+ memberof_config = ""
+ index_config = ""
+ argnum = 3
+
+ for attr in lnkattr.keys():
+ if lnkattr[attr] is not None:
+ refint_config += read_and_sub_file(setup_path("fedorads-refint-add.ldif"),
+ { "ARG_NUMBER" : str(argnum) ,
+ "LINK_ATTR" : attr })
+ memberof_config += read_and_sub_file(setup_path("fedorads-linked-attributes.ldif"),
+ { "MEMBER_ATTR" : attr ,
+ "MEMBEROF_ATTR" : lnkattr[attr] })
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+ argnum += 1
+
+ open(paths.fedoradsrefint, 'w').write(refint_config)
+ open(paths.fedoradslinkedattributes, 'w').write(memberof_config)
+
+ attrs = ["lDAPDisplayName"]
+ res = schema.ldb.search(expression="(&(objectclass=attributeSchema)(searchFlags:1.2.840.113556.1.4.803:=1))", base=names.schemadn, scope=SCOPE_ONELEVEL, attrs=attrs)
+
+ for i in range (0, len(res)):
+ attr = res[i]["lDAPDisplayName"][0]
+
+ if attr == "objectGUID":
+ attr = "nsUniqueId"
+
+ index_config += read_and_sub_file(setup_path("fedorads-index.ldif"),
+ { "ATTR" : attr })
+
+ open(paths.fedoradsindex, 'w').write(index_config)
+
setup_file(setup_path("fedorads-samba.ldif"), paths.fedoradssamba,
{"SAMBADN": names.sambadn,
"LDAPADMINPASS": ldapadminpass
diff --git a/source4/setup/fedorads-index.ldif b/source4/setup/fedorads-index.ldif
new file mode 100644
index 0000000..4b4eb23
--- /dev/null
+++ b/source4/setup/fedorads-index.ldif
@@ -0,0 +1,7 @@
+dn: cn=${ATTR},cn=default indexes,cn=config,cn=ldbm database,cn=plugins,cn=config
+objectClass: top
+objectClass: nsIndex
+cn: ${ATTR}
+nsSystemIndex: false
+nsIndexType: eq
+
diff --git a/source4/setup/fedorads-linked-attributes.ldif b/source4/setup/fedorads-linked-attributes.ldif
new file mode 100644
index 0000000..05abcf9
--- /dev/null
+++ b/source4/setup/fedorads-linked-attributes.ldif
@@ -0,0 +1,7 @@
+# Link ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+dn: cn=${MEMBER_ATTR} to ${MEMBEROF_ATTR},cn=Linked Attributes,cn=plugins,cn=config
+objectClass: extensibleObject
+cn: ${MEMBER_ATTR} to ${MEMBEROF_ATTR}
+linkType: ${MEMBER_ATTR}
+managedType: ${MEMBEROF_ATTR}
+
diff --git a/source4/setup/fedorads-pam.ldif b/source4/setup/fedorads-pam.ldif
new file mode 100644
index 0000000..5ffd5cf
--- /dev/null
+++ b/source4/setup/fedorads-pam.ldif
@@ -0,0 +1,2 @@
+dn: cn=PAM Pass Through Auth,cn=plugins,cn=config
+changetype: delete
diff --git a/source4/setup/fedorads-refint-add.ldif b/source4/setup/fedorads-refint-add.ldif
new file mode 100644
index 0000000..2deb07d
--- /dev/null
+++ b/source4/setup/fedorads-refint-add.ldif
@@ -0,0 +1,6 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+add: nsslapd-pluginArg${ARG_NUMBER}
+nsslapd-pluginArg${ARG_NUMBER}: ${LINK_ATTR}
+-
+
diff --git a/source4/setup/fedorads-refint-delete.ldif b/source4/setup/fedorads-refint-delete.ldif
new file mode 100644
index 0000000..cd20b83
--- /dev/null
+++ b/source4/setup/fedorads-refint-delete.ldif
@@ -0,0 +1,20 @@
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg3
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg4
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg5
+-
+
+dn: cn=referential integrity postoperation,cn=plugins,cn=config
+changetype: modify
+delete: nsslapd-pluginArg6
+-
+
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index 90ebe6a..e0676c4 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -28,3 +28,7 @@ install_full_schema= 0
SchemaFile=${LDAPDIR}/99_ad.ldif
ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif
ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif
+ConfigFile = ${LDAPDIR}/fedorads-pam.ldif
+ConfigFile = ${LDAPDIR}/fedorads-refint.ldif
+ConfigFile = ${LDAPDIR}/fedorads-linked-attributes.ldif
+ConfigFile = ${LDAPDIR}/fedorads-index.ldif
--
Samba Shared Repository
More information about the samba-cvs
mailing list