[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Thu Jul 8 13:53:59 MDT 2010 

The branch, master has been updated
       via  6b7e436... s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
       via  921308f... s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
       via  38896f3... s4:drsuapi RPC server - "result_site_name" - fix variable denomination
       via  32a2bbb... s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
       via  61be498... s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
      from  690ed0c... s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 6b7e436871ec7cac1d08c830efaab95d8bb3afa3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Thu Jul 8 14:51:49 2010 +0200

    s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
    
    It's also a possible password change/set attribute candidate.

commit 921308f1e830e0443bb49b6d4eb19ae95357a16e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Wed Jul 7 18:01:34 2010 +0200

    s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
    
    Memory allocations and their result checks should be as tight as possible.

commit 38896f3362073680da82259485dc1031e08f4d6c
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Wed Jul 7 19:03:13 2010 +0200

    s4:drsuapi RPC server - "result_site_name" - fix variable denomination

commit 32a2bbb44b58a8a3da6a6b70d5d21a21c1b68d10
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date:   Thu Jul 8 09:36:30 2010 +0200

    s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
    
    This does work per default on each AD-compatible DC. "userPassword" support on
    Windows however has to be activated explicitly by the "dSHeuristics".

commit 61be498adbdcefb3d2d79bc26019ede01411178f
Author: Matthieu Patou <mat at matws.net>
Date:   Mon Jul 5 23:41:13 2010 +0400

    s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
    
    This should avoid colliion with newly added objects that use the same
    SID as existing users in the upgraded provision.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/samdb/ldb_modules/acl.c        |    7 ++++---
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c |    6 +++---
 source4/scripting/bin/upgradeprovision      |    6 ++++++
 source4/scripting/python/samba/samdb.py     |   10 +++-------
 4 files changed, 16 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2b0b19c..6e38bc4 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -129,7 +129,7 @@ static int acl_module_init(struct ldb_module *module)
 	struct ldb_context *ldb;
 	struct acl_private *data;
 	int ret, i;
-	TALLOC_CTX *mem_ctx = talloc_new(module);
+	TALLOC_CTX *mem_ctx;
 	static const char *attrs[] = { "passwordAttribute", NULL };
 	struct ldb_result *res;
 	struct ldb_message *msg;
@@ -154,6 +154,7 @@ static int acl_module_init(struct ldb_module *module)
 					 NULL, "acl", "perform", false);
 	ldb_module_set_private(module, data);
 
+	mem_ctx = talloc_new(module);
 	if (!mem_ctx) {
 		return ldb_oom(ldb);
 	}
@@ -759,8 +760,8 @@ static int acl_check_password_rights(TALLOC_CTX *mem_ctx,
 	unsigned int del_attr_cnt = 0, add_attr_cnt = 0, rep_attr_cnt = 0;
 	struct ldb_message_element *el;
 	struct ldb_message *msg;
-	const char *passwordAttrs[] = { "userPassword", "unicodePwd",
-					"clearTextPassword", NULL }, **l;
+	const char *passwordAttrs[] = { "userPassword", "clearTextPassword",
+					"unicodePwd", "dBCSPwd", NULL }, **l;
 	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
 
 	msg = ldb_msg_copy_shallow(tmp_ctx, req->op.mod.message);
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 0f49a73..7db9bfd 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -451,11 +451,11 @@ static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call
 }
 
 /* Obtain the site name from a server DN */
-static const char *result_site_name(struct ldb_dn *site_dn)
+static const char *result_site_name(struct ldb_dn *server_dn)
 {
 	/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
-	const struct ldb_val *val = ldb_dn_get_component_val(site_dn, 2);
-	const char *name = ldb_dn_get_component_name(site_dn, 2);
+	const struct ldb_val *val = ldb_dn_get_component_val(server_dn, 2);
+	const char *name = ldb_dn_get_component_name(server_dn, 2);
 
 	if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
 		/* Ensure this matches the format.  This gives us a
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 9d29d4a..48c4ce6 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -516,6 +516,11 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     empty = Message()
     delta = samdb.msg_diff(empty, reference[0])
     delta.dn
+    if delta.get("objectSid"):
+        sid = str(ndr_unpack(security.dom_sid, str(reference[0]["objectSid"])))
+        m = re.match(r".*-(\d+)$", sid)
+        if m and int(m.group(1))>999:
+            delta.remove("objectSid")
     for att in hashAttrNotCopied.keys():
         delta.remove(att)
     for att in backlinked:
@@ -533,6 +538,7 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
     delta.dn = dn
     message(CHANGE,"Object %s will be added" % dn)
     samdb.add(delta, ["relax:0"])
+
     return True
 
 def gen_dn_index_hash(listMissing):
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 34d5606..f810926 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -339,10 +339,6 @@ member: %s
                     username=None):
         """Sets the password for a user
         
-        Note: This call uses the "userPassword" attribute to set the password.
-        This works correctly on SAMBA 4 and on Windows DCs with
-        "2003 Native" or higer domain function level.
-
         :param filter: LDAP filter to find the user (eg samccountname=name)
         :param password: Password for the user
         :param force_change_at_next_login: Force password change
@@ -359,9 +355,9 @@ member: %s
             setpw = """
 dn: %s
 changetype: modify
-replace: userPassword
-userPassword:: %s
-""" % (user_dn, base64.b64encode(password))
+replace: unicodePwd
+unicodePwd:: %s
+""" % (user_dn, base64.b64encode(("\"" + password + "\"").encode('utf-16-le')))
 
             self.modify_ldif(setpw)
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list