[SCM] Samba Shared Repository - branch master updated
Matthias Dieter Wallnöfer
mdw at samba.org
Thu Jul 8 13:53:59 MDT 2010
The branch, master has been updated
via 6b7e436... s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
via 921308f... s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
via 38896f3... s4:drsuapi RPC server - "result_site_name" - fix variable denomination
via 32a2bbb... s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
via 61be498... s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
from 690ed0c... s3-rpc: when using rpc_pipe_open_internal, make sure to go through NDR.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6b7e436871ec7cac1d08c830efaab95d8bb3afa3
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu Jul 8 14:51:49 2010 +0200
s4:acl LDB module - password attributes - check also the "dBCSPwd" attribute
It's also a possible password change/set attribute candidate.
commit 921308f1e830e0443bb49b6d4eb19ae95357a16e
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Jul 7 18:01:34 2010 +0200
s4:acl LDB module - move a "mem_ctx" creation to the place where it is actually checked
Memory allocations and their result checks should be as tight as possible.
commit 38896f3362073680da82259485dc1031e08f4d6c
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Wed Jul 7 19:03:13 2010 +0200
s4:drsuapi RPC server - "result_site_name" - fix variable denomination
commit 32a2bbb44b58a8a3da6a6b70d5d21a21c1b68d10
Author: Matthias Dieter Wallnöfer <mdw at samba.org>
Date: Thu Jul 8 09:36:30 2010 +0200
s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute
This does work per default on each AD-compatible DC. "userPassword" support on
Windows however has to be activated explicitly by the "dSHeuristics".
commit 61be498adbdcefb3d2d79bc26019ede01411178f
Author: Matthieu Patou <mat at matws.net>
Date: Mon Jul 5 23:41:13 2010 +0400
s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one
This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.
Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/samdb/ldb_modules/acl.c | 7 ++++---
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 6 +++---
source4/scripting/bin/upgradeprovision | 6 ++++++
source4/scripting/python/samba/samdb.py | 10 +++-------
4 files changed, 16 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 2b0b19c..6e38bc4 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -129,7 +129,7 @@ static int acl_module_init(struct ldb_module *module)
struct ldb_context *ldb;
struct acl_private *data;
int ret, i;
- TALLOC_CTX *mem_ctx = talloc_new(module);
+ TALLOC_CTX *mem_ctx;
static const char *attrs[] = { "passwordAttribute", NULL };
struct ldb_result *res;
struct ldb_message *msg;
@@ -154,6 +154,7 @@ static int acl_module_init(struct ldb_module *module)
NULL, "acl", "perform", false);
ldb_module_set_private(module, data);
+ mem_ctx = talloc_new(module);
if (!mem_ctx) {
return ldb_oom(ldb);
}
@@ -759,8 +760,8 @@ static int acl_check_password_rights(TALLOC_CTX *mem_ctx,
unsigned int del_attr_cnt = 0, add_attr_cnt = 0, rep_attr_cnt = 0;
struct ldb_message_element *el;
struct ldb_message *msg;
- const char *passwordAttrs[] = { "userPassword", "unicodePwd",
- "clearTextPassword", NULL }, **l;
+ const char *passwordAttrs[] = { "userPassword", "clearTextPassword",
+ "unicodePwd", "dBCSPwd", NULL }, **l;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
msg = ldb_msg_copy_shallow(tmp_ctx, req->op.mod.message);
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 0f49a73..7db9bfd 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -451,11 +451,11 @@ static WERROR dcesrv_DRSUAPI_REMOVE_DS_DOMAIN(struct dcesrv_call_state *dce_call
}
/* Obtain the site name from a server DN */
-static const char *result_site_name(struct ldb_dn *site_dn)
+static const char *result_site_name(struct ldb_dn *server_dn)
{
/* Format is cn=<NETBIOS name>,cn=Servers,cn=<site>,cn=sites.... */
- const struct ldb_val *val = ldb_dn_get_component_val(site_dn, 2);
- const char *name = ldb_dn_get_component_name(site_dn, 2);
+ const struct ldb_val *val = ldb_dn_get_component_val(server_dn, 2);
+ const char *name = ldb_dn_get_component_name(server_dn, 2);
if (!name || (ldb_attr_cmp(name, "cn") != 0)) {
/* Ensure this matches the format. This gives us a
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index 9d29d4a..48c4ce6 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -516,6 +516,11 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
empty = Message()
delta = samdb.msg_diff(empty, reference[0])
delta.dn
+ if delta.get("objectSid"):
+ sid = str(ndr_unpack(security.dom_sid, str(reference[0]["objectSid"])))
+ m = re.match(r".*-(\d+)$", sid)
+ if m and int(m.group(1))>999:
+ delta.remove("objectSid")
for att in hashAttrNotCopied.keys():
delta.remove(att)
for att in backlinked:
@@ -533,6 +538,7 @@ def add_missing_object(ref_samdb, samdb, dn, names, basedn, hash, index):
delta.dn = dn
message(CHANGE,"Object %s will be added" % dn)
samdb.add(delta, ["relax:0"])
+
return True
def gen_dn_index_hash(listMissing):
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 34d5606..f810926 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -339,10 +339,6 @@ member: %s
username=None):
"""Sets the password for a user
- Note: This call uses the "userPassword" attribute to set the password.
- This works correctly on SAMBA 4 and on Windows DCs with
- "2003 Native" or higer domain function level.
-
:param filter: LDAP filter to find the user (eg samccountname=name)
:param password: Password for the user
:param force_change_at_next_login: Force password change
@@ -359,9 +355,9 @@ member: %s
setpw = """
dn: %s
changetype: modify
-replace: userPassword
-userPassword:: %s
-""" % (user_dn, base64.b64encode(password))
+replace: unicodePwd
+unicodePwd:: %s
+""" % (user_dn, base64.b64encode(("\"" + password + "\"").encode('utf-16-le')))
self.modify_ldif(setpw)
--
Samba Shared Repository
More information about the samba-cvs
mailing list