[SCM] Samba Shared Repository - branch master updated

Matthias Dieter Wallnöfer mdw at samba.org
Mon Jun 28 11:47:28 MDT 2010 

The branch, master has been updated
       via  7cb98a0... s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
       via  5bee3ef... s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
       via  ed4c107... s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
       via  fa9557f... s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
      from  ba0ba4e... s3: Make some routines static in smbldap

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 7cb98a0cdcef27f591357ec63633b50fd9dce29f
Author: Endi S. Dewata <edewata at redhat.com>
Date:   Mon Jun 28 11:13:03 2010 -0500

    s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>

commit 5bee3efacac76fdf8753a7c7cb2845bf6058d088
Author: Endi S. Dewata <edewata at redhat.com>
Date:   Mon Jun 28 11:18:16 2010 -0500

    s4/libcli: Register LDB_CONTROL_REVEAL_INTERNALS and DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID controls.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>

commit ed4c107bc1eac8531fdd8d09f7698efcbc7ecb14
Author: Endi S. Dewata <edewata at redhat.com>
Date:   Mon Jun 28 10:54:37 2010 -0500

    s4/dsdb: Fixed partition_search() not to pass special DN's to LDAP backend.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>

commit fa9557fee3ca546878d99b77f1ff37f724c37024
Author: Endi S. Dewata <edewata at redhat.com>
Date:   Mon Jun 28 10:45:04 2010 -0500

    s4/auth: Fixed authsam_expand_nested_groups() to find entry SID if not available in the DN.
    
    Signed-off-by: Matthias Dieter Wallnöfer <mdw at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/sam.c                         |    9 ++++++-
 source4/dsdb/samdb/ldb_modules/partition.c |   14 ++++++-----
 source4/libcli/ldap/ldap_controls.c        |    4 +++
 source4/scripting/bin/samba_spnupdate      |   33 +++++++++++++++++++++++++--
 4 files changed, 50 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 894ba37..b0fc9ca 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -319,9 +319,16 @@ NTSTATUS authsam_expand_nested_groups(struct ldb_context *sam_ctx,
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
+
 	status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, (__location__ "when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s",
+		ret = dsdb_search(sam_ctx, tmp_ctx, &res, dn, LDB_SCOPE_BASE, attrs, DSDB_SEARCH_SHOW_EXTENDED_DN, NULL);
+		dn = res->msgs[0]->dn;
+		status = dsdb_get_extended_dn_sid(dn, &sid, "SID");
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, (__location__ ": when parsing DN %s we failed to find or parse SID component, so we cannot calculate the group token: %s\n",
 			  ldb_dn_get_extended_linearized(tmp_ctx, dn, 1), 
 			  nt_errstr(status)));
 		talloc_free(tmp_ctx);
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 6c0d9cd..d022d12 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -470,12 +470,14 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
 		return ret;
 	}
 
-	p = find_partition(data, NULL, req);
-	if (p != NULL) {
-		/* the caller specified what partition they want the
-		 * search - just pass it on
-		 */
-		return ldb_next_request(p->module, req);		
+	if (!ldb_dn_is_special(req->op.search.base)) {
+		p = find_partition(data, NULL, req);
+		if (p != NULL) {
+			/* the caller specified what partition they want the
+			* search - just pass it on
+			*/
+			return ldb_next_request(p->module, req);
+		}
 	}
 
 	/* Get back the search options from the search control, and mark it as
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index 7f99a9c..49fb38c 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -1312,8 +1312,12 @@ static const struct ldap_control_handler ldap_known_controls[] = {
 	{ "1.3.6.1.4.1.7165.4.3.2", NULL, NULL },
 /* DSDB_CONTROL_DN_STORAGE_FORMAT_OID is internal only, and has no network representation */
 	{ "1.3.6.1.4.1.7165.4.3.4", NULL, NULL },
+/* LDB_CONTROL_REVEAL_INTERNALS is internal only, and has no network representation */
+	{ "1.3.6.1.4.1.7165.4.3.6", NULL, NULL },
 /* LDB_CONTROL_AS_SYSTEM_OID is internal only, and has no network representation */
 	{ "1.3.6.1.4.1.7165.4.3.7", NULL, NULL },
+/* DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID is internal only, and has no network representation */
+	{ "1.3.6.1.4.1.7165.4.3.8", NULL, NULL },
 /* DSDB_EXTENDED_REPLICATED_OBJECTS_OID is internal only, and has no network representation */
 	{ "1.3.6.1.4.1.7165.4.4.1", NULL, NULL },
 	{ DSDB_OPENLDAP_DEREFERENCE_CONTROL, decode_openldap_dereference, encode_openldap_dereference},
diff --git a/source4/scripting/bin/samba_spnupdate b/source4/scripting/bin/samba_spnupdate
index 1971ea1..c675a54 100755
--- a/source4/scripting/bin/samba_spnupdate
+++ b/source4/scripting/bin/samba_spnupdate
@@ -29,9 +29,11 @@ sys.path.insert(0, "bin/python")
 
 import samba, ldb
 import optparse
+from samba import Ldb
 from samba import getopt as options
 from samba.auth import system_session
 from samba.samdb import SamDB
+from samba.credentials import Credentials, DONT_USE_KERBEROS
 
 parser = optparse.OptionParser("samba_spnupdate")
 sambaopts = options.SambaOptions(parser)
@@ -39,7 +41,9 @@ parser.add_option_group(sambaopts)
 parser.add_option_group(options.VersionOptions(parser))
 parser.add_option("--verbose", action="store_true")
 
-creds = None
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+
 ccachename = None
 
 opts, args = parser.parse_args()
@@ -49,6 +53,7 @@ if len(args) != 0:
     sys.exit(1)
 
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
 
 domain = lp.get("realm")
 host = lp.get("netbios name")
@@ -70,9 +75,31 @@ def get_subst_vars(samdb):
     return vars
 
 try:
-    samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), lp=lp)
+    private_dir = lp.get("private dir")
+    secrets_path = os.path.join(private_dir, lp.get("secrets database"))
+
+    secrets_db = Ldb(url=secrets_path, session_info=system_session(),
+                     credentials=creds, lp=lp)
+    res = secrets_db.search(base=None,
+                            expression="(&(objectclass=ldapSecret)(cn=SAMDB Credentials))",
+                            attrs=["samAccountName", "secret"])
+
+    if len(res) == 1:
+        credentials = Credentials()
+        credentials.set_kerberos_state(DONT_USE_KERBEROS)
+
+        if "samAccountName" in res[0]:
+            credentials.set_username(res[0]["samAccountName"][0])
+
+        if "secret" in res[0]:
+            credentials.set_password(res[0]["secret"][0])
+
+    else:
+        credentials = None
+
+    samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=credentials, lp=lp)
 except ldb.LdbError, (num, msg):
-    print("Unable to open sam database %s : %s" % (lp.get("sam database")), msg)
+    print("Unable to open sam database %s : %s" % (lp.get("sam database"), msg))
     sys.exit(1)
 
 # get the substitution dictionary


-- 
Samba Shared Repository

More information about the samba-cvs mailing list