[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Aug 26 07:35:02 MDT 2011
The branch, master has been updated
via e8aed94 s4-drsuapi Allow DsAddEntry of normal objects
via 9a13731 s4-messaging ensure we do not segfault on a NULL msg context in cleanup
via 1f18147 selftest: Allow a krb5.conf to be generated that covers multiple realms
via c8f13dab build: Add dcerpc-binding to dcerpc.pc
via f81bb8d s4-dsdb Return ACL errors as ldb_errstring()
via 607d7c5 s4-provision Use samba.dns_name_to_dn
via 322b525 s3-passdb: Allocate talloc stackframe before calling pdb_get_group_sid()
via 8c466c1 s3-param: Allocate talloc stackframe before calling s3 param routines
from e0e3d21 s3: Use sys_write in fork_domain_child
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e8aed9472a2165306c3b9b3fe92e1581a1b5d460
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 26 16:06:31 2011 +1000
s4-drsuapi Allow DsAddEntry of normal objects
We previously only allowed objects of class ntDSDSA
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Fri Aug 26 15:34:21 CEST 2011 on sn-devel-104
commit 9a137311f129c795897c2633aab95c47db7b5903
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 26 16:05:46 2011 +1000
s4-messaging ensure we do not segfault on a NULL msg context in cleanup
commit 1f181476b4bd27dda9823e99961c4954ad968244
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 26 16:02:01 2011 +1000
selftest: Allow a krb5.conf to be generated that covers multiple realms
commit c8f13dab6bb47d97b816026fd1d13b779a697f2c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 25 20:46:13 2011 +1000
build: Add dcerpc-binding to dcerpc.pc
This will help projects like OpenChange that depend on
this code, now that it has been split between two libraries.
Andrew Bartlett
commit f81bb8df6747828f101a6a23ceb9bc31c267a4be
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Aug 25 19:20:28 2011 +1000
s4-dsdb Return ACL errors as ldb_errstring()
This string is reported to the caller, which makes debugging much easier.
Andrew Bartlett
commit 607d7c5cdfc6575ac24df7c8996c11c9679abb44
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 24 15:32:57 2011 +1000
s4-provision Use samba.dns_name_to_dn
commit 322b5253f44f301362cb428175b0f22f358d4931
Author: Amitay Isaacs <amitay at gmail.com>
Date: Fri Aug 26 16:25:27 2011 +1000
s3-passdb: Allocate talloc stackframe before calling pdb_get_group_sid()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 8c466c14114f6f9fc1b731184067cbd134445ae5
Author: Amitay Isaacs <amitay at gmail.com>
Date: Fri Aug 26 12:59:01 2011 +1000
s3-param: Allocate talloc stackframe before calling s3 param routines
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/target/Samba.pm | 55 ++++++++++++-------
selftest/target/Samba3.pm | 4 +-
selftest/target/Samba4.pm | 2 +-
source3/param/loadparm_ctx.c | 28 +++++++++-
source3/passdb/py_passdb.c | 11 ++--
source4/dsdb/common/dsdb_access.c | 3 +
source4/dsdb/samdb/ldb_modules/acl.c | 43 ++++++++++------
source4/dsdb/samdb/ldb_modules/acl_util.c | 4 +-
source4/lib/messaging/messaging.c | 4 ++
source4/librpc/dcerpc.pc.in | 2 +-
source4/rpc_server/drsuapi/addentry.c | 7 ++-
source4/scripting/python/samba/__init__.py | 4 ++
.../scripting/python/samba/provision/__init__.py | 4 +-
13 files changed, 120 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 1b1eb53..d993611 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -59,14 +59,19 @@ sub bindir_path($$) {
return $path;
}
-sub mk_krb5_conf($)
+sub mk_krb5_conf($$)
{
- my ($ctx) = @_;
+ my ($ctx, $other_realms_stanza) = @_;
unless (open(KRB5CONF, ">$ctx->{krb5_conf}")) {
warn("can't open $ctx->{krb5_conf}$?");
return undef;
}
+
+ my $our_realms_stanza = mk_realms_stanza($ctx->{realm},
+ $ctx->{dnsname},
+ $ctx->{domain},
+ $ctx->{kdc_ipv4});
print KRB5CONF "
#Generated krb5.conf for $ctx->{realm}
@@ -79,26 +84,11 @@ sub mk_krb5_conf($)
allow_weak_crypto = yes
[realms]
- $ctx->{realm} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
- $ctx->{dnsname} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
- $ctx->{domain} = {
- kdc = $ctx->{kdc_ipv4}:88
- admin_server = $ctx->{kdc_ipv4}:88
- default_domain = $ctx->{dnsname}
- }
-
-[domain_realm]
- .$ctx->{dnsname} = $ctx->{realm}
+ $our_realms_stanza
+ $other_realms_stanza
";
+
if (defined($ctx->{tlsdir})) {
print KRB5CONF "
@@ -115,4 +105,29 @@ sub mk_krb5_conf($)
close(KRB5CONF);
}
+sub mk_realms_stanza($$$$)
+{
+ my ($realm, $dnsname, $domain, $kdc_ipv4) = @_;
+
+ my $realms_stanza = "
+ $realm = {
+ kdc = $kdc_ipv4:88
+ admin_server = $kdc_ipv4:88
+ default_domain = $dnsname
+ }
+ $dnsname = {
+ kdc = $kdc_ipv4:88
+ admin_server = $kdc_ipv4:88
+ default_domain = $dnsname
+ }
+ $domain = {
+ kdc = $kdc_ipv4:88
+ admin_server = $kdc_ipv4:88
+ default_domain = $dnsname
+ }
+
+";
+ return $realms_stanza;
+}
+
1;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index bc8105a..d0ca0a1 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -233,7 +233,7 @@ sub setup_admember($$$$)
$ctx->{realm} = $dcvars->{REALM};
$ctx->{dnsname} = lc($dcvars->{REALM});
$ctx->{kdc_ipv4} = $dcvars->{SERVER_IP};
- Samba::mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
@@ -417,7 +417,7 @@ sub setup_ktest($$$)
$ctx->{realm} = "KTEST.SAMBA.EXAMPLE.COM";
$ctx->{dnsname} = lc($ctx->{realm});
$ctx->{kdc_ipv4} = "0.0.0.0";
- Samba::mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx, "");
$ret->{KRB5_CONFIG} = $ctx->{krb5_conf};
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b47fd72..2b1472e 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -637,7 +637,7 @@ sub provision_raw_step1($$)
$ctx->{kdc_ipv4} = $ctx->{ipv4};
}
- Samba::mk_krb5_conf($ctx);
+ Samba::mk_krb5_conf($ctx, "");
open(PWD, ">$ctx->{nsswrap_passwd}");
print PWD "
diff --git a/source3/param/loadparm_ctx.c b/source3/param/loadparm_ctx.c
index 5cf8ce6..3d3ff17 100644
--- a/source3/param/loadparm_ctx.c
+++ b/source3/param/loadparm_ctx.c
@@ -20,6 +20,30 @@
#include "includes.h"
#include "../source4/param/s3_param.h"
+static struct loadparm_service *lp_service_for_s4_ctx(const char *servicename)
+{
+ TALLOC_CTX *mem_ctx;
+ struct loadparm_service *service;
+
+ mem_ctx = talloc_stackframe();
+ service = lp_service(servicename);
+ talloc_free(mem_ctx);
+
+ return service;
+}
+
+static struct loadparm_service *lp_servicebynum_for_s4_ctx(int servicenum)
+{
+ TALLOC_CTX *mem_ctx;
+ struct loadparm_service *service;
+
+ mem_ctx = talloc_stackframe();
+ service = lp_servicebynum(servicenum);
+ talloc_free(mem_ctx);
+
+ return service;
+}
+
static bool lp_load_for_s4_ctx(const char *filename)
{
TALLOC_CTX *mem_ctx;
@@ -41,8 +65,8 @@ static const struct loadparm_s3_context s3_fns =
.get_parametric = lp_parm_const_string_service,
.get_parm_struct = lp_get_parameter,
.get_parm_ptr = lp_parm_ptr,
- .get_service = lp_service,
- .get_servicebynum = lp_servicebynum,
+ .get_service = lp_service_for_s4_ctx,
+ .get_servicebynum = lp_servicebynum_for_s4_ctx,
.get_default_loadparm_service = lp_default_loadparm_service,
.get_numservices = lp_numservices,
.load = lp_load_for_s4_ctx,
diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
index f1f138d..f02230f 100644
--- a/source3/passdb/py_passdb.c
+++ b/source3/passdb/py_passdb.c
@@ -567,16 +567,17 @@ static PyObject *py_samu_get_group_sid(PyObject *obj, void *closure)
struct dom_sid *copy_group_sid;
TALLOC_CTX *mem_ctx;
+ mem_ctx = talloc_stackframe();
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
+
group_sid = pdb_get_group_sid(sam_acct);
if (group_sid == NULL) {
Py_RETURN_NONE;
}
- mem_ctx = talloc_new(NULL);
- if (mem_ctx == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
copy_group_sid = dom_sid_dup(mem_ctx, group_sid);
if (copy_group_sid == NULL) {
PyErr_NoMemory();
diff --git a/source4/dsdb/common/dsdb_access.c b/source4/dsdb/common/dsdb_access.c
index 39e67b7..b8784fc 100644
--- a/source4/dsdb/common/dsdb_access.c
+++ b/source4/dsdb/common/dsdb_access.c
@@ -124,6 +124,9 @@ int dsdb_check_access_on_dn_internal(struct ldb_context *ldb,
dn,
true,
10);
+ ldb_asprintf_errstring(ldb,
+ "dsdb_access: Access check failed on %s",
+ ldb_dn_get_linearized(dn));
return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
}
return LDB_SUCCESS;
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 12a4028..abde85f 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -706,7 +706,9 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
oc_el = ldb_msg_find_element(req->op.add.message, "objectClass");
if (!oc_el || oc_el->num_values == 0) {
- DEBUG(10,("acl:operation error %s\n", ldb_dn_get_linearized(req->op.add.message->dn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl: unable to find objectClass on %s\n",
+ ldb_dn_get_linearized(req->op.add.message->dn));
return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
}
@@ -952,8 +954,9 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
sid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("Object %s has no write dacl access\n",
- ldb_dn_get_linearized(req->op.mod.message->dn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "Object %s has no write dacl access\n",
+ ldb_dn_get_linearized(req->op.mod.message->dn));
dsdb_acl_debug(sd,
acl_user_token(module),
req->op.mod.message->dn,
@@ -1022,14 +1025,16 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
if (!insert_in_object_tree(tmp_ctx,
&attr->attributeSecurityGUID, SEC_ADS_WRITE_PROP,
&new_node, &new_node)) {
- DEBUG(10, ("acl_modify: cannot add to object tree securityGUID\n"));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl_modify: cannot add to object tree securityGUID\n");
ret = LDB_ERR_OPERATIONS_ERROR;
goto fail;
}
if (!insert_in_object_tree(tmp_ctx,
&attr->schemaIDGUID, SEC_ADS_WRITE_PROP, &new_node, &new_node)) {
- DEBUG(10, ("acl_modify: cannot add to object tree attributeGUID\n"));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl_modify: cannot add to object tree attributeGUID\n");
ret = LDB_ERR_OPERATIONS_ERROR;
goto fail;
}
@@ -1044,13 +1049,14 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
sid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("Object %s has no write property access\n",
- ldb_dn_get_linearized(req->op.mod.message->dn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "Object %s has no write property access\n",
+ ldb_dn_get_linearized(req->op.mod.message->dn));
dsdb_acl_debug(sd,
- acl_user_token(module),
- req->op.mod.message->dn,
- true,
- 10);
+ acl_user_token(module),
+ req->op.mod.message->dn,
+ true,
+ 10);
ret = LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS;
goto fail;
}
@@ -1243,8 +1249,9 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
sid);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("Object %s has no wp on name\n",
- ldb_dn_get_linearized(req->op.rename.olddn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "Object %s has no wp on name\n",
+ ldb_dn_get_linearized(req->op.rename.olddn));
dsdb_acl_debug(sd,
acl_user_token(module),
req->op.rename.olddn,
@@ -1265,14 +1272,17 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
new_node = NULL;
guid = get_oc_guid_from_message(module, schema, acl_res->msgs[0]);
if (!guid) {
- DEBUG(10,("acl:renamed object has no object class\n"));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl:renamed object has no object class\n");
talloc_free(tmp_ctx);
return ldb_module_done(req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR);
}
ret = dsdb_module_check_access_on_dn(module, req, newparent, SEC_ADS_CREATE_CHILD, guid, req);
if (ret != LDB_SUCCESS) {
- DEBUG(10,("acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl:access_denied renaming %s",
+ ldb_dn_get_linearized(req->op.rename.olddn));
talloc_free(tmp_ctx);
return ret;
}
@@ -1291,7 +1301,8 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
/* what about delete child on the current parent */
ret = dsdb_module_check_access_on_dn(module, req, oldparent, SEC_ADS_DELETE_CHILD, NULL, req);
if (ret != LDB_SUCCESS) {
- DEBUG(10,("acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "acl:access_denied renaming %s", ldb_dn_get_linearized(req->op.rename.olddn));
talloc_free(tmp_ctx);
return ldb_module_done(req, NULL, NULL, ret);
}
diff --git a/source4/dsdb/samdb/ldb_modules/acl_util.c b/source4/dsdb/samdb/ldb_modules/acl_util.c
index cce504d..50bf888 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_util.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_util.c
@@ -77,7 +77,9 @@ int dsdb_module_check_access_on_dn(struct ldb_module *module,
DSDB_SEARCH_SHOW_RECYCLED,
parent);
if (ret != LDB_SUCCESS) {
- DEBUG(0,("access_check: failed to find object %s\n", ldb_dn_get_linearized(dn)));
+ ldb_asprintf_errstring(ldb_module_get_ctx(module),
+ "access_check: failed to find object %s\n",
+ ldb_dn_get_linearized(dn));
return ret;
}
return dsdb_check_access_on_dn_internal(ldb, acl_res,
diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index 4a4adac..7e017a9 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -545,6 +545,10 @@ NTSTATUS imessaging_send_ptr(struct imessaging_context *msg, struct server_id se
*/
int imessaging_cleanup(struct imessaging_context *msg)
{
+ if (!msg) {
+ return 0;
+ }
+
DEBUG(5,("imessaging: cleaning up %s\n", msg->path));
unlink(msg->path);
while (msg->names && msg->names[0]) {
diff --git a/source4/librpc/dcerpc.pc.in b/source4/librpc/dcerpc.pc.in
index b79507a..2235028 100644
--- a/source4/librpc/dcerpc.pc.in
+++ b/source4/librpc/dcerpc.pc.in
@@ -7,5 +7,5 @@ Name: dcerpc
Description: DCE/RPC client library
Requires: ndr
Version: @PACKAGE_VERSION@
-Libs: @LIB_RPATH@ -L${libdir} -ldcerpc
+Libs: @LIB_RPATH@ -L${libdir} -ldcerpc -ldcerpc-binding
Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
index 5f030a0..fc78b87 100644
--- a/source4/rpc_server/drsuapi/addentry.c
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -61,11 +61,16 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
ret = ldb_search(b_state->sam_ctx, mem_ctx, &res,
dn, LDB_SCOPE_BASE, attrs,
"(objectClass=ntDSDSA)");
- if (ret != LDB_SUCCESS || res->count < 1) {
+ if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed to find dn '%s'\n", dn_string));
return WERR_DS_DRA_INTERNAL_ERROR;
}
+ if (res->count < 1) {
+ /* we only add SPNs for nTDSDSA objects */
+ continue;
+ }
+
ref_dn = samdb_result_dn(b_state->sam_ctx, mem_ctx, res->msgs[0], "serverReference", NULL);
if (ref_dn == NULL) {
/* we only add SPNs for objects with a
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 76eb44c..03ee6fa 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -339,6 +339,10 @@ def ensure_external_module(modulename, location):
import_bundled_package(modulename, location)
+def dn_from_dns_name(dnsdomain):
+ """return a DN from a DNS name domain/forest root"""
+ return "DC=" + ",DC=".join(dnsdomain.split("."))
+
from samba import _glue
version = _glue.version
interface_ips = _glue.interface_ips
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 50dff9d..1799663 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -225,8 +225,8 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, lp)
# NT domain, kerberos realm, root dn, domain dn, domain dns name
names.domain = string.upper(lp.get("workgroup"))
names.realm = lp.get("realm")
- basedn = "DC=" + names.realm.replace(".",",DC=")
names.dnsdomain = names.realm.lower()
+ basedn = samba.dn_from_dns_name(names.dnsdomain)
names.realm = string.upper(names.realm)
# netbiosname
# Get the netbiosname first (could be obtained from smb.conf in theory)
@@ -619,7 +619,7 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
raise ProvisioningError("guess_names: Workgroup '%s' in smb.conf must match chosen domain '%s'! Please remove the %s file and let provision generate it" % (lp.get("workgroup").upper(), domain, lp.configfile))
if domaindn is None:
- domaindn = "DC=" + dnsdomain.replace(".", ",DC=")
+ domaindn = samba.dn_from_dns_name(dnsdomain)
if domain == netbiosname:
raise ProvisioningError("guess_names: Domain '%s' must not be equal to short host name '%s'!" % (domain, netbiosname))
--
Samba Shared Repository
More information about the samba-cvs
mailing list