[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Mon Dec 3 07:04:40 MST 2012
The branch, v4-0-test has been updated
via f86b276 WHATSNEW: Update changes since rc5.
via 2af84e6 samba-tool dns: Don't use "localhost" to connect to local host
via 23211c1 s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver
via 1d3864e s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
via dc1eab6 s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings
via b9efe2a s3:passdb: don't look into group mappings in legacy_sid_to_unixid()
via 0ec17f6 s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()
via 36eaa2c s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()
via 17fa9a0 s3:passdb: add sid_check_object_is_for_passdb()
via 39e841d s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
via 84f5bcb s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam
via 56c0e36 s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid()
via b6a5c05 build the new sid_check_is_for_passdb() function into passdb
via 55f8b4b s3:lib: add utility function sid_check_is_for_passdb()
via ecb567f s3:winbindd: remove unused function idmap_backends_sid_to_unixid()
via b356ad6 s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache
via 259cb7a s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh
via c6acdc4 s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
via fe08853 s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
via 1529443 s3:winbindd: remove unused idmap_sid_to_gid()
via 7aae0ec s3:winbindd: remove unused idmap_sid_to_uid()
via 5c0e80d s3:winbindd: remove unused server implementation of wbint_Sid2Gid()
via e0a1396 s3:winbindd: remove unused server implementation of wbint_Sid2Uid()
via 2dc2490 s3:winbindd: remove wbint_Sid2Gid from the wbint.idl
via ccb054f s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl
via db89bcc s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules
via 15fc4e2 s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid
via 5978e13 s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid
via 3cdb648 s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id
via 4a3a6bc selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd
via 5db6488 selftest:Samba3: add "wbinfo -p" test to wait_for_start()
via 5f4fb57 selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start()
via 4575aae selftest:Samba3: call wait_for_start() from check_or_start()
via 9838175 s3:winbindd: make idmap_find_domain() static.
via ad9538b s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs()
via eb90e9a s3:winbindd: add idmap_find_domain_with_sid()
via fd3ddba s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain()
via 9f0f141 selftest:Samba3: provision the domain adminstrators group in the s3 environments
via 3bb5a6c s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->child
via 35b03e7 s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
via 403835f s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
via 3cc4c38 s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid
via ce9c6d1 s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid
via 9b94125 s3:winbindd: factor winbindd_sids_to_xids into external and internal part
via 52d9672 s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send()
via 0d62bf4 s3:winbindd: add explaining comment winbindd_sids_to_xids_send()
via e2c3472 s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done()
via b3ca88c s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit.
via 50bb917 s3:winbindd:util: add a comment explaining the function parse_sidlist()
via ea33f9c s3:winbindd fix a compiler warning
via 57049b8 s3:winbindd fix a compiler warning
via 66c2120 s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
via 9f9677c s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
via 60871c1 s3: Fix idmap_hash
via ce4a390 s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flags
via 73e0b68 s4:dsdb/tests: add SdAutoInheritTests
via b54ea1e s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replicated changes
via 2cc2a1f s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
via 36b712f s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)
via ef67c59 s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()
via 957a583 s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
via 3513d73 s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
via 3d81ebc s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
via 67c0761 s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via 8639079 s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via 20d92f6 s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via 442609b s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
via f6c8ece s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)
via eb4ff6a s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)
via f657975 s4:dsdb/subtree_delete: do an early return and avoid some nesting
via 4f77389 s4:dsdb/objectclass: do not pass the callers controls on helper searches
via e681f0d s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
via 958f488 s4:dsdb/dirsync: remove unused 'deletedattr' variable
via 68e443d s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
via 6e0d9e8 s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATTRIBUTES_EX
via 72718dd s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes
via 2dc2ea5 s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on modify
via 73f845b s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor
via 7397218 s4:dsdb/descriptor: remove some nesting from descriptor_modify
via 9ac44ae s4:dsdb/descriptor: remove some unnecessary nesting
via 83a64e4 s4:dsdb/descriptor: add some error checks to descriptor_{add,modify}
via de75b1c s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OID
via 82b08af s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,modify,rename}
via 71486a9 s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sd
via 0da0478 s4:provision: add get_empty_descriptor()
via 8da430d s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one
via b931c8d s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid
via f4c4f0d s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
via 08706b5 s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptor
via aa6bab84 s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLED
via 936cff0 s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescriptor
via d7d1c73 s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is set
via a600f89 s4:dsdb/acl: remove unused "acl:perform" option
via 502ab6d s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLED
via dea1768 s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add
via 695b079 s4:dsdb/descriptor: make use of dsdb_request_sd_flags()
via 8e85a3d s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
via f758629 s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED
via a1ccdc1 s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function
via 01de895 s4:dsdb/acl_util: do helper searches AS_SYSTEM
via c9cad1d s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM
via 0ea8c2a s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLED
via ea18372 s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLED
via da53837 s4:dsdb/rootdse: do helper searches AS_SYSTEM
via 9934111 s4:dsdb/rootdse: remove unused variable
via 00fa2ad s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xF
via 7ff6b7a s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVector
via 0f7ac5e s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_root
via cd976a3 s4:dsdb/schema_data: fix debug message in schema_data_modify()
via caaefb6 s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()
via b90fc0c s4:python/ntacl: allow string or objects for sd/sid in setntacl()
via 9627bb0 s4:samba-tool/gpo: fix the operation order when creating gpos
via 9feac15 s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos
via 029c306 s4:samba-tool/gpo: use the dns_domain from the server when creating gpos
via 89dc803 s4:libcli/finddcs_cldap: allow io->in.server_address as hostname
via f165329 s4:libcli/finddcs_cldap: try all NBT#1C addresses
via 87de57e s3:smbcacls: add --query-security-info and --set-security-info options
via 640505f s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags
via 0bdf886 libcli/security: remove duplicate aces in se_create_child_secdesc()
via 5e44f0c s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group
via 04f96c7 s3:smbd/open: try the primary sid (user) as group_sid if the token has just one sid
via 048b5be s3:smbd/open: use Builtin_Administrators as owner of files (if possible)
via 6551e17 s4:tests/samba_tool/gpo.py: fix accidential line break
via 4be23d5 s4:tests/samba_tool/gpo.py: add test_show_as_admin()
via 9b9eabd s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ntSecurityDescriptor
via b99358e s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
via 4a54a66 s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the current user
via 890f87d s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptor
via 872fffe WHATSNEW.txt: "acl compatibility" was removed
via e5258a9 s3:vfs_gpfs: add no memory check in gpfs2smb_acl()
via 80c736a s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl()
via 8ee5127 s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()
via 9466762 s3:vfs_aixacl2: make use of vfs_aixacl_util.h
via 2b73dfb s3:vfs_modules: fix *sys_acl_blob_get_{file,fd} and only return ENOSYS
via f5f0459 s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC
via 5704573 vfs: Remove type parameter from sys_acl_blob_get_{fd,file}
via 2d41511 s3:param: make init_locals() static.
via ba1b0a6 s3-param: Handle setting default AD DC per-share settings in init_locals()
via cd78fc8 samba-tool: Add new samba-tool gpo aclcheck and test
via 655eb86 scripting ntacls: Do not place a SACL in the GPO filesystem ACL
via 8a87025 ntvfs: Fill in sd->type based on the new ACL being added
via 9f0b860 smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
via ba846a4 smbd: Correctly set fsp->is_directory before dealing with ACLs
via 42b58ba Ensure we Correctly set fsp->is_directory before dealing with ACLs.
via 82167ea selftest: Add --tmpdir to 'samba-tool gpo create' test
via fa34ae7 selftest: Avoid returning errors (rather than failures) in gpo test
via 619905d selftest: Avoid test cross-contamination in samba.tests.posixacl
via 8e278b8 selftest: Add tests for expected behaviour on directories as well as files
via 8c0a636 pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
via 91ad382 selftest: Make samba.tests.ntacl also use TestCaseInTempDir
via 276d86c provision: Make dsacl2fsacl() take a security.dom_sid, not str
via e3d093f provision: Also walk directories checking ACLs
via 8b94535 selftest: check that samba-tool gpo works for basic operations
via dae0a76 vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent
via 19b87aa TestCaseInTempDir: Use addCleanup rather than tearDown. (cherry picked from commit 8d397b69bb29b7a464b610bc46cedd6be01b2455)
via 7563247 sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file
via 35efdd0 provision: Fix comments in checksysvolacl (cherry picked from commit 7e90a064437790789726d701ada5de9503816281)
via 482e78f vfstest: set umask(0) in vfstest
via d902eae pysmbd: Set umask to 0 during smbd operations (cherry picked from commit e146fe5ef96c1522175a8e81db15d1e8879e5652)
via 737b1d4 pysmbd: Remember to close files after setting the NT ACL (cherry picked from commit 728e56b4636b668aaac60ec557d6fe16b530a6f9)
via 3aab9af pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries
via 95f64c4 python-ntacls: Cope with ACL revision 4
via 8cfbd6b dbwrap: use talloc_stackframe() in db_tdb_log_key()
via c7e2dd4 selftest: Always unlink the tempf in posixacl test (cherry picked from commit 1008f6fbf49d5b797c7d968ea7ffdcb29d623644)
via e29446b selftest: Cover the important non-Samba invalidation of the NT ACL
via 86f5615 selftest: Cover one more NT ACL invalidation case and improve comments
via 6d3a607 selftest: Add many more tests for our posix ACL handling
via 3e238c2 pysmbd: Fix pysmbd octal mode handling
via 5e8c2de vfs: Fix compilation of ACL support on solaris (cherry picked from commit 60a06ff09cb62d4102a89194ce8fef5c4c5a2f16)
via b888cd2 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc
via cbf098a rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL
via 4a8424c s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
via 1f15981 s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl
via 5cf4af2 s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl
via 545973e s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
via 066a957 s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl
via e244868 s3:vfs_gpfs fix the build
via beb20d4 vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx
via f20ccba smbd: Add mem_ctx to {f,}get_nt_acl VFS call
via 9109258 smbd: Add mem_ctx to sys_acl_init() and all callers
via 0f0da30 Make sure the returned sd is on the right context, and if not it's always freed.
via 0a18ce8 Move setting of psd->dacl->revision and protect against null SD's. (cherry picked from commit 5afabdc976d5ba1fd21dcdede85657b618fb6b76)
via 069e1e6 We should never just assign an st_mode to an ace->perms field, theoretically they are different so should go through a mapping function. Ensure this is so.
via 6f89412 Simplify ensure_canon_entry_valid by splitting out the _get codepath. (cherry picked from commit 9466cd189d6a07411f451f7596feee36f0be7f32)
via 44b2f4b samba-tool: Add samba-tool processes subcommand
via 85e1784 pymessaging: Add irpc_servers_byname() and irpc_all_servers()
via 9b06aac pymessaging: Use the server_id IDL structure rather than a tuple
via 493a76f imessaging: Add irpc_all_servers() to list all available servers
via ec60e57 build(waf): fix a typo
via 329a64d Makefile: Allow specifying PYTHON environment variable.
via 59a7a30 configure: Support specifying PYTHON environment variable to run waf.
via c2fb1e7 heimdal_build: Fix finding of system heimdal.
via bff4c78 heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument. (cherry picked from commit 9cf985c53eb1a4bbe8b8110f123744291026cee6)
via 839f526 ldb_secrets_tdb_sync: Add dependency on gssapi.
via 775b5ac dsdb: Rename _res argument to _result.
via 2504cf2 s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2
via 73af1ab samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
via c993daa utils: Remove unused samba-dig tool
via 1146ef7 Removed phpldapadmin inclusion for Samba 4.
via c730e0e libads: Always free the talloc_stackframe() on error path
via c275adc client: Fix talloc_stackframe() free order assertion in developer mode
via c9393e7 s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind()
via 16275e2 s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1()
via 1108c45 s4:torture/rpc/handles: try to make all assoc_group tests less flakey
via e266d39 s4:torture/rpc/handles: try to make the assoc_group test less flakey
via 4102ae8 s4:torture/rpc/handles: move a torture_comment()
via c331dcf selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges
via 1c171af s4:tortore/rpc/lsa: make more use of torture_assert*
via 4b44cdb Add samba3.samba3badnameblob test to check regressions in bug #9215.
via 60003e5 selftest: use an array when starting testenv with system()
via 4621811 s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
via 78b5271 s3-winbindd: rework reconnect logic in winbindd_lookup_names().
via 16322b1 s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
via 90f3530 s3-winbindd: remove lookup_sids_fn_t.
via 65071a3 s3-winbindd: remove lookup_names_fn_t.
via 1b109ed s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
via d0de112 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
via 08d4a67 s3-winbindd: add cm_connect_lsat().
via 3e32998 s3-rpc_cli: Remove some unused wrapping code.
via deb11c4 configure(waf): Fail "configure --with-ads" if ads support is not available
from e42fef3 WHATSNEW: Update changes since rc5.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit f86b2763e30d0324fe7b0ab0df7b58d5a8451206
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Dec 3 13:16:21 2012 +0100
WHATSNEW: Update changes since rc5.
Add Metze's comment.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Mon Dec 3 15:03:03 CET 2012 on sn-devel-104
commit 2af84e6d6d1b23b2be0d7999a28fa2ba8c385865
Author: Kai Blin <kai at samba.org>
Date: Wed Nov 14 11:32:06 2012 +0100
samba-tool dns: Don't use "localhost" to connect to local host
Calling "samba-tool dns <cmd> localhost" provokes a stacktrace.
This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix
the underlying issue, but I don't see it causing any harm (unless you
don't have an ipv4 localhost, I guess).
Signed-off-by: Kai Blin <kai at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
(cherry picked from commit 10b6cceb1f0f09c7a8f5fc8882fdc3852d11951f)
Fix bug #9399 - 'samba-tool dns serverinfo localhost' returns 'Memory allocation
error'.
commit 23211c178b1362d322b26ca3c46338b67aa2eed5
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Oct 2 13:02:07 2012 +1000
s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver
..TrustAnchors zone is not interpreted by RPC dnsserver code.
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue Oct 9 03:21:07 CEST 2012 on sn-devel-104
(cherry picked from commit e65a24b59f1dc7d212a46014a1d7c2531263529f)
The last 2 patches address bug #9265 - Bind dlz fails to start if there is a
trustedanchors zone.
commit 1d3864e46f6022c6f33600277294b12389d8845d
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Oct 2 13:00:50 2012 +1000
s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
Signed-off-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit d70f3644a485ef53e6173ef81326ba6f065f418a)
commit dc1eab605caed19a056f7c083851aa72fd3166db
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 02:25:40 2012 +0100
s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Mon Dec 3 10:47:17 CET 2012 on sn-devel-104
(cherry picked from commit 99efe8480ebb0493be93a6ca5f77a1fe640f3be0)
The last 50 patches address bug #9446 - id mapping code delivers inconsistent
results.
commit b9efe2aca2549550936ecff2d8573b6cb5050e7e
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 08:34:43 2012 +0100
s3:passdb: don't look into group mappings in legacy_sid_to_unixid()
The backends (tdbsam and ldapsam) do this.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 93c0c0749a2c3cbb1bc85e18b7dd77989a3eada8)
commit 0ec17f634f8023a40ad7f0523ad570f3c7d233c9
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 01:44:49 2012 +0100
s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5fbdc5f35a122ff040c6120e2aa2cf5485e32097)
commit 36eaa2c6cb4044ae184ea3137bb039bebeba8f58
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 01:42:38 2012 +0100
s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()
instead of sid_check_sid_is_in_our_sam). This allows for builtin sids,
wellknown sids and "Unix User" and "Unix Group" domains.
This broadens up the check moved here in commit
02e25b2a43ae02205a3412f862a1482d24b70aa4.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a0f41294488fcf4c9dbe5e85be6539394b6d6d1a)
commit 17fa9a0fec07da503e4f02f01ed729e42f46e009
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 01:40:37 2012 +0100
s3:passdb: add sid_check_object_is_for_passdb()
Variant of sid_check_is_for_passdb() that only checks for objects
in the various domains, not for the domain sids themselves.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 671f534e5e02adafe945a4e77813e80b5adaeb70)
commit 39e841d16b5822310ecbced922414b72716db9d6
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 01:34:32 2012 +0100
s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
The special treatment of the "Unix User" and "Unix Group" pseudo domains
can be reused.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit d96aeded6193cb6381540c1073182bfb7f079025)
commit 84f5bcb3660b226bd806808cb7eb483d5bd25e68
Author: Michael Adam <obnox at samba.org>
Date: Thu Nov 22 23:12:19 2012 +0100
s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam
This code treats the own sam, builtin, wellknown, and sids from the
"Unix User" and "Unix Group" pseudo-domains.
This reverts part of commit 02e25b2a43ae02205a3412f862a1482d24b70aa4.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ef0ed56eb15f24db5934f174f90f65d3f5c3c526)
commit 56c0e360b16e5de8ad8d4c43ac427c19b1a40ee6
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 30 16:27:59 2012 +0100
s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid()
This is more correct than the original one:
It also hands the wellknown and "Unix Users" and "Unix Groups" sids to passdb
for id mapping.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2d3f7e31411cc63d5c83337f7280fcd6d2330282)
commit b6a5c05fc7b607559a948584f9787103cdfa38e2
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 30 16:26:28 2012 +0100
build the new sid_check_is_for_passdb() function into passdb
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 845a14210729c6a4c39a65be00e2f8b19fc13ec0)
commit 55f8b4b009afdc4e2bb9b5a972dbde05e4a2ffe2
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 30 12:27:00 2012 +0100
s3:lib: add utility function sid_check_is_for_passdb()
This function checks whether the given sid should be treated
by passdb (e.g. for id mapping).
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fecdf48aaf514e6cda5cd0412d7407319a3ff89f)
commit ecb567fb4a4c5e1c8b8c9ef53548c2e427305fa4
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 30 15:27:15 2012 +0100
s3:winbindd: remove unused function idmap_backends_sid_to_unixid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e3ee3971403c7dac4e8e3578a60973b97451af68)
commit b356ad6c24f1c94dcb4274b1b4c994a5ce4f3582
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 27 12:08:33 2012 +0100
s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7f2f29647a5d5906db5a267f614f30607d9162e3)
commit 259cb7a0c7881b710cb31fae30dd2b104f236518
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 27 22:43:04 2012 +0100
s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25018d8ae6de32a2a51168a30788545646fddcae)
commit c6acdc4ef6ca491226fdd776597e520d702f5056
Author: Michael Adam <obnox at samba.org>
Date: Mon Oct 15 16:34:02 2012 +0200
s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The autorid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the autorid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a1411a884c5361bb8b090695236724cd25857269)
commit fe08853b59f78fd054f4a6491695fc7214875d44
Author: Michael Adam <obnox at samba.org>
Date: Mon Oct 15 16:32:25 2012 +0200
s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The rid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the rid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 55607f0f334ca5d72f35eb6b259db5283b35e86a)
commit 1529443c7be7467fd2f12a960e57839699dc2a6a
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:53:39 2012 +0100
s3:winbindd: remove unused idmap_sid_to_gid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c408126b47b0ce496a8b2293a8481d439b4234cf)
commit 7aae0eca7e26cf7a924825a116f1d23aa649e61f
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:53:04 2012 +0100
s3:winbindd: remove unused idmap_sid_to_uid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5f7a3720036c422142774ce49147328dc784fec8)
commit 5c0e80dd6a7ed54e8be24927a19bdb9e237e025c
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:50:50 2012 +0100
s3:winbindd: remove unused server implementation of wbint_Sid2Gid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b47be53a1f68735b1a95d57781eaf9beea68481b)
commit e0a1396a4c2eb6e46d946728f57b505892f0bdb0
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:50:11 2012 +0100
s3:winbindd: remove unused server implementation of wbint_Sid2Uid()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c927ff4b3641e10369f9e17b20d92d3148f55633)
commit 2dc2490cd614b286a605a68040a92ba2837ed18c
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:49:09 2012 +0100
s3:winbindd: remove wbint_Sid2Gid from the wbint.idl
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit aa771618718378bc3449b1caa78d1d942ff937c4)
commit ccb054fc2a61af419bc6af553e61ca864b3f7a5f
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:48:36 2012 +0100
s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8b73556e3f583af0a073a743f4973967aa5ad004)
commit db89bcc0e88504f1028dd893922998ca25fd22fa
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 17:05:01 2012 +0100
s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit de2cf94719fa07847b9c1b8149144bb1e36ba403)
commit 15fc4e2b37774b44768bb7a5cbc20e1b7d118553
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 16:54:36 2012 +0100
s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5e746768c8adf77551d7904f8534372f88475675)
commit 5978e13c7868b10395e4878b1e7cf92259c3865f
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 16:44:41 2012 +0100
s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit eb0fca9b7b06a2aebce0da3031b1af313f0c8081)
commit 3cdb6482ad47be1eb6013f026666d5baf05d8f91
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 16:40:48 2012 +0100
s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id
We can optimize this later and just do one wb_sids2xids_send/recv call.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 55ea9210e9b9cbb5a8b4633f492920af7eda77ab)
commit 4a3a6bc4aad199b5dc74721b632e8f5eb6cb60cf
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 01:35:30 2012 +0100
selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd
Note that in order to create a local group (alias), the id-allocator of
id-mapping is needed, so this can only work if winbindd is running.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 46f2dfa7a51487e1b21c329dfb2e4cac3e6ada11)
commit 5db648836dccca860f72ab779680c0c1e1df85d5
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 00:18:44 2012 +0100
selftest:Samba3: add "wbinfo -p" test to wait_for_start()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 11ca06338670c3aa1ad6928232f2c582116f42e8)
commit 5f4fb5769a7bdd8070d0e74061a949ad34d6f868
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 00:09:43 2012 +0100
selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start()
to make checks conditional
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5b975ce78cc77bd9ff39e2ec0c2e7d674bf61ebe)
commit 4575aaef6a6e0ac5117f35e49e036f121f40f4e1
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 00:02:33 2012 +0100
selftest:Samba3: call wait_for_start() from check_or_start()
...instead of calling the two one after another each time.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit f7dca55224af2cb2ac172831755246f5c9b04e0f)
commit 9838175ca0cf9b053ba38237786427a30a167a77
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 27 01:11:16 2012 +0100
s3:winbindd: make idmap_find_domain() static.
idmap_find_domain_with_sid() should be used instead
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4210e08109d9bc24168740f5a8a52953c532df4a)
commit ad9538b78bc60121d8d818993048258920ad1bf1
Author: Michael Adam <obnox at samba.org>
Date: Sun Nov 25 02:13:15 2012 +0100
s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs()
This is the way the singular calls work and how they should (currently) work.
The two code paths need to give the same results. It is important to use
the passdb backend, otherwise groups don't work.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 27f88ba2deeec8b5b0a72ef97ae84c1016532a3c)
commit eb90e9affab93705fa5fd98acee041daaf9161c8
Author: Michael Adam <obnox at samba.org>
Date: Thu Nov 22 18:16:31 2012 +0100
s3:winbindd: add idmap_find_domain_with_sid()
This will return the passdb domain if the given sid is in our sam or builtin
or is the domain sid of those domains. Otherwise it returns the idmap domain
that results from the idmap configuration.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 370d62578dd171c6f898f4868f382cdddb908bcf)
commit fd3ddba15b32a9f22a2db3627977fb2893bf39b5
Author: Michael Adam <obnox at samba.org>
Date: Thu Nov 22 16:21:53 2012 +0100
s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 150cfb4b97e2ee67ec1fa8fc379ac03d42002da9)
commit 9f0f141b01599b02bfc472d4efb2bae5de542cde
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 20 16:48:23 2012 +0100
selftest:Samba3: provision the domain adminstrators group in the s3 environments
I discovered that this sid / mapping is missing by working with the Sids2Uids
code and test. I do even wonder why this test could succeed prior to my pending
changes to the winbindd sids-to-xids code, for example against the s3:local
environment, since the test tries to map the sid <domsid>-512.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ee17a516c82acbdf347c2a47e7003b6a7fb879de)
commit 3bb5a6c93bf0a51a9721cb0e7f531b36a5f533be
Author: Michael Adam <obnox at samba.org>
Date: Sun Nov 18 13:51:13 2012 +0100
s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->child
This implicitly also hands the type of the resulting unix-id that the idmap
backend has created back to the caller. This is important for backends that
would set a broader type than the requested one, e.g. rid backend returning
BOTH instead of UID or GID.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 28e7d73bdcdf1a3d588e92eee982ff01db53d65d)
commit 35b03e719044960c9d51381f3e8963fb37b7cc44
Author: Michael Adam <obnox at samba.org>
Date: Sun Nov 18 19:58:07 2012 +0100
s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit da8d0263806260fdb4973f22fc874710bd490421)
commit 403835f00a0a6e9674df7f58dbf72a9ef534993c
Author: Michael Adam <obnox at samba.org>
Date: Sun Nov 18 19:29:37 2012 +0100
s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 75a752473f932f84d15ba043c9b9167db10dd572)
commit 3cc4c382a4768c0a9e0091d892ebf75464317212
Author: Michael Adam <obnox at samba.org>
Date: Sat Nov 17 13:10:26 2012 +0100
s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid
The main purpose of the change is to hand the sid into the
idmap backend and handle responsiblity for handling the
sid-type correctly to the idmap backend instead of failing
directly when the sid is not of group type.
Hence backends like rid who are sid-type agnostic, can
return gids also for sids of other types. This is an important
fix to make sid_to_gid behave the consistently with and without
the presence of cache entries.
We need to additionally filter the result for id type GID
or more general (BOTH) to keep the behaviour.
This is a step towards using only one codepath to id_mapping.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3e7f04b70f89d528aacfdc420b635d8aff0f4af6)
commit ce9c6d1ad2e4b3fad1296876eeb0eb8e9f017789
Author: Michael Adam <obnox at samba.org>
Date: Sat Nov 17 13:04:41 2012 +0100
s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid
The main purpose of the change is to hand the sid into the
idmap backend and handle responsiblity for handling the
sid-type correctly to the idmap backend instead of failing
directly when the sid is not of type user.
Hence backends like rid who are sid-type agnostic, can
return uids also for sids of other types. This is an important
fix to make sid_to_uid behave the consistently with and without
the presence of cache entries.
We need to additionally filter the result for id type UID
or more general (BOTH) to keep the behaviour.
This is a step towards using only one codepath to id_mapping.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7637c93472492f1bfd7bf46b8f855ef4818c75a9)
commit 9b94125235bb82131e4ba22790e562ae27048ed4
Author: Michael Adam <obnox at samba.org>
Date: Sat Nov 17 02:30:07 2012 +0100
s3:winbindd: factor winbindd_sids_to_xids into external and internal part
- external part takes winbindd request/reponse structs (with sid strings)
- internal part takes sid lists
The new internal part implements functions wb_sids2xids_* that are
moved into the new module wb_sids2xids.c.
The purpose of this change is to use wb_sids2xids in winbindd_sid_to_uid
and winbindd_sid_to_gid instead of the currently used wb_sid2uid and wb_sid2gid.
We should just have one code path into id mapping and not several that behave
differently.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8e5ce1e2d53f36fd35eb8efad7da680dcf0b1ce1)
commit 52d9672024feb70c01666a1da8e64efba67c1c38
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 16 17:49:25 2012 +0100
s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c58c68d5ba58855098d24c54db9c0cda19db0f4b)
commit 0d62bf45c492e223ab0365a5caf50c229ff0c005
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 9 16:09:59 2012 +0100
s3:winbindd: add explaining comment winbindd_sids_to_xids_send()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 349b9ac05242f87fa5afcc06c72ccc02bdb05d8b)
commit e2c3472f89781453b585982bb250223d6ad1e097
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 9 14:09:10 2012 +0100
s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done()
for readability
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit be033a1d165f815bbddceda46384be1f9c0c2b7f)
commit b3ca88c25e70b4c668745738191f3a2f72b2db45
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 9 13:54:20 2012 +0100
s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b435e668aa8b2805cd94bde37b9ddf6a7ad335f8)
commit 50bb917a48b17422c384c7b0af877294f17ac64c
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 9 11:32:47 2012 +0100
s3:winbindd:util: add a comment explaining the function parse_sidlist()
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3f0c31fbd388986d636b5701f66ed7b215a1b903)
commit ea33f9c615b008c01a66b280f847faf2188d2c5d
Author: Christian Ambach <ambi at samba.org>
Date: Sat Sep 22 20:44:41 2012 -0700
s3:winbindd fix a compiler warning
about type potentially being used uninitialized
Autobuild-User(master): Christian Ambach <ambi at samba.org>
Autobuild-Date(master): Mon Sep 24 03:49:53 CEST 2012 on sn-devel-104
(cherry picked from commit f767059911460c0944d5e9289148a0776aeb97e5)
commit 57049b8602c0de7cae064cafdf1a4298f83c61d2
Author: Christian Ambach <ambi at samba.org>
Date: Sat Sep 22 13:32:00 2012 -0700
s3:winbindd fix a compiler warning
about result being potentially uninitialized
(cherry picked from commit 1b5256c184ec378783e6219b34b5a3e512c4df99)
commit 66c21207818d0d327395d835e3b60f81d640304d
Author: Michael Adam <obnox at samba.org>
Date: Wed Sep 19 02:57:37 2012 +0200
s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
in idmap_tdb_common_sids_to_unixids()
(cherry picked from commit 38994f6ff34316ad08961f62a1f57429f7968e70)
commit 9f9677c1f89ab3e47c8ecb92feec50def1c0994c
Author: Michael Adam <obnox at samba.org>
Date: Wed Sep 19 02:57:37 2012 +0200
s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
in idmap_tdb_common_unixids_to_sids()
(cherry picked from commit d1de2b4d3999dda96df9156da30a239af3b2b88e)
commit 60871c1c5b572dbe04c7029ac75f11726f31368d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 18 15:31:26 2012 -0700
s3: Fix idmap_hash
Calling be_init with NULL safely crashes, because we dereference NULL. We
don't need to call it here, this is called in all workers anyway. Thanks
to Jiri Sasek <jiri.sasek at oracle.com> for finding this.
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Sep 20 05:03:54 CEST 2012 on sn-devel-104
(cherry picked from commit 03055af9b2af8a5a1c23946369a21d6437cf1b8c)
commit ce4a390cc355582960eb7e86b5341ee581f1fe73
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 1 15:10:38 2012 +0100
s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flags
A client can send a full security_descriptor while just passing
sd_flags of SECINFO_DACL.
We need to NULL out elements which will be ignored depending on
the sd_flags and may set the old owner/group sids. Otherwise
the calculation of the DACL/SACL can replace CREATOR_OWNER with
the wrong sid.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8ababf4367eb4faaeeda6cf66191aaf66a3a69da)
The last 33 patches address bug #8621 - ACL are not recalculated if parent is
changed and inherit is enabled.
commit 73e0b6856d53714a192da9c64cf0563d938bbb17
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 16 12:51:44 2012 +0100
s4:dsdb/tests: add SdAutoInheritTests
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Fri Nov 30 18:59:50 CET 2012 on sn-devel-104
(cherry picked from commit 057c56ac2443abffbe169b06a72a93f41096fb67)
commit b54ea1ec8b3fa616f6436f8edc1c1b440fddd123
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 17:10:38 2012 +0100
s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replicated changes
We only do so if the replicated object is not deleted.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d31742641fb117e4249dcc317dac662bb5e1a690)
commit 2cc2a1f19626886cb07b8888478d30ced38b8a21
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 16 12:49:16 2012 +0100
s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit fb2a41d9453d94860104b7b96a75bf8fa96996d6)
commit 36b712f5e0ece077ff38b11f590ce8075cb517a3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 16 12:49:16 2012 +0100
s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f8c0ad65ad783b3c82ec8ab120d18ad454fe2665)
commit ef67c59bb55dc20c82687f31e4efbdb26824bcaa
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 16:46:51 2012 +0100
s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit dae1b0d85207040fed873d4232a45206b0162f53)
commit 957a583a5c599e625c34fe8ffaab5af35bd6cdf3
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 15:55:24 2012 +0100
s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d6962f40caad861c7d240d80bd04070989c85a73)
commit 3513d73731fb4b72e4b51d2bdde277bcf83750c8
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 17:42:32 2012 +0100
s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 2101400af2e5e1b72a5d51e83f005f62bec1f482)
commit 3d81ebc40dda939e66c56e141441487869ce2efb
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 10:45:02 2012 +0100
s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
This can only be triggered by ourself, that's why we expect
control->data == module.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ddea8564901f5aa1a25cd84713bf86a2ce95bc07)
commit 67c07613dcef0999b5e8fb6a1df6ec00d7edcd7d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 16:12:54 2012 +0100
s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 1be4dbc0ca732bd2c35b6108331120a3f1a54ada)
commit 8639079e4dcdf7ef9b07a36969e4ce9a54e072e4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 11:18:05 2012 +0100
s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
The propagation of nTSecurityDescriptor doesn't change the
replProperyMetaData.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7f42a8b7b667c6a704ecd7bce1630971eb3f1e8c)
commit 20d92f60f5bebbfe0e8d4c462ed662e9afb4b9cb
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 15:25:06 2012 +0100
s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit cb9c7ee79b2f4e8c875bd15c1fddee90648eec19)
commit 442609b4216f88c740718b255a86f3802ebf1f26
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 17:42:32 2012 +0100
s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 60f0e172e3ce182324c4573fc05197ba241def89)
commit f6c8ecee7a179c968b49855bbee3122e85aaa7fa
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 10:16:45 2012 +0100
s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7f88ad3efce5bc14de49b3d73a5dcb19499e1342)
commit eb4ff6a81f3eabbe3cbbd9c77d59651e3891140f
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 10:14:59 2012 +0100
s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)
Now that the acl module checks for SEC_ADS_DELETE_TREE,
we can do the recursive delete AS_SYSTEM.
We need to pass the TRUSTED flags as we operate from
the TOP module.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 5dd4555f391d841b276e53e70eedde36f5190cdd)
commit f65797562e86acba1b1833df5318d788be834788
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 10:04:39 2012 +0100
s4:dsdb/subtree_delete: do an early return and avoid some nesting
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 60192fd1004015b50e208b3da6a07bd67f9d7990)
commit 4f77389900b023d01b15d88402b78be28c7609f3
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 23:21:10 2012 +0100
s4:dsdb/objectclass: do not pass the callers controls on helper searches
We add AS_SYSTEM and SHOW_RECYCLED to the helper search,
don't let the caller specify additional controls.
This also fixes a problem when the caller also specified AS_SYSTEM.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ff274bafeb223c7440f4d97e2225b954b1031259)
commit e681f0dd80d53cbf58a4796cf9cb650146711db7
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 10:06:13 2012 +0100
s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 5838637b4218ecf88e7a650610da3be1a5a518c9)
commit 958f48876e3c0dbb06a49e3f27ba1655d6d2c910
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 09:20:37 2012 +0100
s4:dsdb/dirsync: remove unused 'deletedattr' variable
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 60c29a51a062640bf23c85d0d2f650d35a9ab59c)
commit 68e443d04537272e59b58ddbe30a0fa0525feb87
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 09:19:52 2012 +0100
s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ffaf9bb98b5322cca31ef6a43f8c27ca4e5fe42e)
commit 6e0d9e83ced4b5ff2afbb5c8500228afd4460a58
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 09:17:27 2012 +0100
s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATTRIBUTES_EX
See [MS-ADTS] 3.1.1.4.4 Extended Access Checks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 0c2c00e4b9afd72b4f4052e6b19e40096fd1e44c)
commit 72718dd91481480b15052c06f5073bed4583d04a
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 09:15:24 2012 +0100
s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes
The @KLUDGEACL record might not be uptodate.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b54d268e2042f36bc670cf8f4f33cddd957e1d34)
commit 2dc2ea5f1007c4e2dad1ee8322e7a0d3db47239b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 10:58:49 2012 +0100
s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on modify
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f67f469ce101e48301de790b5c31f8d4e712e0ea)
commit 73f845b2a4e7950d327466b8dd3a9d57ea667909
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 09:55:17 2012 +0100
s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 5aa7dbe546ff18e521e72c0af713a2509201e00d)
commit 7397218b31ddc02b169f484a3d273f810949ebef
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 09:31:05 2012 +0100
s4:dsdb/descriptor: remove some nesting from descriptor_modify
If the nTSecurityDescriptor attribute is not specified,
we have nothing to do.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 4ef36fda681409bf7050adb98bb4b3d574bc01a9)
commit 9ac44aeb987a61269778f32ce9275addacfc998b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 09:20:50 2012 +0100
s4:dsdb/descriptor: remove some unnecessary nesting
sd == NULL is checked before.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8d60ac19ed0bc70ec3763614147465c04f28e286)
commit 83a64e44f064ca9e49ad7164ad9936dd809de98f
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 09:19:11 2012 +0100
s4:dsdb/descriptor: add some error checks to descriptor_{add,modify}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 813492676c5b876d309bb2db12c794c513fab5c7)
commit de75b1c0828944b00b688e18a237f3afb1b64076
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 09:15:25 2012 +0100
s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OID
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b3486f4e1a2108bd3af7ce760c8410a560c5237d)
commit 82b08afb32dcd05bcf5ea6027a62e11a77ab65dc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 23 07:18:35 2012 +0100
s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,modify,rename}
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 74e3f0ea0aa0352bf15e92c70256fa9b4d291cd9)
commit 71486a977f0e4f51b1f6a659e655edcb505c5434
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 16:22:30 2012 +0100
s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sd
The sd_flags:1:15 control together with an empty security_descriptor
has the same effect as the recalculate_sd:0 control (which is samba only).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 4136d969cab5d4690f00c855bd98dc01253d73d9)
commit 0da04789d5d133ecc7e5e739dbe61fbd286b4757
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 14:09:34 2012 +0100
s4:provision: add get_empty_descriptor()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 118db4ca11bec17b8f5955f188c07f154b85c87b)
commit 8da430d73ba13f0a9c67a0db6839a800d0d50b8e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 15:53:14 2012 +0100
s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7a3e4d04c7e06379eddacb4f025a3c48a0a754a4)
commit b931c8d87b0b52c0e0e9116939dbddcd3d9a247a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 14:07:04 2012 +0100
s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit c2c715f9c9e0d465857ad118d632493131a5f9c5)
commit f4c4f0df95f7af718fb592206f2dc5ba3ca6e0d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Nov 18 18:57:03 2012 +0100
s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 990448b4997d1a2423e5dd4da1e37ad51f99bf3a)
The last 22 patches address bug #8620 - Read ACL are not enabled by default on
DS.
commit 08706b533bdd05219c3c05b108a38cc493ec2f23
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 14:04:09 2012 +0100
s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptor
We need to base the access mask on the given SD Flags.
Originally, we always checked for SEC_FLAG_SYSTEM_SECURITY,
which could lead to INSUFFICIENT_RIGHTS when we should
have been allowed to read.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit fa676769e0d5d3f161b295f06f643fdacebb82ca)
commit aa6bab844edec4cc6db4a6f855ddb767094a7193
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 09:31:25 2012 +0100
s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLED
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ca3c0e28ef5d43f0af487e45a56f2929f5f23b4e)
commit 936cff0c7363a0e0f59d4f2ddb3d7f226d5c5f12
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 14:10:43 2012 +0100
s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescriptor
The access_mask depends on the SD Flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 53b100bb59dadbc7cfb727a4ad1566302ff6c831)
commit d7d1c73e0a9100af86bddfce6dd742e565519596
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 12:12:41 2012 +0100
s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is set
In that case the acl_read module does the protection.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 95b480fd98d9647c679672abac49c9f4ca5b3219)
commit a600f8965238e1be14b24b6f08b592130800821a
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 12:15:00 2012 +0100
s4:dsdb/acl: remove unused "acl:perform" option
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 3d57f17db94ddb5d5d8021158548ea7aebe16cd1)
commit 502ab6d5287f975d39e55fea7ff74562221d972b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 07:14:31 2012 +0100
s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLED
The searches are done in order to do access checks
and the results are not directly exposed to the client.
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 329afc1a203056b1f4a43dd6c98ec2067c64f962)
commit dea1768df8d942d2ed9130e63298c1de625b0d25
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 14:13:17 2012 +0100
s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add
See [MS-ADTS] 6.1.3.2 SD Flags Control:
...
When performing an LDAP add operation, the client can supply an SD flags control
with the operation; however, it will be ignored by the server.
...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 42898590bb386a13b4f0d7b0294561a78df7e268)
commit 695b0797826a675971d8fde28138d7bfa0e9b399
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 13:05:31 2012 +0100
s4:dsdb/descriptor: make use of dsdb_request_sd_flags()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f018772e0ca981857036078342456ef17858b966)
commit 8e85a3d591f0197566ae87874cb0e86907952780
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 15:24:46 2012 +0100
s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
If the nTSecurityDescriptor is explicitly specified
without the SD Flags control we should go through descriptor_search_callback().
This is not strictly needed at the moment, but makes the code clearer
and might avoid surprises in the future.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 67045fafe8a826792a51a504aa85ee6d8e137059)
commit f758629b488f9d8019c7ab3c2146186306c78dbc
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 10:15:58 2012 +0100
s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 690b5e11618eb0385272d6a003761db22369e620)
commit a1ccdc1478538e412eceb03e6975fcc34229cd65
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 12:33:35 2012 +0100
s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 2916313f8016720fb36180db341efbf7b91522f6)
commit 01de895df370d9768da77f3f7db098cbe74d6646
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 07:14:31 2012 +0100
s4:dsdb/acl_util: do helper searches AS_SYSTEM
The search is done in order to do access checks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 1cdecf1234bffc37a9898b666371b2dd25ad158d)
commit c9cad1d8b61a1642741f9bda558061f01dd73fd4
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 09:33:53 2012 +0100
s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8d900d06ff89136016ef2f139d6c33b306c87e93)
commit 0ea8c2a0ded24c35fddb14279f1583cf3bbd15f7
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 19 06:59:33 2012 +0100
s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLED
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 659277a89dfd4226db9ea44709010ad7e3768fd6)
commit ea1837233ea1616e4d8e64ff170dafd2f1e0dcc2
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 19 06:59:33 2012 +0100
s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLED
Note that SHOW_RECYCLED implies SHOW_DELETED.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 844b736a1dd05159850ccc28eee1b3e625489139)
commit da538370537f013f98bd7590a61ba3a6621b5351
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 12 14:19:34 2012 +0100
s4:dsdb/rootdse: do helper searches AS_SYSTEM
As anonymous users can read all rootdse attributes,
we should do helper searches with DSDB_FLAG_AS_SYSTEM
in order to avoid unnecessary access checks.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit a882b41d44b20476a0b1549260e07be3398f9752)
commit 9934111bf1f76e1433851fb6203f80c2cb4d979a
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Nov 26 13:38:07 2012 +0100
s4:dsdb/rootdse: remove unused variable
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 964d96d2c31211601b8854dd3d532112fd2aaece)
commit 00fa2adbe1e47597339ceba1e02df5f4daaa6ed3
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 22 08:59:40 2012 +0100
s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xF
A value of 0 is mapped to 0xF.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8563348a01206874ff215a55d0c542912740e84b)
commit 7ff6b7abc791fb7752fdc9a78252194c47ebd357
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 09:51:45 2012 +0100
s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVector
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 6991fb385e3956892d904f871052aaede1137a29)
commit 0f7ac5e1ae297d8731580cff61f34b0399032d76
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 27 14:49:11 2012 +0100
s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_root
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7fe1e61ab908264f2ac7b8df666b254ae2af4488)
commit cd976a36f34645a83a3886e0da5a26b750d99138
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 21 16:12:22 2012 +0100
s4:dsdb/schema_data: fix debug message in schema_data_modify()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ac9bd1e63a8adfb96eb5c9f996e60c2d99aba5e1)
commit caaefb6c3878b6d049f592e9cec8fa9e74d4aa5f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 09:57:44 2012 +0100
s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()
This allows the caller to ask for a security.descriptor instead of sddl
by passing 'as_sddl=False'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 6f71071381ead9976f4a6d296c9a1ade385484e0)
The last 75 patches address bug #9406 - ACL fixes since 4.0 rc1.
commit b90fc0c8c9d51647ddfbe78cb56228ec7c18dc58
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 09:28:23 2012 +0100
s4:python/ntacl: allow string or objects for sd/sid in setntacl()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 06f026368e5b657394bb9e681c3d0184104bc120)
commit 9627bb044855b0aed5e76c174a1c03dca22b4157
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 09:31:12 2012 +0100
s4:samba-tool/gpo: fix the operation order when creating gpos
We should do it like the windows GUI.
1. create the LDAP objects
2. query the security_descriptor of the groupPolicyContainer
3. create the gPCFileSysPath via smb
4. set the security_descriptor of gPCFileSysPath
5. copy the files and directories into gPCFileSysPath
6. modify the groupPolicyContainer and link gPCFileSysPath
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d48d0c5bbf70394dfc6ab44ef124582fd836695f)
commit 9feac15ba8ca5f1df5574914c150207e68645f1f
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 09:31:12 2012 +0100
s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit dde7eb0d82e9b980c9b08fb4590b7e77bda0c76b)
commit 029c306e2532bc2162f1a386039fd1a7998f0e00
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 09:31:12 2012 +0100
s4:samba-tool/gpo: use the dns_domain from the server when creating gpos
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit a1a525e2a9b0bc20e3e06695fbcbdf0d172839a1)
commit 89dc803d4af34fb800aae3dc6d947524f2661537
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 1 09:14:19 2012 +0100
s4:libcli/finddcs_cldap: allow io->in.server_address as hostname
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit a42c49c93acb9e480b6e174f56fb75ae0524b984)
commit f16532974e9387da40b557cb0a35dfdca5fbcc24
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Dec 1 08:56:57 2012 +0100
s4:libcli/finddcs_cldap: try all NBT#1C addresses
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit c4d51d8d17f04583868f1fdc82322b26bcb1c7a0)
commit 87de57e44a44803648321cb047aa4b456ff8fa82
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 30 14:36:07 2012 +0100
s3:smbcacls: add --query-security-info and --set-security-info options
This allows the caller to specify the security_information flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 0e2e3ff5e864115495be68040959838e2835e260)
commit 640505f60239031961301d1c7b940e41f769e443
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 30 13:52:53 2012 +0100
s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags
In order to set and get security_descriptors it's important to specify
the sec_info flags.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 9afba14417ebb8e13623b62d3c81492629b92f29)
commit 0bdf8865efe80e9f97ad36e2c3f4ded8cd87220b
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 12:33:22 2012 +0100
libcli/security: remove duplicate aces in se_create_child_secdesc()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit cf60338ada9b1685aaa49a41cefbe1e14040a283)
commit 5e44f0c69d5395d387121cd5bec6fc6e67dd6619
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 30 13:33:59 2012 +0100
s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8fbe39d5134e136101425f9fc8d3d5080cbe25ba)
commit 04f96c733b2f1024931601ee630d149dd8bc4c18
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Nov 30 13:32:04 2012 +0100
s3:smbd/open: try the primary sid (user) as group_sid if the token has just one sid
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 139232656a5de5f1c4694bbea8554a01c677081a)
commit 048b5be5f130efa6bf6d1af7b4d293697844c75a
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Nov 29 10:00:03 2012 +0100
s3:smbd/open: use Builtin_Administrators as owner of files (if possible)
We do this if the idmap layer resolves Builtin_Administrators
as ID_TYPE_BOTH and if the current token has the
Builtin_Administrators SID or it's SYSTEM.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 0a3396b53683f5efe439bfb8395e275f53108255)
commit 6551e177726376597d01fc59f3c983c15920b001
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 27 16:43:25 2012 +0100
s4:tests/samba_tool/gpo.py: fix accidential line break
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4970d3cacbd6b9a76e64030cc79628f3dfecce1b)
commit 4be23d50b4bf6a7941056f7811584cdbd043350a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 15:02:05 2012 +0100
s4:tests/samba_tool/gpo.py: add test_show_as_admin()
This calls samba-tool gpo show as admin (which should be able to
see the full nTSecurityDescriptor.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit a58124208006ba9311588554b147acfb86d4d4eb)
commit 9b9eabdf717c07dbf4520f15b5c02c927eca7665
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 14:58:13 2012 +0100
s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ntSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 325e92190852ae317c42c26ab86d32818d119381)
commit b99358ee313c80e2c60a40d80f39101263baa305
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 14:56:56 2012 +0100
s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 67799962b8e6e16ac18466658a3f9924854e32f7)
commit 4a54a660ff3e2ba6b29b41dc2a6852434033d9ba
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 17 07:13:40 2012 +0100
s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the current user
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 6bffad67d24df2c90b174bbcc9c578899783a834)
commit 890f87da1badbb548379b71d678e55c5f1d09a07
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 14:51:46 2012 +0100
s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f843c04b0f2314ccedb4759c85721773845eb207)
commit 872fffe89d62004d2094b8ae07fc76f85df79a9d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 11:59:31 2012 +0100
WHATSNEW.txt: "acl compatibility" was removed
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e5258a9561196b9a87119ba40222b4aa7fcd8a47
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 11:44:58 2012 +0100
s3:vfs_gpfs: add no memory check in gpfs2smb_acl()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Wed Nov 28 14:06:27 CET 2012 on sn-devel-104
(cherry picked from commit bc6bceec655f241f23d713edc0d7a2633b5d6592)
commit 80c736a987b11193f0a447cb66ac830a260554f5
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 11:44:15 2012 +0100
s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl()
TALLOC_FREE() could overwrite errno.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 0f630abb3f197a8b672c6aa96362d83fdad1f92f)
commit 8ee5127f49820f53463da82fa9fa45e9ece17e8f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 11:38:13 2012 +0100
s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b3eb78c4f7123ccad6af50379c29d0939590d1ff)
commit 9466762d7195d8ea71132124325f66877cc84706
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 11:21:51 2012 +0100
s3:vfs_aixacl2: make use of vfs_aixacl_util.h
This should fix the build.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d5987048347beefa720f902d97b621e6cb719fdf)
commit 2b73dfbc8e994ae8b7eea6cf17fcbcfb2e2a074f
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 28 09:05:23 2012 +0100
s3:vfs_modules: fix *sys_acl_blob_get_{file,fd} and only return ENOSYS
We should not segfault if some callers starts to call this.
This is a 4.0 patch only, if you try to backport the real implementation
just revert this patch...
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit f5f04596c6eaa44e8fd7825d20ce1a80f9520519
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 13:50:46 2012 +0100
s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 4fb0b61ad8fd45a7eff7756d43ce646ed051ee1a)
commit 570457375ad8ae7aacc3e25b05d3d7661ba21b7a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 10 16:44:41 2012 +1100
vfs: Remove type parameter from sys_acl_blob_get_{fd,file}
This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.
Andrew Bartlett
(cherry picked from commit 1f36ec129300e4f69efe26d4950fe3a7cfbfb233)
commit 2d41511901a6e788eec908b6821f7ac2a4f9814a
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 16 01:00:21 2012 +0100
s3:param: make init_locals() static.
it is only used in loadparm.c
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
(cherry picked from commit d7cab973fc3213ff777bff519eb001ae7d1c1bdc)
commit ba1b0a6dd1234e05394974d7685fcb22ae93f366
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 16 10:30:44 2012 +1100
s3-param: Handle setting default AD DC per-share settings in init_locals()
This function is helpfully called between when we finish processing
the globals and when we start processing the individual shares. This
means that the "vfs objects" and other per-share settings we specify
here become the defaults for (eg) [netlogon] and [sysvol] but the
admin can override these on a per-share basis or (as we must in make
test) for the whole server.
This broke setting and fetching of group policy objects from Windows
clients, since this setting was moved from fileserver.conf in
8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
test' because we have to override the vfs objects to insert the
xattr_tdb and fake_acl modules.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 3fc2c03ea3dcc36778e92115a0dbca42531bd4dd)
commit cd78fc8c8fbc04a4ee18103f1b829521260806e3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 19:36:28 2012 +1100
samba-tool: Add new samba-tool gpo aclcheck and test
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
(cherry picked from commit 256391c0faf4ff4d408821e3fe8cfe2eff44c043)
commit 655eb86178bebf4a80f8e23812466e8ea41ca3ce
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 13 16:03:27 2012 +1100
scripting ntacls: Do not place a SACL in the GPO filesystem ACL
On a new GPO created on windows, the SACL is not used.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
(cherry picked from commit a390a5878db627a7f0147699fff97a39013816dc)
commit 8a870252b49143b31c2d2577a2d8a32899045554
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 13 16:45:03 2012 +1100
ntvfs: Fill in sd->type based on the new ACL being added
Previously we would not change the type field, and just relied on what
was in the original ACL based on the default SD.
This is required to ensure the SEC_DESC_DACL_PROTECTED is set
which is in turn required for GPOs to be set correctly
to match what windows does.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3e2584a86cc610c000f70105f39e7f3fa881aded)
commit 9f0b860eb574286cbf5230a5b8f1a912b457890d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 12 17:11:34 2012 +1100
smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d6c7e9b1ed6f7befbb2239350bba4547ef781e58)
commit ba846a4919e34a8e6e5ff520f97f904631e43767
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 13 12:34:35 2012 -0800
smbd: Correctly set fsp->is_directory before dealing with ACLs
Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.
Reviewed by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a4434297f19a3520d0f2ac242d4e99576d927ecc)
commit 42b58ba203160b274b86d02c38523556fac18848
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 13 12:21:45 2012 -0800
Ensure we Correctly set fsp->is_directory before dealing with ACLs.
Reviewed by: Jeremy Allison <jra at samba.org>
(cherry picked from commit dc05ab8e19a26265ace720528f7e9341aea62ee2)
commit 82167ea06410b951ea7efcf98c34607cc1fe76fe
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 13 13:31:53 2012 +1100
selftest: Add --tmpdir to 'samba-tool gpo create' test
This was the cause of the flakey test, and was only noticed when
multiple different users ran autobuild at the same time on the same
server.
We use shutil.rmtree to wipe the directory before the tests finishes
as required by the TestCaseInTempDir class.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
(cherry picked from commit 095c7627dfbc1e25665d342699ea004dc8d0880b)
commit fa34ae72aecfbfa1e80a0c27dee02f16e72dd558
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 12 21:48:46 2012 +1100
selftest: Avoid returning errors (rather than failures) in gpo test
This should help find the real cause of the flakey test, if it ever returns.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
(cherry picked from commit 4d6d6e446c030bb6cf3f27ba257e713ac6701b7a)
commit 619905d357651e0b43ab142a896fcb0cccd126e2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 12 07:53:40 2012 +1100
selftest: Avoid test cross-contamination in samba.tests.posixacl
This creates a new xattr.tdb per unit test, which avoids once and for all
the issue of dev/inode reuse.
For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
(cherry picked from commit 94649e46b4dec528ab7e750d06a65ada3d978342)
commit 8e278b88f712cc7050ce67808d2d611f57ad8d6f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 21:33:41 2012 +1100
selftest: Add tests for expected behaviour on directories as well as files
This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
(cherry picked from commit 1d81e52bba65f05378db7027537aa27eb5bfa70a)
commit 8c0a636ffbd4999a2ab17983ceeeb4ad06247abe
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 22:07:49 2012 +1100
pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a6a01552efe69f6450425b001ad600ec056bd18c)
commit 91ad382963b60f2c7a84a299e9e0bd38ac391870
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 14:01:44 2012 +1100
selftest: Make samba.tests.ntacl also use TestCaseInTempDir
This follows on from the successful conversion of samba.tests.posixacl.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 312f8ddae27f6fdf4f325edfa890a7b96cd348b8)
commit 276d86c86e3db2a628dbcec28bfdf97523aecc10
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 20:44:14 2012 +1100
provision: Make dsacl2fsacl() take a security.dom_sid, not str
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
(cherry picked from commit ab30a8bf0fb9bd4ee3c907183132f3b9abb67c7a)
commit e3d093f7e55b3c95a1eab17424a54d5be0d76ab8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 15:22:02 2012 +1100
provision: Also walk directories checking ACLs
The directory walk was missed due to a cut-and-paste error.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 033451587db21d6e4b829e89a64f894a32682131)
commit 8b945352ec4652437b385fcb2eb44e427133b4d0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 12:57:17 2012 +1100
selftest: check that samba-tool gpo works for basic operations
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0b7bb774ce836722d219d6e466a76b12c1a03de3)
commit dae0a763d858f7a0e59ce7195eedfce1a3f29181
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 1 09:51:28 2012 +1100
vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent
When we add a new DACL to the security descriptor, we need to use the
SD as the memory context, so we can talloc_move() it as a tree to a
new parent.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov 2 22:16:14 CET 2012 on sn-devel-104
(cherry picked from commit 60cf4cb5a630506747431ecbf00d890509baf2f3)
commit 19b87aaac72db28329293e7be9574ae9a1e1ff6f
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Fri Oct 26 15:58:06 2012 -0800
TestCaseInTempDir: Use addCleanup rather than tearDown. (cherry picked from commit 8d397b69bb29b7a464b610bc46cedd6be01b2455)
commit 75632473d0aebd2e274140c986ca0a9166b3d5f9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Oct 27 10:59:43 2012 +1100
sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file
This manages the temp file more reliably, and reduces the repeated
code in each test case.
Pair-Programmed-With: Jelmer Vernooij <jelmer at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
(cherry picked from commit 3180a1082a79698a69f6721282cb8c45900f884c)
commit 35efdd002add66377583aae9371ea0b56d4ba527
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Oct 27 09:20:52 2012 +1100
provision: Fix comments in checksysvolacl (cherry picked from commit 7e90a064437790789726d701ada5de9503816281)
commit 482e78f0775132528d8cb414bdd6c872416ab31a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 26 14:23:39 2012 +1100
vfstest: set umask(0) in vfstest
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Oct 26 10:07:03 CEST 2012 on sn-devel-104
(cherry picked from commit cb50e85a5a054eeb59bf4c27c886679285732548)
commit d902eaec21b1ce6f0137e29d414e8864abd8ea88
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 26 14:22:07 2012 +1100
pysmbd: Set umask to 0 during smbd operations (cherry picked from commit e146fe5ef96c1522175a8e81db15d1e8879e5652)
commit 737b1d48676a3d99951721748e826cbd07237dbb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 26 10:07:02 2012 +1100
pysmbd: Remember to close files after setting the NT ACL (cherry picked from commit 728e56b4636b668aaac60ec557d6fe16b530a6f9)
commit 3aab9af0a5dfd4d4bd9af37a9188266fe8298b05
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 26 17:25:53 2012 +1100
pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode.
Andrew Bartlett
(cherry picked from commit e107c6ace73ac40894fdd66860cfeae9115d5cd9)
commit 95f64c4ae7bb397ac9536a00413c035e82d4b779
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 24 18:24:12 2012 +1100
python-ntacls: Cope with ACL revision 4
This is the new revision with the hash of the posix or system ACL.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104
(cherry picked from commit a2d53262e835b0c74282d389b1dd6dad2395f0f1)
commit 8cfbd6b7f26aa967e329b7e1b940034b44427f27
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 24 18:23:04 2012 +1100
dbwrap: use talloc_stackframe() in db_tdb_log_key()
We can not be sure that there is already a talloc_stackframe() in place
so we must create one.
Andrew Bartlett
(cherry picked from commit f8e6bb46c005e82d5a8646e691de9282828005cc)
commit c7e2dd415ffb2dc219541096ab1e14d189c1561b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 25 20:18:28 2012 +1100
selftest: Always unlink the tempf in posixacl test (cherry picked from commit 1008f6fbf49d5b797c7d968ea7ffdcb29d623644)
commit e29446b53dd9ba411507ab4d12a73f971e8c0332
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 25 20:17:55 2012 +1100
selftest: Cover the important non-Samba invalidation of the NT ACL
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the
POSIX ACL) and we notice it no longer matches.
Andrew Bartlett
(cherry picked from commit 117d5f4c372c02d69106df45e12ac69d1c047f50)
commit 86f56152684cecbbc007dfa23d4fbeb3bec6fc64
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 25 19:58:15 2012 +1100
selftest: Cover one more NT ACL invalidation case and improve comments
This tries to show the difference between the cases where we trap
the POSIX ACL change and where we actually detect an OS-level change.
Andrew Bartlett
(cherry picked from commit 53244c915113cef87692756e9ad545ff75074df0)
commit 6d3a607e219ca62120d3425bb4ec1b0d8e38d86b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 25 16:27:19 2012 +1100
selftest: Add many more tests for our posix ACL handling
This tests the mapping of posix ACLs to NT ACLs, the invalidation of
NT ACLs stored as an xattr and ensures this security-critical code
continues to work in the long term.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
(cherry picked from commit e9b6b23fbdafff700ceb788dbff2ba69584ff833)
commit 3e238c26728a7fd270163792b53bdf705a9c7ed3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 25 16:25:22 2012 +1100
pysmbd: Fix pysmbd octal mode handling
It is clearly too long since Computer Science 101... ;-)
Andrew Bartlett
(cherry picked from commit 3cdd888093e57a8cfc29d82ea47c8887a50e73a4)
commit 5e8c2de74a7c5d2f748ff2c4761b2a536f589c2b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 23 16:13:28 2012 +1100
vfs: Fix compilation of ACL support on solaris (cherry picked from commit 60a06ff09cb62d4102a89194ce8fef5c4c5a2f16)
commit b888cd2db5577183ef76428aa6bc3c66025071f4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 11 22:29:43 2012 +1100
smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 11 15:20:54 CEST 2012 on sn-devel-104
(cherry picked from commit 1ec5486338772cecf953e150ebb717a8845c98d4)
commit cbf098ad2aecb36440500fc64291973a099f04b3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 11 15:08:25 2012 +1100
rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL
This fixes up an error introduced by c8ade07760ae0ccfdf2d875c9f3027926e62321b.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 11 07:53:36 CEST 2012 on sn-devel-104
(cherry picked from commit 957f9fa3ff2ba838bb1669c371da0f70ddeb2360)
commit 4a8424c84833af4559f3a4f675b8662dff460f09
Author: Christian Ambach <ambi at samba.org>
Date: Mon Nov 5 18:49:54 2012 +0100
s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
(cherry picked from commit e6a100e86b7adf1c06a7c06b24fa50717ddcdb67)
commit 1f1598101fe6c67bacec4ed464725ea03787fc98
Author: Christian Ambach <ambi at samba.org>
Date: Mon Nov 5 18:47:01 2012 +0100
s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl
the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos()
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c9d70740e39722a2f98ccd932b053723a4f3de62)
commit 5cf4af2dacd0cf77ef444cab67abac9af548a732
Author: Christian Ambach <ambi at samba.org>
Date: Fri Nov 2 08:41:40 2012 +0100
s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 775d0a78c496af8ddbde9eb0f8c2f6d5dc5bcc81)
commit 545973ed1bcb86292813a5aa92441c34bb94719c
Author: Christian Ambach <ambi at samba.org>
Date: Fri Nov 2 08:41:10 2012 +0100
s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
sys_acl_init returns a SMB_ACL_T with zero entries in the acl array
reallocate the array to proper size before filling it, otherwise we overwrite memory
This one is a result of a improper fixing in 7a6182962966e5edb42728c8
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1a71f07cee0bfe50ea6821a195a950d2206aab55)
commit 066a957b9f834915113c98bdbff7cce7d07ee349
Author: Christian Ambach <ambi at samba.org>
Date: Fri Nov 2 08:39:45 2012 +0100
s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3dab1ef8a57670a36a81e706895bbe225892f3ff)
commit e244868afb0afafe8a07803e9b563fb39365af88
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Oct 12 11:45:59 2012 +0200
s3:vfs_gpfs fix the build
Based on fa728d1c by Christian Ambach <ambi at samba.org>
commit beb20d40de57ce4851fdfac1e9b2688f6bb6781a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Oct 11 14:42:39 2012 +1100
vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx
These were missed with the initial conversion to use a talloc context.
Andrew Bartlett
(cherry picked from commit a0588fdea82ab1b5d4dbd8bf75b01b82c0879d21)
commit f20ccba29240d452624438a96ac838e386468cd7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 10 11:50:27 2012 +1100
smbd: Add mem_ctx to {f,}get_nt_acl VFS call
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
(cherry picked from commit c8ade07760ae0ccfdf2d875c9f3027926e62321b)
commit 910925855fb14abe49e9f7f23f95acb61135f617
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Oct 10 10:18:32 2012 +1100
smbd: Add mem_ctx to sys_acl_init() and all callers
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
(cherry picked from commit 9158974540d0e311021f04789ed75ebda466c5b3)
commit 0f0da303f1dc0e2d110039c9e76c761ca6cfbc1e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 9 12:46:57 2012 -0700
Make sure the returned sd is on the right context, and if not it's always freed.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Oct 9 23:35:50 CEST 2012 on sn-devel-104
(cherry picked from commit 615951e4e77353547d91fb217b1861877540bde7)
commit 0a18ce880405df9c9bb95e421ac2f951f7d5aae8
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 9 12:45:30 2012 -0700
Move setting of psd->dacl->revision and protect against null SD's. (cherry picked from commit 5afabdc976d5ba1fd21dcdede85657b618fb6b76)
commit 069e1e62aa3a2bfdf1655ea9032589f739cfeec7
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 5 15:51:19 2012 -0700
We should never just assign an st_mode to an ace->perms field, theoretically they are different so should go through a mapping function. Ensure this is so.
Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
(cherry picked from commit 828793852f3785c620f2716c60f8b1640880ee50)
commit 6f89412aa693d68f16ce6fdba4ff562ecf3ded08
Author: Jeremy Allison <jra at samba.org>
Date: Fri Oct 5 15:09:06 2012 -0700
Simplify ensure_canon_entry_valid by splitting out the _get codepath. (cherry picked from commit 9466cd189d6a07411f451f7596feee36f0be7f32)
commit 44b2f4bf5ea5e6961973e09c29189e29e9d96de0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 29 15:36:36 2012 +1100
samba-tool: Add samba-tool processes subcommand
This will allow administrators to inspect the process list in a
similar way to what running on a platform with setproctitle might
permit.
--pid= returns the registered server names for a PID (eg kdc, cldap_server)
--name= returns the pids registered with a particular name.
Andrew Bartlett
(cherry picked from commit 42c379f0dfdeb36598bb2636aa2b6e3ca4410930)
Fix bug #9121 - provide and use setproctitle replacement function for samba4
processes on linux.
commit 85e1784a4821949851e612ec7f47cca7923fec8e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 29 15:34:41 2012 +1100
pymessaging: Add irpc_servers_byname() and irpc_all_servers()
This will allow python scripts to inspect the process list.
Andrew Bartlett
(cherry picked from commit a732f2a621665923322422c5a3d788c9d1aa8df9)
commit 9b06aac24eaa7b5b5b2b7766027dcc048d9d84e8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 29 15:33:59 2012 +1100
pymessaging: Use the server_id IDL structure rather than a tuple
This will make it easier to pass this structure in and out. The tuple is still
accepted as input.
Andrew Bartlett
(cherry picked from commit 76b7348299870279acec5b7c9f02f4e4b2461703)
commit 493a76f1f83ae0a73e2ab75a1669238bbf3853cb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Oct 29 15:32:21 2012 +1100
imessaging: Add irpc_all_servers() to list all available servers
This is implemented with a tdb_traverse_read(), and will allow a tool
to disover the name and server_id of all Samba processes, as each
process registers itself to recieve messages.
Andrew Bartlett
(cherry picked from commit 3b4ef03097293f758d8f11cbe434063ed1dc6b91)
commit ec60e57bcca2663ae583228861232e2b19ebf525
Author: Christian Ambach <ambi at samba.org>
Date: Tue Nov 20 09:49:46 2012 +0100
build(waf): fix a typo
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Nov 20 11:54:51 CET 2012 on sn-devel-104
(cherry picked from commit 1fb8f8c5046cd7d0638be0d8a4b9a0e9a5799f6b)
commit 329a64d94e6305682db3dfcb8563ac3846a2d2af
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Tue Nov 6 22:29:07 2012 +0100
Makefile: Allow specifying PYTHON environment variable.
This is required for Minix, where python is named "python2.X".
Reviewed-by: Simo Sorce <idra at samba.org>
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date(master): Fri Nov 9 16:39:09 CET 2012 on sn-devel-104
(cherry picked from commit ec0104b1e0eea73331c58d26ea96b5167c2847ed)
commit 59a7a3000f09783bd45ea879e4070d729a514636
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Tue Nov 6 22:24:07 2012 +0100
configure: Support specifying PYTHON environment variable to run waf.
This is necessary to run configure on Minix, where python is named
"python2.X".
Reviewed-by: Simo Sorce <idra at samba.org>
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
(cherry picked from commit 010fd296881aa643a4b631d57df503c9e832b35c)
commit c2fb1e75f25088ee976191c1f2ae93e01f2a13aa
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Mon Nov 5 23:38:23 2012 +0100
heimdal_build: Fix finding of system heimdal.
When checking for Heimdal headers, make sure HAVE_CONFIG_H is not
defined, as config.h will not be available.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer at samba.org>
Autobuild-Date(master): Tue Nov 6 16:27:03 CET 2012 on sn-devel-104
(cherry picked from commit da284b3765e3c73d204fe2c8b45d6fbd2c08d451)
commit bff4c7851b7ebc8f910d96ce7f3e23f3c2762b39
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Mon Nov 5 23:33:21 2012 +0100
heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument. (cherry picked from commit 9cf985c53eb1a4bbe8b8110f123744291026cee6)
commit 839f526ca9a29df237cbc0c8219bd5c4b922ebb6
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Tue Nov 6 01:25:00 2012 +0100
ldb_secrets_tdb_sync: Add dependency on gssapi.
This is required when building with the system heimdal, as
gssapi/gssapi_spnego.h is included.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Nov 6 05:12:28 CET 2012 on sn-devel-104
(cherry picked from commit 6073d214aa8bfeff8dae8cf151357f890dd37a48)
commit 775b5ac9f68d7facf2a2cff8ed3b92704255ff33
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Tue Nov 6 01:24:59 2012 +0100
dsdb: Rename _res argument to _result.
Newer versions of heimdal include a macro that is unfortunately named
'_res'. This change prevents the clash.
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ed6330094b47408f33c2d933e9c80b079dd891d6)
commit 2504cf212de46ea1e46474819dd7e61bd4dc93fe
Author: Christian Ambach <ambi at samba.org>
Date: Tue Oct 30 15:39:02 2012 +0100
s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Oct 30 18:32:57 CET 2012 on sn-devel-104
(cherry picked from commit a88e3be794a7458ad644e5b73435971533aa7dbe)
Fix bug #9274 - backport documentation changes.
commit 73af1ab5556d332e15aaf863db7647a3a341e7e0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Nov 11 11:35:02 2012 +1100
samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.
We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.
Andrew Bartlett
Tested-by: Chirana Gheorghita Eugeniu Theodor <office at adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jelmer Vernooij <jelmer at samba.org>
(cherry picked from commit b4d8629f511005540cb1fbbbe9abfb278c064ba2)
Fix bug #9271 - backport samba-tool fixes from master.
commit c993daaf95c392d46994520a3f4c0dd79d5efed1
Author: Kai Blin <kai at samba.org>
Date: Fri Nov 16 09:59:53 2012 +0100
utils: Remove unused samba-dig tool
Signed-off-by: Kai Blin <kai at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d5de797af2aeb3697022e33ea51c516621b25e2f)
The last 2 patches address bug #9449 - Backport patches from master that remove
unused code.
commit 1146ef797cd60787cfae4b600d8ce8edb03ef531
Author: Ricky Nance <ricky.nance at weaubleau.k12.mo.us>
Date: Tue Oct 16 00:52:51 2012 -0500
Removed phpldapadmin inclusion for Samba 4.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
(cherry picked from commit d09ac9636af6a31098156ca65ab62e11ce3a5d15)
commit c730e0ef50397697934a1dfb316f6f7c81c57b05
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Nov 5 09:46:49 2012 +1100
libads: Always free the talloc_stackframe() on error path
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104
(cherry picked from commit 71e1c080cbd033b3118952c2da05186252fc411a)
The last 4 patches fix bug #9448 - backport several crash bugs from master.
commit c275adcc1c5ad367a38ccf3d27230f3b9baa787d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 25 10:41:05 2012 +1000
client: Fix talloc_stackframe() free order assertion in developer mode
Reported-by: Ricky Nance <ricky.nance at weaubleau.k12.mo.us>
commit c9393e77b5c68a8e8a01ccc090049f8f4d2688f4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 25 01:13:12 2012 +0200
s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind()
metze
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104
commit 16275e2b3170cc016da84cb04f489c3fa21a0625
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Sep 25 01:09:55 2012 +0200
s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1()
metze
commit 1108c45d00ac6a81b8598e753edd9e0761c08a94
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Nov 24 11:28:57 2012 +0100
s4:torture/rpc/handles: try to make all assoc_group tests less flakey
Just incrementing the assoc_group_id makes it too likely to hit
a number that is already in use.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Mon Nov 26 13:53:22 CET 2012 on sn-devel-104
(cherry picked from commit 8336061096c259f5c3c93f869ff51bf4daab3fdc)
The last 7 patches address bug #9447 - backport tests from master.
commit e266d393f6b486787e7ce9bd172c0761bad28651
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 14 08:45:10 2012 +0100
s4:torture/rpc/handles: try to make the assoc_group test less flakey
Just incrementing the assoc_group_id makes it too likely to hit
a number that is already in use.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 6568a26f0142950300ae8503b8bc2bffb8a77352)
commit 4102ae84cdb0c6459a5cc119223ddcbdbf06545d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Nov 20 14:13:16 2012 +0100
s4:torture/rpc/handles: move a torture_comment()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 14ee2cd938a963d5b3398eed4f21ff64630afdcd)
commit c331dcf7fc598a2804ee7229d0c681af16dd463e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Oct 16 08:34:35 2012 +0200
selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges
This failed more than 20 times in the last few weeks, e.g.
https://git.samba.org/autobuild.flakey/2012-10-16-0629/samba3.stdout
https://git.samba.org/autobuild.flakey/2012-10-16-0829/samba3.stdout
[530/717 in 14m32s] samba3.rpc.lsa.privileges(s3dc)
Using seed 1350368974
Testing OpenPolicy
Testing OpenPolicy2
Testing CreateAccount
Testing Delete
Testing DeleteObject
Testing EnumAccounts
Testing LookupSids
Testing LookupNames with 7 names
LookupName of sharesec_user was unmapped
LookupName of Everyone failed to return a result
UNEXPECTED(failure): samba3.rpc.lsa.privileges.lsa.Privileges(s3dc)
REASON: _StringException: _StringException: ../source4/torture/rpc/lsa.c:319: r.out.result was STATUS_SOME_UNMAPPED, expected NT_STATUS_OK: LookupNames failed
FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
metze
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Oct 16 10:43:02 CEST 2012 on sn-devel-104
(cherry picked from commit 1861213d147e0d96fd637813c5badb4908ec14d1)
commit 1c171af3a9165c5d4add7049b5f1b1d108e00d06
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 1 08:51:47 2012 +0200
s4:tortore/rpc/lsa: make more use of torture_assert*
Currently samba3.rpc.lsa.privileges.lsa.Privileges(s3dc)
seems to be flakey.
We may be able to find the bug with this,
or at least mark it as flapping.
metze
commit 4b44cdb0d249436a8c3870e05dc9d63f6d51f2e9
Author: Jeremy Allison <jra at samba.org>
Date: Fri Sep 28 09:39:15 2012 -0700
Add samba3.samba3badnameblob test to check regressions in bug #9215.
Bad name in SMB1 openX can cause a crash in iconv inside glibc.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Oct 1 23:29:25 CEST 2012 on sn-devel-104
commit 60003e5604ab7c52eef9694bf0bec8facf4c0f1b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 29 20:40:13 2012 +1000
selftest: use an array when starting testenv with system()
By reduing the need for escapes and forcing the use of bash, this
seems to allow 'make testenv' to start on FreeBSD
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Sep 30 02:30:40 CEST 2012 on sn-devel-104
commit 462181147e2b41aa0dfad1c69816ee9721a2b7a7
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 29 14:31:19 2012 +0100
s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
Volker, please check.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
The last 9 patches address bug #9439 - ncacn_ip_tcp reconnection code for lsa
lookups still broken.
commit 78b5271fd4c7ebeced6a2d59df24c15c1b6cb273
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 29 12:03:53 2012 +0100
s3-winbindd: rework reconnect logic in winbindd_lookup_names().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 16322b19a8dbd45115996bf6dff47c69c7cf98b8
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 29 12:03:16 2012 +0100
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 90f3530e48567b27fe6a432e24f3fe7e62560147
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 20:41:21 2012 +0100
s3-winbindd: remove lookup_sids_fn_t.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 65071a37861ee54f3043c22b4a030c2970ab78f5
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 17:03:40 2012 +0100
s3-winbindd: remove lookup_names_fn_t.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1b109ede18af28a0fa3d116349a7ca70811be5e1
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 17:00:49 2012 +0100
s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d0de112b720dc51e3ac5c86813f9276c855f4052
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 16:57:57 2012 +0100
s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 08d4a67a64c305516037f429db7ebebf5e9083a7
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 16:57:24 2012 +0100
s3-winbindd: add cm_connect_lsat().
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 3e329985cbfdd5741a360ae2f5ad961ecc1440bd
Author: Günther Deschner <gd at samba.org>
Date: Wed Nov 28 14:53:27 2012 +0100
s3-rpc_cli: Remove some unused wrapping code.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit deb11c486060c50e86f702e1d99680729f30c9bd
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 23 12:21:49 2012 +0100
configure(waf): Fail "configure --with-ads" if ads support is not available
Fix for bug #9350
This establishes the "auto" mode as default for ads-support, when
neither "--with-ads" nor "--without-ads" is specified for configure.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Fri Nov 23 19:34:55 CET 2012 on sn-devel-104
(cherry picked from commit e4218e46c77e8d0c4f6c839024620c48f101e2f2)
-----------------------------------------------------------------------
Summary of changes:
Makefile | 3 +-
WHATSNEW.txt | 5 +
configure | 2 +-
docs-xml/manpages/vfs_shadow_copy2.8.xml | 15 +
docs-xml/smbdotconf/vfs/aclcompatibility.xml | 17 -
examples/VFS/skel_opaque.c | 19 +-
examples/VFS/skel_transparent.c | 29 +-
lib/dbwrap/dbwrap_tdb.c | 7 +-
lib/param/param_functions.c | 1 -
lib/param/param_table.c | 19 -
libcli/security/secdesc.c | 34 +
librpc/wscript_build | 5 +
selftest/flapping | 1 +
selftest/knownfail | 8 -
selftest/selftest.pl | 14 +-
selftest/target/Samba3.pm | 137 +++--
selftest/target/Samba4.pm | 5 +-
source3/Makefile.in | 4 +-
source3/client/client.c | 1 +
source3/include/passdb.h | 3 +
source3/include/proto.h | 2 -
source3/include/smb_acls.h | 8 +-
source3/include/vfs.h | 29 +-
source3/include/vfs_macros.h | 40 +-
source3/lib/sysacls.c | 71 ++-
source3/lib/util_sid_passdb.c | 100 +++
source3/lib/util_sid_passdb.h | 36 +
source3/libads/kerberos.c | 1 +
source3/librpc/idl/wbint.idl | 14 +-
source3/libsmb/clisecdesc.c | 56 +-
source3/libsmb/proto.h | 9 +
source3/modules/nfs4_acls.c | 25 +-
source3/modules/nfs4_acls.h | 2 +
source3/modules/vfs_acl_common.c | 88 ++-
source3/modules/vfs_afsacl.c | 16 +-
source3/modules/vfs_aixacl.c | 12 +-
source3/modules/vfs_aixacl2.c | 29 +-
source3/modules/vfs_aixacl_util.c | 4 +-
source3/modules/vfs_aixacl_util.h | 2 +-
source3/modules/vfs_cap.c | 6 +-
source3/modules/vfs_catia.c | 8 +-
source3/modules/vfs_default.c | 43 +-
source3/modules/vfs_fake_acls.c | 79 +--
source3/modules/vfs_full_audit.c | 24 +-
source3/modules/vfs_gpfs.c | 57 +-
source3/modules/vfs_hpuxacl.c | 17 +-
source3/modules/vfs_irixacl.c | 8 +-
source3/modules/vfs_media_harmony.c | 22 +-
source3/modules/vfs_posixacl.c | 15 +-
source3/modules/vfs_posixacl.h | 6 +-
source3/modules/vfs_shadow_copy2.c | 11 +-
source3/modules/vfs_solarisacl.c | 14 +-
source3/modules/vfs_solarisacl.h | 6 +-
source3/modules/vfs_time_audit.c | 21 +-
source3/modules/vfs_tru64acl.c | 18 +-
source3/modules/vfs_zfsacl.c | 18 +-
source3/param/loadparm.c | 59 +-
source3/passdb/ABI/pdb-0.sigs | 2 +
source3/passdb/lookup_sid.c | 29 +-
source3/passdb/pdb_interface.c | 53 +-
source3/passdb/pdb_ldap.c | 11 +-
source3/rpc_client/cli_lsarpc.c | 101 +--
source3/rpc_client/cli_lsarpc.h | 39 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 24 +-
source3/script/tests/test_wbinfo_sids2xids.sh | 5 +-
source3/script/tests/test_wbinfo_sids2xids_int.py | 39 +-
source3/selftest/tests.py | 2 +-
source3/smbd/file_access.c | 4 +-
source3/smbd/nttrans.c | 16 +-
source3/smbd/open.c | 127 +++-
source3/smbd/posix_acls.c | 292 ++++----
source3/smbd/proto.h | 6 +-
source3/smbd/pysmbd.c | 181 ++++-
source3/smbd/trans2.c | 12 +-
source3/smbd/vfs.c | 19 +-
source3/torture/cmd_vfs.c | 14 +-
source3/torture/vfstest.c | 5 +
source3/utils/smbcacls.c | 65 ++-
source3/winbindd/idmap.c | 61 +--
source3/winbindd/idmap_autorid.c | 3 +
source3/winbindd/idmap_hash/idmap_hash.c | 2 +-
source3/winbindd/idmap_proto.h | 4 -
source3/winbindd/idmap_rid.c | 2 +
source3/winbindd/idmap_tdb_common.c | 16 +-
source3/winbindd/idmap_util.c | 148 ----
source3/winbindd/wb_fill_pwent.c | 36 +-
source3/winbindd/wb_getgrsid.c | 19 +-
source3/winbindd/wb_sid2gid.c | 167 -----
source3/winbindd/wb_sid2uid.c | 165 ----
source3/winbindd/wb_sids2xids.c | 263 +++++++
source3/winbindd/winbindd_cm.c | 31 +
source3/winbindd/winbindd_dual_srv.c | 47 +-
source3/winbindd/winbindd_getgroups.c | 19 +-
source3/winbindd/winbindd_msrpc.c | 116 ++--
source3/winbindd/winbindd_proto.h | 23 +-
source3/winbindd/winbindd_rpc.c | 23 +-
source3/winbindd/winbindd_sid_to_gid.c | 18 +-
source3/winbindd/winbindd_sid_to_uid.c | 18 +-
source3/winbindd/winbindd_sids_to_xids.c | 215 +-----
source3/winbindd/winbindd_util.c | 9 +
source3/wscript | 76 ++-
source3/wscript_build | 4 +-
source4/dns_server/dlz_bind9.c | 5 +
source4/dsdb/common/util.c | 12 +-
source4/dsdb/common/util.h | 2 +
source4/dsdb/samdb/ldb_modules/acl.c | 102 +++-
source4/dsdb/samdb/ldb_modules/acl_read.c | 26 +-
source4/dsdb/samdb/ldb_modules/acl_util.c | 67 ++
source4/dsdb/samdb/ldb_modules/descriptor.c | 782 +++++++++++++++++---
source4/dsdb/samdb/ldb_modules/dirsync.c | 14 +-
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 25 +-
source4/dsdb/samdb/ldb_modules/extended_dn_store.c | 4 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 36 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 18 +
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 88 +++-
source4/dsdb/samdb/ldb_modules/rootdse.c | 37 +-
source4/dsdb/samdb/ldb_modules/schema_data.c | 18 +-
source4/dsdb/samdb/ldb_modules/subtree_delete.c | 79 ++-
.../dsdb/samdb/ldb_modules/wscript_build_server | 2 +-
source4/dsdb/samdb/samdb.h | 19 +
source4/dsdb/tests/python/sec_descriptor.py | 84 ++-
source4/heimdal_build/wscript_build | 3 +-
source4/heimdal_build/wscript_configure | 55 +-
source4/lib/messaging/irpc.h | 2 +
source4/lib/messaging/messaging.c | 71 ++
source4/lib/messaging/pymessaging.c | 124 +++-
source4/libcli/finddcs_cldap.c | 77 ++-
source4/libcli/pysmb.c | 7 +-
source4/librpc/idl/irpc.idl | 13 +-
source4/librpc/wscript_build | 6 +
source4/ntvfs/posix/pvfs_acl.c | 21 +
source4/rpc_server/dnsserver/dnsdb.c | 4 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 14 +-
source4/scripting/bin/samba_upgradeprovision | 21 +-
source4/scripting/python/samba/netcmd/dns.py | 2 +
source4/scripting/python/samba/netcmd/gpo.py | 151 +++-
source4/scripting/python/samba/netcmd/main.py | 2 +
source4/scripting/python/samba/netcmd/processes.py | 78 ++
source4/scripting/python/samba/ntacls.py | 26 +-
.../scripting/python/samba/provision/__init__.py | 30 +-
.../scripting/python/samba/provision/descriptor.py | 5 +
source4/scripting/python/samba/tests/__init__.py | 5 +-
source4/scripting/python/samba/tests/messaging.py | 13 +-
source4/scripting/python/samba/tests/ntacls.py | 68 +-
source4/scripting/python/samba/tests/posixacl.py | 489 ++++++++++--
source4/scripting/python/samba/tests/provision.py | 10 -
.../python/samba/tests/samba_tool/base.py | 2 +-
.../scripting/python/samba/tests/samba_tool/gpo.py | 79 ++
.../python/samba/tests/samba_tool/processes.py | 35 +
source4/scripting/python/samba/upgrade.py | 41 +-
source4/selftest/tests.py | 8 +
source4/setup/phpldapadmin-config.php | 20 -
source4/setup/provision_init.ldif | 2 +
source4/setup/schema_samba4.ldif | 2 +
source4/torture/raw/raw.c | 1 +
source4/torture/raw/samba3misc.c | 138 ++++
source4/torture/rpc/handles.c | 16 +-
source4/torture/rpc/lsa.c | 87 +--
utils/samba-dig.c | 160 ----
utils/wscript_build | 7 -
wscript_build | 1 -
161 files changed, 4695 insertions(+), 2457 deletions(-)
delete mode 100644 docs-xml/smbdotconf/vfs/aclcompatibility.xml
create mode 100644 source3/lib/util_sid_passdb.c
create mode 100644 source3/lib/util_sid_passdb.h
delete mode 100644 source3/winbindd/wb_sid2gid.c
delete mode 100644 source3/winbindd/wb_sid2uid.c
create mode 100644 source3/winbindd/wb_sids2xids.c
create mode 100644 source4/scripting/python/samba/netcmd/processes.py
create mode 100644 source4/scripting/python/samba/tests/samba_tool/gpo.py
create mode 100644 source4/scripting/python/samba/tests/samba_tool/processes.py
delete mode 100644 source4/setup/phpldapadmin-config.php
delete mode 100644 utils/samba-dig.c
delete mode 100644 utils/wscript_build
Changeset truncated at 500 lines:
diff --git a/Makefile b/Makefile
index ae2fc06..5f220fa 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,7 @@
# simple makefile wrapper to run waf
-WAF_BINARY=./buildtools/bin/waf
+PYTHON?=python
+WAF_BINARY=$(PYTHON) ./buildtools/bin/waf
WAF=WAF_MAKE=1 $(WAF_BINARY)
all:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0f4e981..4848601 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -105,6 +105,7 @@ smb.conf changes
Parameter Name Description
-------------- -----------
+ acl compatibility Removed
allow dns updates New
announce as Removed
announce version Removed
@@ -167,6 +168,10 @@ smb.conf changes
CHANGES SINCE 4.0.0rc5
======================
+With this release candidate the ACLs in the Active Directory
+are also checked on searches by default. The automatic inheritance
+of ACLs is also correclty recalcucation on changes now.
+
o Jeremy Allison <jra at samba.org>
* BUG 9236: ACL masks incorrectly applied when setting ACLs.
* BUG 9374: Allow smb2.acls torture test to pass against smbd with a POSIX
diff --git a/configure b/configure
index 72f758e..30858df 100755
--- a/configure
+++ b/configure
@@ -10,5 +10,5 @@ JOBS=1
export JOBS
cd . || exit 1
-$WAF configure "$@" || exit 1
+${PYTHON:=python} $WAF configure "$@" || exit 1
cd $PREVPATH
diff --git a/docs-xml/manpages/vfs_shadow_copy2.8.xml b/docs-xml/manpages/vfs_shadow_copy2.8.xml
index 34f3d1b..b313416 100644
--- a/docs-xml/manpages/vfs_shadow_copy2.8.xml
+++ b/docs-xml/manpages/vfs_shadow_copy2.8.xml
@@ -157,6 +157,21 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>shadow:snapdirseverywhere = yes/no
+ </term>
+ <listitem>
+ <para>If you enable <command moreinfo="none">
+ shadow:snapdirseverywhere </command> then this module will look
+ out for snapshot directories in the current and all parent
+ directories of the current working directory.
+ An example where this is needed are independent filesets in
+ IBM's GPFS, but other filesystems might support snapshotting
+ only particular subtrees of the filesystem as well.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/docs-xml/smbdotconf/vfs/aclcompatibility.xml b/docs-xml/smbdotconf/vfs/aclcompatibility.xml
deleted file mode 100644
index 95f42cf..0000000
--- a/docs-xml/smbdotconf/vfs/aclcompatibility.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<samba:parameter name="acl compatibility"
- context="G"
- type="enum"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>This parameter specifies what OS ACL semantics should
- be compatible with. Possible values are <emphasis>winnt</emphasis> for Windows NT 4,
- <emphasis>win2k</emphasis> for Windows 2000 and above and <emphasis>auto</emphasis>.
- If you specify <emphasis>auto</emphasis>, the value for this parameter
- will be based upon the version of the client. There should
- be no reason to change this parameter from the default.</para>
-</description>
-
-<value type="default">Auto</value>
-<value type="example">win2k</value>
-</samba:parameter>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index a786a23..e66d7aa 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -545,13 +545,17 @@ static NTSTATUS skel_fsctl(struct vfs_handle_struct *handle,
}
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32 security_info, struct security_descriptor **ppdesc)
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -574,19 +578,24 @@ static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t
return -1;
}
-static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type)
+static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
{
errno = ENOSYS;
return (SMB_ACL_T)NULL;
}
-static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp)
+static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx)
{
errno = ENOSYS;
return (SMB_ACL_T)NULL;
}
-static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
{
errno = ENOSYS;
return -1;
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 02a994c..0c84e19 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -662,15 +662,19 @@ static NTSTATUS skel_fsctl(struct vfs_handle_struct *handle,
}
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
+ return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc);
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32 security_info, struct security_descriptor **ppdesc)
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
+ return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, ppdesc);
}
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
@@ -689,22 +693,27 @@ static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t
return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
}
-static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type)
+static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
{
- return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
+ return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type, mem_ctx);
}
-static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp)
+static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx)
{
- return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
+ return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
}
-static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type,
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p,
TALLOC_CTX *mem_ctx,
char **blob_description,
DATA_BLOB *blob)
{
- return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+ return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob);
}
static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp,
diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c
index 80d41b4..a3a6c87 100644
--- a/lib/dbwrap/dbwrap_tdb.c
+++ b/lib/dbwrap/dbwrap_tdb.c
@@ -42,10 +42,11 @@ static void db_tdb_log_key(const char *prefix, TDB_DATA key)
{
size_t len;
char *keystr;
-
+ TALLOC_CTX *frame;
if (DEBUGLEVEL < 10) {
return;
}
+ frame = talloc_stackframe();
len = key.dsize;
if (DEBUGLEVEL == 10) {
/*
@@ -53,10 +54,10 @@ static void db_tdb_log_key(const char *prefix, TDB_DATA key)
*/
len = MIN(10, key.dsize);
}
- keystr = hex_encode_talloc(talloc_tos(), (unsigned char *)(key.dptr),
+ keystr = hex_encode_talloc(frame, (unsigned char *)(key.dptr),
len);
DEBUG(10, ("%s key %s\n", prefix, keystr));
- TALLOC_FREE(keystr);
+ TALLOC_FREE(frame);
}
static int db_tdb_record_destr(struct db_record* data)
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index d5cd018..94652fa 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -266,7 +266,6 @@ FN_GLOBAL_CONST_STRING(winbindd_socket_directory, szWinbinddSocketDirectory)
FN_GLOBAL_CONST_STRING(winbind_separator, szWinbindSeparator)
FN_GLOBAL_CONST_STRING(workgroup, szWorkgroup)
FN_GLOBAL_CONST_STRING(wtmpdir, szWtmpDir)
-FN_GLOBAL_INTEGER(acl_compatibility, iAclCompat)
FN_GLOBAL_INTEGER(afs_token_lifetime, iAfsTokenLifetime)
FN_GLOBAL_INTEGER(algorithmic_rid_base, AlgorithmicRidBase)
FN_GLOBAL_INTEGER(allow_dns_updates, allow_dns_updates)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 01f65fe..a73cd96 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -180,16 +180,6 @@ static const struct enum_list enum_kerberos_method[] = {
{-1, NULL}
};
-
-/* ACL compatibility options. */
-static const struct enum_list enum_acl_compat_vals[] = {
- { ACL_COMPAT_AUTO, "auto" },
- { ACL_COMPAT_WINNT, "winnt" },
- { ACL_COMPAT_WIN2K, "win2k" },
- { -1, NULL}
-};
-
-
static const struct enum_list enum_printing[] = {
{PRINT_SYSV, "sysv"},
{PRINT_AIX, "aix"},
@@ -1459,15 +1449,6 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
- .label = "acl compatibility",
- .type = P_ENUM,
- .p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(iAclCompat),
- .special = NULL,
- .enum_list = enum_acl_compat_vals,
- .flags = FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL,
- },
- {
.label = "defer sharing violations",
.type = P_BOOL,
.p_class = P_GLOBAL,
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index a3db1b6..d2c5833 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -679,6 +679,40 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
talloc_free(frame);
+ /*
+ * remove duplicates
+ */
+ for (i=1; i < new_ace_list_ndx;) {
+ struct security_ace *ai = &new_ace_list[i];
+ unsigned int remaining, j;
+ bool remove = false;
+
+ for (j=0; j < i; j++) {
+ struct security_ace *aj = &new_ace_list[j];
+
+ if (!sec_ace_equal(ai, aj)) {
+ continue;
+ }
+
+ remove = true;
+ break;
+ }
+
+ if (!remove) {
+ i++;
+ continue;
+ }
+
+ new_ace_list_ndx--;
+ remaining = new_ace_list_ndx - i;
+ if (remaining == 0) {
+ ZERO_STRUCT(new_ace_list[i]);
+ continue;
+ }
+ memmove(&new_ace_list[i], &new_ace_list[i+1],
+ sizeof(new_ace_list[i]) * remaining);
+ }
+
/* Create child security descriptor to return */
if (new_ace_list_ndx) {
new_dacl = make_sec_acl(ctx,
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 0eeb01b..8a4c169 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -559,6 +559,11 @@ bld.SAMBA_SUBSYSTEM('RPC_NDR_SCERPC',
public_deps='dcerpc-binding NDR_SCERPC'
)
+bld.SAMBA_SUBSYSTEM('RPC_NDR_SERVER_ID',
+ source='gen_ndr/ndr_server_id_c.c',
+ public_deps='dcerpc-binding NDR_SERVER_ID'
+ )
+
bld.SAMBA_SUBSYSTEM('RPC_NDR_NTSVCS',
source='gen_ndr/ndr_ntsvcs_c.c',
public_deps='dcerpc-binding ndr-standard'
diff --git a/selftest/flapping b/selftest/flapping
index f0b1528..afeae65 100644
--- a/selftest/flapping
+++ b/selftest/flapping
@@ -15,6 +15,7 @@
^samba3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure
^samba3.rap.printing # fails sometimes on sn-devel
^samba3.rpc.spoolss.printer.*addprinter.print_test # fails on some hosts due to timing issues ?
+^samba3.rpc.lsa.privileges.lsa.Privileges\(s3dc\) # fails sometimes on sn-devel
^samba3.smb2.lock.*.rw-exclusive # another intermittent failure
^samba4.blackbox.gentest # is flakey due to timing
^samba3.smb2.acls.INHERITANCE\(plugin_s4_dc\) # Seems to flap - succeeds on sn-devel, fails on Fedora 16
diff --git a/selftest/knownfail b/selftest/knownfail
index 30aef76..85634ab 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -133,7 +133,6 @@
^samba4.smb2.acls.*.generic
^samba4.smb2.acls.*.inheritflags
^samba4.smb2.acls.*.owner
-^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default
^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
#^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
^samba4.drs.fsmo.python
@@ -158,13 +157,6 @@
^samba4.smb2.oplock.stream1 # samba 4 oplocks are a mess
^samba4.smb2.getinfo.getinfo # streams on directories does not work
^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access\(.*\)$
-^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search1\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search2\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search3\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search4\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search5\(.*\)$ # ACL search behaviour not enabled by default
-^samba4.ldap.acl.*.AclSearchTests.test_search6\(.*\)$ # ACL search behaviour not enabled by default
^samba4.rpc.lsa.forest.trust #Not fully provided by Samba4
^samba4.blackbox.kinit\(.*\).kinit with user password for expired password\(.*\) # We need to work out why this fails only during the pw change
^samba4.blackbox.dbcheck\(vampire_dc\).dbcheck\(vampire_dc:local\) # Due to replicating with --domain-critical-only we fail dbcheck on this database
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index c063f32..ffb6149 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -846,8 +846,13 @@ if ($opt_testenv) {
my $envvarstr = exported_envvars_str($testenv_vars);
- my $term = ($ENV{TERMINAL} or "xterm -e");
- system("$term 'echo -e \"
+ my @term = ();
+ if ($ENV{TERMINAL}) {
+ @term = ($ENV{TERMINAL});
+ } else {
+ @term = ("xterm", "-e");
+ }
+ my @term_args = ("bash", "-c", "echo -e \"
Welcome to the Samba4 Test environment '$testenv_name'
This matches the client environment used in make test
@@ -858,7 +863,10 @@ TORTURE_OPTIONS=\$TORTURE_OPTIONS
SMB_CONF_PATH=\$SMB_CONF_PATH
$envvarstr
-\" && LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash'");
+\" && LD_LIBRARY_PATH=$ENV{LD_LIBRARY_PATH} bash");
+
+ system(@term, @term_args);
+
teardown_env($testenv_name);
} elsif ($opt_list) {
foreach (@todo) {
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 5c86612..2037a2e 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -201,10 +201,7 @@ sub setup_s3dc($$)
$vars or return undef;
- $self->check_or_start($vars,
- "yes", "yes", "yes");
-
- if (not $self->wait_for_start($vars)) {
+ if (not $self->check_or_start($vars, "yes", "yes", "yes")) {
return undef;
}
@@ -247,9 +244,7 @@ sub setup_member($$$)
return undef;
}
- $self->check_or_start($ret, "yes", "yes", "yes");
-
- if (not $self->wait_for_start($ret)) {
+ if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
return undef;
}
@@ -320,10 +315,9 @@ sub setup_admember($$$$)
# access the share for tests.
chmod 0777, "$prefix/share";
- $self->check_or_start($ret,
- "yes", "yes", "yes");
-
- $self->wait_for_start($ret);
+ if (not $self->check_or_start($ret, "yes", "yes", "yes")) {
+ return undef;
+ }
$ret->{DC_SERVER} = $dcvars->{SERVER};
$ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP};
@@ -364,9 +358,7 @@ sub setup_simpleserver($$)
$vars or return undef;
- $self->check_or_start($vars, "yes", "no", "yes");
-
- if (not $self->wait_for_start($vars)) {
+ if (not $self->check_or_start($vars, "yes", "no", "yes")) {
return undef;
}
@@ -462,9 +454,7 @@ $ret->{USERNAME} = KTEST\\Administrator
# access the share for tests.
chmod 0777, "$prefix/share";
- $self->check_or_start($ret, "yes", "no", "yes");
-
- if (not $self->wait_for_start($ret)) {
+ if (not $self->check_or_start($ret, "yes", "no", "yes")) {
return undef;
}
return $ret;
@@ -487,10 +477,7 @@ map to guest = bad user
$vars or return undef;
- $self->check_or_start($vars,
- "yes", "no", "yes");
-
- if (not $self->wait_for_start($vars)) {
+ if (not $self->check_or_start($vars, "yes", "no", "yes")) {
return undef;
}
@@ -688,7 +675,7 @@ sub check_or_start($$$$$) {
close(STDIN_READER);
- return 0;
--
Samba Shared Repository
More information about the samba-cvs
mailing list