[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Mon Jan 9 04:07:03 MST 2012
The branch, master has been updated
via aa3fcbb s3-waf: rpcclient does not need libads.so.
via ab269de s3-passdb: remove a forward declaration.
via 3583419 s3-libads: pretty print a keytab list.
via 4c03f08 s3-pdbtest: only test trusted domains when pdb backends offers trusted domain support.
via c3f9e01 s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket().
from 507e75e s4:python/samba/ndr.py: add an optional 'allow_remaining' to ndr_unpack()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aa3fcbbd75d9475b8f215cac02ab91c2665d9bc5
Author: Günther Deschner <gd at samba.org>
Date: Fri Jan 6 17:50:50 2012 +0100
s3-waf: rpcclient does not need libads.so.
Guenther
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Mon Jan 9 12:06:06 CET 2012 on sn-devel-104
commit ab269deb5e9db1f216ec410ef26e671c5fcb28cd
Author: Günther Deschner <gd at samba.org>
Date: Fri Jan 6 17:49:31 2012 +0100
s3-passdb: remove a forward declaration.
Guenther
commit 3583419b98826066e7ba9a31ad1b692d3837542b
Author: Günther Deschner <gd at samba.org>
Date: Fri Jan 6 17:48:58 2012 +0100
s3-libads: pretty print a keytab list.
Guenther
commit 4c03f08c0d46f6482bf9a3f2eec59b0099d9aa7d
Author: Günther Deschner <gd at samba.org>
Date: Fri Jan 6 17:27:03 2012 +0100
s3-pdbtest: only test trusted domains when pdb backends offers trusted domain support.
Guenther
commit c3f9e011edbab66f317df97b9ceca7b70f45d739
Author: Günther Deschner <gd at samba.org>
Date: Fri Jan 6 16:10:55 2012 +0100
s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket().
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/include/passdb.h | 13 ++--
source3/libads/kerberos_keytab.c | 4 +-
source3/libads/kerberos_verify.c | 2 +-
source3/torture/pdbtest.c | 163 +++++++++++++++++++++-----------------
source3/wscript_build | 2 +-
5 files changed, 99 insertions(+), 85 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 5980364..2a3844d 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -48,6 +48,12 @@ typedef struct _GROUP_MAP {
char *comment;
} GROUP_MAP;
+struct acct_info {
+ char *acct_name; /* account name */
+ char *acct_desc; /* account name */
+ uint32_t rid; /* domain-relative RID */
+};
+
/* The following definitions come from groupdb/mapping.c */
NTSTATUS add_initial_entry(gid_t gid, const char *sid, enum lsa_SidType sid_name_use, const char *nt_name, const char *comment);
@@ -79,7 +85,6 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
const char *name, uint32_t *rid);
NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
const struct dom_sid *sid);
-struct acct_info;
NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
const struct dom_sid *sid,
struct acct_info *info);
@@ -312,12 +317,6 @@ struct samu {
struct passwd *unix_pw;
};
-struct acct_info {
- char *acct_name; /* account name */
- char *acct_desc; /* account name */
- uint32_t rid; /* domain-relative RID */
-};
-
struct samr_displayentry {
uint32_t idx;
uint32_t rid;
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 7654c66..0e23a6a 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -764,7 +764,7 @@ int ads_keytab_list(const char *keytab_name)
goto out;
}
- printf("Vno Type Principal\n");
+ printf("Vno Type Principal\n");
while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) {
@@ -787,7 +787,7 @@ int ads_keytab_list(const char *keytab_name)
goto out;
}
- printf("%3d %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
+ printf("%3d %-43s %s\n", kt_entry.vno, etype_s, princ_s);
TALLOC_FREE(princ_s);
SAFE_FREE(etype_s);
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index f11ea88..6fa8f43 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -298,7 +298,7 @@ out:
}
}
- SAFE_FREE(entry_princ_s);
+ TALLOC_FREE(entry_princ_s);
{
krb5_keytab_entry zero_kt_entry;
diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
index 2f4909a..9f9ca0c 100644
--- a/source3/torture/pdbtest.c
+++ b/source3/torture/pdbtest.c
@@ -230,6 +230,90 @@ static bool samu_correct(struct samu *s1, struct samu *s2)
return ret;
}
+static bool test_trusted_domains(TALLOC_CTX *ctx,
+ struct pdb_methods *pdb,
+ bool *error)
+{
+ NTSTATUS rv;
+ /* test trustdom calls */
+ struct pdb_trusted_domain *td;
+ struct pdb_trusted_domain *new_td;
+ struct trustAuthInOutBlob taiob;
+ struct AuthenticationInformation aia;
+ enum ndr_err_code ndr_err;
+
+ td = talloc_zero(ctx ,struct pdb_trusted_domain);
+ if (!td) {
+ fprintf(stderr, "talloc failed\n");
+ return false;
+ }
+
+ td->domain_name = talloc_strdup(td, TRUST_DOM);
+ td->netbios_name = talloc_strdup(td, TRUST_DOM);
+ if (!td->domain_name || !td->netbios_name) {
+ fprintf(stderr, "talloc failed\n");
+ return false;
+ }
+
+ td->trust_auth_incoming = data_blob_null;
+
+ ZERO_STRUCT(taiob);
+ ZERO_STRUCT(aia);
+ taiob.count = 1;
+ taiob.current.count = 1;
+ taiob.current.array = &aia;
+ unix_to_nt_time(&aia.LastUpdateTime, time(NULL));
+ aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
+ aia.AuthInfo.clear.password = (uint8_t *) talloc_strdup(ctx, TRUST_PWD);
+ aia.AuthInfo.clear.size = strlen(TRUST_PWD);
+
+ taiob.previous.count = 0;
+ taiob.previous.array = NULL;
+
+ ndr_err = ndr_push_struct_blob(&td->trust_auth_outgoing,
+ td, &taiob,
+ (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ fprintf(stderr, "ndr_push_struct_blob failed.\n");
+ return false;
+ }
+
+ td->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
+ td->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
+ td->trust_attributes = 0;
+ td->trust_forest_trust_info = data_blob_null;
+
+ rv = pdb->set_trusted_domain(pdb, TRUST_DOM, td);
+ if (!NT_STATUS_IS_OK(rv)) {
+ fprintf(stderr, "Error in set_trusted_domain %s\n",
+ get_friendly_nt_error_msg(rv));
+ *error = true;
+ }
+
+ rv = pdb->get_trusted_domain(pdb, ctx, TRUST_DOM, &new_td);
+ if (!NT_STATUS_IS_OK(rv)) {
+ fprintf(stderr, "Error in set_trusted_domain %s\n",
+ get_friendly_nt_error_msg(rv));
+ *error = true;
+ }
+
+ if (!strequal(td->domain_name, new_td->domain_name) ||
+ !strequal(td->netbios_name, new_td->netbios_name) ||
+ !dom_sid_equal(&td->security_identifier,
+ &new_td->security_identifier) ||
+ td->trust_direction != new_td->trust_direction ||
+ td->trust_type != new_td->trust_type ||
+ td->trust_attributes != new_td->trust_attributes ||
+ td->trust_auth_incoming.length != new_td->trust_auth_incoming.length ||
+ td->trust_forest_trust_info.length != new_td->trust_forest_trust_info.length ||
+ data_blob_cmp(&td->trust_auth_outgoing, &new_td->trust_auth_outgoing) != 0) {
+ fprintf(stderr, "Old and new trusdet domain data do not match\n");
+ *error = true;
+ }
+
+ return true;
+}
+
int main(int argc, char **argv)
{
@@ -255,13 +339,6 @@ int main(int argc, char **argv)
POPT_TABLEEND
};
- /* test trustdom calls */
- struct pdb_trusted_domain *td;
- struct pdb_trusted_domain *new_td;
- struct trustAuthInOutBlob taiob;
- struct AuthenticationInformation aia;
- enum ndr_err_code ndr_err;
-
load_case_tables();
pc = poptGetContext("pdbtest", argc, (const char **) argv,
@@ -381,73 +458,11 @@ int main(int argc, char **argv)
get_friendly_nt_error_msg(rv));
}
- td = talloc_zero(ctx ,struct pdb_trusted_domain);
- if (!td) {
- fprintf(stderr, "talloc failed\n");
- exit(1);
- }
-
- td->domain_name = talloc_strdup(td, TRUST_DOM);
- td->netbios_name = talloc_strdup(td, TRUST_DOM);
- if (!td->domain_name || !td->netbios_name) {
- fprintf(stderr, "talloc failed\n");
- exit(1);
- }
-
- td->trust_auth_incoming = data_blob_null;
-
- ZERO_STRUCT(taiob);
- ZERO_STRUCT(aia);
- taiob.count = 1;
- taiob.current.count = 1;
- taiob.current.array = &aia;
- unix_to_nt_time(&aia.LastUpdateTime, time(NULL));
- aia.AuthType = TRUST_AUTH_TYPE_CLEAR;
- aia.AuthInfo.clear.password = (uint8_t *) talloc_strdup(ctx, TRUST_PWD);
- aia.AuthInfo.clear.size = strlen(TRUST_PWD);
-
- taiob.previous.count = 0;
- taiob.previous.array = NULL;
-
- ndr_err = ndr_push_struct_blob(&td->trust_auth_outgoing,
- td, &taiob,
- (ndr_push_flags_fn_t) ndr_push_trustAuthInOutBlob);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- fprintf(stderr, "ndr_push_struct_blob failed.\n");
- exit(1);
- }
-
- td->trust_direction = LSA_TRUST_DIRECTION_OUTBOUND;
- td->trust_type = LSA_TRUST_TYPE_DOWNLEVEL;
- td->trust_attributes = 0;
- td->trust_forest_trust_info = data_blob_null;
-
- rv = pdb->set_trusted_domain(pdb, TRUST_DOM, td);
- if (!NT_STATUS_IS_OK(rv)) {
- fprintf(stderr, "Error in set_trusted_domain %s\n",
- get_friendly_nt_error_msg(rv));
- error = True;
- }
-
- rv = pdb->get_trusted_domain(pdb, ctx, TRUST_DOM, &new_td);
- if (!NT_STATUS_IS_OK(rv)) {
- fprintf(stderr, "Error in set_trusted_domain %s\n",
- get_friendly_nt_error_msg(rv));
- error = True;
- }
-
- if (!strequal(td->domain_name, new_td->domain_name) ||
- !strequal(td->netbios_name, new_td->netbios_name) ||
- !dom_sid_equal(&td->security_identifier,
- &new_td->security_identifier) ||
- td->trust_direction != new_td->trust_direction ||
- td->trust_type != new_td->trust_type ||
- td->trust_attributes != new_td->trust_attributes ||
- td->trust_auth_incoming.length != new_td->trust_auth_incoming.length ||
- td->trust_forest_trust_info.length != new_td->trust_forest_trust_info.length ||
- data_blob_cmp(&td->trust_auth_outgoing, &new_td->trust_auth_outgoing) != 0) {
- fprintf(stderr, "Old and new trusdet domain data do not match\n");
- error = True;
+ if (pdb_capabilities() & PDB_CAP_TRUSTED_DOMAINS_EX) {
+ if (!test_trusted_domains(ctx, pdb, &error)) {
+ fprintf(stderr, "failed testing trusted domains.\n");
+ exit(1);
+ }
}
TALLOC_FREE(ctx);
diff --git a/source3/wscript_build b/source3/wscript_build
index e6b23f8..c6f7424 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1162,7 +1162,7 @@ bld.SAMBA3_BINARY('rpcclient/rpcclient',
source=RPCCLIENT_SRC,
deps='''talloc tdb_compat cap popt_samba3 pdb libsmb smbd_shim
param wbclient param KRBCLIENT LIBMSRPC_GEN msrpc3
- ads SMBREADLINE trusts_util RPC_NDR_WINREG RPC_NDR_ECHO
+ SMBREADLINE trusts_util RPC_NDR_WINREG RPC_NDR_ECHO
RPC_CLIENT_SCHANNEL
LIBCLI_SAMR libcli_lsa3 libcli_netlogon3 cli_spoolss
RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_DSSETUP RPC_NDR_DFS
--
Samba Shared Repository
More information about the samba-cvs
mailing list