[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Mar 26 19:35:04 MDT 2014
The branch, master has been updated
via 01c0299 auth/gensec/spnego: map SPNEGO_REJECT to NT_STATUS_LOGON_FAILURE
via 2103c37 auth/gensec: remove tevent_context argument from gensec_update()
via 01575fa s4:ntlm_auth: make use of gensec_update_ev()
via 338332e s4:rpc_server: make use of gensec_update_ev()
via a18fba4 s4:smb_server: make use of gensec_update_ev()
via 0153c01 s4:librpc: make use of gensec_update_ev()
via 7cd8fbc s4:libcli: make use of gensec_update_ev()
via 99e8bea s4:ldap_server: make use of gensec_update_ev()
via 26f497b s4:kdc: make use of gensec_update_ev()
via 31a2ddb s4:dns_server: make use of gensec_update_ev()
via b2b239a auth/gensec: make use of gensec_update_ev() in spnego.c
via 79f5275 auth/gensec: add a gensec_update_ev() function
via 40cf17e s4:pygensec: don't pass an explicit tevent_context to gensec_update()
via 2ac1ca4 auth/gensec: fix gensec_update() with ev == NULL.
via 5b1d6e7 samba-tool dbcheck: handle missing objectClass
via 74a83be dsdb: Improve missing objectClass handling
via df2ef57 dsdb: Improve errors and checks for missing objectClass values
via dac1411 dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
via 20a665a dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
from 3d5b80f ctdb-tests: Add NAT gateway eventscript unit tests for static routes
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 01c029993c7111dc3287118f69184c399b4aaace
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Aug 28 06:49:26 2013 +0200
auth/gensec/spnego: map SPNEGO_REJECT to NT_STATUS_LOGON_FAILURE
This is what NTLMSSP also gives.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 27 02:34:36 CET 2014 on sn-devel-104
commit 2103c373b44871810197fa8e423f55a659a8b89d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:56:13 2013 +0100
auth/gensec: remove tevent_context argument from gensec_update()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 01575faf678d4280733c2a4c657e370b9b847b69
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:37:32 2013 +0100
s4:ntlm_auth: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 338332ec2966eb083621b10dd8a2cc0c8f26634b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:37:21 2013 +0100
s4:rpc_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a18fba408108f9f2cdfe027aabe9bcf56093c628
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:37:00 2013 +0100
s4:smb_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0153c013fc95c6e3daf180ee2b88345dd0650687
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:36:41 2013 +0100
s4:librpc: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7cd8fbcca519ee90c84e84dd4fb2f348174e3092
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:36:25 2013 +0100
s4:libcli: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 99e8bea5d5d475bdfa730fc260b2660a8f97b4d8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:35:52 2013 +0100
s4:ldap_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 26f497b83f82479f7918fbd7dcfd61a33a301862
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:35:34 2013 +0100
s4:kdc: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 31a2ddb3611fa644adb415133ca83015b9e3b3b4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:35:07 2013 +0100
s4:dns_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b2b239a854110893669d4802b2cc2e52327dac1c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 20:05:11 2013 +0100
auth/gensec: make use of gensec_update_ev() in spnego.c
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 79f5275db2c1acd5adaee187c3953fbc5e2aff6c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:18:48 2013 +0100
auth/gensec: add a gensec_update_ev() function
This is the current gensec_update() which takes an optional
tevent_context structure and allows semi-async code.
This is just a temporary solution on the way to kill
the semi-async code completely, by using gensec_update_send/recv.
By providing a gensec_update_ev(), we can remove the explicit
tevent_context from gensec_update() and fix all the sane callers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 40cf17eee2da0afa3bb498208879b449352cb4e1
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 19:12:50 2013 +0100
s4:pygensec: don't pass an explicit tevent_context to gensec_update()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2ac1ca40f3d3c8892562caa9198ea64e76989146
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Dec 13 10:00:24 2013 +0100
auth/gensec: fix gensec_update() with ev == NULL.
In future we should remove the tevent_context argument from
gensec_update() completely!
If we have sane backends we should also remove the
tevent_loop_allow_nesting() call again!
t
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5b1d6e722e254522165ec512537a2efa2b979e6f
Author: Felix Botner <botner at univention.de>
Date: Mon Feb 24 14:08:25 2014 +0100
samba-tool dbcheck: handle missing objectClass
In several cases we have seen objects without the objectClass attribute.
Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
with the option to delete them.
(patch improved by Andrew Bartlett to suggest DRS re-replication)
Signed-off-by: Felix Botner <botner at univention.de>
Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 74a83be540c8fa0dd0f91da25b1f9d7ccc4ec568
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 26 12:46:57 2014 +1300
dsdb: Improve missing objectClass handling
This attempts to permit deletion of objects that have no objectClass
to allow dbcheck to clean up a corrupt database. It is not complete,
the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still
fail, but this is as much as is safe to do without a way to replicate
the original issue.
Andrew Bartlett
Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit df2ef57584aab81c75012ec5d878322ff0691608
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 26 12:48:17 2014 +1300
dsdb: Improve errors and checks for missing objectClass values
Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit dac1411b9ef9863152932698ce8c4e0a8cc79b1c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 21 16:56:19 2014 +1300
dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 20a665ae09eb8d5affb88fe409a6130a74bd0aad
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 21 16:26:48 2014 +1300
dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Change-Id: I734bc75ed348de8f0a5ff92e18e08de2340b8951
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.c | 68 ++++++++++++++++++-----
auth/gensec/gensec.h | 8 ++-
auth/gensec/spnego.c | 18 +++---
python/samba/dbchecker.py | 31 ++++++++++
source3/libads/authdata.c | 2 +-
source3/libads/sasl.c | 2 +-
source3/libsmb/clifsinfo.c | 6 +-
source3/rpc_client/cli_pipe.c | 4 +-
source3/rpc_server/dcesrv_auth_generic.c | 4 +-
source3/smbd/negprot.c | 2 +-
source3/smbd/seal.c | 2 +-
source3/smbd/sesssetup.c | 2 +-
source3/torture/test_smb2.c | 30 +++++++---
source3/utils/ntlm_auth.c | 2 +-
source3/winbindd/winbindd_ccache_access.c | 4 +-
source4/auth/gensec/pygensec.c | 10 +---
source4/dns_server/dlz_bind9.c | 2 +-
source4/dns_server/dns_query.c | 4 +-
source4/dsdb/repl/replicated_objects.c | 14 ++--
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 55 ++++++++++++-------
source4/kdc/kpasswdd.c | 2 +-
source4/ldap_server/ldap_bind.c | 4 +-
source4/libcli/ldap/ldap_bind.c | 2 +-
source4/libcli/smb2/session.c | 4 +-
source4/libcli/smb_composite/sesssetup.c | 6 +-
source4/librpc/rpc/dcerpc_auth.c | 4 +-
source4/rpc_server/dcesrv_auth.c | 6 +-
source4/smb_server/smb/negprot.c | 2 +-
source4/smb_server/smb2/negprot.c | 2 +-
source4/torture/dns/dlz_bind9.c | 2 +-
source4/torture/rpc/remote_pac.c | 12 ++--
source4/torture/winbind/winbind.c | 4 +-
source4/utils/ntlm_auth.c | 2 +-
33 files changed, 207 insertions(+), 115 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 26e3ea5..8b5c02d 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "system/network.h"
+#define TEVENT_DEPRECATED 1
#include <tevent.h>
#include "lib/tsocket/tsocket.h"
#include "lib/util/tevent_ntstatus.h"
@@ -202,20 +203,10 @@ _PUBLIC_ size_t gensec_max_update_size(struct gensec_security *gensec_security)
return gensec_security->max_update_size;
}
-/**
- * Next state function for the GENSEC state machine
- *
- * @param gensec_security GENSEC State
- * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
- * @param in The request, as a DATA_BLOB
- * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
- * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
- * or NT_STATUS_OK if the user is authenticated.
- */
-
-_PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
- const DATA_BLOB in, DATA_BLOB *out)
+_PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out)
{
NTSTATUS status;
const struct gensec_security_ops *ops = gensec_security->ops;
@@ -225,8 +216,25 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_
if (ops->update_send == NULL) {
+ if (ev == NULL) {
+ frame = talloc_stackframe();
+
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ /*
+ * TODO: remove this hack once the backends
+ * are fixed.
+ */
+ tevent_loop_allow_nesting(ev);
+ }
+
status = ops->update(gensec_security, out_mem_ctx,
ev, in, out);
+ TALLOC_FREE(frame);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -271,6 +279,20 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_
frame = talloc_stackframe();
+ if (ev == NULL) {
+ ev = samba_tevent_context_init(frame);
+ if (ev == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto fail;
+ }
+
+ /*
+ * TODO: remove this hack once the backends
+ * are fixed.
+ */
+ tevent_loop_allow_nesting(ev);
+ }
+
subreq = ops->update_send(frame, ev, gensec_security, in);
if (subreq == NULL) {
status = NT_STATUS_NO_MEMORY;
@@ -286,6 +308,24 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_
return status;
}
+/**
+ * Next state function for the GENSEC state machine
+ *
+ * @param gensec_security GENSEC State
+ * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on
+ * @param in The request, as a DATA_BLOB
+ * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx
+ * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent,
+ * or NT_STATUS_OK if the user is authenticated.
+ */
+
+_PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
+ const DATA_BLOB in, DATA_BLOB *out)
+{
+ return gensec_update_ev(gensec_security, out_mem_ctx, NULL, in, out);
+}
+
struct gensec_update_state {
const struct gensec_security_ops *ops;
struct tevent_req *subreq;
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 6974f87..0d3a29c 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -146,9 +146,13 @@ NTSTATUS gensec_start_mech_by_sasl_list(struct gensec_security *gensec_security,
void gensec_set_max_update_size(struct gensec_security *gensec_security,
uint32_t max_update_size);
size_t gensec_max_update_size(struct gensec_security *gensec_security);
-NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_CTX *out_mem_ctx,
- struct tevent_context *ev,
+NTSTATUS gensec_update(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
const DATA_BLOB in, DATA_BLOB *out);
+NTSTATUS gensec_update_ev(struct gensec_security *gensec_security,
+ TALLOC_CTX *out_mem_ctx,
+ struct tevent_context *ev,
+ const DATA_BLOB in, DATA_BLOB *out);
struct tevent_req *gensec_update_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct gensec_security *gensec_security,
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index d90a50c..7e9dcae 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -402,7 +402,7 @@ static NTSTATUS gensec_spnego_server_try_fallback(struct gensec_security *gensec
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
ev, out_mem_ctx, in, out);
return nt_status;
}
@@ -472,7 +472,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
break;
}
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx,
ev,
unwrapped_in,
@@ -526,7 +526,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
spnego_state->neg_oid = all_sec[i].oid;
/* only get the helping start blob for the first OID */
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx,
ev,
null_data_blob,
@@ -642,7 +642,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
/* In the client, try and produce the first (optimistic) packet */
if (spnego_state->state_position == SPNEGO_CLIENT_START) {
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx,
ev,
null_data_blob,
@@ -781,7 +781,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
switch (spnego_state->state_position) {
case SPNEGO_FALLBACK:
- return gensec_update(spnego_state->sub_sec_security, ev,
+ return gensec_update_ev(spnego_state->sub_sec_security, ev,
out_mem_ctx, in, out);
case SPNEGO_SERVER_START:
{
@@ -942,7 +942,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
@@ -1010,7 +1010,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
if (spnego.negTokenTarg.negResult == SPNEGO_REJECT) {
spnego_free_data(&spnego);
- return NT_STATUS_ACCESS_DENIED;
+ return NT_STATUS_LOGON_FAILURE;
}
/* Server didn't like our choice of mech, and chose something else */
@@ -1037,7 +1037,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return nt_status;
}
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
@@ -1067,7 +1067,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
} else {
bool new_spnego = false;
- nt_status = gensec_update(spnego_state->sub_sec_security,
+ nt_status = gensec_update_ev(spnego_state->sub_sec_security,
out_mem_ctx, ev,
spnego.negTokenTarg.responseToken,
&unwrapped_out);
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index e6f26c3..f276cc5 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -73,6 +73,7 @@ class dbcheck(object):
self.ntds_dsa = ldb.Dn(samdb, samdb.get_dsServiceName())
self.class_schemaIDGUID = {}
self.wellknown_sds = get_wellknown_sds(self.samdb)
+ self.fix_all_missing_objectclass = False
self.name_map = {}
try:
@@ -174,6 +175,18 @@ class dbcheck(object):
return False
return c
+ def do_delete(self, dn, controls, msg):
+ '''delete dn with optional verbose output'''
+ if self.verbose:
+ self.report("delete DN %s" % dn)
+ try:
+ controls = controls + ["local_oid:%s:0" % dsdb.DSDB_CONTROL_DBCHECK]
+ self.samdb.delete(dn, controls=controls)
+ except Exception, err:
+ self.report("%s : %s" % (msg, err))
+ return False
+ return True
+
def do_modify(self, m, controls, msg, validate=True):
'''perform a modify with optional verbose output'''
if self.verbose:
@@ -272,6 +285,16 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
'''see if a dsdb_Dn is the special Deleted Objects DN'''
return dsdb_dn.prefix == "B:32:%s:" % dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER
+ def err_missing_objectclass(self, dn):
+ """handle object without objectclass"""
+ self.report("ERROR: missing objectclass in object %s. If you have another working DC, please run 'samba-tool drs replicate --full-sync --local <destinationDC> <sourceDC> %s'" % (dn, self.samdb.get_nc_root(dn)))
+ if not self.confirm_all("If you cannot re-sync from another DC, do you wish to delete object '%s'?" % dn, 'fix_all_missing_objectclass'):
+ self.report("Not deleting object with missing objectclass '%s'" % dn)
+ return
+ if self.do_delete(dn, ["relax:0"],
+ "Failed to remove DN %s" % dn):
+ self.report("Removed DN %s" % dn)
+
def err_deleted_dn(self, dn, attrname, val, dsdb_dn, correct_dn):
"""handle a DN pointing to a deleted object"""
self.report("ERROR: target DN is deleted for %s in object %s - %s" % (attrname, dn, val))
@@ -1018,11 +1041,15 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
list_attrs_from_md = []
list_attrs_seen = []
got_repl_property_meta_data = False
+ got_objectclass = False
for attrname in obj:
if attrname == 'dn':
continue
+ if str(attrname).lower() == 'objectclass':
+ got_objectclass = True
+
if str(attrname).lower() == 'replpropertymetadata':
if self.has_replmetadata_zero_invocationid(dn, obj[attrname]):
error_count += 1
@@ -1110,6 +1137,10 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
error_count += 1
self.err_wrong_instancetype(obj, calculated_instancetype)
+ if not got_objectclass and ("*" in attrs or "objectclass" in map(str.lower, attrs)):
+ error_count += 1
+ self.err_missing_objectclass(dn)
+
show_dn = True
if got_repl_property_meta_data:
rdn = (str(dn).split(","))[0]
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 276408d..18a2e4f 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -276,7 +276,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
}
/* Do a client-server update dance */
- status = gensec_update(gensec_server_context, tmp_ctx, NULL, tkt_wrapped, &ap_rep);
+ status = gensec_update(gensec_server_context, tmp_ctx, tkt_wrapped, &ap_rep);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("gensec_update() failed: %s\n", nt_errstr(status)));
goto out;
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 33f4e24..6890fb2 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -177,7 +177,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
do {
nt_status = gensec_update(auth_generic_state->gensec_security,
- talloc_tos(), NULL, blob_in, &blob_out);
+ talloc_tos(), blob_in, &blob_out);
data_blob_free(&blob_in);
if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)
|| NT_STATUS_IS_OK(nt_status))
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index d7ac906..376c4f5 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -615,7 +615,7 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli,
do {
status = gensec_update(auth_generic_state->gensec_security, auth_generic_state,
- NULL, blob_in, &blob_out);
+ blob_in, &blob_out);
data_blob_free(&blob_in);
data_blob_free(¶m_out);
if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) || NT_STATUS_IS_OK(status)) {
@@ -700,7 +700,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
}
status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
- NULL, blob_recv, &blob_send);
+ blob_recv, &blob_send);
do {
data_blob_free(&blob_recv);
@@ -710,7 +710,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli)
}
data_blob_free(&blob_send);
status = gensec_update(auth_generic_state->gensec_security, talloc_tos(),
- NULL, blob_recv, &blob_send);
+ blob_recv, &blob_send);
} while (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED));
data_blob_free(&blob_recv);
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 0def817..cd783f2 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1011,7 +1011,7 @@ static NTSTATUS create_generic_auth_rpc_bind_req(struct rpc_pipe_client *cli,
struct gensec_security);
DEBUG(5, ("create_generic_auth_rpc_bind_req: generate first token\n"));
- status = gensec_update(gensec_security, mem_ctx, NULL, null_blob, auth_token);
+ status = gensec_update(gensec_security, mem_ctx, null_blob, auth_token);
if (!NT_STATUS_IS_OK(status) &&
!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED))
@@ -1895,7 +1895,7 @@ static void rpc_pipe_bind_step_one_done(struct tevent_req *subreq)
}
}
- status = gensec_update(gensec_security, state, NULL,
+ status = gensec_update(gensec_security, state,
auth.credentials, &auth_token);
if (NT_STATUS_EQUAL(status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index 77d76fc..1165121 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -49,7 +49,7 @@ static NTSTATUS auth_generic_server_authtype_start_as_root(TALLOC_CTX *mem_ctx,
return status;
}
- status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
+ status = gensec_update(gensec_security, mem_ctx, *token_in, token_out);
if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(2, (__location__ ": gensec_update failed: %s\n",
nt_errstr(status)));
@@ -92,7 +92,7 @@ NTSTATUS auth_generic_server_step(struct gensec_security *gensec_security,
/* this has to be done as root in order to verify the password */
become_root();
- status = gensec_update(gensec_security, mem_ctx, NULL, *token_in, token_out);
+ status = gensec_update(gensec_security, mem_ctx, *token_in, token_out);
unbecome_root();
return status;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index bd7df22..f470d0b 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -177,7 +177,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
status = gensec_start_mech_by_oid(gensec_security, GENSEC_OID_SPNEGO);
if (NT_STATUS_IS_OK(status)) {
status = gensec_update(gensec_security, ctx,
- NULL, data_blob_null, &blob);
+ data_blob_null, &blob);
/* If we get the list of OIDs, the 'OK' answer
* is NT_STATUS_MORE_PROCESSING_REQUIRED */
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index cdcfe06..bb9bb08 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -225,7 +225,7 @@ NTSTATUS srv_request_encryption_setup(connection_struct *conn,
/* Second step. */
become_root();
status = gensec_update(es->gensec_security,
- talloc_tos(), NULL,
+ talloc_tos(),
blob, &response);
unbecome_root();
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED) &&
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 4b86a99..cf5c9f0 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -258,7 +258,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
become_root();
status = gensec_update(session->gensec,
- talloc_tos(), NULL,
+ talloc_tos(),
in_blob, &out_blob);
unbecome_root();
if (!NT_STATUS_IS_OK(status) &&
diff --git a/source3/torture/test_smb2.c b/source3/torture/test_smb2.c
index 8cb1031..1923668 100644
--- a/source3/torture/test_smb2.c
+++ b/source3/torture/test_smb2.c
@@ -440,7 +440,8 @@ bool run_smb2_session_reconnect(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
printf("gensec_update returned %s\n", nt_errstr(status));
return false;
@@ -477,7 +478,8 @@ bool run_smb2_session_reconnect(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
if (!NT_STATUS_IS_OK(status)) {
printf("auth_generic_update returned %s\n", nt_errstr(status));
return false;
@@ -953,7 +955,8 @@ bool run_smb2_multi_channel(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
printf("gensec_update returned %s\n", nt_errstr(status));
return false;
@@ -987,7 +990,8 @@ bool run_smb2_multi_channel(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
if (!NT_STATUS_IS_OK(status)) {
printf("auth_generic_update returned %s\n", nt_errstr(status));
return false;
@@ -1079,7 +1083,8 @@ bool run_smb2_multi_channel(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
printf("gensec_update returned %s\n", nt_errstr(status));
return false;
@@ -1113,7 +1118,8 @@ bool run_smb2_multi_channel(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, out_blob, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), out_blob, &in_blob);
if (!NT_STATUS_IS_OK(status)) {
printf("auth_generic_update returned %s\n", nt_errstr(status));
return false;
@@ -1263,7 +1269,8 @@ bool run_smb2_multi_channel(int dummy)
return false;
}
- status = gensec_update(auth_generic_state->gensec_security, talloc_tos(), ev, data_blob_null, &in_blob);
+ status = gensec_update(auth_generic_state->gensec_security,
+ talloc_tos(), data_blob_null, &in_blob);
--
Samba Shared Repository
More information about the samba-cvs
mailing list