[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Sep 2 01:15:02 UTC 2019
The branch, master has been updated
via b76bf7afd07 build: Raise minimum python version to 3.5.0 for Samba 4.12
via 29729818823 dsdb: Remove unused local_password module
via 72201055f53 dsdb: Remove unused simple_dn module
via af6799bf4f1 util: Remove unused NS_GUID_string() and NS_GUID_from_string()
via cf3977585d0 dsdb: Remove unused entryuuid and nsuniqueid modules
from f2e37b84da6 Spelling fixes s/ querys / queries /
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b76bf7afd07924e65cccbee7614b462312d4437c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 26 14:36:49 2019 +1200
build: Raise minimum python version to 3.5.0 for Samba 4.12
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 2 01:14:05 UTC 2019 on sn-devel-184
commit 29729818823161c08b09bcc8e43c3942a503b129
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 30 22:12:03 2019 +1200
dsdb: Remove unused local_password module
This was an idea about how Samba might have worked if passwords were
not safe to be stored in a remote DB (get some kind of LDAP backend).
Nothing ever used this, but it was a nice idea. But git master is not
the place to preserve history, even interesting ideas like splitting
passwords from the non-password data (possible because, in the same way
we are allowed to encrypt them, we do not allow a search on password
values).
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 72201055f53a9a59c90fa6fe94cbc7e968a2b35a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 30 22:05:37 2019 +1200
dsdb: Remove unused simple_dn module
This became unused with 2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea that
removed the last of the support for the LDAP Backend
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit af6799bf4f1509af19c74c300a0d4a889a69cbfe
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 30 20:38:01 2019 +1200
util: Remove unused NS_GUID_string() and NS_GUID_from_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14063
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit cf3977585d095cac916b268629087570e0538130
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Aug 30 20:44:57 2019 +1200
dsdb: Remove unused entryuuid and nsuniqueid modules
These were for the now removed OpenLDAP backend. Any future work in this area will
not involve this kind of translation, it will be done much more cleanly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 10 +
buildtools/wafsamba/samba_python.py | 2 +-
source4/dsdb/common/util.c | 52 -
source4/dsdb/common/util.h | 3 -
source4/dsdb/samdb/ldb_modules/local_password.c | 1103 --------------------
source4/dsdb/samdb/ldb_modules/simple_dn.c | 79 --
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 965 -----------------
.../dsdb/samdb/ldb_modules/wscript_build_server | 28 -
8 files changed, 11 insertions(+), 2231 deletions(-)
delete mode 100644 source4/dsdb/samdb/ldb_modules/local_password.c
delete mode 100644 source4/dsdb/samdb/ldb_modules/simple_dn.c
delete mode 100644 source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c3b99dbee80..2a774ace6d7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,16 @@ UPGRADING
NEW FEATURES/CHANGES
====================
+Python 3.5 Required
+-------------------
+
+Samba's minimum runtime requirement for python was raised to Python
+3.4 with samba 4.11. Samba 4.12 raises this minimum version to Python
+3.5 both to access new features and because this is the oldest version
+we test with in our CI infrastructure.
+
+(Build time support for the file server with Python 2.6 has not
+changed)
GnuTLS 3.4.7 required
---------------------
diff --git a/buildtools/wafsamba/samba_python.py b/buildtools/wafsamba/samba_python.py
index 4476d335248..cb726cf0bcc 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -5,7 +5,7 @@ from waflib import Build, Logs, Utils, Configure, Errors
from waflib.Configure import conf
@conf
-def SAMBA_CHECK_PYTHON(conf, version=(3,4,0)):
+def SAMBA_CHECK_PYTHON(conf, version=(3,5,0)):
if conf.env.disable_python:
version=(2,6,0)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 1c71c243ed5..817fce6e17f 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -5264,58 +5264,6 @@ int dsdb_create_partial_replica_NC(struct ldb_context *ldb, struct ldb_dn *dn)
return LDB_SUCCESS;
}
-/**
- build a GUID from a string
-*/
-_PUBLIC_ NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid)
-{
- NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
- uint32_t time_low;
- uint32_t time_mid, time_hi_and_version;
- uint32_t clock_seq[2];
- uint32_t node[6];
- int i;
-
- if (s == NULL) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- status = parse_guid_string(s,
- &time_low,
- &time_mid,
- &time_hi_and_version,
- clock_seq,
- node);
-
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- guid->time_low = time_low;
- guid->time_mid = time_mid;
- guid->time_hi_and_version = time_hi_and_version;
- guid->clock_seq[0] = clock_seq[0];
- guid->clock_seq[1] = clock_seq[1];
- for (i=0;i<6;i++) {
- guid->node[i] = node[i];
- }
-
- return NT_STATUS_OK;
-}
-
-_PUBLIC_ char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid)
-{
- return talloc_asprintf(mem_ctx,
- "%08x-%04x%04x-%02x%02x%02x%02x-%02x%02x%02x%02x",
- guid->time_low, guid->time_mid,
- guid->time_hi_and_version,
- guid->clock_seq[0],
- guid->clock_seq[1],
- guid->node[0], guid->node[1],
- guid->node[2], guid->node[3],
- guid->node[4], guid->node[5]);
-}
-
/*
* Return the effective badPwdCount
*
diff --git a/source4/dsdb/common/util.h b/source4/dsdb/common/util.h
index c188c68fc95..e1854644d53 100644
--- a/source4/dsdb/common/util.h
+++ b/source4/dsdb/common/util.h
@@ -79,9 +79,6 @@ bool is_attr_in_list(const char * const * attrs, const char *attr);
struct GUID;
-char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid);
-NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid);
-
struct ldb_context;
int dsdb_werror_at(struct ldb_context *ldb, int ldb_ecode, WERROR werr,
diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c
deleted file mode 100644
index 86c79ee45c3..00000000000
--- a/source4/dsdb/samdb/ldb_modules/local_password.c
+++ /dev/null
@@ -1,1103 +0,0 @@
-/*
- ldb database module
-
- Copyright (C) Simo Sorce 2004-2008
- Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005-2006
- Copyright (C) Andrew Tridgell 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/*
- * Name: ldb
- *
- * Component: ldb local_password module
- *
- * Description: correctly update hash values based on changes to userPassword and friends
- *
- * Author: Andrew Bartlett
- */
-
-#include "includes.h"
-#include "ldb_module.h"
-#include "dsdb/samdb/samdb.h"
-#include "librpc/ndr/libndr.h"
-#include "dsdb/samdb/ldb_modules/password_modules.h"
-#include "dsdb/samdb/ldb_modules/util.h"
-#include "dsdb/common/util.h"
-
-#define PASSWORD_GUID_ATTR "masterGUID"
-
-/* This module maintains a local password database, separate from the main LDAP
- server.
-
- This allows the password database to be synchronised in a multi-master
- fashion, separate to the more difficult concerns of the main
- database. (With passwords, the last writer always wins)
-
- Each incoming add/modify is split into a remote, and a local request, done
- in that order.
-
- We maintain a list of attributes that are kept locally - perhaps
- this should use the @KLUDGE_ACL list of passwordAttribute
- */
-
-static const char * const password_attrs[] = {
- "pwdLastSet",
- DSDB_SECRET_ATTRIBUTES
-};
-
-/* And we merge them back into search requests when asked to do so */
-
-struct lpdb_reply {
- struct lpdb_reply *next;
- struct ldb_reply *remote;
- struct ldb_dn *local_dn;
-};
-
-struct lpdb_context {
-
- struct ldb_module *module;
- struct ldb_request *req;
-
- struct ldb_message *local_message;
-
- struct lpdb_reply *list;
- struct lpdb_reply *current;
- struct ldb_reply *remote_done;
- struct ldb_reply *remote;
-
- bool added_objectGUID;
- bool added_objectClass;
-
-};
-
-static struct lpdb_context *lpdb_init_context(struct ldb_module *module,
- struct ldb_request *req)
-{
- struct ldb_context *ldb;
- struct lpdb_context *ac;
-
- ldb = ldb_module_get_ctx(module);
-
- ac = talloc_zero(req, struct lpdb_context);
- if (ac == NULL) {
- ldb_set_errstring(ldb, "Out of Memory");
- return NULL;
- }
-
- ac->module = module;
- ac->req = req;
-
- return ac;
-}
-
-static int lpdb_local_callback(struct ldb_request *req, struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct lpdb_context *ac;
-
- ac = talloc_get_type(req->context, struct lpdb_context);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- if (ares->type != LDB_REPLY_DONE) {
- ldb_set_errstring(ldb, "Unexpected reply type");
- talloc_free(ares);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- talloc_free(ares);
- return ldb_module_done(ac->req,
- ac->remote_done->controls,
- ac->remote_done->response,
- ac->remote_done->error);
-}
-
-/*****************************************************************************
- * ADD
- ****************************************************************************/
-
-static int lpdb_add_callback(struct ldb_request *req,
- struct ldb_reply *ares);
-
-static int local_password_add(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_context *ldb;
- struct ldb_message *remote_message;
- struct ldb_request *remote_req;
- struct lpdb_context *ac;
- struct GUID objectGUID;
- int ret;
- unsigned int i;
-
- ldb = ldb_module_get_ctx(module);
- ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_add\n");
-
- if (ldb_dn_is_special(req->op.add.message->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* If the caller is manipulating the local passwords directly, let them pass */
- if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
- req->op.add.message->dn) == 0) {
- return ldb_next_request(module, req);
- }
-
- for (i=0; i < ARRAY_SIZE(password_attrs); i++) {
- if (ldb_msg_find_element(req->op.add.message, password_attrs[i])) {
- break;
- }
- }
-
- /* It didn't match any of our password attributes, go on */
- if (i == ARRAY_SIZE(password_attrs)) {
- return ldb_next_request(module, req);
- }
-
- /* From here, we assume we have password attributes to split off */
- ac = lpdb_init_context(module, req);
- if (!ac) {
- return ldb_operr(ldb);
- }
-
- remote_message = ldb_msg_copy_shallow(ac, req->op.add.message);
- if (remote_message == NULL) {
- return ldb_operr(ldb);
- }
-
- /* Remove any password attributes from the remote message */
- for (i=0; i < ARRAY_SIZE(password_attrs); i++) {
- ldb_msg_remove_attr(remote_message, password_attrs[i]);
- }
-
- /* Find the objectGUID to use as the key */
- objectGUID = samdb_result_guid(ac->req->op.add.message, "objectGUID");
-
- ac->local_message = ldb_msg_copy_shallow(ac, req->op.add.message);
- if (ac->local_message == NULL) {
- return ldb_operr(ldb);
- }
-
- /* Remove anything seen in the remote message from the local
- * message (leaving only password attributes) */
- for (i=0; i < remote_message->num_elements; i++) {
- ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name);
- }
-
- /* We must have an objectGUID already, or we don't know where
- * to add the password. This may be changed to an 'add and
- * search', to allow the directory to create the objectGUID */
- if (ldb_msg_find_ldb_val(req->op.add.message, "objectGUID") == NULL) {
- ldb_set_errstring(ldb,
- "no objectGUID found in search: "
- "local_password module must be "
- "onfigured below objectGUID module!\n");
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- ac->local_message->dn = ldb_dn_new(ac->local_message,
- ldb, LOCAL_BASE);
- if ((ac->local_message->dn == NULL) ||
- ( ! ldb_dn_add_child_fmt(ac->local_message->dn,
- PASSWORD_GUID_ATTR "=%s",
- GUID_string(ac->local_message,
- &objectGUID)))) {
- return ldb_operr(ldb);
- }
-
- ret = ldb_build_add_req(&remote_req, ldb, ac,
- remote_message,
- req->controls,
- ac, lpdb_add_callback,
- req);
- LDB_REQ_SET_LOCATION(remote_req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- return ldb_next_request(module, remote_req);
-}
-
-/* Add a record, splitting password attributes from the user's main
- * record */
-static int lpdb_add_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct ldb_request *local_req;
- struct lpdb_context *ac;
- int ret;
-
- ac = talloc_get_type(req->context, struct lpdb_context);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- if (ares->type != LDB_REPLY_DONE) {
- ldb_set_errstring(ldb, "Unexpected reply type");
- talloc_free(ares);
- return ldb_module_done(ac->req, NULL, NULL,
- LDB_ERR_OPERATIONS_ERROR);
- }
-
- ac->remote_done = talloc_steal(ac, ares);
-
- ret = ldb_build_add_req(&local_req, ldb, ac,
- ac->local_message,
- NULL,
- ac, lpdb_local_callback,
- ac->req);
- LDB_REQ_SET_LOCATION(local_req);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
- ret = ldb_next_request(ac->module, local_req);
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
- return LDB_SUCCESS;
-}
-
-/*****************************************************************************
- * MODIFY
- ****************************************************************************/
-
-static int lpdb_modify_callback(struct ldb_request *req,
- struct ldb_reply *ares);
-static int lpdb_mod_search_callback(struct ldb_request *req,
- struct ldb_reply *ares);
-
-static int local_password_modify(struct ldb_module *module, struct ldb_request *req)
-{
- struct ldb_context *ldb;
- struct lpdb_context *ac;
- struct ldb_message *remote_message;
- struct ldb_request *remote_req;
- int ret;
- unsigned int i;
-
- ldb = ldb_module_get_ctx(module);
- ldb_debug(ldb, LDB_DEBUG_TRACE, "local_password_modify\n");
-
- if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */
- return ldb_next_request(module, req);
- }
-
- /* If the caller is manipulating the local passwords directly, let them pass */
- if (ldb_dn_compare_base(ldb_dn_new(req, ldb, LOCAL_BASE),
- req->op.mod.message->dn) == 0) {
- return ldb_next_request(module, req);
- }
-
- for (i=0; i < ARRAY_SIZE(password_attrs); i++) {
- if (ldb_msg_find_element(req->op.add.message, password_attrs[i])) {
- break;
- }
- }
-
- /* It didn't match any of our password attributes, then we have nothing to do here */
- if (i == ARRAY_SIZE(password_attrs)) {
- return ldb_next_request(module, req);
- }
-
- /* From here, we assume we have password attributes to split off */
- ac = lpdb_init_context(module, req);
- if (!ac) {
- return ldb_operr(ldb);
- }
-
- remote_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
- if (remote_message == NULL) {
- return ldb_operr(ldb);
- }
-
- /* Remove any password attributes from the remote message */
- for (i=0; i < ARRAY_SIZE(password_attrs); i++) {
- ldb_msg_remove_attr(remote_message, password_attrs[i]);
- }
-
- ac->local_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message);
- if (ac->local_message == NULL) {
- return ldb_operr(ldb);
- }
-
- /* Remove anything seen in the remote message from the local
- * message (leaving only password attributes) */
- for (i=0; i < remote_message->num_elements;i++) {
- ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name);
- }
-
- ret = ldb_build_mod_req(&remote_req, ldb, ac,
- remote_message,
- req->controls,
- ac, lpdb_modify_callback,
- req);
- LDB_REQ_SET_LOCATION(remote_req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- return ldb_next_request(module, remote_req);
-}
-
-/* On a modify, we don't have the objectGUID handy, so we need to
- * search our DN for it */
-static int lpdb_modify_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- static const char * const attrs[] = { "objectGUID", "objectClass", NULL };
- struct ldb_request *search_req;
- struct lpdb_context *ac;
- int ret;
-
- ac = talloc_get_type(req->context, struct lpdb_context);
--
Samba Shared Repository
More information about the samba-cvs
mailing list