summaryrefslogtreecommitdiff
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just ↵Andrew Bartlett2013-01-251-3/+8
| | | | | | | | | | | | | | | | like process_prefork This avoids two different process single servers (say LDAP and the RPC server) sharing the same server id. Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598 Reported-by: Matthieu Patou <mat@matws.net> Reviewed-by: Matthieu Patou <mat@matws.net> Signed-off-by: Andrew Bartlett <abartlett@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104
* s4-torture: add some basic tests for PlayGDIScriptOnPrinterIC.Günther Deschner2013-01-241-1/+110
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 24 19:20:52 CET 2013 on sn-devel-104
* spoolss: make spoolss deal with ndr64 StartDocPrinter by using proper ↵Günther Deschner2013-01-241-2/+6
| | | | | | | | | container object. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb-acl: remove unused variableStefan Metzmacher2013-01-231-1/+0
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 23 20:04:09 CET 2013 on sn-devel-104
* drsuapi: Add documentationMatthieu Patou2013-01-221-3/+18
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* drepl-notify: change misleading messageMatthieu Patou2013-01-221-1/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* devel-script: add options for RODC and partial replica for replicate flagsMatthieu Patou2013-01-221-1/+21
| | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
* devel-scripts: ask with WRIT_REP by defaultMatthieu Patou2013-01-211-0/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* devel-getncchange: try to find the dest_dsa automaticallyMatthieu Patou2013-01-211-3/+19
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: look in hasMasterNCs as well for determining the instance type of a NCMatthieu Patou2013-01-211-2/+10
| | | | | | Forest of level 2000 don't hve the msDS-hasMasterNCs parameter Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Fix warning about unused varMatthieu Patou2013-01-211-2/+0
| | | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104
* dsdb: Explain ordering constraints on the ACL module as well.Andrew Bartlett2013-01-211-2/+2
| | | | | | | | Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Ensure "authenticated users" is processed for group membershipsAndrew Bartlett2013-01-213-36/+64
| | | | | | | | | | | | | | | | | | This change moves the addition of "Authenticated Users" from the very end of the token processing to the start. The reason is that we need to see if "Authenticated Users" is a member of other builtin groups, just as we would for any other SID. This picks up the "Pre-Windows 2000 Compatible Access" group, which is in turn often used in ACLs on LDAP objects. Without this change, the eventual token does not contain S-1-5-32-554 and users other than "Administrator" are unable to read uidNumber (in particular). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett2013-01-212-11/+10
| | | | | | | | | | | | | | | | | | | | | | | insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUIDStefan Metzmacher2013-01-211-2/+7
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: make use of acl_check_access_on_objectclass() for the object in ↵Stefan Metzmacher2013-01-211-6/+50
| | | | | | | | | | acl_delete() We should only use dsdb_module_check_access_on_dn() on the parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in ↵Stefan Metzmacher2013-01-211-47/+43
| | | | | | | | acl_rename() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: make use of acl_check_access_on_attribute() in acl_modify()Stefan Metzmacher2013-01-211-44/+16
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: remove unused acl_check_access_on_class()Stefan Metzmacher2013-01-211-46/+0
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: use acl_check_access_on_objectclass() instead of ↵Stefan Metzmacher2013-01-211-8/+13
| | | | | | | | acl_check_access_on_class() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()Andrew Bartlett2013-01-211-16/+16
| | | | | | | | | | | | | This commit enters the GUID into the object tree so that that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Pass the structural objectClass into acl_check_access_on_attributeAndrew Bartlett2013-01-213-20/+57
| | | | | | | | | | | | | | This will, when the GUID is entered into the object tree (not in this commit) ensure that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Remove unused get_oc_guid_from_message()Andrew Bartlett2013-01-211-19/+0
| | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: ask for the objectClass attribute if it's not in the scope of the ↵Andrew Bartlett2013-01-211-1/+16
| | | | | | | | | | | clients search This will be used later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than ↵Andrew Bartlett2013-01-211-8/+7
| | | | | | | | | | | | | | | | class_schemaid_guid_by_lDAPDisplayName This uses dsdb_get_last_structural_objectclass(), which encodes this ordering knowledge in one place in the code, rather than using this uncommented magic expression: (char *)oc_el->values[oc_el->num_values-1].data Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()Andrew Bartlett2013-01-211-12/+14
| | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()Andrew Bartlett2013-01-211-8/+10
| | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: add acl_check_access_on_objectclass() helperStefan Metzmacher2013-01-211-0/+39
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()Andrew Bartlett2013-01-211-0/+13
| | | | | | | | | | | This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: attr is not optional to acl_check_access_on_attribute()Stefan Metzmacher2013-01-211-25/+24
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributesStefan Metzmacher2013-01-211-16/+18
| | | | | | | | "clearTextPassword" is the only exception. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: introduce a 'el' helper variable to acl_modify()Stefan Metzmacher2013-01-211-12/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: introduce a 'msg' helper variable to acl_modify()Stefan Metzmacher2013-01-211-20/+20
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make sure we build [system]PossibleInferiors completelyStefan Metzmacher2013-01-211-0/+4
| | | | | | | | | Otherwise callers like dsdb_schema_copy_shallow() will corrupt the talloc hierarchie. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make sure use clean caches in schema_inferiors.cStefan Metzmacher2013-01-212-28/+32
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make schema_subclasses_order_recurse() staticStefan Metzmacher2013-01-211-3/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests: remove redondent testsuites in provisionMatthieu Patou2013-01-211-6/+1
| | | | | | | | | | Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
* Tests: rewrite ldap_schema to specify attributesMatthieu Patou2013-01-211-15/+24
| | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal_build: Try again to sort out the strerror_r messAndrew Bartlett2013-01-193-8/+8
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* spoolss: make spoolss deal with ndr64 SetForm by using proper container object.Günther Deschner2013-01-172-14/+17
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* spoolss: make spoolss deal with ndr64 AddForm by using proper container object.Günther Deschner2013-01-172-17/+20
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s4-torture: add ndr64 spoolss_SetPrinter ndr test.Günther Deschner2013-01-171-0/+73
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* spoolss: make spoolss deal with ndr64 ULONG_PTR of devmode_ptr and secdesc_ptr.Günther Deschner2013-01-172-8/+8
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not setMatthieu Patou2013-01-171-1/+1
| | | | | | | | | | Most of the time this flag is not set and so we can avoid the strcasecmp in ldb_attr_cmp() Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104
* torture: Fix fsmo test to use correct -H samba-tool syntaxAndrew Bartlett2013-01-171-2/+2
| | | | | | However, the test still does not pass. Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not hold the transaction over the IRPC call to perform a role transferAndrew Bartlett2013-01-171-1/+26
| | | | | | | | This avoids one samba process locking out another from the DB. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett2013-01-173-5/+14
| | | | | | | | This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"Stefan Metzmacher2013-01-171-3/+11
| | | | | | | | | | | acl_check_access_on_attribute should never be called with attr=NULL because we don't check access on an attribute in that case Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
* dsdb-acl: add helper variable 'ldb' in acl_sDRightsEffectiveStefan Metzmacher2013-01-171-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
* dsdb-acl: fix the order of special and system checksStefan Metzmacher2013-01-171-22/+61
| | | | | | | | | First we check for a special dn, then for system access. All allocations happen after this checks in order to avoid allocations we won't use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
View Lorry Controller Status