Anatoliy Atanasov [Wed, 24 Mar 2010 14:53:38 +0000 (16:53 +0200)]
s4/rodc: implement read-only database
When we are RODC we shoudl deny modify's on the database and return
referral instead.
Karolin Seeger [Wed, 24 Mar 2010 13:55:15 +0000 (14:55 +0100)]
s3-testparm: Throw warning when 'workgroup' and 'netbios name' are identical.
Address bug #7285 (NetBIOS Namespace Clash Handling).
Karolin
Kamen Mazdrashki [Wed, 17 Mar 2010 01:27:05 +0000 (03:27 +0200)]
idl: drsuapi.idl - fix few more comments
Kamen Mazdrashki [Wed, 17 Mar 2010 01:09:09 +0000 (03:09 +0200)]
idl: Regenerate DRSUAPI idl files
Kamen Mazdrashki [Wed, 17 Mar 2010 01:08:56 +0000 (03:08 +0200)]
s4/drs: Pretty print for drsuapi_SecBufferType
It is a type and mask combined in one DRS field so
we have to make a custom ndr_print implementation for this type
Kamen Mazdrashki [Wed, 17 Mar 2010 01:07:01 +0000 (03:07 +0200)]
s4/idl: DsAddEntry V3 request description
Kamen Mazdrashki [Mon, 15 Mar 2010 11:57:41 +0000 (13:57 +0200)]
s4/drs: Implement DsAddEntry V3 error handling
Kamen Mazdrashki [Tue, 16 Mar 2010 23:20:31 +0000 (01:20 +0200)]
s4/idl: Remove drsuapi_DsAddEntryExtraErrorBuffer - it is not used anymore
Kamen Mazdrashki [Tue, 16 Mar 2010 19:58:22 +0000 (21:58 +0200)]
s4/idl: Complete drsuapi_DsAddEntryErrorInfo description
Members for Security, Service, Update and System errors renamed
to be more descriptive.
All those error types share same description.
Kamen Mazdrashki [Mon, 15 Mar 2010 23:30:05 +0000 (01:30 +0200)]
s4/idl: Add DsAddEntry Referral error definition
Kamen Mazdrashki [Sun, 14 Mar 2010 14:07:49 +0000 (16:07 +0200)]
s4/idl: Add DsAddEntry Name resolution error definition
Kamen Mazdrashki [Fri, 12 Mar 2010 15:05:58 +0000 (17:05 +0200)]
s4/drs: Refactor error handling for DsAddEntry V3 replies
Dumping for specific error classes are to be implemented properly
in the near future.
Kamen Mazdrashki [Fri, 12 Mar 2010 13:06:19 +0000 (15:06 +0200)]
s4/drs: pretty print for drsuapi_DsAddEntry_AttrErrListItem_V1
Kamen Mazdrashki [Fri, 12 Mar 2010 12:55:05 +0000 (14:55 +0200)]
s4/idl: redefine drsuapi_DsAddEntryErrorInfo1
This actually describes Attribute error during DsAddEntry execution.
Structure is renamed to drsuapi_DsAddEntryErrorInfo_Attr.
And structure to define Attribute error data are all
prefixed with drsuapi_DsAddEntry_AttrErr
Kamen Mazdrashki [Wed, 10 Mar 2010 14:37:38 +0000 (16:37 +0200)]
s4/drs: drsuapi_DsAddEntry_ErrData propagate structure def in source code
Kamen Mazdrashki [Fri, 12 Mar 2010 12:30:05 +0000 (14:30 +0200)]
s4/idl: drsuapi_DsAddEntryError refactored
Structure description and name was changed to be aligned with
WSPP definition.
Ref: [MS-DRSR] 4.1.1.1.23
Kamen Mazdrashki [Fri, 12 Mar 2010 11:42:05 +0000 (13:42 +0200)]
s4/drs: DsAddEntry - extending error handling for V2 replies
After having more complete definition for DsAddEntryReply V2
structure, we can now handle error state in more robust way,
not just counting on number of objects returned.
Kamen Mazdrashki [Tue, 9 Mar 2010 00:59:34 +0000 (02:59 +0200)]
s4/idl: DsAddEntry - refactor DsAddEntryCtr2 structure
Reply structure definition was aligned with WSPP documentation
Ref: [MS-DRSR], section 4.1.1.1.7
Kamen Mazdrashki [Mon, 8 Mar 2010 01:52:14 +0000 (03:52 +0200)]
s4/drs: drsuapi_DsAddEntryErrorInfoX changes propagated to source code
Kamen Mazdrashki [Mon, 8 Mar 2010 01:51:37 +0000 (03:51 +0200)]
s4/idl: Update drsuapi_DsAddEntryErrorInfoX definition
drsuapi_DsAddEntryErrorInfoX is an extended error
description used by most of the error infos returned
by DsAddEntry RPC method.
Kamen Mazdrashki [Fri, 12 Mar 2010 11:39:52 +0000 (13:39 +0200)]
s4/idl: DIRERR error codes definition
DIRERR codes specify class of error returned from
DsAddEntry method call.
Ref: [MS-DRSR], section 4.1.1.1.25
Kamen Mazdrashki [Sun, 7 Mar 2010 19:46:39 +0000 (21:46 +0200)]
s4/drs: DsAddEntry - Propagating unsigned switches to source code
Kamen Mazdrashki [Sun, 7 Mar 2010 19:36:22 +0000 (21:36 +0200)]
s4/idl: DsAddEntry - switch types should be unsigned
Günther Deschner [Wed, 24 Mar 2010 12:34:01 +0000 (13:34 +0100)]
s4-smbtorture: add missing checks for WERROR results in RPC-SAMBA3 tests.
Guenther
Günther Deschner [Wed, 24 Mar 2010 12:18:33 +0000 (13:18 +0100)]
s4-smbtorture: fix some invalid parameters in RPC-SAMSYNC test.
Guenther
Günther Deschner [Mon, 22 Mar 2010 14:58:09 +0000 (15:58 +0100)]
s4-smbtorture: cleanup some of the RPC-SAMBA3 tests.
This avoids printf, uses simplication functions where appropriate, etc.
Guenther
Günther Deschner [Mon, 22 Mar 2010 16:24:38 +0000 (17:24 +0100)]
s4-smbtorture: add rap_get_servername to RPC-SAMBA3 family of tests.
Guenther
Simo Sorce [Wed, 24 Mar 2010 11:45:15 +0000 (07:45 -0400)]
idl: fix comment and convert whitespaces to tabs
Andrew Bartlett [Wed, 24 Mar 2010 08:27:18 +0000 (19:27 +1100)]
s4:selftest Test --sign and --encrypt options to ldbsearch
Andrew Bartlett [Wed, 24 Mar 2010 08:26:02 +0000 (19:26 +1100)]
s4:cmdline Add --sign and --encrypt options to our common command line
This allows ldbsearch to accept --sign and --encrypt. I'll soon work
to integrate with the --signing= option in smbclient.
Andrew Bartlett
Andrew Bartlett [Wed, 24 Mar 2010 05:09:02 +0000 (16:09 +1100)]
s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.
Without this, a sealed LDAP connection to windows does not work.
Andrew Bartlett
Volker Lendecke [Tue, 23 Mar 2010 17:36:55 +0000 (18:36 +0100)]
s3: Optimize gencache for smbd exit
If thousands of smbds try to gencache_stabilize at the same time because the
network died, all of them might be sitting in transaction_start. Don't do the
stabilize transaction if nothing has changed in gencache_notrans.tdb.
Volker
Andrew Tridgell [Tue, 23 Mar 2010 18:06:25 +0000 (05:06 +1100)]
libreplace: fixed declaration of dprintf() on FreeBSD
Andrew Tridgell [Wed, 24 Mar 2010 05:52:37 +0000 (16:52 +1100)]
s4-provision: FreeBSD uses 'staff' for users
Andrew Tridgell [Tue, 23 Mar 2010 15:02:32 +0000 (11:02 -0400)]
s4-provision: solaris uses the group "other"
Andrew Tridgell [Mon, 22 Mar 2010 07:40:44 +0000 (18:40 +1100)]
build: fixed nss_wrapper on solaris
solaris has different getpwnam_r syntax
Simo Sorce [Tue, 23 Mar 2010 22:45:20 +0000 (18:45 -0400)]
idl: fix forest trust information idl
--validate now passes
Günther Deschner [Tue, 23 Mar 2010 17:32:06 +0000 (18:32 +0100)]
s4-smbtorture: remove tailing whitespace in samba3rpc testsuite.
Guenther
Stefan Metzmacher [Thu, 18 Mar 2010 17:55:49 +0000 (18:55 +0100)]
s4:librpc/rpc/pyrpc.h: librpc/rpc/dcerpc.h isn't needed anymore
metze
Stefan Metzmacher [Thu, 18 Mar 2010 18:36:50 +0000 (19:36 +0100)]
s4:lib/messaging: pymessaging needs libndr.h
metze
Stefan Metzmacher [Thu, 18 Mar 2010 17:55:00 +0000 (18:55 +0100)]
pidl:Samba4/Python: librpc/rpc/dcerpc.h isn't needed anymore
metze
Stefan Metzmacher [Fri, 19 Mar 2010 12:02:26 +0000 (13:02 +0100)]
s4:libnet: don't include librpc/rpc/dcerpc.h directly
metze
Stefan Metzmacher [Fri, 19 Mar 2010 18:16:35 +0000 (19:16 +0100)]
s3:librpc/rpc: move prototypes to dcerpc.h
metze
Günther Deschner [Tue, 23 Mar 2010 16:28:55 +0000 (17:28 +0100)]
s4-smbtorture: use torture_context in samsync test.
Guenther
Günther Deschner [Tue, 23 Mar 2010 16:16:23 +0000 (17:16 +0100)]
s4-smbtorture: remove trailing whitespace from samsync torture test.
Guenther
Günther Deschner [Tue, 23 Mar 2010 15:30:05 +0000 (16:30 +0100)]
s4-smbtorture: use torture_context in libnet domain tests as well.
Guenther
Matthias Dieter Wallnöfer [Tue, 23 Mar 2010 15:43:41 +0000 (16:43 +0100)]
s4:WINREG torture - fix an error (missing "break" in a "switch")
Sorry my fault - I didn't discover that earlier since we had binary data types
support activated in s4.
Matthias Dieter Wallnöfer [Tue, 23 Mar 2010 15:19:26 +0000 (16:19 +0100)]
s4:registry - "reg_ldb_pack_value" - provide workarounds when the server receives non-standard data.
For now we reset/delete the "data" attribute. Anyway there is the need to find
a better solution (we probably want to change the format and save all data as
we got it like Windows itself does).
These workarounds are needed since for example the Windows 2000 Registry Editor
initialises empty REG_SZ strings with content '\0' and length 1 (not a valid
UTF16 sequence - "convert_string_talloc" breaks). So we simply reset/delete the
"data" attribute which works (no content).
Matthias Dieter Wallnöfer [Tue, 23 Mar 2010 15:17:25 +0000 (16:17 +0100)]
s4:registry - "LDB backend" - fix indentation
Günther Deschner [Tue, 23 Mar 2010 14:31:27 +0000 (15:31 +0100)]
s4-smbtorture: use torture_context for debugging output everywhere in libnet torture tests.
Mimir, please check.
Guenther
Günther Deschner [Tue, 23 Mar 2010 15:04:30 +0000 (16:04 +0100)]
s4-smbtorture: remove trailing whitespace in libnet torture tests.
Guenther
Karolin Seeger [Tue, 23 Mar 2010 13:53:49 +0000 (14:53 +0100)]
s3-builtin: Add missing builtin groups.
Karolin
Karolin Seeger [Tue, 23 Mar 2010 14:24:25 +0000 (15:24 +0100)]
s3: Re-run make samba3-idl.
Karolin
Karolin Seeger [Tue, 23 Mar 2010 13:26:51 +0000 (14:26 +0100)]
security.idl: Add missing builtin groups.
Karolin
Stefan Metzmacher [Sat, 20 Mar 2010 10:29:46 +0000 (11:29 +0100)]
librpc/rpc: fix dcerpc_errstr() to handle all nca_s_* status codes and fallback to WERROR codes
metze
Günther Deschner [Tue, 23 Mar 2010 13:37:40 +0000 (14:37 +0100)]
s3:re-run make samba3-idl.
Guenther
Stefan Metzmacher [Sat, 20 Mar 2010 09:57:26 +0000 (10:57 +0100)]
dcerpc.idl: add nca_s_* status codes from the DCE 1.1 specification
metze
Karolin Seeger [Tue, 23 Mar 2010 10:39:05 +0000 (11:39 +0100)]
s3-builtin: Add some builtin groups.
Karolin
Simo Sorce [Tue, 23 Mar 2010 05:06:24 +0000 (01:06 -0400)]
idl:drsblobs add code to interpret msDS-TrustForestTrustInfo
Simo Sorce [Tue, 16 Mar 2010 20:15:39 +0000 (16:15 -0400)]
s4:lsa Functions to set Domain Trust Information
Simo Sorce [Mon, 22 Mar 2010 20:37:24 +0000 (16:37 -0400)]
s4:lsa move code to add trusted domain user into its own function
Simo Sorce [Mon, 22 Mar 2010 14:48:31 +0000 (10:48 -0400)]
s4:lsa Abstract crypto (un)wrapping in separate functions
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 23:24:32 +0000 (00:24 +0100)]
s4:registry - "LDB backend" - revert the length check for UTF16 strings
Let this do the "convert_string_talloc" function as it was before.
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 23:13:26 +0000 (00:13 +0100)]
Revert "s4:torture - WINREG RPC - reactivate test "SetValueExtended" for s4"
This reverts commit
0f2cf82e5e52da6fc71742df7b13c9f372bcf113.
Naturally we have to revert this for s4 until a new storage mechanism for binary
REG_SZ and REG_*WORD values has been found.
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 23:09:22 +0000 (00:09 +0100)]
s4:registry - "LDB backend" - revert the binary storage of "REG_SZ", "REG_DWORD" and "REG_QWORD"
We agreed that this hack isn't the best of the possible solutions.
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 22:53:17 +0000 (23:53 +0100)]
s4:ldb_modules/util.c - fix two counter variables to be "unsigned"
Jeremy Allison [Mon, 22 Mar 2010 22:57:31 +0000 (15:57 -0700)]
share_info.tdb could use non-canonicalized sharenames.
Fix this by moving canonicalization into lib/sharesec.c. Update the
db version to 3. Ensures we always find share names with security
descriptors attached.
Jeremy.
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 22:16:26 +0000 (23:16 +0100)]
convert_string_talloc_convenience - print out the input buffer in a better way (using dump_data since it isn't always directly readable)
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 21:38:45 +0000 (22:38 +0100)]
s4:registry - "reg_key_del/add_abs": call "talloc_free" only on valid objects
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 21:23:08 +0000 (22:23 +0100)]
s4:registry - "reg_import_hive_key" - change a "talloc_steal" into a "talloc_reference"
Use a "talloc_reference" since the "hive" variable can continue to exist also
after the destructed "struct local_key" object. It is also referenced by the
"mountpoints" structure under the "ctx" object.
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 21:01:31 +0000 (22:01 +0100)]
s4:registry - "patchfile" - add another "W_ERROR_HAVE_NO_MEMORY" macro call
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 20:46:39 +0000 (21:46 +0100)]
s4:registry - "local" - add also here more "W_ERROR_HAVE_NO_MEMORY" macro tests
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 20:34:54 +0000 (21:34 +0100)]
s4:registry - "util.c" - initialise "result" in "reg_key_add_abs"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 19:14:51 +0000 (20:14 +0100)]
s4:WINREG RPC - add also here a "W_ERROR_HAVE_NO_MEMORY"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 19:12:13 +0000 (20:12 +0100)]
s4:registry - "samba.c" - add a "talloc_free"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 19:10:26 +0000 (20:10 +0100)]
s4:registry - add more "W_ERROR_HAVE_NO_MEMORY" invocations (on talloc'ed stuff)
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:53:23 +0000 (19:53 +0100)]
s4:registry - "util" - remove "const" from "reg_abs_path"
Here it's not really needed
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:56:52 +0000 (19:56 +0100)]
s4:registry - adaptions for "add also a memory context argument for "reg_key_del_abs"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:47:49 +0000 (19:47 +0100)]
s4:registry - "util" - add also a memory context argument for "reg_key_del_abs"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:45:21 +0000 (19:45 +0100)]
s4:registry - "util" - make "reg_key_add_abs" consistent with "reg_key_del_abs"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:44:19 +0000 (19:44 +0100)]
s4:registry - "util" - fix up memory allocated data
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:26:59 +0000 (19:26 +0100)]
s4:registry - "dir.c" - fix up dynamic memory allocation operations
- Added free operations where needed
- Use always the "mem_ctx" for temporary data
- Proof with W_ERROR_HAVE_NO_MEMORY if stuff was allocated
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 18:18:56 +0000 (19:18 +0100)]
s4:registry - adaptions for "add memory contexts for delete value/key functions"
Matthias Dieter Wallnöfer [Mon, 22 Mar 2010 17:51:20 +0000 (18:51 +0100)]
s4:registry - registry.h - add memory contexts for delete value/key functions
Volker Lendecke [Sun, 14 Mar 2010 19:07:58 +0000 (20:07 +0100)]
tdb: Fix bug 7248, avoid the nanosleep dependency
Jeremy Allison [Mon, 22 Mar 2010 20:05:29 +0000 (13:05 -0700)]
Fix valgrind error when running under share level security. plaintext_password
is a data blob with a data pointer pointing to an allocation of length zero.
Jeremy.
Volker Lendecke [Fri, 5 Mar 2010 15:46:36 +0000 (16:46 +0100)]
s3: Add the "ctdb locktime warn threshold" parameter
This is mainly a debugging aid for post-mortem analysis in case a cluster file
system is slow.
Volker Lendecke [Thu, 18 Mar 2010 11:50:22 +0000 (12:50 +0100)]
s3: Implement an asynchronous echo responder process
This replies to echo requests when the main smbd is stuck somewhere
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 22 Mar 2010 08:06:07 +0000 (09:06 +0100)]
s3:smbd: don't allow SMB2 if the async echo handler is active
metze
Stefan Metzmacher [Fri, 19 Mar 2010 14:47:11 +0000 (15:47 +0100)]
s3:smbd: disable SMB encryption when the echo handler is active
metze
Stefan Metzmacher [Mon, 22 Mar 2010 08:11:05 +0000 (09:11 +0100)]
s3:smbd: disallow readbraw and writebraw if the echo handler is active
metze
Stefan Metzmacher [Fri, 19 Mar 2010 11:08:13 +0000 (12:08 +0100)]
s3:smbd: disable sendfile if the echo handler is active
metze
Stefan Metzmacher [Thu, 18 Mar 2010 19:22:26 +0000 (20:22 +0100)]
s3:smbd: don't use recvfile if the echo handler is active
metze
Stefan Metzmacher [Fri, 19 Mar 2010 13:59:19 +0000 (14:59 +0100)]
s3:smbd: setup a shared memory area for the signing state
metze
Stefan Metzmacher [Mon, 22 Mar 2010 07:42:13 +0000 (08:42 +0100)]
s3:smbd: add echo handler information to struct smbd_server_connection
metze
Stefan Metzmacher [Mon, 22 Mar 2010 07:35:33 +0000 (08:35 +0100)]
s3:param: add "async smb echo handler" option
This will enable an extra forked process that will reply
to SMBecho requests, while the main process is blocked by another
request.
metze
Stefan Metzmacher [Thu, 18 Mar 2010 14:36:19 +0000 (15:36 +0100)]
s3:smbd: pass down trusted_channel via receive_smb_talloc()
metze
Stefan Metzmacher [Fri, 19 Mar 2010 11:04:32 +0000 (12:04 +0100)]
s3:smbd: let reply_readbraw_error use the locked socket
metze
Stefan Metzmacher [Fri, 19 Mar 2010 11:02:27 +0000 (12:02 +0100)]
s3:smbd: send keepalive packets under the socket lock
metze
Stefan Metzmacher [Thu, 18 Mar 2010 08:23:48 +0000 (09:23 +0100)]
s3:smbd: smbd_[un]lock_socket() while accessing the socket to the client
metze