Andrew Tridgell [Sat, 13 Feb 2010 01:57:37 +0000 (12:57 +1100)]
tdb: use fdatasync() instead of fsync() in transactions
This might help on some filesystems
Andrew Tridgell [Sat, 13 Feb 2010 01:57:13 +0000 (12:57 +1100)]
libreplace: add fdatasync() if not available
Andrew Tridgell [Sat, 13 Feb 2010 01:53:15 +0000 (12:53 +1100)]
util: added TYPESAFE_QSORT() macro
This makes it much harder to get the type of a qsort comparison
function wrong.
Volker Lendecke [Sat, 13 Feb 2010 11:17:00 +0000 (12:17 +0100)]
tdb: Apply some const, just for clarity
Jeremy Allison [Sat, 13 Feb 2010 07:18:53 +0000 (23:18 -0800)]
Use sec_initial_uid() in the places where being root doesn't matter,
and 0 in the places where it does.
Jeremy
Jeremy Allison [Sat, 13 Feb 2010 06:45:37 +0000 (22:45 -0800)]
Simplify the logic in make_connection_snum(), and make it match Windows behavior.
Cause all exit paths to go through one place, where all cleanup is
done. change_to_root_user() for pathname operations that should succeed if
the path exists, even if the connecting user has no access.
For example, a share can now be defined with a path of /root/only/access
(where /root/only/access is a directory path with all components only
accessible to root e.g. root owned, permissions 700 on every component).
Non-root users will now correctly connect, but get ACCESS_DENIED on
all activities (which matches Windows behavior). Previously, non-root
users would get NT_STATUS_BAD_NETWORK_NAME on doing a TConX to this
share, even though it's a perfectly valid share path (just not accessible
to them).
This change was inspired by the research I did for bug #7126, which
was reported by bepi@adria.it.
As this is a change in a core function, I'm proposing to leave
this only in master for 3.6.0, not back-port to any existing releases.
This should give us enough time to decide if this is the way we want this to
behave (as Windows) or if we prefer the previous behavior.
Jeremy.
Jeremy Allison [Sat, 13 Feb 2010 06:21:19 +0000 (22:21 -0800)]
Fix warning messages on compile in g_lock.c Volker & Michael please check.
Jeremy.
Jeremy Allison [Sat, 13 Feb 2010 05:29:58 +0000 (21:29 -0800)]
Fix error in docs. Should be milliseconds, not microseconds.
Steven Danneman [Fri, 12 Feb 2010 23:42:50 +0000 (15:42 -0800)]
s3/smbd: change locking behavior when "lock spin time = 0".
The "lock spin time" parameter mimics the following Windows
setting which by default is 250ms in Windows and 200ms in Samba.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\LockViolationDelay
When a client sends repeated, non-blocking, contending BRL requests
to a Windows server, after the first Windows starts treating these
requests as timed blocking locks with the above timeout.
As an efficiency, I've changed the behavior when this setting is 0,
to skip this logic and treat all requests as non-blocking locks.
This gives the smbd server behavior similar to the 3.0 release with
the do_spin_lock() implementation.
I've also changed the blocking lock parameter in the call from
push_blocking_lock_request() to true as all requests made in this
path are blocking by definition.
Jeremy Allison [Sat, 13 Feb 2010 02:50:54 +0000 (18:50 -0800)]
Remove #if SOFTLINK_OPTIMIZATION code.
This hasn't been turned on or been capable of doing so for
many years now. Makes this jumbo function smaller...
Jeremy.
Jeremy Allison [Sat, 13 Feb 2010 02:17:32 +0000 (18:17 -0800)]
Revert "Fix bug #7126 - [SMBD] With access denied error smbd return wrong NT_STATUS_OBJECT_PATH_INVALID error"
This reverts commit
2fdd8b10c6abadd27c579e772c0482214d2363a5.
This fix is incorrect. The original code works as desired,
I made a mistake here.
Jeremy.
Jeremy Allison [Fri, 12 Feb 2010 23:45:20 +0000 (15:45 -0800)]
Fix bug #7126 - [SMBD] With access denied error smbd return wrong NT_STATUS_OBJECT_PATH_INVALID error
As tridge's comment says, we should be ignoring ACCESS_DENIED
on the share path in a TconX call, instead allowing the mount
and having individual SMB calls fail (as Windows does). The
original code erroneously caught SMB_VFS_STAT != 0 and errored
out on that.
Jeremy.
Michael Adam [Tue, 9 Feb 2010 07:00:06 +0000 (08:00 +0100)]
packaging(RHEL-CTDB): adapt configure.rpm to match the spec-file configure call
Michael
Volker Lendecke [Thu, 14 Jan 2010 17:26:01 +0000 (18:26 +0100)]
v3-4-ctdb: Do not do any logrotation
Michael Adam [Mon, 8 Feb 2010 10:01:47 +0000 (11:01 +0100)]
s3:registry: eliminate race condition in creating/scanning sorted subkeys
Called, from key_exists, scan_sorted_subkeys re-creates the sorted
subkeys record of the given key and then searches through it.
The race is that between creation and parsing of the sorted subkey
record, another process that stores some other subkey of the same
parent key will delete the sorted subkey record, resulting in an
WERR_BADFILE of an operation that should actually succeed.
This patch fixes the issue by wrapping the creation and parsing
into a transaction.
Michael
Michael Adam [Fri, 29 Jan 2010 14:04:25 +0000 (15:04 +0100)]
s3:make "net conf addshare" atomic by wrapping all writes in one transaction
Michael
Michael Adam [Sat, 23 Jan 2010 00:17:06 +0000 (01:17 +0100)]
s3:g_lock: remove a nested event loop, replacing the inner loop by select
This made smbd crash in g_lock_lock() when trying to start a
transaction on a db with an already started transaction,
e.g. in a tcon_and_X where the share_info.tdb was not yet
initialized but share_info.tdb was already locked by another
process or writing acces to the winreg rpc pipe where the
registry tdb was already locked by another process.
What we really _want_ to do here by design is to react to
MSG_DBWRAP_G_LOCK_RETRY messages that are either sent
by a client doing g_lock_unlock or by ourselves when
we receive a CTDB_SRVID_SAMBA_NOTIFY or
CTDB_SRVID_RECONFIGURE message from ctdbd, i.e. when
either a client holding a lock or a complete node
has died.
Doing this properly involves calling tevent_loop_once(),
but doing this here with the main ctdbd messaging context
creates a nested event loop when g_lock_lock() is called
from the main event loop.
So as a quick fix, we act a little corasely here: we do
a select on the ctdb connection fd and when it is readable
or we get EINTR, then we retry without actually parsing
any ctdb packages or dispatching messages. This means that
we retry more often than necessary and intended by design,
but this does not harm and it is unobtrusive. When we have
finished, the main loop will pick up all the messages and
ctdb packets. The only extra twist is that we cannot use
timed events here but have to handcode a timeout for select.
Michael
Michael Adam [Fri, 22 Jan 2010 23:05:15 +0000 (00:05 +0100)]
s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connection
Michael
Michael Adam [Fri, 22 Jan 2010 14:56:28 +0000 (15:56 +0100)]
s3:g_lock: remove an unreached code path.
Michael
Michael Adam [Mon, 18 Jan 2010 16:26:04 +0000 (17:26 +0100)]
s3:dbwrap_ctdb: fix reading/storing of special key __db_sequence_number__
The key for reading and writing was inconsistent due to a
off by one data length.
Michael
Michael Adam [Wed, 13 Jan 2010 22:53:54 +0000 (23:53 +0100)]
s3:dbwrap_ctdb: exit early when nothing has been written in transaction_commit.
This skips update of the __db_sequence_number__ record when nothing else has
been written. There are transactions that are just openend and then nothing
is written until transaction_commit is called. This is for instance the case
with registry initialization routines: They start a transaction and only
write somthing when the registry has not been initialized yet.
So this change will skip many db_seqnum bumps and TRANS3_COMMIT roundtrips.
Michael
Michael Adam [Wed, 13 Jan 2010 22:51:34 +0000 (23:51 +0100)]
s3:dbwrap_ctdb: fix brown paperbag bug in ctdb_transaction_commit.
I carefully prepared the return value only to "return 0;" at the bottom. :-(
This may well have hit us for instance in the nested cancel case
and produced random errors.
Michael
Michael Adam [Tue, 5 Jan 2010 23:37:21 +0000 (00:37 +0100)]
s3:dbwrap_ctdb: fix logic error in pull_newest_from_marshall_buffer().
The logic bug was that if a record was found in the marshall buffer,
then always the ctdb header of tha last record in the marshall buffer
was returned, and not the ctdb header of the last occurrence of the
requested record.
This is fixed by introducing an additional temporary variable.
Michael
Michael Adam [Tue, 5 Jan 2010 15:17:27 +0000 (16:17 +0100)]
s3:dbwrap_ctdb: fix an uninitialized variable.
Michael
Michael Adam [Fri, 11 Dec 2009 23:38:14 +0000 (00:38 +0100)]
s3:dbwrap_ctdb: fix two "may be used uninitialized" warnings
Michael
Michael Adam [Fri, 11 Dec 2009 23:30:37 +0000 (00:30 +0100)]
s3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when NT_STATUS_NOT_FOUND.
Don't treat this as an error but return seqnum 0 instead.
Michael
Volker Lendecke [Fri, 11 Dec 2009 15:51:40 +0000 (16:51 +0100)]
s3:dbwrap: If "-n" is given to dbwrap_torture, open db with CLEAR_IF_FIRST
Michael Adam [Fri, 11 Dec 2009 15:45:38 +0000 (16:45 +0100)]
s3:build: remove checks for deprecated ctdb controls.
Michael
Michael Adam [Fri, 11 Dec 2009 13:07:28 +0000 (14:07 +0100)]
s3:dbwrap_ctdb: maintain a database sequence number that bumps in transactions
For persistent databases, 64bit integer is kept in a special record
__db_sequence_number__. This record is incremented with each completed
transaction.
The retry mechanism for failing TRANS3_COMMIT controls inside the
db_ctdb_transaction_commit() function now relies one a modified
behaviour of ctdbd's treatment of persistent databases in recoveries.
Recently, a special treatment for persistent databases had been
introduced in ctdb (1.0.108) to work around the problems with the
orinal design of persistent transactions.
Now with the rewrite we need to revert to the old behaviour that
ctdb always takes the newest copies of all records.
This change also paves the way for a next step, which will make
recovery use the db seqnum to tell which node has the newest copy
of a persistent db and use that node's copy. This will greatly
reduce the amount of data transferred with each recovery.
Michael
Michael Adam [Fri, 11 Dec 2009 11:30:57 +0000 (12:30 +0100)]
s3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.
The return values calculated by the callers were wrong anyways since
the new marshalling code does not set the local tdbs tdb error code.
Michael
Michael Adam [Fri, 11 Dec 2009 09:35:50 +0000 (10:35 +0100)]
s3:dbwrap_ctdb: update (C)
Michael
Michael Adam [Fri, 4 Dec 2009 10:49:21 +0000 (11:49 +0100)]
build: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.
This is the new implementation of ctdb transactions using the
global lock feature. It is needed by the current dbwrap_ctdb code.
Michael
Volker Lendecke [Thu, 3 Dec 2009 17:43:49 +0000 (18:43 +0100)]
s3: Add tdb_data_equal
Volker Lendecke [Fri, 11 Dec 2009 14:37:52 +0000 (15:37 +0100)]
s3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.
Michael Adam [Thu, 3 Dec 2009 16:29:54 +0000 (17:29 +0100)]
s3:dbwrap_ctdb: start rewrite of transactions using the global lock (g_lock)
This simplifies the transaction code a lot:
* transaction_start essentially consists of acquiring a global lock.
* No write operations at all are performed on the local database
until the transaction is committed: Every store operation is just
going into the marshall buffer.
* The commit operation calls a new simplified TRANS3_COMMIT control
in ctdb which rolls out thae changes to all nodes including the
node that is performing the transaction.
Michael
Volker Lendecke [Sun, 6 Dec 2009 23:36:51 +0000 (00:36 +0100)]
s3: setup debug for smbtorture
Volker Lendecke [Fri, 4 Dec 2009 12:22:30 +0000 (13:22 +0100)]
s3: Add ctdb_conn_msg_ctx()
Volker Lendecke [Sun, 25 Oct 2009 15:12:12 +0000 (16:12 +0100)]
s3: Implement global locks in a g_lock tdb
This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.
Simo Sorce [Fri, 12 Feb 2010 21:24:22 +0000 (16:24 -0500)]
s4:kdc Fill in created_by principal field
Simo Sorce [Fri, 12 Feb 2010 19:54:18 +0000 (14:54 -0500)]
s4:kdc Fix double free and uninitialized memory.
In samba_kdc_trust_message2entry() on error, hdb_free_entry()
may end up trying to access uninitialized memory or double
free the hdb_entry.
Günther Deschner [Fri, 12 Feb 2010 19:31:46 +0000 (20:31 +0100)]
testprogs: print all printerinfo levels in spoolss test.
Guenther
Matthias Dieter Wallnöfer [Fri, 12 Feb 2010 13:58:27 +0000 (14:58 +0100)]
s4:auth/credentials/credentials.c - Initialise the "lm_response" and "nt_response" structures
In some cases those structures are not initialised and the whole authentication
system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
Matthias Dieter Wallnöfer [Fri, 12 Feb 2010 12:55:14 +0000 (13:55 +0100)]
s4:getopt.py - set the password callback only when no password has been provided
Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".
If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.
Stefan Metzmacher [Fri, 12 Feb 2010 11:20:03 +0000 (12:20 +0100)]
s4:net_drs_bind: make some more stuff static
metze
Stefan Metzmacher [Fri, 12 Feb 2010 11:19:15 +0000 (12:19 +0100)]
s4:net/drs: use the full path to "utils/net/drs/net_drs*.h"
This fixes the build with automatic dependecies.
metze
Volker Lendecke [Fri, 12 Feb 2010 11:06:50 +0000 (12:06 +0100)]
s3: notify_onelevel does not use seqnums, so don't open asking for it
Günther Deschner [Fri, 12 Feb 2010 10:32:08 +0000 (11:32 +0100)]
spoolss: regenerate hand-marshalled ndr_pull_spoolss_DriverInfo101 after ndr64 changes.
Guenther
Günther Deschner [Thu, 11 Feb 2010 17:58:11 +0000 (18:58 +0100)]
spoolss: make sure hand-marshalled spoolss_DriverInfo101 handles relative_highest_offset.
Guenther
Günther Deschner [Fri, 12 Feb 2010 10:25:59 +0000 (11:25 +0100)]
spoolss: regenerate hand-marshalled ndr_push_spoolss_DriverInfo101 after ndr64 changes.
Guenther
Jeremy Allison [Thu, 11 Feb 2010 23:59:41 +0000 (15:59 -0800)]
Remove the code replaced by widelinks warning.
Jeremy.
Jeremy Allison [Thu, 11 Feb 2010 23:16:23 +0000 (15:16 -0800)]
Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from Volker.
Create widelinks_warning(int snum) to cover the message needed in make_connection.
Jeremy.
Kai Blin [Tue, 2 Feb 2010 14:18:01 +0000 (15:18 +0100)]
s3 test: Make the netbios name test pass again
Kai Blin [Thu, 23 Apr 2009 14:37:11 +0000 (16:37 +0200)]
s4: Switch to S3-style id mapping data types.
Kai Blin [Wed, 22 Apr 2009 16:10:12 +0000 (18:10 +0200)]
s4 idmap: Make the sid_to_xid and xid_to_sid calls static.
Looking at the winbind interface, we should only be using the bulk conversion calls.
Kai Blin [Fri, 29 Jan 2010 11:09:18 +0000 (12:09 +0100)]
libwbclient: Test wbcLookupName async functions
Kai Blin [Wed, 27 May 2009 22:57:32 +0000 (00:57 +0200)]
libwbclient: Implement wbcLookupName_send/recv
Kai Blin [Wed, 27 May 2009 22:55:57 +0000 (00:55 +0200)]
libwbclient: Implement wbcAuthenticateUserEx_send/recv
Kai Blin [Fri, 24 Apr 2009 14:24:56 +0000 (16:24 +0200)]
libwbclient: Implement wbcLookupSid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:45:39 +0000 (09:45 +0200)]
libwbclient: Implement wbcGidToSid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:22:43 +0000 (09:22 +0200)]
libwbclient: Implement wbcSidToGid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:57:40 +0000 (09:57 +0200)]
libwbclient: Implement wbcUidToSid_send/recv
Kai Blin [Tue, 31 Mar 2009 21:10:48 +0000 (23:10 +0200)]
libwbclient: Implement wbcSidToUid_send/recv
Kai Blin [Sun, 15 Feb 2009 10:01:44 +0000 (11:01 +0100)]
libwbclient: Add wbcInterfaceDetails_send/recv
Kai Blin [Sat, 14 Feb 2009 09:06:05 +0000 (10:06 +0100)]
libwbclient: Add wbcDomainInfo_send/recv calls
Kai Blin [Fri, 13 Feb 2009 21:51:52 +0000 (22:51 +0100)]
libwbclient: Add wbcDomainName_send/recv call
Kai Blin [Fri, 13 Feb 2009 21:37:56 +0000 (22:37 +0100)]
libwbclient: Add wbcNetbiosName_send/recv calls
Kai Blin [Wed, 25 Mar 2009 09:08:10 +0000 (10:08 +0100)]
libwbclient: Add async wbcInfo_send()/wbcInfo_recv() calls
Kai Blin [Wed, 11 Feb 2009 23:11:45 +0000 (00:11 +0100)]
libwbclient: add wbcInterfaceVersion send/recv calls
Kai Blin [Fri, 29 Jan 2010 10:22:14 +0000 (11:22 +0100)]
libwbclient: torture-test wbcPing async functions.
Kai Blin [Tue, 24 Mar 2009 21:51:11 +0000 (22:51 +0100)]
libwbclient: Add async wbcPing_send/_recv
Kai Blin [Fri, 29 Jan 2010 10:54:33 +0000 (11:54 +0100)]
libwbclient: Zero out context on initialization
This prevents a segfault when using wbcDebug without prior call to wbcSetDebug
Jeremy Allison [Thu, 11 Feb 2010 22:45:53 +0000 (14:45 -0800)]
Final part of jumbo patch for bug #7104 - "wide links" and "unix extensions" are incompatible.
Volker pointed out that the preexec scripts get passed the conn->connectpath
as a parameter, so call canonicalize_connect_path() both *before* and after
the preexec scripts. Ignore errors on the call before the preexec scripts,
as the path may not exist until created by the preexec scripts.
Jeremy.
Simo Sorce [Thu, 11 Feb 2010 21:12:29 +0000 (16:12 -0500)]
Introduce lp_safe_widelinks()
This way we avoid any chance that a configuration reload may turn
back on wide links when unix extensions are enabled.
Jeremy Allison [Thu, 11 Feb 2010 19:00:45 +0000 (11:00 -0800)]
Fine changes to previous fix for bug #7104 - "wide links" and "unix extensions" are incompatible.
Make sure we match the previous allow widelinks behavior, in that
non-root preexec scripts can create share directories for a share
definition.
Jeremy
Jeremy Allison [Thu, 11 Feb 2010 18:19:33 +0000 (10:19 -0800)]
Suplementary patch for bug #7104 - "wide links" and "unix extensions" are incompatible.
Bug reported by Ralf Zimmermann <r.zimmermann@siegnetz.de>. Reproduced by jra.
If the target directory of a share doesn't exist, but is designed to
be created by a "root preexec" script call, then the widelinks check
is done too early - thus preventing the user from connecting to the
share.
Fix is to re-arrange the order of checks in make_connection_snum()
to always do the following order of operations:
(1). Turn off wide links if unix extensions = yes.
(2). Call any root preexec scripts.
(3). Canonicalize the share path to remove any symlinks (ie. end
up with the realpath in the connection_struct).
Jeremy.
Matthias Dieter Wallnöfer [Thu, 11 Feb 2010 14:42:48 +0000 (15:42 +0100)]
ldb_match - Ignore ":dn" part of extended matches for now
It's not fully clear what this ":dn" part means for us. What we know is that
older AD implementations (Windows Server 2000, 2003) need it to have extended
matches working in the expected way.
To be able to interoperate with s3's winbind and other tools I and gd decided
to transform this into a warning until we know what to do.
This should fix bug #6511.
Andrew Tridgell [Thu, 11 Feb 2010 13:33:13 +0000 (00:33 +1100)]
s4-provision: import the R2 functional level
this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.
Andrew Tridgell [Thu, 11 Feb 2010 13:11:11 +0000 (00:11 +1100)]
s4-build: avoid finding python symlinks
emacs creates symlinks to .py files while you are editing them. This
could cause build failures.
Andrew Tridgell [Thu, 11 Feb 2010 12:39:56 +0000 (23:39 +1100)]
s4-provision: fixed --function-level option to provision
we need the DS_DOMAIN_* levels imported
Andrew Tridgell [Thu, 11 Feb 2010 12:38:23 +0000 (23:38 +1100)]
s4-script: make enablerecyclebin use system_session
This allows it to work against our local ldb
Andrew Tridgell [Thu, 11 Feb 2010 12:37:44 +0000 (23:37 +1100)]
s4-pyldb: null terminate string ldb message elements from python
We need to eventually get rid of ldb_msg_find_attr_as_string() (or add
a mem_ctx to it), but meanwhile we have too many places that break if
we don't add a nul to the end of ldb msg strings from python.
Andrew Tridgell [Thu, 11 Feb 2010 12:35:31 +0000 (23:35 +1100)]
libds: added recyclebin feature GUID
Günther Deschner [Thu, 11 Feb 2010 12:32:44 +0000 (13:32 +0100)]
s3: re-run make samba3-idl.
Guenther
Günther Deschner [Thu, 11 Feb 2010 12:07:38 +0000 (13:07 +0100)]
spoolss: allow to set server architecture via parametric option.
This allows to set "spoolss:architecture = 'Windows x64'" for debugging purpose.
Guenther
Günther Deschner [Wed, 10 Feb 2010 23:44:06 +0000 (00:44 +0100)]
s3-spoolss: implement spoolss_EnumJobs level 3.
Level 3 has been added with NT 4.0 and Windows 7 (at least 64bit version) makes
use of it in order to display queued jobs. Windows 7 will *not* fall back to
level 2 if we just return WERR_UNKNOWN_LEVEL, instead there will be no printjobs
displayed at all.
Guenther
Günther Deschner [Thu, 11 Feb 2010 00:24:12 +0000 (01:24 +0100)]
testprogs: one more error code for spoolss test.
Guenther
Günther Deschner [Wed, 10 Feb 2010 23:06:20 +0000 (00:06 +0100)]
testprogs: print secdesc->Control in spoolss test.
Guenther
Günther Deschner [Wed, 10 Feb 2010 23:04:53 +0000 (00:04 +0100)]
testprogs: use ConvertSidToStringSid in order to print sids in spoolss test.
Guenther
Fernando J V da Silva [Fri, 5 Feb 2010 18:33:03 +0000 (16:33 -0200)]
s4-drs: Add DRSUAPI_DRS_NONGC_RO_REP bit to DRS_OPTIONS
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Andrew Tridgell [Thu, 11 Feb 2010 10:28:48 +0000 (21:28 +1100)]
s4-net-drs: fix some coding style issues
We should use the system/*.h headers for system includes. We also try
to avoid C++ comments.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Sat, 6 Feb 2010 01:13:33 +0000 (03:13 +0200)]
s4/net_drs: 'net drs kcc' command implementation
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 5 Feb 2010 20:36:36 +0000 (22:36 +0200)]
s4/net_drs: 'net drs bind' command implementation
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 5 Feb 2010 20:36:10 +0000 (22:36 +0200)]
s4/net_drs: 'net drs' utility initial creation
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 5 Feb 2010 20:37:54 +0000 (22:37 +0200)]
s4/idl: regenerating drsuapi.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Fri, 5 Feb 2010 20:37:27 +0000 (22:37 +0200)]
s4/idl: Naming reserved flags for DRSUAPI_SUPPORTED_EXTENSION_ field
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Matthieu Patou [Tue, 26 Jan 2010 23:03:15 +0000 (02:03 +0300)]
provision: Use short name for assignee of ACE (BA, SA, CO, ...)
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
of sysvol files (GPO objects and netlogon folders).
This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
from_sddl function.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Matthieu Patou [Tue, 26 Jan 2010 22:32:29 +0000 (01:32 +0300)]
python-s4: use secrets.ldb instead of sam.ldb for reading domain SID
This allow to be able to run net acl set xxx yyy on DC, but also on domain
member.
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Matthieu Patou [Mon, 8 Feb 2010 12:36:07 +0000 (15:36 +0300)]
provision: Fix an error with eadb when using not default install dir and running as a non root user
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Andrew Tridgell [Thu, 11 Feb 2010 09:49:29 +0000 (20:49 +1100)]
s4-dns: don't leave behind a tmp file
If the dns update file doesn't need updating we need to delete the tmp
file
Andrew Tridgell [Thu, 11 Feb 2010 09:48:47 +0000 (20:48 +1100)]
s4-selftest: don't run rndc reload in selftest
We don't want rndc calls on the build farm