Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:06:58 +0000 (19:06 +0200)]
s4:acl LDB module - LDB attribute names should be compared using "ldb_attr_cmp" or "strcasecmp"
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 18:19:31 +0000 (20:19 +0200)]
s4:acl LDB module - adaption for "objectclass_attrs" module
Since the attribute schema checking code moved back we need to give here the
"LDB_ERR_NO_SUCH_ATTRIBUTE" error.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:11:25 +0000 (19:11 +0200)]
s4:objectclass LDB module - remove "fix_check_attributes"
Also this task is now performed by the "objectclass_attrs" LDB module.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:53:33 +0000 (19:53 +0200)]
s4:samldb LDB module - adjust the module to set always a "defaultObjectCategory" on objectclass add operations
This is needed to make the "objectclass_attrs" LDB module happy. The search
check and case adjustment are done as it was using a second modify operation.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:09:51 +0000 (19:09 +0200)]
s4:remove the "validate_update" LDB module - the task is now handled by the far more complete "objectclass_attrs" LDB module
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 15:34:35 +0000 (17:34 +0200)]
s4:dsdb - introduce a new "objectclass_attrs" LDB module which performs the objectclass attributes checking
Until now we had no real consistent mechanism which allowed us to check if
attributes belong to the specified objectclasses.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 17:17:16 +0000 (19:17 +0200)]
s4:objectclass LDB module - instanciate the schema variable centrally on the "ac" context creation
This unifies the position when the schema is read and prevents multiple
instanciations (eg on a modification operation).
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:13:03 +0000 (22:13 +0200)]
s4:samldb LDB module - finally we can remove the RDN check
This is now dynamically always done by the objectclass LDB module
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:06:39 +0000 (22:06 +0200)]
s4:ldap.py - enhance the rename tests to demonstrate the functionality
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:55:08 +0000 (21:55 +0200)]
s4:objectclass LDB module - finally implement the correct entry rename protections
Only the "systemFlags" check is still missing.
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:43:55 +0000 (21:43 +0200)]
s4:objectclass LDB module - cosmetic change
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:42:06 +0000 (21:42 +0200)]
s4:objectclass LDB module - remove duplicated code
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:24:49 +0000 (21:24 +0200)]
s4:objectclass LDB module - fix counter variable types
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 19:23:34 +0000 (21:23 +0200)]
s4:objectclass LDB module - explain why the search can return with an empty return
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 17:44:22 +0000 (19:44 +0200)]
s4:objectclass LDB module - this "talloc_steal" is not necessary
The "parent_dn" was created on the "ac" context which lives anyway longer
than this child request.
Matthias Dieter Wallnöfer [Fri, 4 Jun 2010 18:48:52 +0000 (20:48 +0200)]
s4:objectclass LDB module - fix error result if an entry doesn't contain a structural objectclass
We need to return LDB_ERR_UNWILLING_TO_PERFORM (not LDB_ERR_NAMING_VIOLATION).
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 11:06:54 +0000 (13:06 +0200)]
s4:objectclass LDB module - use "ldb_oom" for expressing out of memory
Matthias Dieter Wallnöfer [Wed, 2 Jun 2010 20:42:59 +0000 (22:42 +0200)]
s4:objectclass LDB module - fix header and add my copyright
Andreas Schneider [Thu, 27 May 2010 07:07:03 +0000 (09:07 +0200)]
s3-waf: Build rpc_server/srv_spoolss_util.c too.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 7 Jun 2010 10:55:43 +0000 (12:55 +0200)]
s3-lsa: Fix static list of luids in our privileges implementation.
The high/low order changed while moving to LSA defines. Found by torture test.
Guenther
Günther Deschner [Mon, 7 Jun 2010 10:41:39 +0000 (12:41 +0200)]
s4-smbtorture: test workstation auth as well in RPC-SPOOLSS-ACCESS.
Guenther
Matthieu Patou [Fri, 7 May 2010 00:15:28 +0000 (04:15 +0400)]
s4:ldb python bindings - implement comparison on Python LDB Message objects
Coauthors: Jelmer Vernooij, Matthias Dieter Wallnöfer
Matthieu Patou [Sat, 5 Jun 2010 15:25:18 +0000 (19:25 +0400)]
s4: Remove an uselessly exposed control
Günther Deschner [Mon, 7 Jun 2010 09:21:26 +0000 (11:21 +0200)]
s4-smbtorture: handle printservers w/o printers in RPC-SPOOLSS-ACCESS.
Guenther
Günther Deschner [Sat, 5 Jun 2010 00:39:11 +0000 (02:39 +0200)]
s3-privileges: use LUID defines from lsa IDL.
Guenther
Matthew McGillis [Sat, 5 Jun 2010 00:48:40 +0000 (17:48 -0700)]
Fix bug with incorrect flag values for inherited ace in some cases.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:35:00 +0000 (18:35 +0200)]
s4:password_hash LDB module - adapt the module to the new "ldb_msg_remove_attr" behaviour
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:22:10 +0000 (18:22 +0200)]
ldb:ldb_msg_remove_attr - provide a better implementation
We can have some special (bad) messages which contain multiple message elements
for the same attribute. The AD password change ones are such an example.
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 17:12:48 +0000 (19:12 +0200)]
s4:samldb LDB module - this codepart isn't needed due to the objectclass LDB module
When a "computer" entry will be added, also the inherited "user" objectclass is
going to be specified.
Matthias Dieter Wallnöfer [Fri, 4 Jun 2010 19:10:41 +0000 (21:10 +0200)]
s4:get_last_structural_class - only real structural classes can be candidates for fetching the last one
Classes with objectCategory = 1 are always structural, these with
objectCategory = 0 also (as we can see in our Windows 2008 R2 schema file where
class "Person" has 0 but is structural).
Abstract classes and auxiliary ones cannot be considered (objectCategory = 2, 3)
http://msdn.microsoft.com/en-us/library/ms677964(VS.85).aspx
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:05:52 +0000 (18:05 +0200)]
s4:ldap.py - enhance the RDN name test to show that invalid "name" attributes are allowed on add operations
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:25:43 +0000 (18:25 +0200)]
s4:rdn_name LDB module - use "ldb_msg_remove_attr" for deleting attributes
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 15:56:09 +0000 (17:56 +0200)]
s4:rdn_name LDB module - remove "rdn_name_find_attribute"
It does exactly the same as "ldb_msg_find_element".
Matthias Dieter Wallnöfer [Mon, 31 May 2010 12:52:46 +0000 (14:52 +0200)]
s4:dsdb/common/util.c - provide a better implementation of the "samdb_msg_add_(add/del)val" calls
This supports now also coexisting add and delete message elements with the
same attribute name.
Matthias Dieter Wallnöfer [Thu, 3 Jun 2010 16:37:15 +0000 (18:37 +0200)]
ldb:ltdb_filter_attrs - fix a counter variable type
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 12:33:52 +0000 (14:33 +0200)]
s4:ldap_server/ldap_backend.c - send back also the extended error message if it exists
This message often contains suggestions how to fix issues.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 15:45:51 +0000 (17:45 +0200)]
s4:ridalloc LDB module - add more "talloc_free"s where useful
Some were missing on failure return branches.
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 18:08:45 +0000 (20:08 +0200)]
s4:acl LDB module - fix counter types where appropriate
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 17:58:28 +0000 (19:58 +0200)]
s4:descriptor LDB module - cosmetic fixup
Matthias Dieter Wallnöfer [Sun, 6 Jun 2010 18:23:42 +0000 (20:23 +0200)]
s4:urgent_replication.py - specify the "dnsRoot" attribute which is requested on "crossRef" entries
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 20:19:58 +0000 (22:19 +0200)]
s4:ldap.py - make sure that also the "posixuser" will be deleted on test breakages
Matthias Dieter Wallnöfer [Sat, 5 Jun 2010 22:11:16 +0000 (00:11 +0200)]
s4:provision - fix typo in substitution variable
Jeremy Allison [Sat, 5 Jun 2010 04:00:24 +0000 (21:00 -0700)]
Fix a long-standing bug with async io that would only be triggered by SMB2.
On normal or shutdown close, ensure we wait for any pending IO to
complete before returning. Implement a blocking aio_suspend inside
vfs_aio_fork.c. These changes pass make test when the aio_fork module
is used by default on the test shares.
Jeremy.
Björn Jacke [Sat, 5 Jun 2010 00:13:21 +0000 (02:13 +0200)]
s3:build: add shared lib flag for HP-UX compiler
Björn Jacke [Sat, 5 Jun 2010 00:12:02 +0000 (02:12 +0200)]
s3: fix build on Heimdal based systems like NetBSD5
Günther Deschner [Fri, 4 Jun 2010 23:26:49 +0000 (01:26 +0200)]
s4-smbtorture: make RPC-SPOOLSS-ACCESS more compatible with older samba releases.
Guenther
Günther Deschner [Fri, 4 Jun 2010 23:25:05 +0000 (01:25 +0200)]
s4-smbtorture: remove another incarnation of test_ClosePrinter.
This should fix the build; why waf didn't catch that durint make bin/smbtorture4 ?
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:03:11 +0000 (19:03 +0200)]
s4-smbtorture: add RPC-SPOOLSS-ACCESS.
This test creates
- a user
- a user with BUILTIN\Administrators membership
- a user with BUILTIN\Print Operators membership
- a user with SePrintOperatorPrivilege (if available)
- a user with full access in security descriptor
and checks what access rights are granted in spoolss_OpenPrinterEx.
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:02:17 +0000 (19:02 +0200)]
s4-smbtorture: share test_ClosePrinter between RPC-SPOOLSS and RPC-SPOOLSS-WIN.
Guenther
Günther Deschner [Fri, 4 Jun 2010 14:55:07 +0000 (16:55 +0200)]
s3-rpcclient: allow to add access_mask in cmd_spoolss_open_printer_ex().
Guenther
Günther Deschner [Fri, 4 Jun 2010 17:05:24 +0000 (19:05 +0200)]
s4-smbtorture: check error codes in RAP-SAM testsuite.
Guenther
Jeremy Allison [Fri, 4 Jun 2010 20:49:38 +0000 (13:49 -0700)]
Oops. Forgot to re-initialize the aio_ex pointer from sival_ptr.
Jeremy Allison [Fri, 4 Jun 2010 18:41:57 +0000 (11:41 -0700)]
wait_for_aio_completion() should return 0 on non-aio compiled case.
Jeremy Allison [Fri, 4 Jun 2010 18:41:38 +0000 (11:41 -0700)]
Rename req -> smbreq.
Jeremy Allison [Fri, 4 Jun 2010 18:30:46 +0000 (11:30 -0700)]
Change smbd_aio_complete_mid() -> smbd_aio_complete_aio_ex(). Simplifies
the code and eliminates find_aio_ex().
Jeremy.
Andreas Schneider [Thu, 3 Jun 2010 20:04:08 +0000 (22:04 +0200)]
s3-rpc: Create a file with all functions for a internal named pipe.
This makes it possible to use the samr rpc server in winbind without
linking in smbd.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Thu, 3 Jun 2010 20:01:46 +0000 (22:01 +0200)]
s3-rpc: Seperate rpc_srv_register for plain connection.
This will make it possible to create plain rpc named pipe connnections.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Wed, 2 Jun 2010 17:39:18 +0000 (19:39 +0200)]
s3-auth: Moved smbd user functions to a generic place.
Reviewed-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Mon, 31 May 2010 16:33:38 +0000 (18:33 +0200)]
s3-smbd: Remove unneeded dependency of map_username to globals.c.
Reviewed-by: Simo Sorce <idra@samba.org>
Günther Deschner [Fri, 4 Jun 2010 12:31:08 +0000 (14:31 +0200)]
s3-selftest: do not call main RPC-SPOOLSS testsuite.
The tests formerly available in there can now be accessed via
RPC-SPOOLSS-PRINTSERVER.
Guenther
Günther Deschner [Thu, 3 Jun 2010 19:39:51 +0000 (21:39 +0200)]
s4-smbtorture: completely rework RPC-SPOOLSS-PRINTER.
This is now a child testsuite to RPC-SPOOLSS. You can call simple tests via
RPC-SPOOLSS-{addprinter,addprinterex}-testname.
Guenther
Günther Deschner [Thu, 3 Jun 2010 18:48:49 +0000 (20:48 +0200)]
s4-smbtorture: rework order of test in RPC-SPOOLSS-PRINTSERVER a bit.
Guenther
Björn Jacke [Thu, 3 Jun 2010 22:55:10 +0000 (00:55 +0200)]
ѕ3:Makefile: use PIC instead of PIE flags for shared libs
otherwise shared lib builds are broken on some platforms
Jeremy Allison [Thu, 3 Jun 2010 18:50:08 +0000 (11:50 -0700)]
Allow us to cope correctly with NT_STATUS_MORE_PROCESSING_REQUIRED when downgrading from krb5 to NTLMSSP over SMB2.
Jeremy.
Jeremy Allison [Thu, 3 Jun 2010 18:18:11 +0000 (11:18 -0700)]
Found by Guenther - fix up our fallback paths from krb5 to NTLMSSP when using SMB2.
Jeremy.
Günther Deschner [Tue, 18 May 2010 21:40:43 +0000 (23:40 +0200)]
s4-smbtorture: convert RPC-SPOOLSS into a torture suite.
Guenther
Günther Deschner [Thu, 3 Jun 2010 15:08:55 +0000 (17:08 +0200)]
s4-smbtorture: allow to call single tests from a testcase in a testsuite
directly on the commandline.
Guenther
James Peach [Fri, 19 Mar 2010 02:30:54 +0000 (19:30 -0700)]
libreplace: Fix readline build with libedit.
libedit on MAc OSX 10.5 does not have the rl_completion_t typedef,
but uses a internal typedef names CPPFunction.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Thu, 3 Jun 2010 14:30:55 +0000 (16:30 +0200)]
s3-spoolss: add and use spoolss_printerinfo2_to_setprinterinfo2().
This fixes some invalid typecasts.
Guenther
Volker Lendecke [Thu, 3 Jun 2010 14:09:31 +0000 (16:09 +0200)]
s3: Fix the build of the nfsv4 acl code
Günther Deschner [Thu, 3 Jun 2010 12:54:02 +0000 (14:54 +0200)]
s4-smbtorture: move PrintProcessors winreg test to main RPC-SPOOLSS test.
Guenther
Günther Deschner [Thu, 3 Jun 2010 11:01:40 +0000 (13:01 +0200)]
s4-smbtorture: add test_PrintProcessors_winreg.
This does cross reference checks between spoolss PrintProcessors and entries
stored in winreg.
Guenther
Günther Deschner [Thu, 3 Jun 2010 11:01:16 +0000 (13:01 +0200)]
s4-smbtorture: refactor test_EnumPrintProcessors().
Guenther
Günther Deschner [Thu, 3 Jun 2010 09:46:44 +0000 (11:46 +0200)]
s4-smbtorture: only test data up to a length of 9 bytes in test_SetPrinterDataEx_matrix().
Guenther
Günther Deschner [Wed, 2 Jun 2010 23:45:01 +0000 (01:45 +0200)]
s3: remove authdata.h
Guenther
Günther Deschner [Thu, 3 Jun 2010 08:25:32 +0000 (10:25 +0200)]
s3-build: pure cosmetics, use better names for gen_ndr code pieces.
Guenther
Günther Deschner [Thu, 3 Jun 2010 07:57:50 +0000 (09:57 +0200)]
s3-build: only include generated spoolss headers (not ndr headers).
Guenther
Günther Deschner [Thu, 3 Jun 2010 08:49:34 +0000 (10:49 +0200)]
s3: remove rpc_secdes.h completely.
Guenther
Günther Deschner [Thu, 3 Jun 2010 08:36:05 +0000 (10:36 +0200)]
s3-security: use shared "Standard access rights.".
Guenther
Günther Deschner [Wed, 2 Jun 2010 23:27:50 +0000 (01:27 +0200)]
security: move generic_mapping and standard_mapping to security.idl.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:57:09 +0000 (23:57 +0200)]
s3-security: use shared "File Object specific access rights".
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:48:15 +0000 (23:48 +0200)]
s3-security: use shared "Generic access rights".
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:45:44 +0000 (23:45 +0200)]
s3-security: use shared Security Access Masks Rights.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:45:14 +0000 (23:45 +0200)]
s3-security: move ALL_SECURITY_INFORMATION to the only user.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:39:05 +0000 (23:39 +0200)]
s3-security: remove duplicate Extra W2K flags.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:35:44 +0000 (23:35 +0200)]
s3-security: use shared SECINFO_DACL define.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:29:16 +0000 (23:29 +0200)]
s3-security: use shared SECINFO_SACL define.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:25:18 +0000 (23:25 +0200)]
s3-security: use shared SECINFO_GROUP define.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:22:12 +0000 (23:22 +0200)]
s3-security: use shared SECINFO_OWNER define.
Guenther
Günther Deschner [Wed, 2 Jun 2010 21:16:32 +0000 (23:16 +0200)]
s3-security: remove some more shared secdesc defines.
Guenther
Jeremy Allison [Wed, 2 Jun 2010 23:57:08 +0000 (16:57 -0700)]
Ensure we remove SMB2 cancel requests from the active queue
now we don't remove them in the talloc destructor.
Jeremy.
Jeremy Allison [Wed, 2 Jun 2010 23:43:31 +0000 (16:43 -0700)]
Fix a crash bug found by Ira Cooper <samba@ira.wakeful.net>.
A create call comes in, goes async (on the oplock request).
At a later time (just before a cancel request is received)
it completes, and goes through smbd_smb2_request_reply() to
send the reply to the create call.
However, the output socket queue is full, so when
tstream_writev_queue_send() is called from smbd_smb2_request_reply(),
the smb2req stays on the "being processed" queue on
sconn->smb2.requests, as only when tstream_writev_queue_send() completes
is smbd_smb2_request_writev_done() get called, which will TALLOC_FREE
the smb2req (and thus take if off the queue).
The cancel comes in, gets processed and looks through the
requests on the queue, and BANG - hits the smb2req that
has already been processed and is outgoing....
Remove the request from the queue once
tstream_writev_queue_send() is called and not in the talloc
destructor function.
Jeremy.
Günther Deschner [Wed, 2 Jun 2010 22:09:26 +0000 (00:09 +0200)]
s3: remove unused librpc/ndr/sid.c.
Guenther
Jeremy Allison [Wed, 2 Jun 2010 17:25:56 +0000 (10:25 -0700)]
Move to using a DATA_BLOB inside of struct aio_extra, not a char *.
Will make using AIO in SMB2 easier.
Jeremy.
Günther Deschner [Wed, 2 Jun 2010 13:35:33 +0000 (15:35 +0200)]
s3-selftest: Fix blackbox smbclient s3 tests during make selftest.
Guenther
Matthieu Patou [Fri, 21 May 2010 07:57:29 +0000 (11:57 +0400)]
s3: Allow previous password to be stored and use it to check tickets
This patch is to fix bug 7099. It stores the current password in the
previous password key when the password is changed. It also check the
user ticket against previous password.
Signed-off-by: Günther Deschner <gd@samba.org>
Volker Lendecke [Tue, 5 Jan 2010 09:42:38 +0000 (10:42 +0100)]
s3: Add vfs_linux_xfs_sgid
http://oss.sgi.com/bugzilla/show_bug.cgi?id=280 shows an old Linux XFS bug that
still exists: Under certain circumstances the SGID bit is not inherited.
Kai Blin [Wed, 2 Jun 2010 09:28:54 +0000 (11:28 +0200)]
s3-waf: Fix up smbclient dependencies
Kai Blin [Wed, 2 Jun 2010 09:21:18 +0000 (11:21 +0200)]
s3-waf: Fixed dependencies of the the krbclient subsystem.
Andreas Schneider [Wed, 2 Jun 2010 09:19:36 +0000 (11:19 +0200)]
s3-waf: Fixed dependencies of the the avahi subsystem.