Andrew Tridgell [Wed, 16 Sep 2009 10:57:09 +0000 (03:57 -0700)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Wed, 16 Sep 2009 10:43:37 +0000 (03:43 -0700)]
s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
When a partition is first created it still needs a uSNHighest value
Stefan Metzmacher [Wed, 16 Sep 2009 00:03:46 +0000 (02:03 +0200)]
libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.
metze
Stefan Metzmacher [Wed, 16 Sep 2009 00:36:49 +0000 (02:36 +0200)]
lib/crypto: include aes.h into crypto.h
metze
Andrew Tridgell [Wed, 16 Sep 2009 03:51:10 +0000 (20:51 -0700)]
s4-repl: take advantage of async RPC forwarding
This uses async RPC forwarding for the DsReplicaSync call
Andrew Tridgell [Wed, 16 Sep 2009 03:50:30 +0000 (20:50 -0700)]
s4-rpc: added a module for forwarding RPC requests
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
Andrew Tridgell [Wed, 16 Sep 2009 02:26:33 +0000 (19:26 -0700)]
s4-drs: lock down key DRS calls
The key DRS calls should only be allowed by administrators or domain
controllers
Andrew Tridgell [Wed, 16 Sep 2009 02:25:45 +0000 (19:25 -0700)]
s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
Andrew Tridgell [Tue, 15 Sep 2009 21:07:43 +0000 (14:07 -0700)]
s4-ldb: ldap attribute names can contain a '.'
When they are of the form of OIDs
Andrew Tridgell [Tue, 15 Sep 2009 21:07:06 +0000 (14:07 -0700)]
s4-ldb: expose ldb_transaction_prepare_commit() in ldb
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
Andrew Tridgell [Tue, 15 Sep 2009 21:06:07 +0000 (14:06 -0700)]
s4-repl: don't do double replication
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
Andrew Tridgell [Tue, 15 Sep 2009 21:04:22 +0000 (14:04 -0700)]
tdb: allow reads after prepare commit
We previously only allowed a commit to happen after a prepare
commit. It is in fact safe to allow reads between a prepare and a
commit, and the s4 replication code can make use of that, so allow it.
Andrew Tridgell [Tue, 15 Sep 2009 18:47:42 +0000 (11:47 -0700)]
s4-drs: filter based on local_usn
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
Andrew Tridgell [Tue, 15 Sep 2009 18:46:59 +0000 (11:46 -0700)]
s4-repl: make sure we marshal the replPropertyMetaData after the last change
we were setting local_usn after the marshall, so it wasn't going into
the object
Andrew Tridgell [Tue, 15 Sep 2009 17:01:26 +0000 (10:01 -0700)]
s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
Andrew Tridgell [Tue, 15 Sep 2009 17:00:24 +0000 (10:00 -0700)]
s4-ldb: cope better with corruption of tdb records
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
Andrew Tridgell [Tue, 15 Sep 2009 16:43:27 +0000 (09:43 -0700)]
talloc: when we enable NULL tracking, reparent the autofree context
If NULL tracking is enabled after the autofree context is initialised
then autofree ends up separate from the null_context. This means that
talloc_report_full() doesn't report the autofree context. Fix this by
reparenting the autofree context when we create the null_context.
Andrew Tridgell [Tue, 15 Sep 2009 16:23:14 +0000 (09:23 -0700)]
s4-repl: add a debug to make it easier to monitor replication
Volker Lendecke [Wed, 16 Sep 2009 01:20:49 +0000 (03:20 +0200)]
s3: Fix reading beyond the end of a named stream in xattr_streams
This was found thanks to a test by Sivani from Microsoft against Samba at the
SDC plugfest
Volker Lendecke [Wed, 16 Sep 2009 01:15:53 +0000 (03:15 +0200)]
s3: Add some debugs to streams_xattr
Günther Deschner [Wed, 16 Sep 2009 01:23:05 +0000 (03:23 +0200)]
schannel: remove last traces of gensec.
Guenther
Günther Deschner [Wed, 16 Sep 2009 00:09:06 +0000 (02:09 +0200)]
lib/crypto: link in AES crypto for s4 as well.
Guenther
Günther Deschner [Tue, 15 Sep 2009 22:52:33 +0000 (00:52 +0200)]
s3-schannel: remove unused schannel_decode/schannel_encode.
Guenther
Günther Deschner [Tue, 15 Sep 2009 22:26:17 +0000 (00:26 +0200)]
schannel: fully share schannel sign/seal between s3 and 4.
Guenther
Günther Deschner [Tue, 15 Sep 2009 16:29:10 +0000 (18:29 +0200)]
schannel: move schannel_sign to main directory.
Guenther
Günther Deschner [Tue, 15 Sep 2009 23:07:26 +0000 (01:07 +0200)]
s4-schannel: try to fix the build.
Guenther
Günther Deschner [Sun, 13 Sep 2009 16:42:45 +0000 (18:42 +0200)]
s4-schannel: first step of decoupling schannel from gensec.
Guenther
Günther Deschner [Sun, 13 Sep 2009 13:21:20 +0000 (15:21 +0200)]
s4-schannel: strip trailing whitespace.
Guenther
Günther Deschner [Tue, 15 Sep 2009 20:13:12 +0000 (22:13 +0200)]
s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in
cli_pipe_verify_schannel().
Guenther
Günther Deschner [Tue, 15 Sep 2009 21:52:20 +0000 (23:52 +0200)]
lib/crypto: add aes encryption routines to main cryto lib.
Guenther
Björn Jacke [Tue, 15 Sep 2009 18:26:24 +0000 (20:26 +0200)]
libreplace: white space cleanups
Björn Jacke [Tue, 15 Sep 2009 17:41:58 +0000 (19:41 +0200)]
s3: ignore cups-config to tidy up library dependencies
contrary to krb5-config for example, which outputs useful things, cups-config
--libs does not output libs we have to link against. It outputs libs that cups
linked against. We just have to link against cups.
Andrew Bartlett [Tue, 15 Sep 2009 17:11:45 +0000 (10:11 -0700)]
libcli:nbt put util_net.c protos in new header file
This fixed a very odd build problem due to util.h importing
system/network.h being imported before the uid_wapper code.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Sep 2009 15:14:54 +0000 (08:14 -0700)]
s4:schema Add code to provide an index into the subClass tree
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.
Andrew Bartlett
Günther Deschner [Tue, 15 Sep 2009 17:32:39 +0000 (19:32 +0200)]
s3-dcerpc: really fix remaining old auth level constants. sorry...
Guenther
Günther Deschner [Tue, 15 Sep 2009 16:30:01 +0000 (18:30 +0200)]
s3-dcerpc: fix remaining old auth level constants.
Guenther
Günther Deschner [Mon, 14 Sep 2009 22:26:31 +0000 (00:26 +0200)]
ntlmssp: pretty print a VERSION structure.
Guenther
Günther Deschner [Mon, 14 Sep 2009 21:25:33 +0000 (23:25 +0200)]
ntlmssp: better document to what structures we are reffering to.
Guenther
Günther Deschner [Tue, 15 Sep 2009 06:21:00 +0000 (08:21 +0200)]
s3-dcerpc: remove unsed auth type defines as seen on the wire.
Guenther
Günther Deschner [Tue, 15 Sep 2009 04:37:10 +0000 (06:37 +0200)]
s3-dcerpc: remove more unused structs.
Guenther
Günther Deschner [Tue, 15 Sep 2009 04:36:44 +0000 (06:36 +0200)]
s3-dcerpc: remove duplicate RPC_AUTH_LEVEL flags.
Guenther
Günther Deschner [Mon, 14 Sep 2009 18:39:54 +0000 (20:39 +0200)]
s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.
Guenther
Andrew Bartlett [Tue, 15 Sep 2009 14:42:54 +0000 (07:42 -0700)]
libcli:nbt make the lmhosts parsing code and dependicies common
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
Stefan Metzmacher [Tue, 15 Sep 2009 05:48:50 +0000 (07:48 +0200)]
s4:heimdal_build: fix one more problem with automatic dependecies
metze
Andrew Bartlett [Tue, 15 Sep 2009 05:37:11 +0000 (22:37 -0700)]
s4:provision Prevent some invalid combinations of realm and domain
We don't do well (even just trying to create duplicate
servicePrincipalName values) with some of these combinations, so kill
it off early before the administrator thinks it's going to work.
Andrew Bartlett
Matthieu Patou [Fri, 11 Sep 2009 21:03:52 +0000 (01:03 +0400)]
s4: Script to build or rebuild extend DN attributes
This script can be used to upgrade a provision that didn't integrate extended dn.
It can also be used to add missing extended DN that weren't created during provision.
Björn Jacke [Tue, 15 Sep 2009 04:48:49 +0000 (06:48 +0200)]
s3: BSD needs sys/sysctl.h included to build properly
FreeBSD (and other BSDs, too) need sys/sysctl.h inclueded to use sysctlbyname().
Thanks to Timur Bakeyev for that.
Volker Lendecke [Tue, 15 Sep 2009 02:09:54 +0000 (19:09 -0700)]
Second part of bug fix for 6606.
s3:libsmb: Fix bug 6606 -- short reads in smbclient were not handled
Jeremy Allison [Tue, 15 Sep 2009 01:45:16 +0000 (18:45 -0700)]
Torture test for bug 6529 - Offline files conflict with Vista and Office 2003.
Ensure we don't regress.
Jeremy.
Björn Jacke [Tue, 15 Sep 2009 01:41:06 +0000 (03:41 +0200)]
nss_winbind: remove unused variable
Jeremy Allison [Mon, 14 Sep 2009 22:30:05 +0000 (15:30 -0700)]
Fix bug 6494 - Incorrect FileStatus returned in NT_CREATE_ANDX.
Lookup the EA and Stream status on CreateX.
Jeremy.
Jeremy Allison [Mon, 14 Sep 2009 22:06:37 +0000 (15:06 -0700)]
Fix bug 6726 - Filename length overwrites oplock request field in cli_nt_create().
Jeremy.
Volker Lendecke [Mon, 14 Sep 2009 20:47:31 +0000 (22:47 +0200)]
s3:vfs_catia: Make some fns static
Volker Lendecke [Mon, 14 Sep 2009 20:28:11 +0000 (22:28 +0200)]
s3:vfs_catia: Use talloc_zero for simplification
Volker Lendecke [Mon, 14 Sep 2009 20:22:26 +0000 (22:22 +0200)]
s3:vfs_modules: Fix Coverity ID 946: OVERRUN_STATIC
Tim, please check!
Andrew Tridgell [Mon, 14 Sep 2009 20:13:12 +0000 (13:13 -0700)]
s4-repl: handle rename in repl_meta_data
On a rename we need to update uSNChanged, and the max uSN for the
partition
Andrew Tridgell [Mon, 14 Sep 2009 20:12:32 +0000 (13:12 -0700)]
s4-drs: allow replication of renames
a rename may have no attribute changes
Matt Kraai [Wed, 26 Aug 2009 04:19:52 +0000 (21:19 -0700)]
Prepend "$libreplacedir/" to all objects in LIBREPLACEOBJ
Andrew Tridgell [Mon, 14 Sep 2009 10:44:10 +0000 (03:44 -0700)]
s4-repl: fixed a memory error handling linked attributes
We could get a double free with multiple linked attributes in a
message
Andrew Tridgell [Mon, 14 Sep 2009 10:43:26 +0000 (03:43 -0700)]
s4-repl: fall back to repsFrom if repsTo not set
Windows does not seem to be always setting up repsTo using
DsUpdateRefs(). For now we will fall back to using repsFrom if repsTo
is empty. This is almost certainly incorrect, but it does get
notification based replication working with both w2k3 and w2k8.
Jelmer Vernooij [Mon, 14 Sep 2009 15:03:30 +0000 (17:03 +0200)]
pyldb: Don't segfault when invalid type is specified to Dn.get().
(#6722)
Michael Adam [Mon, 14 Sep 2009 09:44:39 +0000 (11:44 +0200)]
examples/LDAP: remove sambaAccountPolicy from the IBM-DS schema.
Michael
Michael Adam [Mon, 14 Sep 2009 09:40:47 +0000 (11:40 +0200)]
dsdb: the samba3 ldap schema has no sambaAccountPolicy (any more at least)
Michael
Stefan Metzmacher [Mon, 14 Sep 2009 07:58:19 +0000 (09:58 +0200)]
s4:heimdal_build: fix the build with --enable-automatic-dependencies
We need to create the header file before we generate the source file.
metze
Andrew Bartlett [Mon, 14 Sep 2009 05:09:45 +0000 (22:09 -0700)]
s4:heimdal_build Fix build breakages caused by asn1compile change
The issue was that we referenced an asn1compile generated file by
name, not by the subsystem is was generated by.
Andrew Bartlett
Volker Lendecke [Mon, 14 Sep 2009 01:21:30 +0000 (03:21 +0200)]
s3: Test short reads in the build farm
Volker Lendecke [Mon, 14 Sep 2009 01:21:19 +0000 (03:21 +0200)]
s3:libsmb: Fix bug 6606 -- short reads in smbclient were not handled
Günther Deschner [Mon, 14 Sep 2009 04:47:37 +0000 (06:47 +0200)]
schannel: remove unused schannel structs.
Guenther
Günther Deschner [Sat, 12 Sep 2009 22:28:49 +0000 (00:28 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_sids3 wrapper.
Guenther
Günther Deschner [Fri, 11 Sep 2009 17:35:14 +0000 (19:35 +0200)]
s3-rpc_client: add rpccli_lsa_lookup_names4 wrapper.
Guenther
Andrew Bartlett [Sun, 13 Sep 2009 00:20:32 +0000 (17:20 -0700)]
s4:heimdal_build Love pointed me at the --one-code-file option to asn1_compile
This new option avoids a lot of code that was used to intuit what
files would be output by the compiler.
Andrew Bartlett
OPC oota [Mon, 14 Sep 2009 00:44:04 +0000 (02:44 +0200)]
s3:docs: Fix a typo
Andrew Tridgell [Sun, 13 Sep 2009 08:16:13 +0000 (18:16 +1000)]
s4-repl: added a preiodic notification check to the repl task
The dreplsrv_notify code checks the partition uSN values every N
seconds, and if one has changed then it sends a DsReplicaSync to all
the replication partners listed in the repsTo attribute for the
partition.
Andrew Tridgell [Sun, 13 Sep 2009 08:14:35 +0000 (18:14 +1000)]
s4-drs: fixed search expression
At least on the command line the braces are needed. Strange.
Andrew Tridgell [Sun, 13 Sep 2009 08:13:56 +0000 (18:13 +1000)]
s4-repl: use the new dsdb partition uSN helper fns
Andrew Tridgell [Sun, 13 Sep 2009 08:13:17 +0000 (18:13 +1000)]
s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usn
These are used to load/save the per-partition uSN values managed by
the repl_meta_data module
Andrew Tridgell [Sun, 13 Sep 2009 08:12:05 +0000 (18:12 +1000)]
s4-sam: allow a search to specify a partition
You can now attach a partition control to searches to search within a
specific partition. This is used to get at the per-partition
@REPLCHANGED object
Andrew Tridgell [Sun, 13 Sep 2009 04:24:08 +0000 (14:24 +1000)]
s4-repl: keep a @REPLCHANGED object on each partition
This object tracks the highest uSN in each partition. It will be used
to allow us to efficiently detect changes in a partition for sending
DsReplicaSync messages to our replication partners.
Günther Deschner [Sun, 13 Sep 2009 19:30:10 +0000 (21:30 +0200)]
s3-samr: Fix Coverity #934 UNINIT.
Guenther
Günther Deschner [Sun, 13 Sep 2009 19:28:23 +0000 (21:28 +0200)]
s3-netlogon: Fix Coverity #945 UNINIT.
Guenther
Günther Deschner [Sun, 13 Sep 2009 16:38:34 +0000 (18:38 +0200)]
s3-nterr: print a NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED.
Guenther
Günther Deschner [Sun, 13 Sep 2009 19:17:59 +0000 (21:17 +0200)]
s3-schannel: fix Coverity #950 OVERRUN_STATIC.
Guenther
Günther Deschner [Sat, 12 Sep 2009 23:35:06 +0000 (01:35 +0200)]
s4-schannel: use NL_AUTH_MESSAGE for schannel.
Guenther
Günther Deschner [Sat, 12 Sep 2009 22:37:37 +0000 (00:37 +0200)]
s4-schannel: strip trailing whitespace.
Guenther
Günther Deschner [Sat, 12 Sep 2009 21:25:00 +0000 (23:25 +0200)]
s3-schannel: fix api_pipe_schannel_process(), was using incorrect buffer length.
Found by RPC-SCHANNEL torture test.
Guenther
Jelmer Vernooij [Sat, 12 Sep 2009 23:59:48 +0000 (01:59 +0200)]
Fix string-wchar-fixed-array-03 test (when libndr is available).
Jelmer Vernooij [Sat, 12 Sep 2009 23:59:16 +0000 (01:59 +0200)]
Fix string-wchar-fixed-array-02 test (when libndr is available).
Jelmer Vernooij [Sat, 12 Sep 2009 23:58:11 +0000 (01:58 +0200)]
Fix string-wchar-fixed-array-01 test (when libndr is available).
Jelmer Vernooij [Sat, 12 Sep 2009 23:31:13 +0000 (01:31 +0200)]
pidl: Remove unnecessary _GNU_SOURCE define.
Matt Kraai [Tue, 15 Sep 2009 20:09:10 +0000 (13:09 -0700)]
Ignore source4/dsdb/kcc/kcc_service_proto.h.
Günther Deschner [Wed, 16 Sep 2009 08:27:21 +0000 (10:27 +0200)]
s3-netapi: Fix Coverity #668: FORWARD_NULL.
Guenther
Günther Deschner [Wed, 16 Sep 2009 08:26:28 +0000 (10:26 +0200)]
s3-netapi: Fix Coverity #669 FORWARD_NULL.
Guenthe
Günther Deschner [Wed, 16 Sep 2009 08:24:55 +0000 (10:24 +0200)]
s3-netapi: Fix Coverity #670: FORWARD_NULL.
Guenther
Günther Deschner [Wed, 16 Sep 2009 08:15:46 +0000 (10:15 +0200)]
s3-eventlogadm: Fix Coverity #938: UNINIT.
Guenther
Günther Deschner [Wed, 16 Sep 2009 08:14:05 +0000 (10:14 +0200)]
s3-rpcclient: Fix Coverity #935: UNINIT.
Guenther
Günther Deschner [Wed, 16 Sep 2009 06:55:17 +0000 (08:55 +0200)]
s3-ntlmssp: add missing prototype.
Guenther
Günther Deschner [Wed, 16 Sep 2009 06:54:31 +0000 (08:54 +0200)]
s3-dcerpc: remove more obsolete or duplicate headers.
Guenther
Günther Deschner [Wed, 16 Sep 2009 05:53:26 +0000 (07:53 +0200)]
s3-schannel: add dump_NL_AUTH_SIGNATURE.
Guenther
Matthieu Patou [Sat, 12 Sep 2009 11:36:53 +0000 (15:36 +0400)]
s4:sites & services - Adds Intersite transport containers
This patch brings up those subcontainers and fixes up the "systemFlags" on the
"Subnet" entry.
Matthias Dieter Wallnöfer [Sat, 12 Sep 2009 09:13:36 +0000 (11:13 +0200)]
s4:group policies - the default group policy objects are all system-critical