Günther Deschner [Thu, 12 Aug 2010 15:19:24 +0000 (17:19 +0200)]
s3-waf: only link in spoolss client code where needed.
Shrinks a lot of binaries by 1 MB each.
Guenther
Günther Deschner [Thu, 19 Aug 2010 21:15:22 +0000 (23:15 +0200)]
s3-lsa: separate out init_lsa headers.
Guenther
Andrew Tridgell [Wed, 25 Aug 2010 13:04:11 +0000 (23:04 +1000)]
s4-pynet: some systems don't have Py_TYPE()
we need a better method than this ....
Andrew Tridgell [Wed, 25 Aug 2010 05:21:36 +0000 (15:21 +1000)]
s4-pyrpc: added a test for talloc behaviour in pidl python code
Andrew Tridgell [Wed, 25 Aug 2010 05:21:08 +0000 (15:21 +1000)]
s4-pyglue: added talloc_total_blocks() python call
Andrew Tridgell [Wed, 25 Aug 2010 04:33:17 +0000 (14:33 +1000)]
s4-rodc: removed python memory workaround
we can now assign pidl generates structures directly without errors
Andrew Tridgell [Wed, 25 Aug 2010 04:32:38 +0000 (14:32 +1000)]
s4-python: reference substructures onto the parent structure
when a python object that is part of a parent structure is created, we
should reference it on the parent structure. This ensures that when
the child object goes out of scope that the parent structure is still
valid
Andrew Tridgell [Wed, 25 Aug 2010 04:29:59 +0000 (14:29 +1000)]
pytalloc: fixed py_talloc_steal()
py_talloc_steal() was implemented as a macro which evaluated it's 2nd
argument twice. It was often called via a macro with a 2nd argument
that was a function call, for example an allocation in
py_talloc_new(). This meant it allocated memory twice, and leaked one
of them.
This re-implements py_talloc_steal() as a function, so that it only
does the allocation once.
Andrew Tridgell [Wed, 25 Aug 2010 02:34:30 +0000 (12:34 +1000)]
s4-pyglue: pyglue now depends on pytalloc
Andrew Tridgell [Wed, 25 Aug 2010 02:34:15 +0000 (12:34 +1000)]
s4-rodc: setup secrets database at end of RODC join
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 25 Aug 2010 02:33:38 +0000 (12:33 +1000)]
s4-pyglue: added talloc_report_full() and talloc_enable_null_tracking()
these are useful for tracking down leaks and bugs in python scripts
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Wed, 25 Aug 2010 02:32:48 +0000 (12:32 +1000)]
s4-repl: load RODC partitions using msDS-hasFullReplicaNCs
we mark these as incoming_only
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 25 Aug 2010 02:31:32 +0000 (12:31 +1000)]
s4-pytalloc: use better names for python talloc objects
Michael Adam [Fri, 6 Aug 2010 09:58:46 +0000 (11:58 +0200)]
s3:smbd: add nfs quota support to the linux-non-sysquota code
This is based on the implementation for solaris and FreeBSD.
It makes rpc calls out to the nfs server to retrieve quota
information.
Michael Adam [Fri, 6 Aug 2010 08:21:09 +0000 (10:21 +0200)]
s3:smbd: add a nfs backend for sysquotas.
This module is based on the Solaris/FreeBSD implementation
of NFS quotas in the quotas.c module.
It implements the SMB_USER_QUOTA_TYPE query of the
get_quotas call. The other types and the set_quota call
are not implemented.
Sumit Bose [Tue, 22 Jun 2010 13:06:27 +0000 (15:06 +0200)]
s4-smbtorture: Added a torture test for forest trusts
Signed-off-by: Günther Deschner <gd@samba.org>
Sumit Bose [Tue, 29 Jun 2010 14:24:36 +0000 (16:24 +0200)]
s4-smbtorture: Make test_SetupCredentials3 public
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Fri, 16 Jul 2010 02:07:01 +0000 (04:07 +0200)]
s4-smbtorture: fill in trust_domain_passwords_check_in in NDR lsa test.
Guenther
Sumit Bose [Mon, 23 Aug 2010 14:14:58 +0000 (16:14 +0200)]
Fix RPC-LSA-TRUSTED-DOMAINS for changed IDL
Günther Deschner [Fri, 16 Jul 2010 02:06:48 +0000 (04:06 +0200)]
s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.
Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.
Guenther
Andreas Schneider [Wed, 25 Aug 2010 09:17:33 +0000 (11:17 +0200)]
s3-build: Use a wrapper script to run the tests.
This fixes the buildfarm and returns the correct exit code of selftest.
Andrew Tridgell [Tue, 24 Aug 2010 13:37:57 +0000 (23:37 +1000)]
s4-dsdb: make more of the UF_* flags available on pydsdb
this really should be moved to IDL
Andrew Tridgell [Tue, 24 Aug 2010 13:37:25 +0000 (23:37 +1000)]
s4-rodc: broke up RODC join into separate functions
this also removes some of the magic constants
Andrew Tridgell [Tue, 24 Aug 2010 12:10:46 +0000 (22:10 +1000)]
s4-rodc: added REPL_SECRET exop replication of accounts
During a RODC join, we need to fetch the secrets for the machine
account and krbtgt account using GetNCChanges
DRSUAPI_EXOP_REPL_SECRET calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 24 Aug 2010 12:09:18 +0000 (22:09 +1000)]
s4-dsdb: add more DS flags to the dsdb module
These are from libds/common/flags.h
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 24 Aug 2010 12:08:27 +0000 (22:08 +1000)]
s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb
This can be used to form the partial_attribute_set list for
GetNCChanges
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 24 Aug 2010 05:42:54 +0000 (15:42 +1000)]
s4-rodc: next step in RODC join code
a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 24 Aug 2010 05:41:40 +0000 (15:41 +1000)]
s4-pynet: added replicate_init() and replicate_chunk() calls
these calls allow python code to pass chunks from DRS replication
calls into the code that applies the chunks to a database
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 24 Aug 2010 05:40:42 +0000 (15:40 +1000)]
s4-libnet: added libnet_vampire_replicate_init()
this is used to setup for later calls to the replicate chunk functions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 08:59:47 +0000 (18:59 +1000)]
idl-nbt: fixed typo
Volker Lendecke [Tue, 24 Aug 2010 19:40:25 +0000 (21:40 +0200)]
s3: Make char_flags and base_reverse const arrays
This moves those arrays from dynamic to static, shared memory, removing them
from globals.c.
I did it by dumping the result of init_tables() with dump_data(). Some massage
by an editor macro made it the initializer.
Volker Lendecke [Tue, 24 Aug 2010 18:47:29 +0000 (20:47 +0200)]
s3: Move "trans_num" to smbd_server_connection
Volker Lendecke [Tue, 24 Aug 2010 18:10:20 +0000 (20:10 +0200)]
s3: Make srv_send_smb take an sconn instead of a sock fd
Björn Jacke [Tue, 24 Aug 2010 09:07:38 +0000 (11:07 +0200)]
pam: fix unused variable warning
Günther Deschner [Tue, 24 Aug 2010 01:04:41 +0000 (03:04 +0200)]
s4-waf: try to fix the s4 wbinfo build dependencies.
Guenther
Günther Deschner [Mon, 23 Aug 2010 14:02:23 +0000 (16:02 +0200)]
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (
baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (
53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.
The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.
Guenther
Jeremy Allison [Mon, 23 Aug 2010 20:05:56 +0000 (13:05 -0700)]
Final part of fix for bug #7636 - winbind internal error, backtrace.
Ensure cm_get_schannel_creds() returns NTSTATUS.
Jeremy.
Simo Sorce [Mon, 23 Aug 2010 21:11:32 +0000 (17:11 -0400)]
s3-dcerpc: Allocate structure members on the right context
Volker Lendecke [Mon, 23 Aug 2010 19:00:27 +0000 (21:00 +0200)]
s3: PAM_RHOST and PAM_TTY are enums on FreeBSD
Matthias Dieter Wallnöfer [Mon, 23 Aug 2010 05:37:36 +0000 (07:37 +0200)]
s4:getncchanges.c - fix some counter variable types
They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".
Jelmer Vernooij [Mon, 23 Aug 2010 13:10:07 +0000 (15:10 +0200)]
replace: Fix ifndefs for formatting defines.
Thanks to Michael Brown for pointing this out.
Andrew Tridgell [Mon, 23 Aug 2010 02:47:51 +0000 (12:47 +1000)]
s4-devel: added a getncchanges developer script
this allows for command line access to getncchanges
it also provides a good example of calling DRSUAPI interfaces from
python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:56 +0000 (12:07 +1000)]
s4-pyrpc: use s4_event_context_init()
This fixes a crash when using kerberos and the python dcercpc
interface, which requires event nesting
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:19 +0000 (12:07 +1000)]
s4-pyregistry: use s4_event_context_init()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:00 +0000 (12:07 +1000)]
s4-event: event_context_find() should use s4_event_context_init()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:36:29 +0000 (11:36 +1000)]
s4-net: role should be case insensitive for join
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:33:19 +0000 (11:33 +1000)]
s4-drs: show the user sid that does the GetNCChanges call
this is useful when debugging replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:32:28 +0000 (11:32 +1000)]
s4-drs: removed the warning on WRIT_REP being set
we just need to clear this flag
Andrew Tridgell [Mon, 23 Aug 2010 01:31:48 +0000 (11:31 +1000)]
s4-net: added initial implemention of RODC join
This does the join using python code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:30:22 +0000 (11:30 +1000)]
libnet-s4: added replicate() command in pynet
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:13:22 +0000 (11:13 +1000)]
s4-libnet: split libnet_Vampire() into two parts
libnet_Replicate() will do just the replication portion of
libnet_Vampire(). This will be used by the RODC join, where the join
part of the operation happens in python, and behaves quite differently
to the libnet_Join() code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:11:35 +0000 (11:11 +1000)]
s4-libnet: show the DN when DsAddEntry() fails
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 22:52:19 +0000 (08:52 +1000)]
s4-net: moved the net join command to python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 22:50:04 +0000 (08:50 +1000)]
s4-libnet: added join type constants to python interface
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 21:52:25 +0000 (07:52 +1000)]
s4-python: added ndr_print() method in ndr
Andrew Tridgell [Sun, 22 Aug 2010 21:51:55 +0000 (07:51 +1000)]
pidl-python: fixed the docstrings for ndr_print, ndr_pack and ndr_unpack
Andrew Tridgell [Sun, 22 Aug 2010 21:28:09 +0000 (07:28 +1000)]
libreplace: fixed the strptime() waf test
Thanks to Jelmer for pointing this out
Andrew Bartlett [Fri, 20 Aug 2010 02:15:15 +0000 (12:15 +1000)]
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
Andrew Bartlett [Fri, 20 Aug 2010 12:30:46 +0000 (22:30 +1000)]
s3:pdbtest Fix command name of pdbtest
Signed-off-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Sun, 22 Aug 2010 20:55:01 +0000 (22:55 +0200)]
s3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.
Andrew Bartlett [Fri, 20 Aug 2010 07:51:48 +0000 (17:51 +1000)]
s3:param Clarify parameter name on init_globals()
This parameter is used with the registry backend to
cause the globals table to be re-initialised.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Sun, 22 Aug 2010 18:00:46 +0000 (20:00 +0200)]
s3: Turn two macros into functions
Volker Lendecke [Wed, 18 Aug 2010 16:23:49 +0000 (18:23 +0200)]
s3: Pass the rhost through smb_pam_accountcheck
Volker Lendecke [Wed, 18 Aug 2010 15:31:39 +0000 (17:31 +0200)]
s3: Rename auth.c:backends to auth_backends
Volker Lendecke [Sun, 22 Aug 2010 16:41:39 +0000 (18:41 +0200)]
s3: Fix some nonemtpy blank lines
Jelmer Vernooij [Sun, 22 Aug 2010 15:12:26 +0000 (17:12 +0200)]
s4: Only install testparm to /usr/bin/, no longer to /usr/sbin.
Jelmer Vernooij [Sun, 22 Aug 2010 15:03:47 +0000 (17:03 +0200)]
s4: Install testparm to /usr/bin, consistent with old behaviour.
Andrew Tridgell [Wed, 18 Aug 2010 23:22:54 +0000 (09:22 +1000)]
s4-waf: re-use SAMBA_LIBRARY() in building shared modules
make SAMBA_MODULE() call SAMBA_LIBRARY() to do the heavy lifting. This
fixes the problem with modules being a bit too slim :-)
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Volker Lendecke [Wed, 18 Aug 2010 14:50:26 +0000 (16:50 +0200)]
s3: Move check_access to cgi.c, its only user
Volker Lendecke [Wed, 18 Aug 2010 14:48:20 +0000 (16:48 +0200)]
s3: Replace calls to check_access by allow_access
We already have both the name and address of the client stored now
Jelmer Vernooij [Sun, 22 Aug 2010 03:24:55 +0000 (05:24 +0200)]
Avoid use of Samba DTD, which requires net access.
Jelmer Vernooij [Sun, 22 Aug 2010 03:02:00 +0000 (05:02 +0200)]
wafsamba: fix CHECK_XSLTPROC_MANPAGES().
Jelmer Vernooij [Sun, 22 Aug 2010 03:00:57 +0000 (05:00 +0200)]
Use DocBook DTD rather than Samba one, as no Samba-specific things are
used in the tdb manpages.
Andrew Tridgell [Sun, 22 Aug 2010 04:51:12 +0000 (14:51 +1000)]
s4-net: better error message on net setpassword
Andrew Tridgell [Sun, 22 Aug 2010 04:50:46 +0000 (14:50 +1000)]
librpc: add python bindings for the netlogon pipe
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:50:22 +0000 (14:50 +1000)]
pyldb: do type checking on the list form of ldb add
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:49:10 +0000 (14:49 +1000)]
pidl: give the varible name for bad type in python calls
This makes it much clearer which argument to a function had the wrong
type
Andrew Tridgell [Sun, 22 Aug 2010 04:47:22 +0000 (14:47 +1000)]
pidl: cope with bad type conversions in unions
This prevents a crash when converting bad types in NDR unions
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:46:01 +0000 (14:46 +1000)]
pidl: added a __ndr_print__() method on python NDR objects
This allows you to print a returned NDR structure using
s.__ndr_print__() which gives an easy view of complex
structures, such as those from netlogon
Kai Blin [Sat, 14 Aug 2010 05:40:51 +0000 (07:40 +0200)]
s3: Fix netgrent configure checks for compilers not supporting -Werror-implicit-function-declaration
This should fix bug 7620.
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635
Jeremy Allison [Fri, 20 Aug 2010 22:57:08 +0000 (15:57 -0700)]
Fix bug 7627 - smbclient ignores "-I" when used with "-L", fails name resolution.
Still needs some more work to fix missing netbios name issues, but fixes
underlying issue of IP address being ignored.
Jeremy.
Jeremy Allison [Fri, 20 Aug 2010 22:56:37 +0000 (15:56 -0700)]
Fix const warning.
Kamen Mazdrashki [Fri, 20 Aug 2010 18:58:22 +0000 (21:58 +0300)]
s4-ndr_basic.c: Fix ndr_*_hyper() when [bigendian] data is processed
Kamen Mazdrashki [Thu, 19 Aug 2010 12:52:49 +0000 (15:52 +0300)]
s4-drsuapi: Implement custom printing for drsuapi protocol for
drsuapi_DsReplicaAttribute and drsuapi_DsAttributeValueCtr objects
This makes tracing what data has been transferred much easier
Volker Lendecke [Wed, 18 Aug 2010 16:35:53 +0000 (18:35 +0200)]
s3: Use sconn->client_id in session_claim
Stefan Metzmacher [Thu, 12 Aug 2010 13:59:17 +0000 (15:59 +0200)]
s3:librpc: make dcerpc_read_ncacn_packet_send/recv() available
metze
Stefan Metzmacher [Thu, 12 Aug 2010 13:49:32 +0000 (15:49 +0200)]
librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c
metze
Stefan Metzmacher [Fri, 20 Aug 2010 12:52:04 +0000 (14:52 +0200)]
s3:Makefile.in: use python with -u to disable stdin/out caching
metze
Stefan Metzmacher [Tue, 17 Aug 2010 06:05:14 +0000 (08:05 +0200)]
s3:winbindd: fix error handling in wb_next_grent_fetch_done()
We should not use 'result' uninitialized.
metze
Zahari Zahariev [Thu, 19 Aug 2010 15:30:03 +0000 (18:30 +0300)]
Remove place-holders when it is single domain
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
Andrew Tridgell [Fri, 20 Aug 2010 07:17:23 +0000 (17:17 +1000)]
s4-dsdb: the RODC_JOIN control also changes samAccountName
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:53 +0000 (07:26 +1000)]
s4-pysamdb: fixed get_domain_sid()
we need to actually return the SID!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:09 +0000 (07:26 +1000)]
s4-ldb: added support for rodc_control in ldb
this allows you to specify the RODC join control in python ldb calls
or on the command line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 03:06:08 +0000 (13:06 +1000)]
s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:38:26 +0000 (18:38 +1000)]
s4-drs: bring us much closer to the docs for DRS secret replication
The rules for when a RODC can replicate secrets are:
- it can always replicate its own acct
- it can also replicate its krbtgt acct
- it can't replicate other krbtgt accts
- it can't replicate interdomain trust accounts
- it can't replicate users in the denied group list
- it can replicate users in the allowed group list
otherwise it can't replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:36:12 +0000 (18:36 +1000)]
s4-dsdb: fixed dsdb_get_extended_dn_sid()
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:35:41 +0000 (18:35 +1000)]
idl: added the RODC allow/deny secrets RIDs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:31:05 +0000 (14:31 +1000)]
s4-drs: implement RODC attribute filtering override
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:27:17 +0000 (14:27 +1000)]
s4-drs: added sam_ctx_system on DRS bind state
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>