amitay/samba.git
9 years agos4-s3-upgrade Fix group member addition
Andrew Bartlett [Mon, 5 Sep 2011 12:38:15 +0000 (22:38 +1000)]
s4-s3-upgrade Fix group member addition

9 years agos3: Make winbindd_lookup_names static
Volker Lendecke [Tue, 6 Sep 2011 16:33:35 +0000 (18:33 +0200)]
s3: Make winbindd_lookup_names static

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Sep  6 20:03:56 CEST 2011 on sn-devel-104

9 years agos3:smb2_server: make use of SMB2_WRITEFLAG_WRITE_THROUGH
Stefan Metzmacher [Tue, 6 Sep 2011 11:38:32 +0000 (13:38 +0200)]
s3:smb2_server: make use of SMB2_WRITEFLAG_WRITE_THROUGH

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep  6 16:59:50 CEST 2011 on sn-devel-104

9 years agosmb2_constants: add SMB2_WRITEFLAG_WRITE_THROUGH define
Stefan Metzmacher [Tue, 6 Sep 2011 11:36:03 +0000 (13:36 +0200)]
smb2_constants: add SMB2_WRITEFLAG_WRITE_THROUGH define

metze

9 years agos4:librpc: rpc_common.h was move to dcerpc-binding
Stefan Metzmacher [Tue, 6 Sep 2011 13:21:12 +0000 (15:21 +0200)]
s4:librpc: rpc_common.h was move to dcerpc-binding

metze

9 years agos4:auth/gensec: gensec.h was moved to gensec_runtime
Stefan Metzmacher [Tue, 6 Sep 2011 13:20:25 +0000 (15:20 +0200)]
s4:auth/gensec: gensec.h was moved to gensec_runtime

metze

9 years agowaf: install pam modules in PAMMODULESDIR.
Günther Deschner [Tue, 6 Sep 2011 07:39:16 +0000 (09:39 +0200)]
waf: install pam modules in PAMMODULESDIR.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Sep  6 11:09:45 CEST 2011 on sn-devel-104

9 years agos3:smb2_server: add basic support for SMB 2.1
Stefan Metzmacher [Mon, 5 Sep 2011 11:14:40 +0000 (13:14 +0200)]
s3:smb2_server: add basic support for SMB 2.1

This adds support for the 2 stage negprot, from SMB 1 to SMB 2.1.

Support for this of for now and "max protocol = SMB2" still maps
to "max protocol = SMB2_02" PROTOCOL_SMB2_02.

In order to activate smb2.1, you need to use "max protocol = SMB2_10".

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep  5 19:30:58 CEST 2011 on sn-devel-104

9 years agos3:smb2_server: return NOT_SUPPORTED if we don't find a common dialect with the client
Stefan Metzmacher [Mon, 5 Sep 2011 10:23:51 +0000 (12:23 +0200)]
s3:smb2_server: return NOT_SUPPORTED if we don't find a common dialect with the client

metze

9 years agos3:smb2_server: max_trans, max_read and max_write are limited to 64 kilobytes
Stefan Metzmacher [Mon, 5 Sep 2011 10:14:06 +0000 (12:14 +0200)]
s3:smb2_server: max_trans, max_read and max_write are limited to 64 kilobytes

Only if SMB2_CAP_LARGE_MTU is supported we should announce larger limits.

metze

9 years agos3:smb2cli: make sure we don't try to send requests on a disconnected cli_state
Stefan Metzmacher [Mon, 5 Sep 2011 07:49:53 +0000 (09:49 +0200)]
s3:smb2cli: make sure we don't try to send requests on a disconnected cli_state

metze

9 years agos3:smb2cli: make sure requests are not finished, when we send when to the network
Stefan Metzmacher [Mon, 5 Sep 2011 07:35:43 +0000 (09:35 +0200)]
s3:smb2cli: make sure requests are not finished, when we send when to the network

metze

9 years agos3:smb2cli: disconnect the connection, if we're out of message ids
Stefan Metzmacher [Mon, 5 Sep 2011 07:31:54 +0000 (09:31 +0200)]
s3:smb2cli: disconnect the connection, if we're out of message ids

metze

9 years agos3:smb2cli: don't use state->cli->smb2.mid++ as macro argument
Stefan Metzmacher [Sat, 3 Sep 2011 13:23:44 +0000 (15:23 +0200)]
s3:smb2cli: don't use state->cli->smb2.mid++ as macro argument

It gets expanded multiple times.

metze

9 years agos3-smbd: Rename reload_printers() and add documentation.
Andreas Schneider [Mon, 5 Sep 2011 12:35:55 +0000 (14:35 +0200)]
s3-smbd: Rename reload_printers() and add documentation.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Sep  5 17:59:47 CEST 2011 on sn-devel-104

9 years agos3: Fix smbcontrol smbd idmap kill S-1-5-21-...
Volker Lendecke [Mon, 5 Sep 2011 11:11:59 +0000 (13:11 +0200)]
s3: Fix smbcontrol smbd idmap kill S-1-5-21-...

The calls to sid_to_gid and sid_to_uid create id mapping entries themselves,
which makes it pretty difficult to reliably delete id mapping entries
everywhere just using a SID.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep  5 16:30:41 CEST 2011 on sn-devel-104

9 years agos3: Reformat msg_idmap.c to match Samba coding
Volker Lendecke [Mon, 5 Sep 2011 11:02:54 +0000 (13:02 +0200)]
s3: Reformat msg_idmap.c to match Samba coding

9 years agolibcli/smb: add PROTOCOL_SMB2_10
Stefan Metzmacher [Mon, 5 Sep 2011 11:13:04 +0000 (13:13 +0200)]
libcli/smb: add PROTOCOL_SMB2_10

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep  5 14:57:06 CEST 2011 on sn-devel-104

9 years agolibcli/smb: remove PROTOCOL_SMB2 alias of PROTOCOL_SMB2_02
Stefan Metzmacher [Mon, 5 Sep 2011 11:12:38 +0000 (13:12 +0200)]
libcli/smb: remove PROTOCOL_SMB2 alias of PROTOCOL_SMB2_02

metze

9 years agos3:smbd: make use of PROTOCOL_SMB2_02
Stefan Metzmacher [Mon, 5 Sep 2011 11:24:08 +0000 (13:24 +0200)]
s3:smbd: make use of PROTOCOL_SMB2_02

metze

9 years agos4:libcli/raw: make use of PROTOCOL_SMB2_02
Stefan Metzmacher [Mon, 5 Sep 2011 11:23:36 +0000 (13:23 +0200)]
s4:libcli/raw: make use of PROTOCOL_SMB2_02

metze

9 years agos4:ntvfs: s/!= PROTOCOL_SMB2/< PROTOCOL_SMB2_02/
Stefan Metzmacher [Mon, 5 Sep 2011 11:11:37 +0000 (13:11 +0200)]
s4:ntvfs: s/!= PROTOCOL_SMB2/< PROTOCOL_SMB2_02/

metze

9 years agos4:ntvfs: s/== PROTOCOL_SMB2/>= PROTOCOL_SMB2_02/
Stefan Metzmacher [Mon, 5 Sep 2011 11:10:42 +0000 (13:10 +0200)]
s4:ntvfs: s/== PROTOCOL_SMB2/>= PROTOCOL_SMB2_02/

metze

9 years agos4:smb_server: make use of PROTOCOL_SMB2_02
Stefan Metzmacher [Mon, 5 Sep 2011 11:08:36 +0000 (13:08 +0200)]
s4:smb_server: make use of PROTOCOL_SMB2_02

metze

9 years agos4:param: make use of PROTOCOL_SMB2_02
Stefan Metzmacher [Mon, 5 Sep 2011 11:08:09 +0000 (13:08 +0200)]
s4:param: make use of PROTOCOL_SMB2_02

metze

9 years agolibcli/smb: move smb2_signing.c to the toplevel
Stefan Metzmacher [Tue, 30 Aug 2011 23:42:09 +0000 (01:42 +0200)]
libcli/smb: move smb2_signing.c to the toplevel

metze

9 years agos4-cracknames: fixed cracknames to use more specific search
Andrew Tridgell [Mon, 5 Sep 2011 06:46:35 +0000 (16:46 +1000)]
s4-cracknames: fixed cracknames to use more specific search

this uses the bitwise comparison ldap operators to ensure we only get
NC roots

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep  5 12:48:39 CEST 2011 on sn-devel-104

9 years agos4-cldap: fixed cldap search based on dom_sid
Andrew Tridgell [Mon, 5 Sep 2011 06:42:09 +0000 (16:42 +1000)]
s4-cldap: fixed cldap search based on dom_sid

we were not filling in the sid pointer correctly for the ldb_search

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agondr: range check on push of dom_sid blob
Andrew Tridgell [Mon, 5 Sep 2011 06:41:21 +0000 (16:41 +1000)]
ndr: range check on push of dom_sid blob

this ensures we get an error if we try to push a dom_sid with too many
sub_auths

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-ldb: allow decoding of trustAuthIncoming and trustAuthOutgoing
Andrew Tridgell [Mon, 5 Sep 2011 06:40:19 +0000 (16:40 +1000)]
s4-ldb: allow decoding of trustAuthIncoming and trustAuthOutgoing

this allows --show-binary to display trustAuthOutgoing and
trustAuthIncoming NDR blobs. Useful for debugging trust issues

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoheimdal: Try to handle the PAC checking when we are in a cross-realm environment
Andrew Bartlett [Mon, 5 Sep 2011 02:17:11 +0000 (12:17 +1000)]
heimdal: Try to handle the PAC checking when we are in a cross-realm environment

9 years agos4-samdb: added a few function comments for pydoc
Andrew Tridgell [Fri, 2 Sep 2011 04:42:50 +0000 (14:42 +1000)]
s4-samdb: added a few function comments for pydoc

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-provision: these substitutuons are not used any more
Andrew Tridgell [Fri, 2 Sep 2011 02:02:19 +0000 (12:02 +1000)]
s4-provision: these substitutuons are not used any more

we now create partitions dynamically

Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>

9 years agodrsblobs: fixed alignment of drs blobs authentication information
Andrew Tridgell [Fri, 2 Sep 2011 02:01:19 +0000 (12:01 +1000)]
drsblobs: fixed alignment of drs blobs authentication information

the two types of ndr flags were being mixed up, so NDR_BUFFERS was
being interpreted as LIBNDR_FLAG_NOALIGN

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-torture: enable password comparison in drsblobs test
Andrew Tridgell [Fri, 2 Sep 2011 01:58:59 +0000 (11:58 +1000)]
s4-torture: enable password comparison in drsblobs test

I'm not sure why this was commented out, as it does pass

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-torture: fixed a ndr string error
Andrew Tridgell [Fri, 2 Sep 2011 01:58:27 +0000 (11:58 +1000)]
s4-torture: fixed a ndr string error

the dos charset global changes with the new loadparm context

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-s3-upgrade Fix error handling in add_users_to_group
Andrew Bartlett [Mon, 5 Sep 2011 08:10:37 +0000 (18:10 +1000)]
s4-s3-upgrade Fix error handling in add_users_to_group

9 years agos4-schema consolidate schema handling
Andrew Bartlett [Thu, 25 Aug 2011 01:39:03 +0000 (11:39 +1000)]
s4-schema consolidate schema handling

It also creates a single routine dsdb_load_ldb_results_into_schema()
to handle cases where the schema is in the form of an ldb_result.

Andrew Bartlett

9 years agos3-spoolssd: Remove stale printers only on a valid pcap update.
Andreas Schneider [Thu, 1 Sep 2011 12:25:07 +0000 (14:25 +0200)]
s3-spoolssd: Remove stale printers only on a valid pcap update.

load_printers() removes stale printers and we should only remove them if
we have a CUPS connection and talked to cups. Else we will remove every
configured printer if cups is not available.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Sep  5 11:18:23 CEST 2011 on sn-devel-104

9 years agos4-provision handle a number of invalid but real-world upgrade cases
Andrew Bartlett [Mon, 5 Sep 2011 01:10:36 +0000 (11:10 +1000)]
s4-provision handle a number of invalid but real-world upgrade cases

Real world databass have the wrong account flags (U and W at the same time) and have the wrong
group type in group mapping databases.  Cope with these.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep  5 04:58:09 CEST 2011 on sn-devel-104

9 years agos4-provision Fix type error on existing idmap entries in s3 upgrade
Andrew Bartlett [Mon, 5 Sep 2011 01:09:14 +0000 (11:09 +1000)]
s4-provision Fix type error on existing idmap entries in s3 upgrade

This is already a DN object.

Andrew Bartlett

9 years agos4-dsdb Print clearer error messages when invalid account flags are specified on add
Andrew Bartlett [Mon, 5 Sep 2011 01:08:20 +0000 (11:08 +1000)]
s4-dsdb Print clearer error messages when invalid account flags are specified on add

9 years agos4-provision Use ProvisioningError and the eadb
Andrew Bartlett [Mon, 5 Sep 2011 01:07:39 +0000 (11:07 +1000)]
s4-provision Use ProvisioningError and the eadb

The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).

The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.

Andrew Bartlett

9 years agos4-provision Add realm to DC configuration in upgrade_from_s3 test
Andrew Bartlett [Mon, 5 Sep 2011 01:04:42 +0000 (11:04 +1000)]
s4-provision Add realm to DC configuration in upgrade_from_s3 test

9 years agos4-provision Allow a missing idmap DB in upgrade.py
Andrew Bartlett [Sun, 4 Sep 2011 02:10:36 +0000 (12:10 +1000)]
s4-provision Allow a missing idmap DB in upgrade.py

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Sep  4 06:34:16 CEST 2011 on sn-devel-104

9 years agos4-provision cope with SID_NAME_WKN_GRP mappings in upgrade.py
Andrew Bartlett [Sun, 4 Sep 2011 01:58:34 +0000 (11:58 +1000)]
s4-provision cope with SID_NAME_WKN_GRP mappings in upgrade.py

Some incorrect LDAP backends have entries with this group type, but
due to the pdb_ldap code, we cannot read the group members, and we
already skip them in add_group_from_mapping_entry().

Andrew Bartlett

9 years agos3:smb2cli: ask for a session key in smb2cli_sesssetup_send()
Stefan Metzmacher [Sat, 3 Sep 2011 07:53:13 +0000 (09:53 +0200)]
s3:smb2cli: ask for a session key in smb2cli_sesssetup_send()

This is needed if we want to support SMB2 signing later.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Sep  3 16:21:35 CEST 2011 on sn-devel-104

9 years agos3-spoolss: Fix bug #8236 empty notify servername.
Andreas Schneider [Fri, 2 Sep 2011 15:03:43 +0000 (17:03 +0200)]
s3-spoolss: Fix bug #8236 empty notify servername.

Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep  3 02:58:42 CEST 2011 on sn-devel-104

9 years agoPart 5 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid...
Jeremy Allison [Fri, 2 Sep 2011 20:41:24 +0000 (13:41 -0700)]
Part 5 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)

Be smarter about setting default permissions when a ACL_GROUP_OBJ isn't given. Use the
principle of least surprises for the user.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep  3 00:16:05 CEST 2011 on sn-devel-104

9 years agoPart 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid...
Jeremy Allison [Fri, 2 Sep 2011 20:36:10 +0000 (13:36 -0700)]
Part 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)

Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the
principle of least surprises for the user.

9 years agoPart 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid...
Jeremy Allison [Fri, 2 Sep 2011 19:22:34 +0000 (12:22 -0700)]
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)

Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().

9 years agoPart 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid...
Jeremy Allison [Fri, 2 Sep 2011 18:58:56 +0000 (11:58 -0700)]
Part 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)

Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.

9 years agoPart 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid...
Jeremy Allison [Fri, 2 Sep 2011 18:21:08 +0000 (11:21 -0700)]
Part 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)

Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.

9 years agos3:registry: fix a debug message typo
Michael Adam [Thu, 1 Sep 2011 22:36:21 +0000 (00:36 +0200)]
s3:registry: fix a debug message typo

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Sep  2 11:47:11 CEST 2011 on sn-devel-104

9 years agos3:registry: introduce a define REGDB_CODE_VERSION and use it in regdb code.
Michael Adam [Thu, 1 Sep 2011 22:34:12 +0000 (00:34 +0200)]
s3:registry: introduce a define REGDB_CODE_VERSION and use it in regdb code.

This is to not use the precise code version REGDB_VERSION_V3 explicitly
in the code.

9 years agos3:registry: rename REGVE_Vx toREGDB_VERSION_Vx for consistency
Michael Adam [Thu, 1 Sep 2011 22:07:58 +0000 (00:07 +0200)]
s3:registry: rename REGVE_Vx toREGDB_VERSION_Vx for consistency

9 years agos3:registry: implement regdb_set_secdesc() with regdb_trans_do()
Michael Adam [Tue, 30 Aug 2011 14:30:01 +0000 (16:30 +0200)]
s3:registry: implement regdb_set_secdesc() with regdb_trans_do()

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Sep  2 00:51:40 CEST 2011 on sn-devel-104

9 years agos3:registry: implement regdb_store_values() with regdb_trans_do()
Michael Adam [Tue, 30 Aug 2011 12:06:22 +0000 (14:06 +0200)]
s3:registry: implement regdb_store_values() with regdb_trans_do()

This adds the runtime check for changed regdb format version to store_values

9 years agos3:registry: change regdb_store_values_internal() from bool to NTSTATUS return code
Michael Adam [Tue, 30 Aug 2011 14:11:01 +0000 (16:11 +0200)]
s3:registry: change regdb_store_values_internal() from bool to NTSTATUS return code

9 years agos3:registry: use the regdb_trans_do wrapper instead of using dbwrap_trans_do directly...
Michael Adam [Tue, 30 Aug 2011 14:00:21 +0000 (16:00 +0200)]
s3:registry: use the regdb_trans_do wrapper instead of using dbwrap_trans_do directly in the registry db code.

This verifies the regdb format version number before the corresponding write operations.

9 years agos3:registry: add regdb_trans_do(): a transaction wrapper that will check the regdb...
Michael Adam [Mon, 29 Aug 2011 15:06:27 +0000 (17:06 +0200)]
s3:registry: add regdb_trans_do(): a transaction wrapper that will check the regdb version

If the version has changed since initialization, the write will
fail with ACCESS_DENIED.

9 years agos3:registry: drop log level of unknown regdb version message in regdb_init() to 0
Michael Adam [Tue, 30 Aug 2011 13:59:30 +0000 (15:59 +0200)]
s3:registry: drop log level of unknown regdb version message in regdb_init() to 0

9 years agoFix bug 8433, segfault in iconv.c
Volker Lendecke [Thu, 1 Sep 2011 14:55:03 +0000 (16:55 +0200)]
Fix bug 8433, segfault in iconv.c

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Sep  1 18:25:34 CEST 2011 on sn-devel-104

9 years agos3-rpc_server: Add missing rng_fault_state in epmapper.
Andreas Schneider [Thu, 1 Sep 2011 07:32:33 +0000 (09:32 +0200)]
s3-rpc_server: Add missing rng_fault_state in epmapper.

We need to raise an exception so we need to set the rng_fault_state for
epm_Insert and epm_Delete if someone connects over a transport other
than NCALRPC.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Sep  1 15:59:50 CEST 2011 on sn-devel-104

9 years agos3-rpc_server: Handle services with multiple pipe names.
Andreas Schneider [Wed, 31 Aug 2011 14:46:35 +0000 (16:46 +0200)]
s3-rpc_server: Handle services with multiple pipe names.

The configuration should only use the default pipe name to configure all
of them correctly.

9 years agoldb: make the 'spy' code more paranoid
Andrew Tridgell [Thu, 1 Sep 2011 04:28:10 +0000 (14:28 +1000)]
ldb: make the 'spy' code more paranoid

the spy code in ldb_tdb was added a while ago to overcome a memory
hierarchy problem with async ldb errors. Recently we started to get
valgrind errors related to the order of free in the spy code. This
patch ensures that we don't try to use a freed spy pointer. This
prevents the valgrind errors, although I suspect that the memory
hierarchy we have here is more complex than it needs to be

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep  1 08:54:23 CEST 2011 on sn-devel-104

9 years agos4-services: disable the web server by default
Andrew Tridgell [Thu, 1 Sep 2011 03:50:17 +0000 (13:50 +1000)]
s4-services: disable the web server by default

the web server is not being actively maintained, and is causing
problems with memory errors (as shown by valgrind). It is better to
disable this until it can get some TLC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoldb: fixed ldbsearch when no baseDN specified and cross-ncs is used
Andrew Tridgell [Wed, 31 Aug 2011 06:17:54 +0000 (16:17 +1000)]
ldb: fixed ldbsearch when no baseDN specified and cross-ncs is used

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agopyldb: added OID_COMPARATOR constants
Andrew Tridgell [Wed, 31 Aug 2011 05:55:27 +0000 (15:55 +1000)]
pyldb: added OID_COMPARATOR constants

This also changes the other constants to remove the LDB_ prefix, which
is redundent

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agowintest: update snapshots
Andrew Bartlett [Mon, 29 Aug 2011 23:02:01 +0000 (09:02 +1000)]
wintest: update snapshots

9 years agoFix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply...
Jeremy Allison [Wed, 31 Aug 2011 00:37:19 +0000 (17:37 -0700)]
Fix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply stream.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Aug 31 21:18:11 CEST 2011 on sn-devel-104

9 years agoBased on metze's fix for Bug 8407 - SMB2 server can return requests out-of-order...
Jeremy Allison [Fri, 26 Aug 2011 21:23:26 +0000 (14:23 -0700)]
Based on metze's fix for Bug 8407 - SMB2 server can return requests out-of-order when processing a compound request. (cherry picked from commit 19db1c98c6ba3cb5e883e16e865c44900ce17444)

9 years agos3:smb2_server: keep compound_related on struct smbd_smb2_request
Stefan Metzmacher [Thu, 25 Aug 2011 21:33:41 +0000 (23:33 +0200)]
s3:smb2_server: keep compound_related on struct smbd_smb2_request

metze
(cherry picked from commit cda93f04eb4e7e975b192a5fd33275ec638140ac)

9 years agos3-waf: fix unresolved symbols in the group policy client side extensions subsystem.
Günther Deschner [Wed, 31 Aug 2011 16:19:40 +0000 (18:19 +0200)]
s3-waf: fix unresolved symbols in the group policy client side extensions subsystem.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Aug 31 19:48:39 CEST 2011 on sn-devel-104

9 years agos3-waf: convert libgpo into a private library.
Günther Deschner [Wed, 31 Aug 2011 16:19:13 +0000 (18:19 +0200)]
s3-waf: convert libgpo into a private library.

Guenther

9 years agos3-waf: allow undefined symbols in idmap_rid module.
Günther Deschner [Wed, 31 Aug 2011 15:56:51 +0000 (17:56 +0200)]
s3-waf: allow undefined symbols in idmap_rid module.

Guenther

9 years agos3: Fix bug 8334, do not fork the echo handler for smb2
Volker Lendecke [Wed, 31 Aug 2011 13:06:35 +0000 (15:06 +0200)]
s3: Fix bug 8334, do not fork the echo handler for smb2

If a smb1 negprot negotiated smb2 we forked the echo responder. This will
eventually lead to a panic from

[2011/08/30 10:33:29.212578,  0, pid=3846917] smbd/smb2_server.c:243(smbd_smb2_request_create)
  Invalid SMB packet: first request: 0x0009

because from the echo responder we always read using the normal smb1 protocol
handling routine. If that is a bit down the smb2 stream, we get a non-negprot
packet and panic.

BTW, the echo responder is not required for smb2 anyway, Microsoft confirmed
that it probes the server liveness using TCP keepalives and not smb2 echo
requests.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 31 17:58:48 CEST 2011 on sn-devel-104

9 years agos3-rpc_server: Disable epmapper by default.
Andreas Schneider [Wed, 31 Aug 2011 12:53:52 +0000 (14:53 +0200)]
s3-rpc_server: Disable epmapper by default.

We need more testing in the real world. We need to be sure that if a
Windows client can access port 135 it doesn't require that a service is
available via ncacn_ip_tcp. If possible please enable it using the
following smb.conf options for testing:

  rpc_daemon:epmd = fork
  rpc_server:epmapper = external

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Aug 31 16:29:20 CEST 2011 on sn-devel-104

9 years agodocs: Add documentation for the rpc_daemon parametric option.
Simo Sorce [Tue, 30 Aug 2011 21:11:48 +0000 (17:11 -0400)]
docs: Add documentation for the rpc_daemon parametric option.

9 years agodoc: Reflect the latest changes to the rpc_server option.
Andreas Schneider [Wed, 31 Aug 2011 10:13:22 +0000 (12:13 +0200)]
doc: Reflect the latest changes to the rpc_server option.

bug #8425.

9 years agos3-waf: allow unresolved symbols in some idmap and nss_info modules.
Günther Deschner [Wed, 31 Aug 2011 10:45:10 +0000 (12:45 +0200)]
s3-waf: allow unresolved symbols in some idmap and nss_info modules.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Aug 31 14:27:31 CEST 2011 on sn-devel-104

9 years agos3-waf: add missing tdb dependency to idmap_tdb2 module.
Günther Deschner [Wed, 31 Aug 2011 10:44:35 +0000 (12:44 +0200)]
s3-waf: add missing tdb dependency to idmap_tdb2 module.

Guenther

9 years agos3-waf: convert nss_info subsystem into a private library.
Günther Deschner [Wed, 31 Aug 2011 10:43:57 +0000 (12:43 +0200)]
s3-waf: convert nss_info subsystem into a private library.

Guenther

9 years agos4-smbtorture: For now, skip trusted domain auth validation tests against the sambas.
Günther Deschner [Wed, 31 Aug 2011 10:42:51 +0000 (12:42 +0200)]
s4-smbtorture: For now, skip trusted domain auth validation tests against the sambas.

Guenther

9 years agos4-smbtorture: Add trust password to CreateTrust test
Sumit Bose [Mon, 22 Aug 2011 10:34:36 +0000 (12:34 +0200)]
s4-smbtorture: Add trust password to CreateTrust test

Instead of using empty authinfo and authinfo_internal structures a trust
password is added to these structures. After creating the trust the trust
account is used to validate that the trust password is set correctly.

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-lsa: Add _lsa_SetInformationTrustedDomain() and related calls
Sumit Bose [Tue, 28 Jun 2011 12:37:44 +0000 (14:37 +0200)]
s3-lsa: Add _lsa_SetInformationTrustedDomain() and related calls

The following LSA calls are added:
 - _lsa_SetInformationTrustedDomain()
 - _lsa_SetTrustedDomainInfo()
 -_lsa_SetTrustedDomainInfoByName()

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos4-smbtorture: Add tests for lsaQueryTrustedDomainInfoByName() and lsaSetTrustedDomai...
Sumit Bose [Mon, 20 Jun 2011 12:39:01 +0000 (14:39 +0200)]
s4-smbtorture: Add tests for lsaQueryTrustedDomainInfoByName() and lsaSetTrustedDomainInfoByName()

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-lsa: Update _lsa_QueryTrustedDomainInfo()
Sumit Bose [Wed, 6 Jul 2011 14:06:54 +0000 (16:06 +0200)]
s3-lsa: Update _lsa_QueryTrustedDomainInfo()

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-pdb_ipa: Add supprted encryption types to struct pdb_trusted_domain
Sumit Bose [Thu, 23 Jun 2011 15:52:06 +0000 (17:52 +0200)]
s3-pdb_ipa: Add supprted encryption types to struct pdb_trusted_domain

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-pdb_ipa: Add posix offset to struct pdb_trusted_domain
Sumit Bose [Thu, 23 Jun 2011 15:42:52 +0000 (17:42 +0200)]
s3-pdb_ipa: Add posix offset to struct pdb_trusted_domain

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-ldap: Add Posix offset and encryption types to LDAP schema
Sumit Bose [Fri, 12 Aug 2011 15:46:23 +0000 (17:46 +0200)]
s3-ldap: Add Posix offset and encryption types to LDAP schema

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-ldap: Add sambaTrustForestTrustInfo to NDS LDAP schema (again)
Sumit Bose [Fri, 19 Aug 2011 09:49:21 +0000 (11:49 +0200)]
s3-ldap: Add sambaTrustForestTrustInfo to NDS LDAP schema (again)

The related attributes and objectclass were accidentally remove by commit
d4c30a5ffbeab75506bf1ad5d8d5da48e3f4d41c

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()
Sumit Bose [Wed, 6 Jul 2011 14:05:38 +0000 (16:05 +0200)]
s3-lsa: Fix access mapping in_lsa_OpenTrustedDomain_base()

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-lsa: Fix typo and use right pdb interface
Sumit Bose [Fri, 3 Jun 2011 13:31:40 +0000 (15:31 +0200)]
s3-lsa: Fix typo and use right pdb interface

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3-pdb_ipa: Derive domain GUID from SID
Sumit Bose [Tue, 31 May 2011 13:31:51 +0000 (15:31 +0200)]
s3-pdb_ipa: Derive domain GUID from SID

Signed-off-by: Günther Deschner <gd@samba.org>
9 years agos3:modules make perfcount_test loadable again
Christian Ambach [Mon, 29 Aug 2011 15:48:53 +0000 (17:48 +0200)]
s3:modules make perfcount_test loadable again

use expected 'init_samba_module' name for initializer function

Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Aug 31 11:22:26 CEST 2011 on sn-devel-104

9 years agos3:lib S-1-5-9 is "Enterprise Domain Controllers"
Christian Ambach [Mon, 29 Aug 2011 15:46:06 +0000 (17:46 +0200)]
s3:lib S-1-5-9 is "Enterprise Domain Controllers"

and not ServerLogon

9 years agos3:lib remove duplicate entry for "Anonymous Logon"
Christian Ambach [Mon, 29 Aug 2011 15:44:53 +0000 (17:44 +0200)]
s3:lib remove duplicate entry for "Anonymous Logon"

9 years agos3:lib add S-1-5-17 to well-known SID list
Christian Ambach [Mon, 29 Aug 2011 15:42:45 +0000 (17:42 +0200)]
s3:lib add S-1-5-17 to well-known SID list

http://support.microsoft.com/kb/243330/en-us says the name is
"This organization", but Windows 2008 says IUSR

Picking the Windows 2008 variant as 'This Organization' would
be duplicate to S-1-5-15

9 years agos3:lib add some more well-known sids
Christian Ambach [Mon, 29 Aug 2011 15:40:18 +0000 (17:40 +0200)]
s3:lib add some more well-known sids

add S-1-3-2/Creator Owner Server, S-1-3-3/Creator Group Server and
S-1-3-4/Owner Rights to the well-known SID list