Michael Adam [Mon, 28 Jul 2008 12:40:54 +0000 (14:40 +0200)]
libnet_keytab: add enctype field to libnet_keytab_entry struct.
In preparation of supporting more enctyption types in libnet_dssync_keytab.
Michael
Michael Adam [Thu, 17 Jul 2008 22:18:40 +0000 (00:18 +0200)]
dssync: allow replications of a single obj with net rpc vampire keytab.
This is triggered by setting the new "single" flag in the dssync_context
and filling the "object_dn" member with the dn of the object to be
fetched.
This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ
extended operation in the DsGetNCCHanges request. This variant does
honor an up-to-date-ness vectore passed in, but the answer does not
return a new up-to-dateness vector.
Call this operation as "net rpc vampire keytab /path/keytab object_dn" .
Michael
Michael Adam [Wed, 16 Jul 2008 23:05:06 +0000 (01:05 +0200)]
dssync: pass uptodateness vector into and out of DsGetNCChanges request.
Also store the new uptodateness vector in the backend after completion
and retrieve the old vector before sending the DsGetNCChanges request.
This effectively accomplishes differential replication.
Michael
Michael Adam [Thu, 17 Jul 2008 11:32:19 +0000 (13:32 +0200)]
dssync: skip analysis of the msDS_KeyVersionNumber attribute:
It is a calculated attribute that won't get distributed via replication.
Michael
Michael Adam [Thu, 17 Jul 2008 11:05:43 +0000 (13:05 +0200)]
dssync: either use the req5 or the req8 request, depending on the supported_extenstion
that have been recorded in the remote_info28 in the dssync_context.
Michael
Michael Adam [Thu, 17 Jul 2008 11:04:04 +0000 (13:04 +0200)]
dssync: record the bind info in the new remote_info28 in libnet_dssync_bind().
This extracts the info24 data in case this is what was returned (instead of info28).
E.g. windows 2000 returns info24.
Michael
Michael Adam [Thu, 17 Jul 2008 11:02:31 +0000 (13:02 +0200)]
dssync: add a drsuapi_DsBindInfo28 struct to the dssync_context struct
to keep track of what the server told us upon DsBind.
Michael
Michael Adam [Thu, 17 Jul 2008 09:54:32 +0000 (11:54 +0200)]
dssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checks
Michael
Michael Adam [Wed, 16 Jul 2008 22:54:35 +0000 (00:54 +0200)]
dssync keytab: add support for keeping track of the up-to-date-ness vector.
The startup operation should get the old up-to-date-ness vector from the backend
and the finish operation should store the new vector to the backend after replication.
This adds the change of the signatures of the operations ot the dssync_ops struct
and the implementation for the keytab ops. The up-to-date-ness vector is stored
under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name.
The vector is still uninterpreted in libnet_dssync_process().
This will be the next step...
This code is essentially by Metze.
Michael
Michael Adam [Wed, 16 Jul 2008 22:53:13 +0000 (00:53 +0200)]
libnet_keytab: add a libnet_keytab_search() function
that searches and fetches an entry from a keytab file by principal and kvno.
This code is by metze.
Michael
Michael Adam [Wed, 23 Jul 2008 22:30:07 +0000 (00:30 +0200)]
dssync keytab: use add_to_keytab_entries() for pwd history in parse_object().
Michael
Michael Adam [Wed, 16 Jul 2008 21:12:31 +0000 (23:12 +0200)]
dssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility.
This will allow to construct principals of the form PREFIX/name@domain
Michael
Michael Adam [Wed, 16 Jul 2008 21:10:20 +0000 (23:10 +0200)]
dssync keytab: add check for success of ADD_TO_ARRAY().
Michael
Michael Adam [Wed, 16 Jul 2008 21:08:40 +0000 (23:08 +0200)]
dssync keytab: refactor adding entry to keytab_context out into new function
add_to_keytab_entries()
Michael
Michael Adam [Wed, 16 Jul 2008 15:12:04 +0000 (17:12 +0200)]
dssync: replace the processing_fn by startup/process/finish ops.
This remove static a variable for the keytab context in the keytab
processing function and simplifies the signature. The keytab context
is instead in the new private data member of the dssync_context struct.
This is in preparation of adding support for keeping track of the
up-to-date-ness vector, in order to be able to sync diffs instead
of the whole database.
Michael
Karolin Seeger [Fri, 1 Aug 2008 12:10:28 +0000 (14:10 +0200)]
Samba3 HowTo: Fix duplicate chapter id.
Karolin
Günther Deschner [Thu, 31 Jul 2008 13:14:14 +0000 (15:14 +0200)]
netapi: when using NetApi functions forward net's kerberos setting.
Guenther
Günther Deschner [Thu, 31 Jul 2008 13:12:09 +0000 (15:12 +0200)]
net: Use NetLocalGroupAdd() for adding aliases.
Guenther
Günther Deschner [Thu, 31 Jul 2008 13:11:20 +0000 (15:11 +0200)]
netapi: in NetLocalGroupAdd_r() only set description if necessary.
Guenther
Günther Deschner [Thu, 31 Jul 2008 12:23:23 +0000 (14:23 +0200)]
libnetunjoin: add use_kerberos flag.
Guenther
Günther Deschner [Wed, 30 Jul 2008 19:37:09 +0000 (21:37 +0200)]
net: add "-k" switch for kerberos authentication (in preparation for #5416).
Guenther
Günther Deschner [Wed, 30 Jul 2008 19:36:28 +0000 (21:36 +0200)]
libnetjoin: add use_kerberos flag.
Guenther
Günther Deschner [Wed, 30 Jul 2008 17:52:56 +0000 (19:52 +0200)]
rpc_client: use init_samr_CryptPassword(Ex) in client tools.
Guenther
Jeremy Allison [Wed, 30 Jul 2008 23:06:30 +0000 (16:06 -0700)]
Fix uninitialized variables.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2008 22:01:33 +0000 (15:01 -0700)]
Fix duplicate gloabl warning.
Jeremy.
Tim Prouty [Wed, 30 Jul 2008 16:35:13 +0000 (09:35 -0700)]
Removed redundant logging from create_builtin_users and create_builtin_administrators
The Debug messages in create_builtin_users and create_builtin_users have now
been encapsulated in add_sid_to_builtin.
Tim Prouty [Thu, 24 Jul 2008 03:50:21 +0000 (20:50 -0700)]
Enabled domain groups to be added to builtin groups at domain join time
Previously this was done at token creation time if the Administrators and Users
builtins hadn't been created yet. A major drawback to this approach is that if
a customer is joined to a domain and decides they want to join a different
domain, the domain groups from this new domain will not be added to the
builtins.
It would be ideal if these groups could be added exclusively at domain join
time, but we can't rely solely on that because there are cases where winbindd
must be running to allocate new gids for the builtins. In the future if there
is a way to allocate gids for builtins without running winbindd, this code
can be removed from create_local_nt_token.
- Made create_builtin_users and create_builtin_administrators non-static so
they can be called from libnet
- Added a new function to libnet_join that will make a best effort to add
domain administrators and domain users to BUILTIN\Administrators and
BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be
running to allocate new gids, but if the builtins already exist, the domain
groups will be added even if winbindd is not running. In the case of a
failure the error will be logged, but the join will not be failed.
- Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing.
Tim Prouty [Thu, 24 Jul 2008 03:42:32 +0000 (20:42 -0700)]
Refactored the code that adds Domain Admins to BUILTIN\Administrators to use the new helper functions.
- Modified create_builtin_administrators and add_builtin_administrators to take
in the domain sid to reduce the number of times it needs to be looked up.
- Changed create_builtin_administrators to call the new helper functions.
- Changed create_local_nt_token to call the new version of
create_builtin_administrators and handle the new error that can be returned.
- Made it more explicit that add_builtin_administrators is only called when
winbindd can't be pinged.
Tim Prouty [Thu, 24 Jul 2008 03:33:15 +0000 (20:33 -0700)]
Refactored the code that adds Domain Users to BUILTIN\Users to use the new helper functions.
- Modified create_builtin_users to take in the domain sid to reduce the number
of times it needs to be looked up.
- Changed create_builtin_users to call the new helper functions.
- Changed create_local_nt_token to call the new version of create_builtin_users
and handle the new error that can be returned.
Tim Prouty [Thu, 24 Jul 2008 03:24:39 +0000 (20:24 -0700)]
Helper functions to enable domain groups to be added to builtin groups at domain join time
Added two new helper functions which wrap the raw pdb alias functions so they
can be more conveniently called while adding domain groups to builtin groups.
Günther Deschner [Wed, 30 Jul 2008 17:03:13 +0000 (19:03 +0200)]
rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
Guenther
Günther Deschner [Wed, 30 Jul 2008 15:47:40 +0000 (17:47 +0200)]
build: fix some no previous prototype warnings.
Guenther
Günther Deschner [Tue, 29 Jul 2008 10:08:47 +0000 (12:08 +0200)]
winbindd: handle trusted domains without sid.
Guenther
Günther Deschner [Wed, 30 Jul 2008 14:59:11 +0000 (16:59 +0200)]
libwbclient: let wbcStringToSid handle the global NULL sid.
Guenther
Günther Deschner [Fri, 18 Jul 2008 22:10:58 +0000 (00:10 +0200)]
netapi: add NetGroupGetUsers example code.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:43:33 +0000 (23:43 +0200)]
netapi: add NetGroupGetUsers to public header.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:40:33 +0000 (23:40 +0200)]
netapi: add NetGroupGetUsers skeleton.
GUenther
Günther Deschner [Fri, 18 Jul 2008 21:38:17 +0000 (23:38 +0200)]
re-run make idl.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:37:31 +0000 (23:37 +0200)]
netapi: add NetGroupGetUsers to IDL.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:36:50 +0000 (23:36 +0200)]
re-run make idl.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:36:26 +0000 (23:36 +0200)]
netapi: add some more USER_INFO structs to IDL.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:35:33 +0000 (23:35 +0200)]
netapi: fix libnetapi_samr_lookup_user_map_USER_INFO.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:33:08 +0000 (23:33 +0200)]
netapi: use "buffer" in libnetapi.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:31:17 +0000 (23:31 +0200)]
re-run make idl.
Guenther
Günther Deschner [Fri, 18 Jul 2008 21:30:36 +0000 (23:30 +0200)]
netapi: cosmetics, use "buffer" everywhere.
Guenther
Günther Deschner [Fri, 18 Jul 2008 18:43:14 +0000 (20:43 +0200)]
netapi: use init_samr_CryptPasswordEx and init_samr_CryptPassword.
Guenther
Günther Deschner [Fri, 18 Jul 2008 18:42:55 +0000 (20:42 +0200)]
rpc_client: add init_samr_CryptPasswordEx and init_samr_CryptPassword.
Guenther
Günther Deschner [Fri, 18 Jul 2008 18:12:45 +0000 (20:12 +0200)]
netapi: implement NetUserSetInfo_r() for at least level 1007.
Guenther
Günther Deschner [Fri, 18 Jul 2008 18:12:13 +0000 (20:12 +0200)]
netapi: add convert_USER_INFO_X_to_samr_user_info21 fn and use it NetUserAdd.
Guenther
Günther Deschner [Fri, 18 Jul 2008 17:40:26 +0000 (19:40 +0200)]
re-run make idl.
Guenther
Günther Deschner [Fri, 18 Jul 2008 17:40:13 +0000 (19:40 +0200)]
netapi: add USER_INFO_X to IDL.
Guenther
Günther Deschner [Fri, 18 Jul 2008 17:12:42 +0000 (19:12 +0200)]
netapi: add netapi testsuite.
Guenther
Günther Deschner [Fri, 18 Jul 2008 18:10:37 +0000 (20:10 +0200)]
netapi: fix NetLocalGroupAdd.
Guenther
Michael Adam [Wed, 30 Jul 2008 14:24:20 +0000 (16:24 +0200)]
testparm: Display warning if invalid values are used.
This one came up while using "csc policy = disabled" instead of
"disable"... ;-)
Karolin Seeger [Tue, 29 Jul 2008 10:05:40 +0000 (12:05 +0200)]
pdb_interface: Fix typo in debug message.
Karolin
Karolin Seeger [Tue, 29 Jul 2008 10:03:08 +0000 (12:03 +0200)]
man pages: Fix typos in man smbclient.
Karolin
Volker Lendecke [Mon, 28 Jul 2008 15:52:35 +0000 (17:52 +0200)]
Attempt to fix bug 5616
We were calculating the session key but did not return it to the caller...
(cherry picked from commit
8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df)
Michael Adam [Mon, 28 Jul 2008 12:17:11 +0000 (14:17 +0200)]
run "make idl" after idl change to unify Primary:Kerberos* structs (
e8ae49f)
Michael
Stefan Metzmacher [Thu, 24 Jul 2008 06:20:06 +0000 (08:20 +0200)]
drsblobs.idl: unify the Primary:Kerberos and Primary:Kerberos-Newer-Keys structs
metze
(cherry picked from commit
4b79a7678571ac2f7d5f827913fdcb419f5d2e20)
Michael Adam [Mon, 28 Jul 2008 12:15:27 +0000 (14:15 +0200)]
run "make idl" after idl change "give some unknowns a meaning" (
67de745)
Michael
Stefan Metzmacher [Thu, 24 Jul 2008 05:53:55 +0000 (07:53 +0200)]
drsblobs.idl: give some unknowns a meaning
metze
(cherry picked from commit
231e6f5ab2dc8a3e991a9872be252cffff6f14c6)
Michael Adam [Mon, 28 Jul 2008 12:08:34 +0000 (14:08 +0200)]
rpcclient: Set the pid filed of the outgoing DsBindInfo to 0.
This is for debugging and informational purposes only.
The assignment is implementation specific.
(WSPP docs, sec. 5.35).
Michael
Volker Lendecke [Sun, 27 Jul 2008 16:41:19 +0000 (18:41 +0200)]
Fix a debug message
Volker Lendecke [Sun, 27 Jul 2008 16:37:00 +0000 (18:37 +0200)]
Remove a pointless CONST_DISCARD
Volker Lendecke [Sun, 27 Jul 2008 15:59:15 +0000 (17:59 +0200)]
Fix srvsvc_Net[Get|Set]FileSecurity
There were two bugs in those routines: They did not send INTERNAL_OPEN_ONLY to
open_file_ntcreate() and they did not chdir, so the file could never be found.
While there I decided to remove the become_root() calls and call create_file()
instead of the lower-level routines.
Volker Lendecke [Sun, 27 Jul 2008 15:56:48 +0000 (17:56 +0200)]
Make create_conn_struct() public
Volker Lendecke [Sat, 26 Jul 2008 22:20:37 +0000 (00:20 +0200)]
Remove unused extern struct current_user from substitute.c
A bit hard to believe, but substitute.c does not use current_user anymore.
Volker Lendecke [Sat, 26 Jul 2008 14:51:00 +0000 (16:51 +0200)]
Save 128 byte (32-bit platform) or 256 byte (64-bit) per connection_struct
This was just too easy not to use :-)
Volker Lendecke [Sat, 12 Jul 2008 10:56:00 +0000 (12:56 +0200)]
make read/write to internal pipes available externally
Volker Lendecke [Sat, 12 Jul 2008 10:25:42 +0000 (12:25 +0200)]
Refactoring: Make close_internal_rpc_pipe_hnd a talloc destructor
Volker Lendecke [Sat, 12 Jul 2008 10:20:08 +0000 (12:20 +0200)]
Refactor make_internal_rpc_pipe_p: connection_struct is not needed
Volker Lendecke [Sat, 28 Jun 2008 21:13:05 +0000 (23:13 +0200)]
Create doxygen comments for async_req.[ch]
Volker Lendecke [Sat, 26 Jul 2008 09:25:24 +0000 (11:25 +0200)]
Make api_rpcTNP static to srv_pipe.c
Volker Lendecke [Fri, 25 Jul 2008 21:30:53 +0000 (23:30 +0200)]
Fix an incompatible pointer warning
(cherry picked from commit
3282f7289b7b33beeaa1ca649651cca6537a69af)
Jeremy Allison [Fri, 25 Jul 2008 20:16:18 +0000 (13:16 -0700)]
Fix bug creating files using DOS clients with mixed
case files. Reported by Daniel Johnson <Progman2000@usa.net>.
The smb_set_file_time() call to set the filetimes is failing
because it's using the unmodified name passed in by the
client, not the modified name (matching case on the
disk) that comes out from create_file().
Jeremy.
Volker Lendecke [Fri, 25 Jul 2008 10:08:03 +0000 (12:08 +0200)]
Fix a race condition in winbind leading to a crash
When SIGCHLD handling is delayed for some reason, sending a request to a child
can fail early because the child has died already. In this case
async_main_request_sent() directly called the continuation function without
properly removing the malfunctioning child process and the requests in the
queue. The next request would then crash in the DLIST_ADD_END() in
async_request() because the request pending for the child had been
talloc_free()'ed and yet still was referenced in the list.
This one is *old*...
Volker
(cherry picked from commit
8691709626b0d461de91b8fc9d10c730d1f183dd)
Karolin Seeger [Wed, 23 Jul 2008 15:07:56 +0000 (17:07 +0200)]
talloc_string_sub2: Don't return NULL if src is empty.
This fixes BUG #5635.
Finished print jobs were not removed from the $PRINTER.tdb file if
"printing=cups".
In print_queue_update, talloc_string_sub2 is used to assemble the
"lprm command". In the case of using "printing=cups", the default
"lprm command" is an empty string. talloc_string_sub2 is called with
this empty string and returns NULL which leads to exiting
print_queue_update without doing the actual print queue update.
Signed-off by Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 25 Jul 2008 01:12:12 +0000 (18:12 -0700)]
If we're not allowing streams on this conn ptr,
then don't allow create_file() to call down to
create_file_unixpath() with a stream name.
Jeremy.
Andreas Schneider [Mon, 21 Jul 2008 09:52:10 +0000 (11:52 +0200)]
Remove trailing withespace from wbinfo -m which breaks gdm auth.
Signed-off-by: Andreas Schneider <anschneider@suse.de>
Jeremy Allison [Thu, 24 Jul 2008 19:01:46 +0000 (12:01 -0700)]
Add casts to uint32_t to match prototype for sid_append_rid().
Jeremy.
Jeremy Allison [Thu, 24 Jul 2008 18:56:49 +0000 (11:56 -0700)]
Use sys_getgrnam not getgrnam. Pointed out by Herb.
Jeremy.
Steve French [Thu, 24 Jul 2008 14:35:20 +0000 (09:35 -0500)]
Merge branch 'v3-3-test' of git+ssh://sfrench@git.samba.org/data/git/samba into v33
Steve French [Thu, 24 Jul 2008 14:32:53 +0000 (09:32 -0500)]
cifs.upcall was not recognizing the newer name "dns_resolver" key type
(as a synonym for the older "cifs.resolver" name) when resolving host
names to ip addresses for the kernel.
Acked-by: Jeff Layton
Volker Lendecke [Thu, 24 Jul 2008 12:58:21 +0000 (14:58 +0200)]
Remove unused request_finished_cont()
Volker Lendecke [Thu, 24 Jul 2008 12:46:43 +0000 (14:46 +0200)]
Make use of TALLOC_FREE when freeing the per-winbindrequest memory context
John H Terpstra [Thu, 24 Jul 2008 07:45:02 +0000 (09:45 +0200)]
pdb_ldap: Raise level for debug message to avoid log file flooding.
Michael Adam [Wed, 23 Jul 2008 21:10:34 +0000 (23:10 +0200)]
re-run "make idl" after adding idl for idl for Primary:Kerberos-Newer-Keys
Michael
Stefan Metzmacher [Tue, 22 Jul 2008 10:28:07 +0000 (12:28 +0200)]
drsblobs.idl: add idl for Primary:Kerberos-Newer-Keys blob in supplementalCredentials
metze
(cherry picked from commit
97b7901afbccc9647ad2958d4cf12300de2655d1)
Michael Adam [Wed, 23 Jul 2008 21:06:30 +0000 (23:06 +0200)]
re-run "make idl" after fixing unknowns in package_PrimaryKerberos (drsblobs.idl)
Michael
Stefan Metzmacher [Wed, 23 Jul 2008 06:53:34 +0000 (08:53 +0200)]
drsblobs.idl: fix unknowns in package_PrimaryKerberos idl
metze
(cherry picked from commit
da9ceb2bf17f964334d9317829d40483e2c04b10)
Michael Adam [Wed, 23 Jul 2008 21:02:09 +0000 (23:02 +0200)]
re-run "make idl" after fixing idl for supplementalCredentialsSubBlob.
Michael
Stefan Metzmacher [Wed, 23 Jul 2008 11:06:32 +0000 (13:06 +0200)]
drsblobs.idl: fix idl for supplementalCredentialsSubBlob
metze
(cherry picked from commit
24c5b10136f6e640832193aaf9e6d7e865c288bc)
Michael Adam [Wed, 23 Jul 2008 20:42:18 +0000 (22:42 +0200)]
re-run "make idl" after changing unknown1->reserved in drsblobs.idl
Michael
Stefan Metzmacher [Wed, 23 Jul 2008 11:53:03 +0000 (13:53 +0200)]
drsblobs.idl: rename unknown1 -> reserved
metze
Steve French [Wed, 23 Jul 2008 19:25:17 +0000 (14:25 -0500)]
cifs.upcall: fix compile warning
Steve French noticed these warnings when building cifs.upcall:
Compiling client/cifs.upcall.c
client/cifs.upcall.c: In function 'usage':
client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration
client/cifs.upcall.c:33: warning: shadowed declaration is here
Change the usage function to not take and arg and have it just use the global
"prog" variable. Fix a typo in the log message generated when an unknown
option is specified. Also getopt() always returns '?' when it sees an unknown
option so there's no point in printing it out.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Karolin Seeger [Tue, 22 Jul 2008 19:43:43 +0000 (21:43 +0200)]
rpc_parse: Unify spoolss debug messages.
Karolin
Michael Adam [Tue, 22 Jul 2008 14:18:03 +0000 (16:18 +0200)]
Change occurrences of the u1 member of DsBindInfo* to pid after idl change.
Michael
Michael Adam [Tue, 22 Jul 2008 14:15:15 +0000 (16:15 +0200)]
re-run "make idl" after changing u1 member to pid in DsBindInfo*.
Michael
Michael Adam [Tue, 22 Jul 2008 13:33:26 +0000 (15:33 +0200)]
drsuapi.idl: change the u1 field in DsBindInfo* to "pid".
According to the WSPP docs, section 5.35,
this is the "process identifyer" of the client.
It is meant for informational and debugging purposes
only and its assignment is implementation specific.
Michael
Zach Loafman [Thu, 3 Jul 2008 18:52:53 +0000 (11:52 -0700)]
Check for f_frsize when using statvfs
Add a configure test for the availability of f_frsize in struct statvfs
(for broken platforms that define statvfs but still have
f_bsize/f_iosize). Also add sys/types.h to the other struct statvfs test
(again, some platforms need it).