amitay/samba.git
10 years agos3:smbd: add a nfs backend for sysquotas.
Michael Adam [Fri, 6 Aug 2010 08:21:09 +0000 (10:21 +0200)]
s3:smbd: add a nfs backend for sysquotas.

This module is based on the Solaris/FreeBSD implementation
of NFS quotas in the quotas.c module.

It implements the SMB_USER_QUOTA_TYPE query of the
get_quotas call. The other types and the set_quota call
are not implemented.

10 years agos4-smbtorture: Added a torture test for forest trusts
Sumit Bose [Tue, 22 Jun 2010 13:06:27 +0000 (15:06 +0200)]
s4-smbtorture: Added a torture test for forest trusts

Signed-off-by: Günther Deschner <gd@samba.org>
10 years agos4-smbtorture: Make test_SetupCredentials3 public
Sumit Bose [Tue, 29 Jun 2010 14:24:36 +0000 (16:24 +0200)]
s4-smbtorture: Make test_SetupCredentials3 public

Signed-off-by: Günther Deschner <gd@samba.org>
10 years agos4-smbtorture: fill in trust_domain_passwords_check_in in NDR lsa test.
Günther Deschner [Fri, 16 Jul 2010 02:07:01 +0000 (04:07 +0200)]
s4-smbtorture: fill in trust_domain_passwords_check_in in NDR lsa test.

Guenther

10 years agoFix RPC-LSA-TRUSTED-DOMAINS for changed IDL
Sumit Bose [Mon, 23 Aug 2010 14:14:58 +0000 (16:14 +0200)]
Fix RPC-LSA-TRUSTED-DOMAINS for changed IDL

10 years agos4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.
Günther Deschner [Fri, 16 Jul 2010 02:06:48 +0000 (04:06 +0200)]
s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.

Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.

Guenther

10 years agos3-build: Use a wrapper script to run the tests.
Andreas Schneider [Wed, 25 Aug 2010 09:17:33 +0000 (11:17 +0200)]
s3-build: Use a wrapper script to run the tests.

This fixes the buildfarm and returns the correct exit code of selftest.

10 years agos4-dsdb: make more of the UF_* flags available on pydsdb
Andrew Tridgell [Tue, 24 Aug 2010 13:37:57 +0000 (23:37 +1000)]
s4-dsdb: make more of the UF_* flags available on pydsdb

this really should be moved to IDL

10 years agos4-rodc: broke up RODC join into separate functions
Andrew Tridgell [Tue, 24 Aug 2010 13:37:25 +0000 (23:37 +1000)]
s4-rodc: broke up RODC join into separate functions

this also removes some of the magic constants

10 years agos4-rodc: added REPL_SECRET exop replication of accounts
Andrew Tridgell [Tue, 24 Aug 2010 12:10:46 +0000 (22:10 +1000)]
s4-rodc: added REPL_SECRET exop replication of accounts

During a RODC join, we need to fetch the secrets for the machine
account and krbtgt account using GetNCChanges
DRSUAPI_EXOP_REPL_SECRET calls

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-dsdb: add more DS flags to the dsdb module
Andrew Tridgell [Tue, 24 Aug 2010 12:09:18 +0000 (22:09 +1000)]
s4-dsdb: add more DS flags to the dsdb module

These are from libds/common/flags.h

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-dsdb: added get_attid_from_lDAPDisplayName() on samdb
Andrew Tridgell [Tue, 24 Aug 2010 12:08:27 +0000 (22:08 +1000)]
s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb

This can be used to form the partial_attribute_set list for
GetNCChanges

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-rodc: next step in RODC join code
Andrew Tridgell [Tue, 24 Aug 2010 05:42:54 +0000 (15:42 +1000)]
s4-rodc: next step in RODC join code

a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-pynet: added replicate_init() and replicate_chunk() calls
Andrew Tridgell [Tue, 24 Aug 2010 05:41:40 +0000 (15:41 +1000)]
s4-pynet: added replicate_init() and replicate_chunk() calls

these calls allow python code to pass chunks from DRS replication
calls into the code that applies the chunks to a database

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-libnet: added libnet_vampire_replicate_init()
Andrew Tridgell [Tue, 24 Aug 2010 05:40:42 +0000 (15:40 +1000)]
s4-libnet: added libnet_vampire_replicate_init()

this is used to setup for later calls to the replicate chunk functions

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agoidl-nbt: fixed typo
Andrew Tridgell [Mon, 23 Aug 2010 08:59:47 +0000 (18:59 +1000)]
idl-nbt: fixed typo

10 years agos3: Make char_flags and base_reverse const arrays
Volker Lendecke [Tue, 24 Aug 2010 19:40:25 +0000 (21:40 +0200)]
s3: Make char_flags and base_reverse const arrays

This moves those arrays from dynamic to static, shared memory, removing them
from globals.c.

I did it by dumping the result of init_tables() with dump_data(). Some massage
by an editor macro made it the initializer.

10 years agos3: Move "trans_num" to smbd_server_connection
Volker Lendecke [Tue, 24 Aug 2010 18:47:29 +0000 (20:47 +0200)]
s3: Move "trans_num" to smbd_server_connection

10 years agos3: Make srv_send_smb take an sconn instead of a sock fd
Volker Lendecke [Tue, 24 Aug 2010 18:10:20 +0000 (20:10 +0200)]
s3: Make srv_send_smb take an sconn instead of a sock fd

10 years agopam: fix unused variable warning
Björn Jacke [Tue, 24 Aug 2010 09:07:38 +0000 (11:07 +0200)]
pam: fix unused variable warning

10 years agos4-waf: try to fix the s4 wbinfo build dependencies.
Günther Deschner [Tue, 24 Aug 2010 01:04:41 +0000 (03:04 +0200)]
s4-waf: try to fix the s4 wbinfo build dependencies.

Guenther

10 years agos3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Günther Deschner [Mon, 23 Aug 2010 14:02:23 +0000 (16:02 +0200)]
s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().

Initially, the schannel creds were talloc memduped, then, during the netlogon
creds client merge (baf7274fed2f1ae7a9e3a57160bf5471566e636c) they were first
talloc_referenced and then later (53765c81f726a8c056cc4e57004592dd489975c9)
talloc_moved.

The issue with using talloc_move here is that users of that function in winbind
will only be able to have two schanneled connections, as the cached schannel
credentials pointer from the netlogon pipe will be set to NULL. Do a deep copy
of the struct instead.

Guenther

10 years agoFinal part of fix for bug #7636 - winbind internal error, backtrace.
Jeremy Allison [Mon, 23 Aug 2010 20:05:56 +0000 (13:05 -0700)]
Final part of fix for bug #7636 - winbind internal error, backtrace.

Ensure cm_get_schannel_creds() returns NTSTATUS.

Jeremy.

10 years agos3-dcerpc: Allocate structure members on the right context
Simo Sorce [Mon, 23 Aug 2010 21:11:32 +0000 (17:11 -0400)]
s3-dcerpc: Allocate structure members on the right context

10 years agos3: PAM_RHOST and PAM_TTY are enums on FreeBSD
Volker Lendecke [Mon, 23 Aug 2010 19:00:27 +0000 (21:00 +0200)]
s3: PAM_RHOST and PAM_TTY are enums on FreeBSD

10 years agos4:getncchanges.c - fix some counter variable types
Matthias Dieter Wallnöfer [Mon, 23 Aug 2010 05:37:36 +0000 (07:37 +0200)]
s4:getncchanges.c - fix some counter variable types

They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".

10 years agoreplace: Fix ifndefs for formatting defines.
Jelmer Vernooij [Mon, 23 Aug 2010 13:10:07 +0000 (15:10 +0200)]
replace: Fix ifndefs for formatting defines.

Thanks to Michael Brown for pointing this out.

10 years agos4-devel: added a getncchanges developer script
Andrew Tridgell [Mon, 23 Aug 2010 02:47:51 +0000 (12:47 +1000)]
s4-devel: added a getncchanges developer script

this allows for command line access to getncchanges

it also provides a good example of calling DRSUAPI interfaces from
python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-pyrpc: use s4_event_context_init()
Andrew Tridgell [Mon, 23 Aug 2010 02:07:56 +0000 (12:07 +1000)]
s4-pyrpc: use s4_event_context_init()

This fixes a crash when using kerberos and the python dcercpc
interface, which requires event nesting

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-pyregistry: use s4_event_context_init()
Andrew Tridgell [Mon, 23 Aug 2010 02:07:19 +0000 (12:07 +1000)]
s4-pyregistry: use s4_event_context_init()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-event: event_context_find() should use s4_event_context_init()
Andrew Tridgell [Mon, 23 Aug 2010 02:07:00 +0000 (12:07 +1000)]
s4-event: event_context_find() should use s4_event_context_init()

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-net: role should be case insensitive for join
Andrew Tridgell [Mon, 23 Aug 2010 01:36:29 +0000 (11:36 +1000)]
s4-net: role should be case insensitive for join

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: show the user sid that does the GetNCChanges call
Andrew Tridgell [Mon, 23 Aug 2010 01:33:19 +0000 (11:33 +1000)]
s4-drs: show the user sid that does the GetNCChanges call

this is useful when debugging replication

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: removed the warning on WRIT_REP being set
Andrew Tridgell [Mon, 23 Aug 2010 01:32:28 +0000 (11:32 +1000)]
s4-drs: removed the warning on WRIT_REP being set

we just need to clear this flag

10 years agos4-net: added initial implemention of RODC join
Andrew Tridgell [Mon, 23 Aug 2010 01:31:48 +0000 (11:31 +1000)]
s4-net: added initial implemention of RODC join

This does the join using python code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agolibnet-s4: added replicate() command in pynet
Andrew Tridgell [Mon, 23 Aug 2010 01:30:22 +0000 (11:30 +1000)]
libnet-s4: added replicate() command in pynet

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-libnet: split libnet_Vampire() into two parts
Andrew Tridgell [Mon, 23 Aug 2010 01:13:22 +0000 (11:13 +1000)]
s4-libnet: split libnet_Vampire() into two parts

libnet_Replicate() will do just the replication portion of
libnet_Vampire(). This will be used by the RODC join, where the join
part of the operation happens in python, and behaves quite differently
to the libnet_Join() code.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-libnet: show the DN when DsAddEntry() fails
Andrew Tridgell [Mon, 23 Aug 2010 01:11:35 +0000 (11:11 +1000)]
s4-libnet: show the DN when DsAddEntry() fails

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-net: moved the net join command to python
Andrew Tridgell [Sun, 22 Aug 2010 22:52:19 +0000 (08:52 +1000)]
s4-net: moved the net join command to python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-libnet: added join type constants to python interface
Andrew Tridgell [Sun, 22 Aug 2010 22:50:04 +0000 (08:50 +1000)]
s4-libnet: added join type constants to python interface

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-python: added ndr_print() method in ndr
Andrew Tridgell [Sun, 22 Aug 2010 21:52:25 +0000 (07:52 +1000)]
s4-python: added ndr_print() method in ndr

10 years agopidl-python: fixed the docstrings for ndr_print, ndr_pack and ndr_unpack
Andrew Tridgell [Sun, 22 Aug 2010 21:51:55 +0000 (07:51 +1000)]
pidl-python: fixed the docstrings for ndr_print, ndr_pack and ndr_unpack

10 years agolibreplace: fixed the strptime() waf test
Andrew Tridgell [Sun, 22 Aug 2010 21:28:09 +0000 (07:28 +1000)]
libreplace: fixed the strptime() waf test

Thanks to Jelmer for pointing this out

10 years agos4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
Andrew Bartlett [Fri, 20 Aug 2010 02:15:15 +0000 (12:15 +1000)]
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid

This makes the structure much more like NT_USER_TOKEN in the source3/
code.  (The remaining changes are that privilages still need to be merged)

Andrew Bartlett

10 years agos3:pdbtest Fix command name of pdbtest
Andrew Bartlett [Fri, 20 Aug 2010 12:30:46 +0000 (22:30 +1000)]
s3:pdbtest Fix command name of pdbtest

Signed-off-by: Michael Adam <obnox@samba.org>
10 years agos3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.
Andreas Schneider [Sun, 22 Aug 2010 20:55:01 +0000 (22:55 +0200)]
s3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.

10 years agos3:param Clarify parameter name on init_globals()
Andrew Bartlett [Fri, 20 Aug 2010 07:51:48 +0000 (17:51 +1000)]
s3:param Clarify parameter name on init_globals()

This parameter is used with the registry backend to
cause the globals table to be re-initialised.

Andrew Bartlett

Signed-off-by: Michael Adam <obnox@samba.org>
10 years agos3: Turn two macros into functions
Volker Lendecke [Sun, 22 Aug 2010 18:00:46 +0000 (20:00 +0200)]
s3: Turn two macros into functions

10 years agos3: Pass the rhost through smb_pam_accountcheck
Volker Lendecke [Wed, 18 Aug 2010 16:23:49 +0000 (18:23 +0200)]
s3: Pass the rhost through smb_pam_accountcheck

10 years agos3: Rename auth.c:backends to auth_backends
Volker Lendecke [Wed, 18 Aug 2010 15:31:39 +0000 (17:31 +0200)]
s3: Rename auth.c:backends to auth_backends

10 years agos3: Fix some nonemtpy blank lines
Volker Lendecke [Sun, 22 Aug 2010 16:41:39 +0000 (18:41 +0200)]
s3: Fix some nonemtpy blank lines

10 years agos4: Only install testparm to /usr/bin/, no longer to /usr/sbin.
Jelmer Vernooij [Sun, 22 Aug 2010 15:12:26 +0000 (17:12 +0200)]
s4: Only install testparm to /usr/bin/, no longer to /usr/sbin.

10 years agos4: Install testparm to /usr/bin, consistent with old behaviour.
Jelmer Vernooij [Sun, 22 Aug 2010 15:03:47 +0000 (17:03 +0200)]
s4: Install testparm to /usr/bin, consistent with old behaviour.

10 years agos4-waf: re-use SAMBA_LIBRARY() in building shared modules
Andrew Tridgell [Wed, 18 Aug 2010 23:22:54 +0000 (09:22 +1000)]
s4-waf: re-use SAMBA_LIBRARY() in building shared modules

make SAMBA_MODULE() call SAMBA_LIBRARY() to do the heavy lifting. This
fixes the problem with modules being a bit too slim :-)

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

10 years agos3: Move check_access to cgi.c, its only user
Volker Lendecke [Wed, 18 Aug 2010 14:50:26 +0000 (16:50 +0200)]
s3: Move check_access to cgi.c, its only user

10 years agos3: Replace calls to check_access by allow_access
Volker Lendecke [Wed, 18 Aug 2010 14:48:20 +0000 (16:48 +0200)]
s3: Replace calls to check_access by allow_access

We already have both the name and address of the client stored now

10 years agoAvoid use of Samba DTD, which requires net access.
Jelmer Vernooij [Sun, 22 Aug 2010 03:24:55 +0000 (05:24 +0200)]
Avoid use of Samba DTD, which requires net access.

10 years agowafsamba: fix CHECK_XSLTPROC_MANPAGES().
Jelmer Vernooij [Sun, 22 Aug 2010 03:02:00 +0000 (05:02 +0200)]
wafsamba: fix CHECK_XSLTPROC_MANPAGES().

10 years agoUse DocBook DTD rather than Samba one, as no Samba-specific things are
Jelmer Vernooij [Sun, 22 Aug 2010 03:00:57 +0000 (05:00 +0200)]
Use DocBook DTD rather than Samba one, as no Samba-specific things are
used in the tdb manpages.

10 years agos4-net: better error message on net setpassword
Andrew Tridgell [Sun, 22 Aug 2010 04:51:12 +0000 (14:51 +1000)]
s4-net: better error message on net setpassword

10 years agolibrpc: add python bindings for the netlogon pipe
Andrew Tridgell [Sun, 22 Aug 2010 04:50:46 +0000 (14:50 +1000)]
librpc: add python bindings for the netlogon pipe

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

10 years agopyldb: do type checking on the list form of ldb add
Andrew Tridgell [Sun, 22 Aug 2010 04:50:22 +0000 (14:50 +1000)]
pyldb: do type checking on the list form of ldb add

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

10 years agopidl: give the varible name for bad type in python calls
Andrew Tridgell [Sun, 22 Aug 2010 04:49:10 +0000 (14:49 +1000)]
pidl: give the varible name for bad type in python calls

This makes it much clearer which argument to a function had the wrong
type

10 years agopidl: cope with bad type conversions in unions
Andrew Tridgell [Sun, 22 Aug 2010 04:47:22 +0000 (14:47 +1000)]
pidl: cope with bad type conversions in unions

This prevents a crash when converting bad types in NDR unions

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

10 years agopidl: added a __ndr_print__() method on python NDR objects
Andrew Tridgell [Sun, 22 Aug 2010 04:46:01 +0000 (14:46 +1000)]
pidl: added a __ndr_print__() method on python NDR objects

This allows you to print a returned NDR structure using
s.__ndr_print__() which gives an easy view of complex
structures, such as those from netlogon

10 years agos3: Fix netgrent configure checks for compilers not supporting -Werror-implicit-funct...
Kai Blin [Sat, 14 Aug 2010 05:40:51 +0000 (07:40 +0200)]
s3: Fix netgrent configure checks for compilers not supporting -Werror-implicit-function-declaration

This should fix bug 7620.

10 years agos3: Fix bug 7635
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635

10 years agoFix bug 7627 - smbclient ignores "-I" when used with "-L", fails name resolution.
Jeremy Allison [Fri, 20 Aug 2010 22:57:08 +0000 (15:57 -0700)]
Fix bug 7627 - smbclient ignores "-I" when used with "-L", fails name resolution.

Still needs some more work to fix missing netbios name issues, but fixes
underlying issue of IP address being ignored.

Jeremy.

10 years agoFix const warning.
Jeremy Allison [Fri, 20 Aug 2010 22:56:37 +0000 (15:56 -0700)]
Fix const warning.

10 years agos4-ndr_basic.c: Fix ndr_*_hyper() when [bigendian] data is processed
Kamen Mazdrashki [Fri, 20 Aug 2010 18:58:22 +0000 (21:58 +0300)]
s4-ndr_basic.c: Fix ndr_*_hyper() when [bigendian] data is processed

10 years agos4-drsuapi: Implement custom printing for drsuapi protocol for
Kamen Mazdrashki [Thu, 19 Aug 2010 12:52:49 +0000 (15:52 +0300)]
s4-drsuapi: Implement custom printing for drsuapi protocol for

drsuapi_DsReplicaAttribute and drsuapi_DsAttributeValueCtr objects

This makes tracing what data has been transferred much easier

10 years agos3: Use sconn->client_id in session_claim
Volker Lendecke [Wed, 18 Aug 2010 16:35:53 +0000 (18:35 +0200)]
s3: Use sconn->client_id in session_claim

10 years agos3:librpc: make dcerpc_read_ncacn_packet_send/recv() available
Stefan Metzmacher [Thu, 12 Aug 2010 13:59:17 +0000 (15:59 +0200)]
s3:librpc: make dcerpc_read_ncacn_packet_send/recv() available

metze

10 years agolibrpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c
Stefan Metzmacher [Thu, 12 Aug 2010 13:49:32 +0000 (15:49 +0200)]
librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c

metze

10 years agos3:Makefile.in: use python with -u to disable stdin/out caching
Stefan Metzmacher [Fri, 20 Aug 2010 12:52:04 +0000 (14:52 +0200)]
s3:Makefile.in: use python with -u to disable stdin/out caching

metze

10 years agos3:winbindd: fix error handling in wb_next_grent_fetch_done()
Stefan Metzmacher [Tue, 17 Aug 2010 06:05:14 +0000 (08:05 +0200)]
s3:winbindd: fix error handling in wb_next_grent_fetch_done()

We should not use 'result' uninitialized.

metze

10 years agoRemove place-holders when it is single domain
Zahari Zahariev [Thu, 19 Aug 2010 15:30:03 +0000 (18:30 +0300)]
Remove place-holders when it is single domain

This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.

There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.

10 years agos4-dsdb: the RODC_JOIN control also changes samAccountName
Andrew Tridgell [Fri, 20 Aug 2010 07:17:23 +0000 (17:17 +1000)]
s4-dsdb: the RODC_JOIN control also changes samAccountName

when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-pysamdb: fixed get_domain_sid()
Andrew Tridgell [Thu, 19 Aug 2010 21:26:53 +0000 (07:26 +1000)]
s4-pysamdb: fixed get_domain_sid()

we need to actually return the SID!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-ldb: added support for rodc_control in ldb
Andrew Tridgell [Thu, 19 Aug 2010 21:26:09 +0000 (07:26 +1000)]
s4-ldb: added support for rodc_control in ldb

this allows you to specify the RODC join control in python ldb calls
or on the command line

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
Andrew Tridgell [Thu, 19 Aug 2010 03:06:08 +0000 (13:06 +1000)]
s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls

when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: bring us much closer to the docs for DRS secret replication
Andrew Tridgell [Wed, 18 Aug 2010 08:38:26 +0000 (18:38 +1000)]
s4-drs: bring us much closer to the docs for DRS secret replication

The rules for when a RODC can replicate secrets are:

 - it can always replicate its own acct
 - it can also replicate its krbtgt acct
 - it can't replicate other krbtgt accts
 - it can't replicate interdomain trust accounts
 - it can't replicate users in the denied group list
 - it can replicate users in the allowed group list

otherwise it can't replicate

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-dsdb: fixed dsdb_get_extended_dn_sid()
Andrew Tridgell [Wed, 18 Aug 2010 08:36:12 +0000 (18:36 +1000)]
s4-dsdb: fixed dsdb_get_extended_dn_sid()

it should honor the component_name

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agoidl: added the RODC allow/deny secrets RIDs
Andrew Tridgell [Wed, 18 Aug 2010 08:35:41 +0000 (18:35 +1000)]
idl: added the RODC allow/deny secrets RIDs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: implement RODC attribute filtering override
Andrew Tridgell [Wed, 18 Aug 2010 04:31:05 +0000 (14:31 +1000)]
s4-drs: implement RODC attribute filtering override

When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos4-drs: added sam_ctx_system on DRS bind state
Andrew Tridgell [Wed, 18 Aug 2010 04:27:17 +0000 (14:27 +1000)]
s4-drs: added sam_ctx_system on DRS bind state

The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

10 years agos3:loadparm: make lp_load_ex static. We have wrappers for external callers.
Michael Adam [Fri, 20 Aug 2010 09:14:06 +0000 (11:14 +0200)]
s3:loadparm: make lp_load_ex static. We have wrappers for external callers.

10 years agos3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient.
Jim McDonough [Thu, 19 Aug 2010 12:46:59 +0000 (08:46 -0400)]
s3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient.

DOS error codes were being lost with the conversion to async
libsmbclient.  If we're passing around NTSTATUS internally,
let's just convert it when we get it.

DOS ACCESS_DENIED on nautilus was not prompting for other credentials,
because it was not being mapped.

10 years agos3-ads: Fix wrong test in if statement
Simo Sorce [Thu, 19 Aug 2010 11:35:01 +0000 (07:35 -0400)]
s3-ads: Fix wrong test in if statement

10 years agos3-waf: fix the build.
Günther Deschner [Thu, 19 Aug 2010 13:24:20 +0000 (15:24 +0200)]
s3-waf: fix the build.

Guenther

10 years agos3-ldapsam: add samba.ldif LDAP schema.
Günther Deschner [Thu, 19 Aug 2010 12:22:01 +0000 (14:22 +0200)]
s3-ldapsam: add samba.ldif LDAP schema.

This one is suiteable for cn=config setups and should be added via ldapadd.

Thanks to Sumit Bose <sbose@redhat.com> for providing it.

Guenther

10 years agos3-cli: fix uninitialized variable.
Günther Deschner [Thu, 19 Aug 2010 12:02:22 +0000 (14:02 +0200)]
s3-cli: fix uninitialized variable.

Volker, please check.

Guenther

10 years agos3-idmap: fix uninitialized variable in idmap_tdb_sids_to_unixids_action().
Günther Deschner [Thu, 19 Aug 2010 12:01:47 +0000 (14:01 +0200)]
s3-idmap: fix uninitialized variable in idmap_tdb_sids_to_unixids_action().

Michael, please check.

Guenther

10 years agos4 provision: POLICY_ACL is already an FS acl no need to translate it
Matthieu Patou [Thu, 19 Aug 2010 08:37:00 +0000 (12:37 +0400)]
s4 provision: POLICY_ACL is already an FS acl no need to translate it

10 years agos4 provision: Add some documentation to GPO related functions
Matthieu Patou [Thu, 19 Aug 2010 08:33:57 +0000 (12:33 +0400)]
s4 provision: Add some documentation to GPO related functions

10 years agounit tests: debug to ease locating pb, remove dir if exists to avoid error
Matthieu Patou [Sat, 14 Aug 2010 14:51:55 +0000 (18:51 +0400)]
unit tests: debug to ease locating pb, remove dir if exists to avoid error

10 years agos4 upgradeprovision: exit with a non null return code so that it can be trapped in...
Matthieu Patou [Sat, 14 Aug 2010 12:57:49 +0000 (16:57 +0400)]
s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests

10 years agos4 upgradeprovision: add more attrbutes the ignore list
Matthieu Patou [Thu, 12 Aug 2010 13:28:28 +0000 (17:28 +0400)]
s4 upgradeprovision: add more attrbutes the ignore list

Also format in a pretty way the int64 ranges

10 years agos4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing
Matthieu Patou [Thu, 12 Aug 2010 08:22:08 +0000 (12:22 +0400)]
s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing

10 years agos4 upgradeprovision: Add a function for schema reloading
Matthieu Patou [Sun, 11 Jul 2010 11:36:32 +0000 (15:36 +0400)]
s4 upgradeprovision: Add a function for schema reloading

Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)