12 years agopackaging(RHEL-CTDB): add new to the common package
Michael Adam [Thu, 19 Mar 2009 23:30:35 +0000 (00:30 +0100)]
packaging(RHEL-CTDB): add new to the common package


Signed-off-by: Michael Adam <>
12 years agopackaging(RHEL-CTDB): add new binary sharesec to the client package.
Michael Adam [Thu, 19 Mar 2009 23:28:36 +0000 (00:28 +0100)]
packaging(RHEL-CTDB): add new binary sharesec to the client package.


Signed-off-by: Michael Adam <>
12 years agopackaging(RHEL-CTDB): add new binary ldbrename to the common rpm
Michael Adam [Thu, 19 Mar 2009 23:26:11 +0000 (00:26 +0100)]
packaging(RHEL-CTDB): add new binary ldbrename to the common rpm


Signed-off-by: Michael Adam <>
12 years agopackaging(RHEL-CTDB): fix location of nsswitch/ directory for install
Michael Adam [Mon, 29 Jun 2009 15:07:14 +0000 (17:07 +0200)]
packaging(RHEL-CTDB): fix location of nsswitch/ directory for install

This has been moved to the top level directory in 3.4.


12 years agopackaging(RHEL-CTDB): don't pass CFLAGS to make.
Michael Adam [Mon, 29 Jun 2009 15:05:00 +0000 (17:05 +0200)]
packaging(RHEL-CTDB): don't pass CFLAGS to make.

This breaks the build since 3.3 since it overwrites the CFLAGS
set by configure.


12 years agopackaging(RHEL-CTDB): don't "make proto" any more.
Michael Adam [Mon, 29 Jun 2009 15:03:09 +0000 (17:03 +0200)]
packaging(RHEL-CTDB): don't "make proto" any more.

This has become unnecessary in 3.3


12 years agopackaging(RHEL-CTDB) replace source/ by source3/
Michael Adam [Tue, 23 Jun 2009 21:09:09 +0000 (23:09 +0200)]
packaging(RHEL-CTDB) replace source/ by source3/


12 years agopackaging(RHEL-CTDB) fix detection of version
Michael Adam [Tue, 23 Jun 2009 21:06:40 +0000 (23:06 +0200)]
packaging(RHEL-CTDB) fix detection of version


12 years agopackaging(RHEL-CTDB): v3-4-test uses source3 instead of source
Michael Adam [Tue, 23 Jun 2009 20:41:51 +0000 (22:41 +0200)]
packaging(RHEL-CTDB): v3-4-test uses source3 instead of source


12 years agopackaging(RHEL-CTDB): build winbind-32bit libs in the 64bit build
Michael Adam [Wed, 21 Jan 2009 08:49:12 +0000 (09:49 +0100)]
packaging(RHEL-CTDB): build winbind-32bit libs in the 64bit build

(cherry picked from commit a9a506b6640986548e2ae8540b7ae93960d6ece5)

12 years agopackaging(RHEL-CTDB): Build winbind-32bit package in the 64bit build
Michael Adam [Tue, 20 Jan 2009 18:47:28 +0000 (19:47 +0100)]
packaging(RHEL-CTDB): Build winbind-32bit package in the 64bit build

(cherry picked from commit f5cd88a25f360e6609dc5abe24247fab78af6854)

12 years agopackaging(RHEL-CTDB): extend to extract VENDOR_PATCH from version.h
Michael Adam [Wed, 21 Jan 2009 10:03:34 +0000 (11:03 +0100)]
packaging(RHEL-CTDB): extend to extract VENDOR_PATCH from version.h

(cherry picked from commit fc122aa276bce379b492e5bdf52ab3e03bc3737f)

12 years agopackaging(RHEL-CTDB): The former release number has basically moved into VERSION
Michael Adam [Wed, 21 Jan 2009 09:24:31 +0000 (10:24 +0100)]
packaging(RHEL-CTDB): The former release number has basically moved into VERSION


12 years agos3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()
Michael Adam [Fri, 13 Nov 2009 15:16:50 +0000 (16:16 +0100)]
s3:smbd: also fill the memcache with sid<->id mappings in ldapsam_sid_to_id()

not only the persistent idmap cache.


12 years agos3:smbd: make idmap cache persistent for "ldapsam:trusted".
Michael Adam [Fri, 13 Nov 2009 14:51:33 +0000 (15:51 +0100)]
s3:smbd: make idmap cache persistent for "ldapsam:trusted".

This stores the mappings found in the idmap cache (which lives
inside gencache). This cache is already read in sid_to_Xid()
and Xid_to_sid() for ldapsam:trusted, this fills the opposite
direction, massively reducing the number of ldap roundtrips
across smbd restarts.


12 years agoutil: str_list_unique() bugfix
Kamen Mazdrashki [Fri, 13 Nov 2009 01:57:48 +0000 (03:57 +0200)]
util: str_list_unique() bugfix

j is actually the index of the last element in the list
size of the list though is j+1 <- to make room for the
terminating NULL element

12 years agoutil: str_list_unique_2() test implementation
Kamen Mazdrashki [Fri, 13 Nov 2009 01:56:07 +0000 (03:56 +0200)]
util: str_list_unique_2() test implementation

Difference with previous test for str_list_unique() is
that this test allows number of elements and number
of duplicates to be supplied on command line using

12 years agos4:heimdal Import generated files from heimdal tree
Andrew Bartlett [Fri, 13 Nov 2009 02:50:25 +0000 (13:50 +1100)]
s4:heimdal Import generated files from heimdal tree

We should be able to rebuild these, but a cp is easier :-)

12 years agos4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634f...
Andrew Bartlett [Thu, 12 Nov 2009 23:51:14 +0000 (10:51 +1100)]
s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)

12 years agos4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b...
Andrew Bartlett [Mon, 21 Sep 2009 06:18:34 +0000 (23:18 -0700)]
s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)

12 years agoFix large paged search
Volker Lendecke [Mon, 18 May 2009 14:04:04 +0000 (16:04 +0200)]
Fix large paged search

Signed-off-by: Michael Adam <>
12 years agofix bogus "out of memory" winbind msg
Volker Lendecke [Wed, 13 May 2009 08:12:26 +0000 (10:12 +0200)]
fix bogus "out of memory" winbind msg

Signed-off-by: Michael Adam <>
12 years agos4-ldb: changed the DN checks for \n to warnings
Andrew Tridgell [Fri, 13 Nov 2009 08:31:40 +0000 (19:31 +1100)]
s4-ldb: changed the DN checks for \n to warnings

a \n is sometimes allowed in AD (eg in deleted DNs). Until we know
when is really is allowed, treat it as a warning only.

12 years agos4-ldb: make DN escaping/unescaping consistent
Andrew Tridgell [Fri, 13 Nov 2009 06:48:35 +0000 (17:48 +1100)]
s4-ldb: make DN escaping/unescaping consistent

The DN escape function was using the form \c where c is any
character. The unescape function was using \XX where XX is a 2 digit
hex number. The asymmetry led to quite a few problems when we start to
deal with DNs containing escape chars, such as CN=foo\0ADEL:XXX. The
result was a DN that was not accessible.

This patch changes the escaping to follow RFC2253 much more
closely. We accept either type of escape, and produce the two types of
escape, depending on the character being escaped

12 years agos3: Convert cli_unix_extensions_version to async
Volker Lendecke [Thu, 12 Nov 2009 22:07:21 +0000 (23:07 +0100)]
s3: Convert cli_unix_extensions_version to async

12 years agos3-rpcclient: use the parsed binding string flags for auth choice.
Günther Deschner [Thu, 12 Nov 2009 15:45:33 +0000 (16:45 +0100)]
s3-rpcclient: use the parsed binding string flags for auth choice.

This allows rpcclient to be called like this:

rpcclient ncacn_ip_tcp:w2k8r2[sign,seal] -U administrator%secret -c "dscracknames gd"


12 years agoRemove unused variable warning.
Jeremy Allison [Thu, 12 Nov 2009 22:09:25 +0000 (14:09 -0800)]
Remove unused variable warning.

12 years agoRemove erroneous 'presult = NULL' changes. Now presult only gets set
Jeremy Allison [Thu, 12 Nov 2009 21:59:25 +0000 (13:59 -0800)]
Remove erroneous 'presult = NULL' changes. Now presult only gets set

12 years agoRevert "Ensure every return path initializes presult as NULL."
Jeremy Allison [Thu, 12 Nov 2009 21:57:13 +0000 (13:57 -0800)]
Revert "Ensure every return path initializes presult as NULL."
Vl is correct, this is the wrong way to fix this.

This reverts commit 83c2c177a5e86d04da37384f1f04230c8274e1e6.

12 years agoEnsure all callers to the rpc_client/cli_pipe functions correctly
Jeremy Allison [Thu, 12 Nov 2009 21:56:33 +0000 (13:56 -0800)]
Ensure all callers to the rpc_client/cli_pipe functions correctly
initialize return variables.

12 years agoFix bug 6891 - using windows explorer to change ownership on a folder fails with...
Jeremy Allison [Thu, 12 Nov 2009 21:08:04 +0000 (13:08 -0800)]
Fix bug 6891 - using windows explorer to change ownership on a folder fails with Bad File Descriptor.

12 years agoEnsure every return path initializes presult as NULL.
Jeremy Allison [Thu, 12 Nov 2009 19:49:54 +0000 (11:49 -0800)]
Ensure every return path initializes presult as NULL.
Ensures no crashes in calling code that forgets to
init return as null.

12 years agos4:heimdal_build: allow flex-2.5.35 with bison-2.3
Stefan Metzmacher [Mon, 9 Nov 2009 17:23:06 +0000 (18:23 +0100)]
s4:heimdal_build: allow flex-2.5.35 with bison-2.3


12 years agos3-kerberos: remove smb_krb5_get_tkt_from_creds().
Günther Deschner [Thu, 12 Nov 2009 14:42:03 +0000 (15:42 +0100)]
s3-kerberos: remove smb_krb5_get_tkt_from_creds().

Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.


12 years agos3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.
Günther Deschner [Thu, 12 Nov 2009 14:40:42 +0000 (15:40 +0100)]
s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.


12 years agos4:dsdb Make callbacks in extended_dn_out clearer to follow
Andrew Bartlett [Thu, 12 Nov 2009 10:31:11 +0000 (21:31 +1100)]
s4:dsdb Make callbacks in extended_dn_out clearer to follow

12 years agos4:selftest Mark the RPC-DSSYNC test as knownfail for now
Andrew Bartlett [Thu, 12 Nov 2009 10:14:13 +0000 (21:14 +1100)]
s4:selftest Mark the RPC-DSSYNC test as knownfail for now

We need to work on the provision or LDB modules to avoid DN attributes
without GUIDs (caused because the target does not exist at creation

Andrew Bartlett

12 years agos4:libcli/ldap Add 'relax' OID to known network representations
Andrew Bartlett [Thu, 12 Nov 2009 06:16:25 +0000 (17:16 +1100)]
s4:libcli/ldap Add 'relax' OID to known network representations

This patch, inspired by a patche by Endi S. Dewata
<>, allows this control to be passed to the LDAP

Andrew Bartlett

12 years agos4:provision - Added LDBBackend and ExistingBackend.
Endi S. Dewata [Fri, 6 Nov 2009 04:29:55 +0000 (22:29 -0600)]
s4:provision - Added LDBBackend and ExistingBackend.

12 years agos4:provision - Added constructors for FDSBackend and OpenLDAPBackend.
Endi S. Dewata [Fri, 6 Nov 2009 03:55:34 +0000 (21:55 -0600)]
s4:provision - Added constructors for FDSBackend and OpenLDAPBackend.

12 years agos4:provision - Added setup() method in LDAPBackend.
Endi S. Dewata [Fri, 6 Nov 2009 00:49:37 +0000 (18:49 -0600)]
s4:provision - Added setup() method in LDAPBackend.

12 years agos4:provision - Moved provision_xxx_backend() into backend-specific provision() method.
Endi S. Dewata [Thu, 5 Nov 2009 23:36:34 +0000 (17:36 -0600)]
s4:provision - Moved provision_xxx_backend() into backend-specific provision() method.

12 years agos4:provision - Added start() method in LDAPBackend.
Endi S. Dewata [Thu, 5 Nov 2009 18:04:05 +0000 (12:04 -0600)]
s4:provision - Added start() method in LDAPBackend.

12 years agos4:provision - Added initial implementation of FDSBackend and OpenLDAPBackend.
Endi S. Dewata [Thu, 5 Nov 2009 17:15:55 +0000 (11:15 -0600)]
s4:provision - Added initial implementation of FDSBackend and OpenLDAPBackend.

12 years agos3: Fix debug messages in check_reduced_name
Volker Lendecke [Thu, 12 Nov 2009 10:07:15 +0000 (11:07 +0100)]
s3: Fix debug messages in check_reduced_name

12 years agocifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
Günther Deschner [Wed, 11 Nov 2009 23:52:38 +0000 (00:52 +0100)]
cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.


12 years agos3-kerberos: add smb_krb5_principal_get_realm().
Günther Deschner [Wed, 11 Nov 2009 23:51:46 +0000 (00:51 +0100)]
s3-kerberos: add smb_krb5_principal_get_realm().


12 years agos4:repl_meta_data Parse linked attributes with schema syntaxes
Andrew Bartlett [Thu, 12 Nov 2009 04:39:17 +0000 (15:39 +1100)]
s4:repl_meta_data Parse linked attributes with schema syntaxes

The bug here was that by assuming all linked attributes were 'normal
DNs', we would miss the binary portion of DN+Binary.

This patch then has us reparse the string to determine it's GUID, for
the GUID lookup, but maintains the binary porition into the on-disk

Andrew Bartlett

12 years agos4:dsdb/schema Add more unit tests for DN+Binary syntaxes
Andrew Bartlett [Thu, 12 Nov 2009 04:38:16 +0000 (15:38 +1100)]
s4:dsdb/schema Add more unit tests for DN+Binary syntaxes

12 years agos4:torture Use (some) torture_assert() calls in RPC-DSSYNC test
Andrew Bartlett [Thu, 12 Nov 2009 04:37:34 +0000 (15:37 +1100)]
s4:torture Use (some) torture_assert() calls in RPC-DSSYNC test

12 years agos4:dsdb Improve debug message in extended_dn_out
Andrew Bartlett [Thu, 12 Nov 2009 04:35:54 +0000 (15:35 +1100)]
s4:dsdb Improve debug message in extended_dn_out

12 years agos4:torture Remove _drs_util_verify_attids() from RPC-DSSYNC
Andrew Bartlett [Wed, 11 Nov 2009 21:08:26 +0000 (08:08 +1100)]
s4:torture Remove _drs_util_verify_attids() from RPC-DSSYNC

I'm satisfied that the task this test does is already done by the time
we map the incoming schema, and process the objects.  If we have the
OID mapping wrong or incomplete, we will get any errors this test
found errors there.

(And this dramaticly reduces the test time, so we can now add
RPC-DSSYNC to 'make test').

Andrew Bartlett

12 years agos4:torture/dsdb Add verification of the push-to-LDB functions in RPC-DSSYNC
Andrew Bartlett [Wed, 11 Nov 2009 11:31:06 +0000 (22:31 +1100)]
s4:torture/dsdb Add verification of the push-to-LDB functions in RPC-DSSYNC

This is done by comparing the values against the remote host's LDAP

Andrew Bartlett

12 years agos4:torture Add const
Andrew Bartlett [Wed, 11 Nov 2009 08:27:30 +0000 (19:27 +1100)]
s4:torture Add const

12 years agos4:ldb Allow ldb_msg_canonicalize to handle empty elements
Andrew Bartlett [Wed, 11 Nov 2009 08:26:28 +0000 (19:26 +1100)]
s4:ldb Allow ldb_msg_canonicalize to handle empty elements

(These are deliberately there in DRS replication).

Andrew Bartlett

12 years agos4:dsdb/schema Allow a schema set when bound against a remote LDAP server
Andrew Bartlett [Wed, 11 Nov 2009 08:25:32 +0000 (19:25 +1100)]
s4:dsdb/schema Allow a schema set when bound against a remote LDAP server

12 years agos4:ldb Don't segfault if we somehow get an unknown extended dn element
Andrew Bartlett [Wed, 11 Nov 2009 08:24:48 +0000 (19:24 +1100)]
s4:ldb Don't segfault if we somehow get an unknown extended dn element

12 years agos4:ldb Change ldb_request_add_control to the normal 'for loop' pattern
Andrew Bartlett [Wed, 11 Nov 2009 08:24:08 +0000 (19:24 +1100)]
s4:ldb Change ldb_request_add_control to the normal 'for loop' pattern

12 years agos4:torture Convert RPC-DSSYNC test to use LDB rather than raw LDAP
Andrew Bartlett [Wed, 11 Nov 2009 01:56:55 +0000 (12:56 +1100)]
s4:torture Convert RPC-DSSYNC test to use LDB rather than raw LDAP

(This should make it easier to do more 'compare DRS with LDAP'
operations, as LDB is an easier interface to program.)

Andrew Bartlett

12 years agoNET-API-BECOME-DC: resolve the host name to an address before calling
Stefan Metzmacher [Tue, 10 Nov 2009 11:49:48 +0000 (12:49 +0100)]
NET-API-BECOME-DC: resolve the host name to an address before calling
libnet_BecomeDC and libnet_UnbecomeDC()

We're supposed to pass in source_dsa_address...


12 years agos4:dsdb Add expected value tests for most DRS syntax conversions
Andrew Bartlett [Tue, 10 Nov 2009 04:21:40 +0000 (15:21 +1100)]
s4:dsdb Add expected value tests for most DRS syntax conversions

I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.

Andrew Bartlett

12 years agos4:Fix regression in dsdb_dn code - all parses of the DN would be rejected
Andrew Bartlett [Tue, 10 Nov 2009 04:20:07 +0000 (15:20 +1100)]
s4:Fix regression in dsdb_dn code - all parses of the DN would be rejected

This is most likely the cause of the DRS replication failures I
observed with my changes.

Andrew Bartlett

12 years agos4:provision Add C binding to get at the generate schema
Andrew Bartlett [Tue, 10 Nov 2009 04:18:52 +0000 (15:18 +1100)]
s4:provision Add C binding to get at the generate schema

This will allow us to do local tests against that schema

12 years agos4:provision Remove unused 'sambadn' parameter
Andrew Bartlett [Tue, 10 Nov 2009 04:18:01 +0000 (15:18 +1100)]
s4:provision Remove unused 'sambadn' parameter

12 years agos4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS import
Andrew Bartlett [Mon, 9 Nov 2009 10:26:02 +0000 (21:26 +1100)]
s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS import

This will allow us in future to do tests on the LDB values we generate
from the DRS replication.

Andrew Bartlett

12 years agos4:dsdb/schema Simplify schema loading from ldb messages
Andrew Bartlett [Mon, 9 Nov 2009 09:40:21 +0000 (20:40 +1100)]
s4:dsdb/schema Simplify schema loading from ldb messages

It turns out that we always add the class/attribute to the schema.

12 years agos4:vampire Print error message when we fail on the CLDAP ping
Andrew Bartlett [Mon, 9 Nov 2009 09:31:42 +0000 (20:31 +1100)]
s4:vampire Print error message when we fail on the CLDAP ping

Andrew Bartlett

12 years agos4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changes
Andrew Bartlett [Sat, 7 Nov 2009 01:07:06 +0000 (12:07 +1100)]
s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changes

These changes include reworking the code to call ldb_module_get_ctx()
less often (avoid the function calls, particularly during the step
into a complex function).

Andrew Bartlett

12 years agos4:dsdb Ensure we allow 'odd' lengths for DN+String
Andrew Bartlett [Sat, 7 Nov 2009 01:06:11 +0000 (12:06 +1100)]
s4:dsdb Ensure we allow 'odd' lengths for DN+String

(Found in a code review by metze)

Andrew Bartlett

12 years agos4:ldb Add Well Known GUID (WKGUID) tests to
Andrew Bartlett [Fri, 6 Nov 2009 06:00:05 +0000 (17:00 +1100)]
s4:ldb Add Well Known GUID (WKGUID) tests to

12 years agos4:dsdb Add extensive tests for the behaviour of dsdb_dn
Andrew Bartlett [Fri, 6 Nov 2009 05:40:07 +0000 (16:40 +1100)]
s4:dsdb Add extensive tests for the behaviour of dsdb_dn

12 years agos4:ldb Remove DN+Binary code from the core ldb_dn
Andrew Bartlett [Thu, 5 Nov 2009 06:06:45 +0000 (17:06 +1100)]
s4:ldb Remove DN+Binary code from the core ldb_dn

This is now in dsdb_dn.  Removing this to a specific wrapper avoids a
number of bugs where Binary DNs were being handled incorrectly.

This reverts much of tridge's commit

Andrew Bartlett

12 years agos4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schema
Andrew Bartlett [Thu, 5 Nov 2009 06:04:10 +0000 (17:04 +1100)]
s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schema

This converts the code from using the binary DN code in ldb_dn to
using a special Samba-specfic wrapper around ldb_dn.

We also use the dsdb_dn code for DN+Binary and DN+String comparisons
(changed from treating them as Binary blobs)

Andrew Bartlett

12 years agos4:ldb-samba Use new ldb_any_comparison helper function in ldb-samba
Andrew Bartlett [Thu, 5 Nov 2009 06:00:20 +0000 (17:00 +1100)]
s4:ldb-samba Use new ldb_any_comparison helper function in ldb-samba

12 years agos4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String
Andrew Bartlett [Thu, 5 Nov 2009 05:57:20 +0000 (16:57 +1100)]
s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String

This aims to replace (and is based on) the code in ldb_dn.c.  It is
however much stricter in the DNs it will accept.

Andrew Bartlett

12 years agos4:ldb Add a helper function for 'canonicalise' both strings base compares
Andrew Bartlett [Thu, 5 Nov 2009 05:56:05 +0000 (16:56 +1100)]
s4:ldb Add a helper function for 'canonicalise' both strings base compares

This will help simplify boilerplate comparison functions where we
don't have a shortcut way to compare.

Andrew Bartlett

12 years agolib/util Split data_blob_hex_string() into upper and lower
Andrew Bartlett [Wed, 4 Nov 2009 06:42:53 +0000 (17:42 +1100)]
lib/util Split data_blob_hex_string() into upper and lower

Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.

This reverts most of the callers back to upper case, as things were
before tridge's patch.  The critical call in the extended DN code is
of course handled in lower case.

Andrew Bartlett

12 years agoSecond part of bugfix for 6865 - acl_xattr module: Has dependency that inherit acls...
Jeremy Allison [Thu, 12 Nov 2009 02:35:18 +0000 (18:35 -0800)]
Second part of bugfix for 6865 - acl_xattr module: Has dependency that inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.

12 years agoFix bug 6878 - Cannot change ACL's inherit flag.
Jeremy Allison [Wed, 11 Nov 2009 20:17:47 +0000 (12:17 -0800)]
Fix bug 6878 - Cannot change ACL's inherit flag.
Based on a patch submitted by Tsukasa Hamano <>,
this is a change in the POSIX ACL mapping to deal with the lossy
mapping for directory ACE entries:

 We have a lossy mapping: directory ACE entries
     (map to)         +---> SMB_ACL_USER_OBJ
 owning sid    ------/

     (map to)         +---> SMB_ACL_GROUP_OBJ
 primary group sid --/

 on set. And on read of a directory ACL


 Deal with this on set by duplicating
 owning sid and primary group sid ACE
 entries into the directory ACL.


12 years agomount.cifs: get rid of CONST_DISCARD
Jeff Layton [Wed, 11 Nov 2009 19:04:54 +0000 (14:04 -0500)]
mount.cifs: get rid of CONST_DISCARD

Apparently, we need to strip the "const" attribute off of the mnt_fstype
before passing it to addmntent to prevent a (somewhat bogus) compiler

Rather than just stripping off the "const" attribute, clarify the code
by declaring a new non-const char pointer that points to the same
string. We can also use that same pointer in the mount(2) call too.

Signed-off-by: Jeff Layton <>
Acked-by: Matthias Dieter Wallnöfer <>
12 years agos3/docs: Document "enable spoolss".
Karolin Seeger [Wed, 11 Nov 2009 14:42:21 +0000 (15:42 +0100)]
s3/docs: Document "enable spoolss".


12 years agos3:vfs_fs_capabilities: fix a debug message
Michael Adam [Tue, 10 Nov 2009 23:13:14 +0000 (00:13 +0100)]
s3:vfs_fs_capabilities: fix a debug message


12 years ago* install setup/display-specifiers files which are needed by provision script
TAKEDA Yasuma [Mon, 9 Nov 2009 03:18:48 +0000 (12:18 +0900)]
* install setup/display-specifiers files which are needed by provision script

Signed-off-by: TAKEDA Yasuma <>
12 years agos3: Convert libsmb/cli_message to the async API
Volker Lendecke [Tue, 10 Nov 2009 18:49:41 +0000 (19:49 +0100)]
s3: Convert libsmb/cli_message to the async API

12 years agos4:dcesrv_samr - Add more checks for invalid levels
Matthias Dieter Wallnöfer [Tue, 10 Nov 2009 15:26:23 +0000 (16:26 +0100)]
s4:dcesrv_samr - Add more checks for invalid levels

Add more checks on valid levels, mark unimplemented ones as "UNSUPPORTED" and
otherwise as "INVALID_INFO_CLASS" to be safe.

12 years agoFixes for some tests not eorking against Windows or Samba.
Nadezhda Ivanova [Tue, 10 Nov 2009 13:58:52 +0000 (15:58 +0200)]
Fixes for some tests not eorking against Windows or Samba.

12 years agos3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return NT_STATU...
Günther Deschner [Tue, 10 Nov 2009 12:10:12 +0000 (13:10 +0100)]
s3-rpc_client: make sure cli_rpc_pipe_open_schannel() does not always return NT_STATUS_OK.


12 years agos3-samr: implement _samr_ValidatePassword().
Günther Deschner [Mon, 9 Nov 2009 17:18:44 +0000 (18:18 +0100)]
s3-samr: implement _samr_ValidatePassword().


12 years agos3-chgpasswd: split out a check_password_complexity() function.
Günther Deschner [Tue, 10 Nov 2009 11:48:52 +0000 (12:48 +0100)]
s3-chgpasswd: split out a check_password_complexity() function.


12 years agos4-smbtorture: strip trailing whitespace in RPC-SAMR.
Günther Deschner [Mon, 9 Nov 2009 16:40:28 +0000 (17:40 +0100)]
s4-smbtorture: strip trailing whitespace in RPC-SAMR.


12 years agoREADME.Coding: Fix typos.
Matt Kraai [Mon, 10 Aug 2009 20:50:31 +0000 (13:50 -0700)]
README.Coding: Fix typos.

12 years agoFix bug 6880 - cannot list workgroup servers
Jeremy Allison [Mon, 9 Nov 2009 20:44:47 +0000 (12:44 -0800)]
Fix bug 6880 - cannot list workgroup servers
reported by Alban Browaeys <> with fix.
Revert 2e989bab0764c298a2530a2d4c8690258eba210c
with extra comments - this broke workgroup enumeration.

12 years agos3-netlogon: enable RPC-NETLOGON-ADMIN test against s3.
Günther Deschner [Mon, 9 Nov 2009 16:34:47 +0000 (17:34 +0100)]
s3-netlogon: enable RPC-NETLOGON-ADMIN test against s3.


12 years agos4-smbtorture: re-arrange netlogon LogonControl test.
Günther Deschner [Mon, 9 Nov 2009 16:32:31 +0000 (17:32 +0100)]
s4-smbtorture: re-arrange netlogon LogonControl test.

The LogonControl tests now are split out to a new RPC-NETLOGON-ADMIN test that
tests the behaviour of that call when called by user, dc or workstation.


12 years agos3: Try to avoid dns searches with an empty site
Volker Lendecke [Mon, 9 Nov 2009 16:06:48 +0000 (17:06 +0100)]
s3: Try to avoid dns searches with an empty site

12 years agos3-param: fix set_inherit_acls().
Günther Deschner [Mon, 9 Nov 2009 15:02:24 +0000 (16:02 +0100)]
s3-param: fix set_inherit_acls().

Jeremy, please check.


12 years agopidl: Fix selftest after s3 code changed
Volker Lendecke [Mon, 9 Nov 2009 13:26:55 +0000 (14:26 +0100)]
pidl: Fix selftest after s3 code changed

12 years agos4-samdb: remove the rDN size constraint of 64
Andrew Tridgell [Mon, 9 Nov 2009 11:19:52 +0000 (22:19 +1100)]
s4-samdb: remove the rDN size constraint of 64

This size constraint is not correct in it's current form, as windows
does send us rDN values for CN with lengths longer than 64. Once we
know how this constraint really works we can add it back in.

12 years agos4-hdb: go back to a separate samdb for the KDC
Andrew Tridgell [Mon, 9 Nov 2009 10:38:49 +0000 (21:38 +1100)]
s4-hdb: go back to a separate samdb for the KDC

The change to use a common system_session broke replication as the KDC
forces CRED_DONT_USE_KERBEROS on session->credentials, which is shared
with other parts of the system.

This should be fixed once we confirm whether the ldap backend actually

12 years agoRevert "s3: Do not directly reference the ndr_table_* in rpcclient"
Volker Lendecke [Sun, 8 Nov 2009 18:38:09 +0000 (19:38 +0100)]
Revert "s3: Do not directly reference the ndr_table_* in rpcclient"

This reverts commit 70c698fd547c4bc19cf77693608bbb34acac40b5.