13 years agos3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connection
Michael Adam [Fri, 22 Jan 2010 23:05:15 +0000 (00:05 +0100)]
s3:ctdb_conn: add ctdbd_conn_get_fd() to get the fd out of the ctdb connection


13 years agos3:g_lock: remove an unreached code path.
Michael Adam [Fri, 22 Jan 2010 14:56:28 +0000 (15:56 +0100)]
s3:g_lock: remove an unreached code path.


13 years agos3:dbwrap_ctdb: fix reading/storing of special key __db_sequence_number__
Michael Adam [Mon, 18 Jan 2010 16:26:04 +0000 (17:26 +0100)]
s3:dbwrap_ctdb: fix reading/storing of special key __db_sequence_number__

The key for reading and writing was inconsistent due to a
off by one data length.


13 years agos3:dbwrap_ctdb: exit early when nothing has been written in transaction_commit.
Michael Adam [Wed, 13 Jan 2010 22:53:54 +0000 (23:53 +0100)]
s3:dbwrap_ctdb: exit early when nothing has been written in transaction_commit.

This skips update of the __db_sequence_number__ record when nothing else has
been written. There are transactions that are just openend and then nothing
is written until transaction_commit is called. This is for instance the case
with registry initialization routines: They start a transaction and only
write somthing when the registry has not been initialized yet.
So this change will skip many db_seqnum bumps and TRANS3_COMMIT roundtrips.


13 years agos3:dbwrap_ctdb: fix brown paperbag bug in ctdb_transaction_commit.
Michael Adam [Wed, 13 Jan 2010 22:51:34 +0000 (23:51 +0100)]
s3:dbwrap_ctdb: fix brown paperbag bug in ctdb_transaction_commit.

I carefully prepared the return value only to "return 0;" at the bottom. :-(
This may well have hit us for instance in the nested cancel case
and produced random errors.


13 years agos3:dbwrap_ctdb: fix logic error in pull_newest_from_marshall_buffer().
Michael Adam [Tue, 5 Jan 2010 23:37:21 +0000 (00:37 +0100)]
s3:dbwrap_ctdb: fix logic error in pull_newest_from_marshall_buffer().

The logic bug was that if a record was found in the marshall buffer,
then always the ctdb header of tha last record in the marshall buffer
was returned, and not the ctdb header of the last occurrence of the
requested record.

This is fixed by introducing an additional temporary variable.


13 years agos3:dbwrap_ctdb: fix an uninitialized variable.
Michael Adam [Tue, 5 Jan 2010 15:17:27 +0000 (16:17 +0100)]
s3:dbwrap_ctdb: fix an uninitialized variable.


13 years agos3:dbwrap_ctdb: fix two "may be used uninitialized" warnings
Michael Adam [Fri, 11 Dec 2009 23:38:14 +0000 (00:38 +0100)]
s3:dbwrap_ctdb: fix two "may be used uninitialized" warnings


13 years agos3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when NT_STATUS_NOT_FOUND.
Michael Adam [Fri, 11 Dec 2009 23:30:37 +0000 (00:30 +0100)]
s3:dbwrap_ctdb: fix db_ctdb_fetch_db_seqnum_from_db() when NT_STATUS_NOT_FOUND.

Don't treat this as an error but return seqnum 0 instead.


13 years agos3:dbwrap: If "-n" is given to dbwrap_torture, open db with CLEAR_IF_FIRST
Volker Lendecke [Fri, 11 Dec 2009 15:51:40 +0000 (16:51 +0100)]
s3:dbwrap: If "-n" is given to dbwrap_torture, open db with CLEAR_IF_FIRST

13 years agos3:build: remove checks for deprecated ctdb controls.
Michael Adam [Fri, 11 Dec 2009 15:45:38 +0000 (16:45 +0100)]
s3:build: remove checks for deprecated ctdb controls.


13 years agos3:dbwrap_ctdb: maintain a database sequence number that bumps in transactions
Michael Adam [Fri, 11 Dec 2009 13:07:28 +0000 (14:07 +0100)]
s3:dbwrap_ctdb: maintain a database sequence number that bumps in transactions

For persistent databases, 64bit integer is kept in a special record
__db_sequence_number__. This record is incremented with each completed

The retry mechanism for failing TRANS3_COMMIT controls inside the
db_ctdb_transaction_commit() function now relies one a modified
behaviour of ctdbd's treatment of persistent databases in recoveries.
Recently, a special treatment for persistent databases had been
introduced in ctdb (1.0.108) to work around the problems with the
orinal design of persistent transactions.
Now with the rewrite we need to revert to the old behaviour that
ctdb always takes the newest copies of all records.

This change also paves the way for a next step, which will make
recovery use the db seqnum to tell which node has the newest copy
of a persistent db and use that node's copy. This will greatly
reduce the amount of data transferred with each recovery.


13 years agos3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.
Michael Adam [Fri, 11 Dec 2009 11:30:57 +0000 (12:30 +0100)]
s3:dbwrap_ctdb: change db_ctdb_transaction_store() to return NTSTATUS.

The return values calculated by the callers were wrong anyways since
the new marshalling code does not set the local tdbs tdb error code.


13 years agos3:dbwrap_ctdb: update (C)
Michael Adam [Fri, 11 Dec 2009 09:35:50 +0000 (10:35 +0100)]
s3:dbwrap_ctdb: update (C)


13 years agobuild: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.
Michael Adam [Fri, 4 Dec 2009 10:49:21 +0000 (11:49 +0100)]
build: Add a configure check for CTDB_CONTROL_TRANS3_COMMIT.

This is the new implementation of ctdb transactions using the
global lock feature. It is needed by the current dbwrap_ctdb code.


13 years agos3: Add tdb_data_equal
Volker Lendecke [Thu, 3 Dec 2009 17:43:49 +0000 (18:43 +0100)]
s3: Add tdb_data_equal

13 years agos3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.
Volker Lendecke [Fri, 11 Dec 2009 14:37:52 +0000 (15:37 +0100)]
s3:torture: add a test LOCAL-DBTRANS to torture dbwrap with transactions.

13 years agos3:dbwrap_ctdb: start rewrite of transactions using the global lock (g_lock)
Michael Adam [Thu, 3 Dec 2009 16:29:54 +0000 (17:29 +0100)]
s3:dbwrap_ctdb: start rewrite of transactions using the global lock (g_lock)

This simplifies the transaction code a lot:

* transaction_start essentially consists of acquiring a global lock.

* No write operations at all are performed on the local database
  until the transaction is committed: Every store operation is just
  going into the marshall buffer.

* The commit operation calls a new simplified TRANS3_COMMIT control
  in ctdb which rolls out thae changes to all nodes including the
  node that is performing the transaction.


13 years agos3: setup debug for smbtorture
Volker Lendecke [Sun, 6 Dec 2009 23:36:51 +0000 (00:36 +0100)]
s3: setup debug for smbtorture

13 years agos3: Add ctdb_conn_msg_ctx()
Volker Lendecke [Fri, 4 Dec 2009 12:22:30 +0000 (13:22 +0100)]
s3: Add ctdb_conn_msg_ctx()

13 years agos3: Implement global locks in a g_lock tdb
Volker Lendecke [Sun, 25 Oct 2009 15:12:12 +0000 (16:12 +0100)]
s3: Implement global locks in a g_lock tdb

This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.

13 years agos4:kdc Fill in created_by principal field
Simo Sorce [Fri, 12 Feb 2010 21:24:22 +0000 (16:24 -0500)]
s4:kdc Fill in created_by principal field

13 years agos4:kdc Fix double free and uninitialized memory.
Simo Sorce [Fri, 12 Feb 2010 19:54:18 +0000 (14:54 -0500)]
s4:kdc Fix double free and uninitialized memory.

In samba_kdc_trust_message2entry() on error, hdb_free_entry()
may end up trying to access uninitialized memory or double
free the hdb_entry.

13 years agotestprogs: print all printerinfo levels in spoolss test.
Günther Deschner [Fri, 12 Feb 2010 19:31:46 +0000 (20:31 +0100)]
testprogs: print all printerinfo levels in spoolss test.


13 years agos4:auth/credentials/credentials.c - Initialise the "lm_response" and "nt_response...
Matthias Dieter Wallnöfer [Fri, 12 Feb 2010 13:58:27 +0000 (14:58 +0100)]
s4:auth/credentials/credentials.c - Initialise the "lm_response" and "nt_response" structures

In some cases those structures are not initialised and the whole authentication
system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.

13 years - set the password callback only when no password has been provided
Matthias Dieter Wallnöfer [Fri, 12 Feb 2010 12:55:14 +0000 (13:55 +0100)] - set the password callback only when no password has been provided

Previously the "no_pass" and "no_pass2" variables weren't handled correctly.
Since at the initialisation of the "CredentialsOptions" we don't have any
password at all. Only afterwards we could get one through "set_password".

If a password is specified, use it. If no password is specified, consider the
use fo an input mask on STDOUT. But if the loadparm context contains one prefer
it over the input.

13 years agos4:net_drs_bind: make some more stuff static
Stefan Metzmacher [Fri, 12 Feb 2010 11:20:03 +0000 (12:20 +0100)]
s4:net_drs_bind: make some more stuff static


13 years agos4:net/drs: use the full path to "utils/net/drs/net_drs*.h"
Stefan Metzmacher [Fri, 12 Feb 2010 11:19:15 +0000 (12:19 +0100)]
s4:net/drs: use the full path to "utils/net/drs/net_drs*.h"

This fixes the build with automatic dependecies.


13 years agos3: notify_onelevel does not use seqnums, so don't open asking for it
Volker Lendecke [Fri, 12 Feb 2010 11:06:50 +0000 (12:06 +0100)]
s3: notify_onelevel does not use seqnums, so don't open asking for it

13 years agospoolss: regenerate hand-marshalled ndr_pull_spoolss_DriverInfo101 after ndr64 changes.
Günther Deschner [Fri, 12 Feb 2010 10:32:08 +0000 (11:32 +0100)]
spoolss: regenerate hand-marshalled ndr_pull_spoolss_DriverInfo101 after ndr64 changes.


13 years agospoolss: make sure hand-marshalled spoolss_DriverInfo101 handles relative_highest_offset.
Günther Deschner [Thu, 11 Feb 2010 17:58:11 +0000 (18:58 +0100)]
spoolss: make sure hand-marshalled spoolss_DriverInfo101 handles relative_highest_offset.


13 years agospoolss: regenerate hand-marshalled ndr_push_spoolss_DriverInfo101 after ndr64 changes.
Günther Deschner [Fri, 12 Feb 2010 10:25:59 +0000 (11:25 +0100)]
spoolss: regenerate hand-marshalled ndr_push_spoolss_DriverInfo101 after ndr64 changes.


13 years agoRemove the code replaced by widelinks warning.
Jeremy Allison [Thu, 11 Feb 2010 23:59:41 +0000 (15:59 -0800)]
Remove the code replaced by widelinks warning.


13 years agoRemove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from Volker.
Jeremy Allison [Thu, 11 Feb 2010 23:16:23 +0000 (15:16 -0800)]
Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from Volker.

Create widelinks_warning(int snum) to cover the message needed in make_connection.


13 years agos3 test: Make the netbios name test pass again
Kai Blin [Tue, 2 Feb 2010 14:18:01 +0000 (15:18 +0100)]
s3 test: Make the netbios name test pass again

13 years agos4: Switch to S3-style id mapping data types.
Kai Blin [Thu, 23 Apr 2009 14:37:11 +0000 (16:37 +0200)]
s4: Switch to S3-style id mapping data types.

13 years agos4 idmap: Make the sid_to_xid and xid_to_sid calls static.
Kai Blin [Wed, 22 Apr 2009 16:10:12 +0000 (18:10 +0200)]
s4 idmap: Make the sid_to_xid and xid_to_sid calls static.

Looking at the winbind interface, we should only be using the bulk conversion calls.

13 years agolibwbclient: Test wbcLookupName async functions
Kai Blin [Fri, 29 Jan 2010 11:09:18 +0000 (12:09 +0100)]
libwbclient: Test wbcLookupName async functions

13 years agolibwbclient: Implement wbcLookupName_send/recv
Kai Blin [Wed, 27 May 2009 22:57:32 +0000 (00:57 +0200)]
libwbclient: Implement wbcLookupName_send/recv

13 years agolibwbclient: Implement wbcAuthenticateUserEx_send/recv
Kai Blin [Wed, 27 May 2009 22:55:57 +0000 (00:55 +0200)]
libwbclient: Implement wbcAuthenticateUserEx_send/recv

13 years agolibwbclient: Implement wbcLookupSid_send/recv
Kai Blin [Fri, 24 Apr 2009 14:24:56 +0000 (16:24 +0200)]
libwbclient: Implement wbcLookupSid_send/recv

13 years agolibwbclient: Implement wbcGidToSid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:45:39 +0000 (09:45 +0200)]
libwbclient: Implement wbcGidToSid_send/recv

13 years agolibwbclient: Implement wbcSidToGid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:22:43 +0000 (09:22 +0200)]
libwbclient: Implement wbcSidToGid_send/recv

13 years agolibwbclient: Implement wbcUidToSid_send/recv
Kai Blin [Thu, 2 Apr 2009 07:57:40 +0000 (09:57 +0200)]
libwbclient: Implement wbcUidToSid_send/recv

13 years agolibwbclient: Implement wbcSidToUid_send/recv
Kai Blin [Tue, 31 Mar 2009 21:10:48 +0000 (23:10 +0200)]
libwbclient: Implement wbcSidToUid_send/recv

13 years agolibwbclient: Add wbcInterfaceDetails_send/recv
Kai Blin [Sun, 15 Feb 2009 10:01:44 +0000 (11:01 +0100)]
libwbclient: Add wbcInterfaceDetails_send/recv

13 years agolibwbclient: Add wbcDomainInfo_send/recv calls
Kai Blin [Sat, 14 Feb 2009 09:06:05 +0000 (10:06 +0100)]
libwbclient: Add wbcDomainInfo_send/recv calls

13 years agolibwbclient: Add wbcDomainName_send/recv call
Kai Blin [Fri, 13 Feb 2009 21:51:52 +0000 (22:51 +0100)]
libwbclient: Add wbcDomainName_send/recv call

13 years agolibwbclient: Add wbcNetbiosName_send/recv calls
Kai Blin [Fri, 13 Feb 2009 21:37:56 +0000 (22:37 +0100)]
libwbclient: Add wbcNetbiosName_send/recv calls

13 years agolibwbclient: Add async wbcInfo_send()/wbcInfo_recv() calls
Kai Blin [Wed, 25 Mar 2009 09:08:10 +0000 (10:08 +0100)]
libwbclient: Add async wbcInfo_send()/wbcInfo_recv() calls

13 years agolibwbclient: add wbcInterfaceVersion send/recv calls
Kai Blin [Wed, 11 Feb 2009 23:11:45 +0000 (00:11 +0100)]
libwbclient: add wbcInterfaceVersion send/recv calls

13 years agolibwbclient: torture-test wbcPing async functions.
Kai Blin [Fri, 29 Jan 2010 10:22:14 +0000 (11:22 +0100)]
libwbclient: torture-test wbcPing async functions.

13 years agolibwbclient: Add async wbcPing_send/_recv
Kai Blin [Tue, 24 Mar 2009 21:51:11 +0000 (22:51 +0100)]
libwbclient: Add async wbcPing_send/_recv

13 years agolibwbclient: Zero out context on initialization
Kai Blin [Fri, 29 Jan 2010 10:54:33 +0000 (11:54 +0100)]
libwbclient: Zero out context on initialization

This prevents a segfault when using wbcDebug without prior call to wbcSetDebug

13 years agoFinal part of jumbo patch for bug #7104 - "wide links" and "unix extensions" are...
Jeremy Allison [Thu, 11 Feb 2010 22:45:53 +0000 (14:45 -0800)]
Final part of jumbo patch for bug #7104 - "wide links" and "unix extensions" are incompatible.

Volker pointed out that the preexec scripts get passed the conn->connectpath
as a parameter, so call canonicalize_connect_path() both *before* and after
the preexec scripts. Ignore errors on the call before the preexec scripts,
as the path may not exist until created by the preexec scripts.


13 years agoIntroduce lp_safe_widelinks()
Simo Sorce [Thu, 11 Feb 2010 21:12:29 +0000 (16:12 -0500)]
Introduce lp_safe_widelinks()

This way we avoid any chance that a configuration reload may turn
back on wide links when unix extensions are enabled.

13 years agoFine changes to previous fix for bug #7104 - "wide links" and "unix extensions" are...
Jeremy Allison [Thu, 11 Feb 2010 19:00:45 +0000 (11:00 -0800)]
Fine changes to previous fix for bug #7104 - "wide links" and "unix extensions" are incompatible.

Make sure we match the previous allow widelinks behavior, in that
non-root preexec scripts can create share directories for a share


13 years agoSuplementary patch for bug #7104 - "wide links" and "unix extensions" are incompatible.
Jeremy Allison [Thu, 11 Feb 2010 18:19:33 +0000 (10:19 -0800)]
Suplementary patch for bug #7104 - "wide links" and "unix extensions" are incompatible.

Bug reported by Ralf Zimmermann <>. Reproduced by jra.

If the target directory of a share doesn't exist, but is designed to
be created by a "root preexec" script call, then the widelinks check
is done too early - thus preventing the user from connecting to the

Fix is to re-arrange the order of checks in make_connection_snum()
to always do the following order of operations:

(1). Turn off wide links if unix extensions = yes.
(2). Call any root preexec scripts.
(3). Canonicalize the share path to remove any symlinks (ie. end
up with the realpath in the connection_struct).


13 years agoldb_match - Ignore ":dn" part of extended matches for now
Matthias Dieter Wallnöfer [Thu, 11 Feb 2010 14:42:48 +0000 (15:42 +0100)]
ldb_match - Ignore ":dn" part of extended matches for now

It's not fully clear what this ":dn" part means for us. What we know is that
older AD implementations (Windows Server 2000, 2003) need it to have extended
matches working in the expected way.

To be able to interoperate with s3's winbind and other tools I and gd decided
to transform this into a warning until we know what to do.

This should fix bug #6511.

13 years agos4-provision: import the R2 functional level
Andrew Tridgell [Thu, 11 Feb 2010 13:33:13 +0000 (00:33 +1100)]
s4-provision: import the R2 functional level

this makes it easier to modify the script to set us at R2 level in
provision. We should make this a parameter.

13 years agos4-build: avoid finding python symlinks
Andrew Tridgell [Thu, 11 Feb 2010 13:11:11 +0000 (00:11 +1100)]
s4-build: avoid finding python symlinks

emacs creates symlinks to .py files while you are editing them. This
could cause build failures.

13 years agos4-provision: fixed --function-level option to provision
Andrew Tridgell [Thu, 11 Feb 2010 12:39:56 +0000 (23:39 +1100)]
s4-provision: fixed --function-level option to provision

we need the DS_DOMAIN_* levels imported

13 years agos4-script: make enablerecyclebin use system_session
Andrew Tridgell [Thu, 11 Feb 2010 12:38:23 +0000 (23:38 +1100)]
s4-script: make enablerecyclebin use system_session

This allows it to work against our local ldb

13 years agos4-pyldb: null terminate string ldb message elements from python
Andrew Tridgell [Thu, 11 Feb 2010 12:37:44 +0000 (23:37 +1100)]
s4-pyldb: null terminate string ldb message elements from python

We need to eventually get rid of ldb_msg_find_attr_as_string() (or add
a mem_ctx to it), but meanwhile we have too many places that break if
we don't add a nul to the end of ldb msg strings from python.

13 years agolibds: added recyclebin feature GUID
Andrew Tridgell [Thu, 11 Feb 2010 12:35:31 +0000 (23:35 +1100)]
libds: added recyclebin feature GUID

13 years agos3: re-run make samba3-idl.
Günther Deschner [Thu, 11 Feb 2010 12:32:44 +0000 (13:32 +0100)]
s3: re-run make samba3-idl.


13 years agospoolss: allow to set server architecture via parametric option.
Günther Deschner [Thu, 11 Feb 2010 12:07:38 +0000 (13:07 +0100)]
spoolss: allow to set server architecture via parametric option.

This allows to set "spoolss:architecture = 'Windows x64'" for debugging purpose.


13 years agos3-spoolss: implement spoolss_EnumJobs level 3.
Günther Deschner [Wed, 10 Feb 2010 23:44:06 +0000 (00:44 +0100)]
s3-spoolss: implement spoolss_EnumJobs level 3.

Level 3 has been added with NT 4.0 and Windows 7 (at least 64bit version) makes
use of it in order to display queued jobs. Windows 7 will *not* fall back to
level 2 if we just return WERR_UNKNOWN_LEVEL, instead there will be no printjobs
displayed at all.


13 years agotestprogs: one more error code for spoolss test.
Günther Deschner [Thu, 11 Feb 2010 00:24:12 +0000 (01:24 +0100)]
testprogs: one more error code for spoolss test.


13 years agotestprogs: print secdesc->Control in spoolss test.
Günther Deschner [Wed, 10 Feb 2010 23:06:20 +0000 (00:06 +0100)]
testprogs: print secdesc->Control in spoolss test.


13 years agotestprogs: use ConvertSidToStringSid in order to print sids in spoolss test.
Günther Deschner [Wed, 10 Feb 2010 23:04:53 +0000 (00:04 +0100)]
testprogs: use ConvertSidToStringSid in order to print sids in spoolss test.


13 years agos4-drs: Add DRSUAPI_DRS_NONGC_RO_REP bit to DRS_OPTIONS
Fernando J V da Silva [Fri, 5 Feb 2010 18:33:03 +0000 (16:33 -0200)]

Signed-off-by: Matthias Dieter Wallnöfer <>
13 years agos4-net-drs: fix some coding style issues
Andrew Tridgell [Thu, 11 Feb 2010 10:28:48 +0000 (21:28 +1100)]
s4-net-drs: fix some coding style issues

We should use the system/*.h headers for system includes. We also try
to avoid C++ comments.

Signed-off-by: Andrew Tridgell <>
13 years agos4/net_drs: 'net drs kcc' command implementation
Kamen Mazdrashki [Sat, 6 Feb 2010 01:13:33 +0000 (03:13 +0200)]
s4/net_drs: 'net drs kcc' command implementation

Signed-off-by: Andrew Tridgell <>
13 years agos4/net_drs: 'net drs bind' command implementation
Kamen Mazdrashki [Fri, 5 Feb 2010 20:36:36 +0000 (22:36 +0200)]
s4/net_drs: 'net drs bind' command implementation

Signed-off-by: Andrew Tridgell <>
13 years agos4/net_drs: 'net drs' utility initial creation
Kamen Mazdrashki [Fri, 5 Feb 2010 20:36:10 +0000 (22:36 +0200)]
s4/net_drs: 'net drs' utility initial creation

Signed-off-by: Andrew Tridgell <>
13 years agos4/idl: regenerating drsuapi.idl
Kamen Mazdrashki [Fri, 5 Feb 2010 20:37:54 +0000 (22:37 +0200)]
s4/idl: regenerating drsuapi.idl

Signed-off-by: Andrew Tridgell <>
13 years agos4/idl: Naming reserved flags for DRSUAPI_SUPPORTED_EXTENSION_ field
Kamen Mazdrashki [Fri, 5 Feb 2010 20:37:27 +0000 (22:37 +0200)]
s4/idl: Naming reserved flags for DRSUAPI_SUPPORTED_EXTENSION_ field

Signed-off-by: Andrew Tridgell <>
13 years agoprovision: Use short name for assignee of ACE (BA, SA, CO, ...)
Matthieu Patou [Tue, 26 Jan 2010 23:03:15 +0000 (02:03 +0300)]
provision: Use short name for assignee of ACE (BA, SA, CO, ...)

  Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible)
  of sysvol files (GPO objects and netlogon folders).
  This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname
  for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the
  from_sddl function.

Signed-off-by: Matthias Dieter Wallnöfer <>
13 years agopython-s4: use secrets.ldb instead of sam.ldb for reading domain SID
Matthieu Patou [Tue, 26 Jan 2010 22:32:29 +0000 (01:32 +0300)]
python-s4: use secrets.ldb instead of sam.ldb for reading domain SID

  This allow to be able to run net acl set xxx yyy on DC, but also on domain

Signed-off-by: Matthias Dieter Wallnöfer <>
13 years agoprovision: Fix an error with eadb when using not default install dir and running...
Matthieu Patou [Mon, 8 Feb 2010 12:36:07 +0000 (15:36 +0300)]
provision: Fix an error with eadb when using not default install dir and running as a non root user

Signed-off-by: Matthias Dieter Wallnöfer <>
13 years agos4-dns: don't leave behind a tmp file
Andrew Tridgell [Thu, 11 Feb 2010 09:49:29 +0000 (20:49 +1100)]
s4-dns: don't leave behind a tmp file

If the dns update file doesn't need updating we need to delete the tmp

13 years agos4-selftest: don't run rndc reload in selftest
Andrew Tridgell [Thu, 11 Feb 2010 09:48:47 +0000 (20:48 +1100)]
s4-selftest: don't run rndc reload in selftest

We don't want rndc calls on the build farm

13 years agos4-dns: added a dns update task
Andrew Tridgell [Thu, 11 Feb 2010 09:21:15 +0000 (20:21 +1100)]
s4-dns: added a dns update task

This task watches for changes in the list of DCs, and creates a bind9
formatted file that grants update permission to all DCs, plus to the
administration, and machines update for their own names.

Pair-Programmed-With: Andrew Bartlett <>

13 years agos4-provision: cope with umask in creating private/dns
Andrew Tridgell [Thu, 11 Feb 2010 09:20:11 +0000 (20:20 +1100)]
s4-provision: cope with umask in creating private/dns

13 years agoutil: added file_compare() utility function
Andrew Tridgell [Thu, 11 Feb 2010 09:19:40 +0000 (20:19 +1100)]
util: added file_compare() utility function

file_compare() returns true if two files are the same. It is meant for
small files.

Pair-Programmed-With: Andrew Bartlett <>

13 years agolibreplace: added replacements for dprintf() and vdprintf()
Andrew Tridgell [Thu, 11 Feb 2010 09:18:50 +0000 (20:18 +1100)]
libreplace: added replacements for dprintf() and vdprintf()

these are very useful for writing files with formatted writes

Pair-Programmed-With: Andrew Bartlett <>

13 years agos4-provision: pre-create a named.conf.update file
Andrew Tridgell [Thu, 11 Feb 2010 04:25:13 +0000 (15:25 +1100)]
s4-provision: pre-create a named.conf.update file

The named.conf.update file will be filled in at runtime by Samba to
contain the list of bind9 grant rules for granting DNS dynamic update
permissions on the domain.

13 years agos4-provision: move zone file to dns subdirectory
Andrew Tridgell [Thu, 11 Feb 2010 02:17:09 +0000 (13:17 +1100)]
s4-provision: move zone file to dns subdirectory

This allows the permissions to be correctly set for bind to write to
a journal file. It also sets the right group ownership and permissions
on the files that bind needs to access.

Pair-Programmed-With: Andrew Bartlett <>

13 years agos4:provision Be more polite to long-suffering Samba testers.
Andrew Bartlett [Thu, 11 Feb 2010 06:13:42 +0000 (17:13 +1100)]
s4:provision Be more polite to long-suffering Samba testers.

Our testers put up with a lot of odd things when testing out Samba4.

Andrew Bartlett

13 years agoFix unused variable warning after change to new DLINK macros.
Jeremy Allison [Thu, 11 Feb 2010 01:20:21 +0000 (17:20 -0800)]
Fix unused variable warning after change to new DLINK macros.


13 years agoFix bad use when freeing linked list. Todd Stecher (Original author) please check !
Jeremy Allison [Thu, 11 Feb 2010 00:23:33 +0000 (16:23 -0800)]
Fix bad use when freeing linked list. Todd Stecher (Original author) please check !


13 years agotest:local added LOCAL-DLINKLIST testsuite
Andrew Tridgell [Sun, 7 Feb 2010 05:06:31 +0000 (16:06 +1100)]
test:local added LOCAL-DLINKLIST testsuite
(cherry picked from commit 95a5bee2c30a67a35604b0456ab7836f6dc67702)

13 years agoutil: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)
Andrew Tridgell [Wed, 10 Feb 2010 23:53:58 +0000 (15:53 -0800)]
util: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)

This changes the meaning of the ->prev pointer in our doubly linked
lists to point at the end of the list from the front of the list. That
allows us to implement DLIST_ADD_END() and related functions in O(1)
time, which can be a huge saving in many places in Samba.

This also means that the 'type' argument to various DLIST_*() macros
is no longer needed, but I have left it in for now to keep the
patchset small, which will make it easier to revert if any problems
are found. In the future we should remove the 'type' arguments.

(jra. Move the one use of DLIST_TAIL over to the new macros).

13 years agos3-smbd: update to use new DLIST macros
Andrew Tridgell [Sat, 6 Feb 2010 01:42:29 +0000 (12:42 +1100)]
s3-smbd: update to use new DLIST macros
(cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)

13 years agos3-registry: update to use new DLIST macros
Andrew Tridgell [Sat, 6 Feb 2010 01:41:57 +0000 (12:41 +1100)]
s3-registry: update to use new DLIST macros
(cherry picked from commit 3437713ad7e5bccafde30553a8232119fd2a9eb9)

13 years agos3-perfcount: update to use new DLIST macros
Andrew Tridgell [Sat, 6 Feb 2010 01:41:39 +0000 (12:41 +1100)]
s3-perfcount: update to use new DLIST macros
(cherry picked from commit a13b507f2d8be7f90c8872094cd0732926a6fcbb)

13 years agos3-locking: update to use DLIST_ADD_AFTER()
Andrew Tridgell [Sat, 6 Feb 2010 01:41:07 +0000 (12:41 +1100)]
s3-locking: update to use DLIST_ADD_AFTER()
(cherry picked from commit 6c6df527e14514027cbcaa6deac25adf04363926)

13 years agos3-libsmb: update libsmb to use new DLIST macros
Andrew Tridgell [Sat, 6 Feb 2010 01:40:38 +0000 (12:40 +1100)]
s3-libsmb: update libsmb to use new DLIST macros

manipulating p->prev directly is not safe any more
(cherry picked from commit 3c650ac1e3e1cdbbabecfddcd29325f20b5dcb48)

13 years agos3-memcache: update memcache to use new DLIST macros
Andrew Tridgell [Sat, 6 Feb 2010 01:40:03 +0000 (12:40 +1100)]
s3-memcache: update memcache to use new DLIST macros

we don't need a separate lru pointer any more
(cherry picked from commit 4ffd7aca3e38728077bd80c2a65c4efbcfd216fc)