Merge branch 'master' of ssh://git.samba.org/data/git/samba
authorAndrew Tridgell <tridge@samba.org>
Wed, 3 Dec 2008 06:47:39 +0000 (17:47 +1100)
committerAndrew Tridgell <tridge@samba.org>
Wed, 3 Dec 2008 06:47:39 +0000 (17:47 +1100)
343 files changed:
docs-xml/manpages-3/net.8.xml
docs-xml/manpages-3/wbinfo.1.xml
docs-xml/smbdotconf/security/writeable.xml
lib/README
lib/replace/autoconf-2.60.m4
lib/torture/config.mk [moved from source4/lib/torture/config.mk with 85% similarity]
lib/torture/subunit.c [moved from source4/lib/torture/subunit.c with 94% similarity]
lib/torture/torture.c [moved from source4/lib/torture/torture.c with 99% similarity]
lib/torture/torture.h [moved from source4/lib/torture/torture.h with 95% similarity]
lib/torture/torture.pc.in [moved from source4/lib/torture/torture.pc.in with 100% similarity]
lib/util/fault.m4
lib/util/util.c
lib/util/util.h
libcli/nbt/libnbt.h
libcli/util/doserr.c
libcli/util/ntstatus.h
libcli/util/werror.h
librpc/idl/eventlog.idl
librpc/idl/misc.idl
librpc/idl/named_pipe_auth.idl [new file with mode: 0644]
librpc/idl/netlogon.idl
librpc/idl/ntsvcs.idl
librpc/idl/samr.idl [moved from source3/librpc/idl/samr.idl with 98% similarity]
librpc/idl/security.cnf [moved from source4/librpc/idl/security.cnf with 100% similarity]
librpc/idl/security.idl
librpc/idl/svcctl.idl
librpc/idl/xattr.idl
librpc/ndr/libndr.h
librpc/ndr/ndr_netlogon.c [new file with mode: 0644]
librpc/ndr/ndr_netlogon.h [new file with mode: 0644]
librpc/ndr/ndr_sec_helper.c [new file with mode: 0644]
librpc/ndr/uuid.c
librpc/rpc/binding.c
pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
pidl/lib/Parse/Pidl/Samba4/Python.pm
release-scripts/build-docs
release-scripts/create-tarball
source3/Makefile.in
source3/auth/auth.c
source3/auth/token_util.c
source3/client/mount.cifs.c
source3/client/mount.h [new file with mode: 0644]
source3/client/mtab.c [new file with mode: 0644]
source3/client/umount.cifs.c
source3/configure.in
source3/include/eventlog.h [new file with mode: 0644]
source3/include/includes.h
source3/include/localedir.h [new file with mode: 0644]
source3/include/nss_info.h
source3/include/ntdomain.h
source3/include/ntlmssp.h
source3/include/passdb.h
source3/include/proto.h
source3/include/rpc_eventlog.h
source3/include/rpc_ntsvcs.h
source3/include/rpc_svcctl.h
source3/include/smb_macros.h
source3/include/vfs_macros.h
source3/lib/debug.c
source3/lib/memcache.c
source3/lib/secdesc.c
source3/lib/util.c
source3/lib/util_pw.c
source3/lib/util_str.c
source3/libads/kerberos_keytab.c
source3/libads/ldap.c
source3/libgpo/gpo_ldap.c
source3/libnet/libnet_dssync_keytab.c
source3/libnet/libnet_join.c
source3/libnet/libnet_keytab.c
source3/libnet/libnet_proto.h
source3/libnet/libnet_samsync.c
source3/libnet/libnet_samsync.h
source3/libnet/libnet_samsync_display.c
source3/libnet/libnet_samsync_keytab.c
source3/libnet/libnet_samsync_ldif.c
source3/libnet/libnet_samsync_passdb.c
source3/librpc/gen_ndr/cli_eventlog.c
source3/librpc/gen_ndr/cli_eventlog.h
source3/librpc/gen_ndr/cli_netlogon.c
source3/librpc/gen_ndr/cli_netlogon.h
source3/librpc/gen_ndr/cli_ntsvcs.c
source3/librpc/gen_ndr/cli_ntsvcs.h
source3/librpc/gen_ndr/cli_samr.c
source3/librpc/gen_ndr/cli_samr.h
source3/librpc/gen_ndr/cli_svcctl.c
source3/librpc/gen_ndr/cli_svcctl.h
source3/librpc/gen_ndr/dom_sid.h [new file with mode: 0644]
source3/librpc/gen_ndr/eventlog.h
source3/librpc/gen_ndr/misc.h
source3/librpc/gen_ndr/named_pipe_auth.h [new file with mode: 0644]
source3/librpc/gen_ndr/ndr_dom_sid.h [new file with mode: 0644]
source3/librpc/gen_ndr/ndr_eventlog.c
source3/librpc/gen_ndr/ndr_eventlog.h
source3/librpc/gen_ndr/ndr_misc.c
source3/librpc/gen_ndr/ndr_misc.h
source3/librpc/gen_ndr/ndr_named_pipe_auth.c [new file with mode: 0644]
source3/librpc/gen_ndr/ndr_named_pipe_auth.h [new file with mode: 0644]
source3/librpc/gen_ndr/ndr_netlogon.c
source3/librpc/gen_ndr/ndr_netlogon.h
source3/librpc/gen_ndr/ndr_ntsvcs.c
source3/librpc/gen_ndr/ndr_samr.c
source3/librpc/gen_ndr/ndr_samr.h
source3/librpc/gen_ndr/ndr_security.c
source3/librpc/gen_ndr/ndr_security.h
source3/librpc/gen_ndr/ndr_svcctl.c
source3/librpc/gen_ndr/ndr_svcctl.h
source3/librpc/gen_ndr/ndr_xattr.c
source3/librpc/gen_ndr/ndr_xattr.h
source3/librpc/gen_ndr/netlogon.h
source3/librpc/gen_ndr/ntsvcs.h
source3/librpc/gen_ndr/samr.h
source3/librpc/gen_ndr/security.h
source3/librpc/gen_ndr/srv_lsa.c
source3/librpc/gen_ndr/srv_netlogon.c
source3/librpc/gen_ndr/srv_ntsvcs.c
source3/librpc/gen_ndr/srv_samr.c
source3/librpc/gen_ndr/srv_srvsvc.c
source3/librpc/gen_ndr/srv_svcctl.c
source3/librpc/gen_ndr/srv_winreg.c
source3/librpc/gen_ndr/srv_wkssvc.c
source3/librpc/gen_ndr/svcctl.h
source3/librpc/gen_ndr/xattr.h
source3/librpc/idl/dom_sid.idl [new file with mode: 0644]
source3/librpc/ndr/ndr_sec.h [deleted file]
source3/librpc/ndr/ndr_sec_helper.c [deleted file]
source3/librpc/ndr/sid.c
source3/libsmb/cliconnect.c
source3/libsmb/clifile.c
source3/libsmb/clitrans.c
source3/libsmb/dsgetdcname.c
source3/libsmb/nterr.c
source3/libsmb/ntlmssp.c
source3/locale/pam_winbind/de.po [new file with mode: 0644]
source3/locale/pam_winbind/genmsg [new file with mode: 0755]
source3/localedir.c [new file with mode: 0644]
source3/m4/check_path.m4
source3/modules/gpfs.c
source3/modules/nfs4_acls.h
source3/modules/onefs.h [new file with mode: 0644]
source3/modules/onefs_acl.c [new file with mode: 0644]
source3/modules/vfs_acl_tdb.c [new file with mode: 0644]
source3/modules/vfs_acl_xattr.c
source3/modules/vfs_onefs.c [new file with mode: 0644]
source3/modules/vfs_readonly.c
source3/modules/vfs_streams_depot.c
source3/modules/vfs_streams_xattr.c
source3/modules/vfs_tsmsm.c
source3/modules/vfs_zfsacl.c
source3/nsswitch/libwbclient/wbc_idmap.c
source3/nsswitch/libwbclient/wbc_pam.c
source3/nsswitch/libwbclient/wbc_pwd.c
source3/nsswitch/libwbclient/wbclient.c
source3/nsswitch/libwbclient/wbclient.h
source3/nsswitch/pam_winbind.c
source3/nsswitch/pam_winbind.h
source3/nsswitch/wb_common.c
source3/nsswitch/wbinfo.c
source3/nsswitch/winbind_struct_protocol.h
source3/nsswitch/wins.c
source3/param/loadparm.c
source3/passdb/passdb.c
source3/passdb/pdb_interface.c
source3/passdb/util_unixsids.c
source3/printing/nt_printing.c
source3/printing/printfsp.c
source3/rpc_client/cli_reg.c
source3/rpc_client/init_netlogon.c
source3/rpc_client/init_samr.c
source3/rpc_parse/parse_misc.c
source3/rpc_parse/parse_ntsvcs.c
source3/rpc_parse/parse_prs.c
source3/rpc_server/srv_dfs_nt.c
source3/rpc_server/srv_eventlog_lib.c
source3/rpc_server/srv_eventlog_nt.c
source3/rpc_server/srv_lsa_nt.c
source3/rpc_server/srv_netlog_nt.c
source3/rpc_server/srv_ntsvcs.c
source3/rpc_server/srv_ntsvcs_nt.c
source3/rpc_server/srv_pipe.c
source3/rpc_server/srv_pipe_hnd.c
source3/rpc_server/srv_samr_nt.c
source3/rpc_server/srv_spoolss_nt.c
source3/rpc_server/srv_srvsvc_nt.c
source3/rpc_server/srv_svcctl_nt.c
source3/rpc_server/srv_winreg_nt.c
source3/rpc_server/srv_wkssvc_nt.c
source3/rpcclient/cmd_netlogon.c
source3/rpcclient/cmd_ntsvcs.c
source3/rpcclient/cmd_samr.c
source3/samba4.m4
source3/samba4.mk
source3/script/installmo.sh [new file with mode: 0644]
source3/script/tests/selftest.sh
source3/script/uninstallmo.sh [new file with mode: 0644]
source3/smbd/aio.c
source3/smbd/blocking.c
source3/smbd/close.c
source3/smbd/dosmode.c
source3/smbd/fake_file.c
source3/smbd/filename.c
source3/smbd/files.c
source3/smbd/ipc.c
source3/smbd/map_username.c
source3/smbd/msdfs.c
source3/smbd/notify.c
source3/smbd/nttrans.c
source3/smbd/open.c
source3/smbd/password.c
source3/smbd/pipes.c
source3/smbd/posix_acls.c
source3/smbd/process.c
source3/smbd/reply.c
source3/smbd/server.c
source3/smbd/service.c
source3/smbd/sesssetup.c
source3/smbd/share_access.c
source3/smbd/trans2.c
source3/smbd/uid.c
source3/torture/torture.c
source3/utils/net.h
source3/utils/net_proto.h
source3/utils/net_rap.c
source3/utils/net_registry.c
source3/utils/net_rpc.c
source3/utils/net_rpc_join.c
source3/utils/net_rpc_samsync.c
source3/utils/net_sam.c
source3/utils/net_util.c
source3/utils/ntlm_auth.c
source3/utils/pdbedit.c
source3/utils/smbpasswd.c
source3/utils/smbtree.c
source3/web/cgi.c
source3/web/neg_lang.c
source3/winbindd/idmap.c
source3/winbindd/idmap_ad.c
source3/winbindd/idmap_adex/idmap_adex.c
source3/winbindd/idmap_hash/idmap_hash.c
source3/winbindd/idmap_tdb.c
source3/winbindd/idmap_util.c
source3/winbindd/nss_info.c
source3/winbindd/nss_info_template.c
source3/winbindd/winbindd.c
source3/winbindd/winbindd_ads.c
source3/winbindd/winbindd_cache.c
source3/winbindd/winbindd_dual.c
source3/winbindd/winbindd_group.c
source3/winbindd/winbindd_idmap.c
source3/winbindd/winbindd_pam.c
source3/winbindd/winbindd_passdb.c
source3/winbindd/winbindd_proto.h
source3/winbindd/winbindd_rpc.c
source3/winbindd/winbindd_sid.c
source4/Makefile
source4/auth/config.m4
source4/build/m4/check_python.m4
source4/build/m4/public.m4
source4/build/make/python.mk
source4/configure.ac
source4/dsdb/common/util.c
source4/dsdb/config.mk
source4/dsdb/samdb/ldb_modules/config.mk
source4/dsdb/samdb/ldb_modules/linked_attributes.c
source4/dsdb/samdb/ldb_modules/objectclass.c
source4/dsdb/samdb/ldb_modules/schema_fsmo.c
source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
source4/dsdb/schema/schema.h
source4/dsdb/schema/schema_description.c
source4/dsdb/schema/schema_init.c
source4/dsdb/schema/schema_syntax.c
source4/headermap.txt
source4/ldap_server/ldap_backend.c
source4/lib/ldb-samba/config.mk
source4/lib/ldb/common/ldb_ldif.c
source4/lib/ldb/ldb.i
source4/lib/ldb/ldb_tdb/ldb_tdb.c
source4/lib/ldb/ldb_tdb/ldb_tdb.h
source4/lib/ldb/ldb_wrap.c
source4/lib/registry/config.mk
source4/lib/wmi/config.mk
source4/libcli/clideltree.c
source4/libcli/ldap/ldap_bind.c
source4/libcli/resolve/host.c
source4/libcli/security/config.mk
source4/libcli/util/nterr.c
source4/libnet/groupinfo.c
source4/libnet/groupman.c
source4/libnet/libnet_domain.c
source4/libnet/libnet_group.c
source4/libnet/libnet_join.c
source4/libnet/libnet_passwd.c
source4/libnet/libnet_samsync_ldb.c
source4/libnet/libnet_user.c
source4/libnet/userinfo.c
source4/libnet/userman.c
source4/librpc/config.mk
source4/librpc/idl/dom_sid.idl [new file with mode: 0644]
source4/librpc/idl/samr.idl [deleted file]
source4/librpc/idl/security.idl [deleted file]
source4/librpc/ndr/ndr_dom_sid.c [moved from source4/librpc/ndr/ndr_sec_helper.c with 78% similarity]
source4/main.mk
source4/ntvfs/posix/pvfs_resolve.c
source4/rpc_server/dcerpc_server.c
source4/rpc_server/samr/dcesrv_samr.c
source4/rpc_server/samr/samr_password.c
source4/rpc_server/service_rpc.c
source4/selftest/knownfail
source4/selftest/skip
source4/setup/schema-map-fedora-ds-1.0
source4/setup/schema-map-openldap-2.3
source4/smbd/config.mk
source4/smbd/service_named_pipe.c [new file with mode: 0644]
source4/torture/config.mk
source4/torture/libnet/libnet_domain.c
source4/torture/libnet/libnet_group.c
source4/torture/libnet/libnet_user.c
source4/torture/libnet/utils.c
source4/torture/raw/acls.c
source4/torture/raw/chkpath.c
source4/torture/raw/streams.c
source4/torture/rpc/eventlog.c
source4/torture/rpc/netlogon.c
source4/torture/rpc/ntsvcs.c [new file with mode: 0644]
source4/torture/rpc/rpc.c
source4/torture/rpc/rpc.h
source4/torture/rpc/samba3rpc.c
source4/torture/rpc/samr.c
source4/torture/rpc/samr_accessmask.c
source4/torture/rpc/samsync.c
source4/torture/rpc/schannel.c
source4/torture/rpc/svcctl.c
source4/torture/rpc/testjoin.c
source4/torture/smb2/config.mk
source4/torture/smbtorture.h
source4/torture/util.h
source4/torture/winbind/config.mk
source4/utils/ad2oLschema.c
source4/utils/net/config.mk
source4/utils/net/net.c
source4/utils/net/net_machinepw.c [new file with mode: 0644]
source4/winbind/wb_async_helpers.c

index 31fe69d8d33b976cc6366fc9be9e8d80b20cab8e..75f85e1c553984874765ee3243a2ea3fcc91999f 100644 (file)
@@ -395,7 +395,7 @@ current network.</para>
 <title>RAP PRINTQ</title>
 
 <refsect3>
-<title>RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable></title>
+<title>RAP PRINTQ INFO <replaceable>QUEUE_NAME</replaceable></title>
 
 <para>Lists the specified print queue and print jobs on the server.
 If the <replaceable>QUEUE_NAME</replaceable> is omitted, all 
index 72a2380dde2cc9626521b7237ff9d6a00ef40564..abb1c7f53ffd37b9969fdb8672c8cd0689c375d5 100644 (file)
                <arg choice="opt">--own-domain</arg>
                <arg choice="opt">-p</arg>
                <arg choice="opt">-r user</arg>
+               <arg choice="opt">--remove-uid-mapping uid,sid</arg>
+               <arg choice="opt">--remove-gid-mapping gid,sid</arg>
                <arg choice="opt">-s sid</arg>
                <arg choice="opt">--separator</arg>
                <arg choice="opt">--sequence</arg>
                <arg choice="opt">--set-auth-user user%password</arg>
+               <arg choice="opt">--set-uid-mapping uid,sid</arg>
+               <arg choice="opt">--set-gid-mapping gid,sid</arg>
                <arg choice="opt">-S sid</arg>
                <arg choice="opt">-t</arg>
                <arg choice="opt">-u</arg>
                the operation will fail. </para></listitem>
                </varlistentry>
 
+               <varlistentry>
+               <term>--remove-uid-mapping uid,sid</term>
+               <listitem><para>Remove an existing uid to sid mapping
+               entry from the IDmap backend.</para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>--remove-gid-mapping gid,sid</term>
+               <listitem><para>Remove an existing gid to sid
+               mapping entry from the IDmap backend.</para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>--set-uid-mapping uid,sid</term>
+               <listitem><para>Create a new or modify an existing uid to sid
+               mapping in the IDmap backend.</para></listitem>
+               </varlistentry>
+
+               <varlistentry>
+               <term>--set-gid-mapping gid,sid</term>
+               <listitem><para>Create a new or modify an existing gid to sid
+               mapping in the IDmap backend.</para></listitem>
+               </varlistentry>
 
                &stdarg.version;
                &stdarg.help;
index f811c47e5c2b9b6769a25fdb659b151cd66719b2..99678a9fcef812aba6c4238d8172624d1935facd 100644 (file)
@@ -6,4 +6,6 @@
 <description>
     <para>Inverted synonym for <smbconfoption name="read only"/>.</para>
 </description>
+
+<value type="default">no</value>
 </samba:parameter>
index b994447f4b733dc82e36c675505f9c48debb577a..acae62c37872fbeb21ae22c81360245ddfc4b4db 100644 (file)
@@ -8,3 +8,4 @@ socket_wrapper - Wrapper library allowing TCP/IP traffic to be redirected
                  over Unix domain sockets.
 talloc - Hierarchical pool based memory allocator 
 tdb - Simple but fast key/value database library, supporting multiple writers
+torture - Simple unit testing helper library
index acdcd38efe6165aebc8ef1cb2322044c7594e2f2..2d5dbc16610a3b6107e69d6a699a68db4530a61c 100644 (file)
@@ -179,6 +179,7 @@ AC_DEFUN([AC_PROG_CC_C99],
 # ------------------------
 # Enable extensions on systems that normally disable them,
 # typically due to standards-conformance issues.
+m4_ifndef([AC_USE_SYSTEM_EXTENSIONS],[
 AC_DEFUN([AC_USE_SYSTEM_EXTENSIONS],
 [
   AC_BEFORE([$0], [AC_COMPILE_IFELSE])
@@ -208,3 +209,4 @@ AC_DEFUN([AC_USE_SYSTEM_EXTENSIONS],
     AC_DEFINE([__EXTENSIONS__])
   AC_DEFINE([_POSIX_PTHREAD_SEMANTICS])
 ])
+])
similarity index 85%
rename from source4/lib/torture/config.mk
rename to lib/torture/config.mk
index 8a7f2a3b6b19f43847e965997487e26b1d65409d..abd89260f676233b08f8a749f9678693e1fd3b30 100644 (file)
@@ -4,6 +4,7 @@ PUBLIC_DEPENDENCIES = \
                LIBSAMBA-HOSTCONFIG \
                LIBSAMBA-UTIL \
                LIBTALLOC
+CFLAGS = -I$(libtorturesrcdir) -I$(libtorturesrcdir)/../
 
 torture_VERSION = 0.0.1
 torture_SOVERSION = 0
similarity index 94%
rename from source4/lib/torture/subunit.c
rename to lib/torture/subunit.c
index d5ee344596fb5a9cece742f52f80f7853a3a3afc..832f11fafc3dc6674dcb7d9ae300c16c3e7782e6 100644 (file)
 #include "includes.h"
 #include "lib/torture/torture.h"
 
-static void subunit_init(struct torture_results *results) 
-{
-       /* FIXME: register segv and bus handler */
-}
-
 static void subunit_suite_start(struct torture_context *ctx,
                                struct torture_suite *suite)
 {
@@ -87,7 +82,6 @@ static void subunit_warning(struct torture_context *test,
 }
 
 const struct torture_ui_ops torture_subunit_ui_ops = {
-       .init = subunit_init,
        .comment = subunit_comment,
        .warning = subunit_warning,
        .test_start = subunit_test_start,
similarity index 99%
rename from source4/lib/torture/torture.c
rename to lib/torture/torture.c
index e465529f6b0c3ecc8d63405d357c9b7362ca5ad1..9ad29ba9d0380d087354315d53b7cf1462370138 100644 (file)
@@ -2,7 +2,7 @@
    Unix SMB/CIFS implementation.
    SMB torture UI functions
 
-   Copyright (C) Jelmer Vernooij 2006
+   Copyright (C) Jelmer Vernooij 2006-2008
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -18,8 +18,8 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
-#include "torture/torture.h"
+#include "source4/include/includes.h"
+#include "../torture/torture.h"
 #include "../lib/util/dlinklist.h"
 #include "param/param.h"
 #include "system/filesys.h"
@@ -310,7 +310,7 @@ static bool internal_torture_run_test(struct torture_context *context,
                                          bool already_setup)
 {
        bool success;
-       char *old_testname;
+       char *old_testname = NULL;
 
        if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { 
                old_testname = context->active_testname;
similarity index 95%
rename from source4/lib/torture/torture.h
rename to lib/torture/torture.h
index f06ffe012b430291f5f975ef15d7de4142bfdf39..73ea1eb64317c3ff3f47ff3554829b3dfbbfc293 100644 (file)
@@ -105,8 +105,6 @@ struct torture_results
        bool quiet;
 
        bool returncode;
-
-
 };
 
 /* 
@@ -286,6 +284,21 @@ void torture_result(struct torture_context *test,
        } \
        } while(0)
 
+#define torture_assert_data_blob_equal(torture_ctx,got,expected,cmt)\
+       do { const DATA_BLOB __got = (got), __expected = (expected); \
+       if (__got.length != __expected.length) { \
+               torture_result(torture_ctx, TORTURE_FAIL, \
+                              __location__": "#got".len %d did not match "#expected" len %d: %s", \
+                              (int)__got.length, (int)__expected.length, cmt); \
+               return false; \
+       } \
+       if (memcmp(__got.data, __expected.data, __got.length) != 0) { \
+               torture_result(torture_ctx, TORTURE_FAIL, \
+                              __location__": "#got" of len %d did not match"#expected": %s", (int)__got.length, cmt); \
+               return false; \
+       } \
+       } while(0)
+
 #define torture_assert_file_contains_text(torture_ctx,filename,expected,cmt)\
        do { \
        char *__got; \
index b24e63641cd19cc3662d328fc0371e454b84e8c2..da077af31da91dd9c156cf14c8b2e076fab7e8ef 100644 (file)
@@ -1,5 +1,15 @@
 AC_CHECK_HEADERS(execinfo.h)
 AC_SEARCH_LIBS_EXT(backtrace, [execinfo], EXECINFO_LIBS)
 AC_CHECK_FUNC_EXT(backtrace, $EXECINFO_LIBS)
-SMB_EXT_LIB(EXECINFO,[${EXECINFO_LIBS}])
-SMB_ENABLE(EXECINFO)
+
+
+if test x"$ac_cv_header_execinfo_h" = x"yes" -a x"$ac_cv_func_ext_backtrace" = x"yes";then
+       SMB_ENABLE(EXECINFO, YES)
+       EXECINFO_CFLAGS="$CFLAGS"
+       EXECINFO_CPPFLAGS="$CPPFLAGS"
+       EXECINFO_LDFLAGS="$LDFLAGS"
+else
+       SMB_ENABLE(EXECINFO,NO)
+fi
+
+SMB_EXT_LIB(EXECINFO, [${EXECINFO_LIBS}], [${EXECINFO_CFLAGS}], [${EXECINFO_CPPFLAGS}], [${EXECINFO_LDFLAGS}])
index 4e2a5aab0981cd990a95e4a7cc21a17163f928c6..7548d30b7ef80bba8f40f0f4a6cddbc481d41f21 100644 (file)
@@ -701,10 +701,14 @@ _PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_
        char *hex_buffer;
 
        hex_buffer = talloc_array(mem_ctx, char, (len*2)+1);
+       if (!hex_buffer) {
+               return NULL;
+       }
 
        for (i = 0; i < len; i++)
                slprintf(&hex_buffer[i*2], 3, "%02X", buff_in[i]);
 
+       talloc_set_name_const(hex_buffer, hex_buffer);
        return hex_buffer;
 }
 
index ec1cfef110a21bd8e0fa6820b9395f57d759e6ff..dced557acbe32594d282d1a87248d4ae2598a6e5 100644 (file)
@@ -21,6 +21,8 @@
 #ifndef _SAMBA_UTIL_H_
 #define _SAMBA_UTIL_H_
 
+#include <netinet/in.h>
+
 #if _SAMBA_BUILD_ == 4
 #include "../lib/util/charset/charset.h"
 #endif
@@ -124,9 +126,6 @@ void CatchChildLeaveStatus(void);
 
 /* The following definitions come from lib/util/system.c  */
 
-
-struct in_addr;
-
 /**************************************************************************
 A wrapper for gethostbyname() that tries avoids looking up hostnames 
 in the root domain, which can cause dial-on-demand links to come up for no
index e03352d7cf5944c3375a84c34c0404d39d9f74d1..7d8ca49e9abd1f39f8ae910bafd2fe6eb822e660 100644 (file)
@@ -331,9 +331,9 @@ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock,
                             struct nbt_name_packet *request);
 
 
-NDR_SCALAR_PROTO(wrepl_nbt_name, const struct nbt_name *);
-NDR_SCALAR_PROTO(nbt_string, const char *);
-NDR_BUFFER_PROTO(nbt_name, struct nbt_name);
+NDR_SCALAR_PROTO(wrepl_nbt_name, const struct nbt_name *)
+NDR_SCALAR_PROTO(nbt_string, const char *)
+NDR_BUFFER_PROTO(nbt_name, struct nbt_name)
 NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode);
 
 struct composite_context;
index 2ab39125df49391e6217f14fbdb10c55ce78f46c..160e7bc3e0bb7ca7014beccbd9eb9f0dbb70b89a 100644 (file)
@@ -135,6 +135,7 @@ static const struct werror_code_struct dos_errs[] =
        { "WERR_INVALID_FLAGS", WERR_INVALID_FLAGS },
        { "WERR_NOT_FOUND", WERR_NOT_FOUND },
        { "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE },
+       { "WERR_NO_TRUST_SAM_ACCOUNT", WERR_NO_TRUST_SAM_ACCOUNT },
        { "WERR_CLASS_NOT_REGISTERED", WERR_CLASS_NOT_REGISTERED },
        { "WERR_NO_SHUTDOWN_IN_PROGRESS", WERR_NO_SHUTDOWN_IN_PROGRESS },
        { "WERR_SHUTDOWN_ALREADY_IN_PROGRESS", WERR_SHUTDOWN_ALREADY_IN_PROGRESS },
index fa4553df1e0b173540aa671bad346208b5aaa52d..139562d8c29b07e551515daba062f6556611b2c3 100644 (file)
@@ -592,6 +592,7 @@ typedef uint32_t NTSTATUS;
 #define NT_STATUS_TOO_MANY_LINKS NT_STATUS(0xC0000000 | 0x0265)
 #define NT_STATUS_QUOTA_LIST_INCONSISTENT NT_STATUS(0xC0000000 | 0x0266)
 #define NT_STATUS_FILE_IS_OFFLINE NT_STATUS(0xC0000000 | 0x0267)
+#define NT_STATUS_DS_BUSY NT_STATUS(0xC0000000 | 0x02a5)
 #define NT_STATUS_DS_NO_MORE_RIDS NT_STATUS(0xC0000000 | 0x02a8)
 #define NT_STATUS_NOT_A_REPARSE_POINT NT_STATUS(0xC0000000 | 0x0275)
 #define NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED NT_STATUS(0xC0000000 | 0x02E9)
index fe819fce5ecbc820d0e29f715bd03bd93f00c2f6..d22516ae5c4aecebe46cffff80974e5be1453be3 100644 (file)
@@ -136,6 +136,7 @@ typedef uint32_t WERROR;
 #define WERR_TIME_SKEW W_ERROR(1398)
 #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500)
 #define WERR_SERVER_UNAVAILABLE W_ERROR(1722)
+#define WERR_NO_TRUST_SAM_ACCOUNT W_ERROR(1787)
 #define WERR_INVALID_FORM_NAME W_ERROR(1902)
 #define WERR_INVALID_FORM_SIZE W_ERROR(1903)
 #define WERR_PASSWORD_MUST_CHANGE W_ERROR(1907)
@@ -180,6 +181,7 @@ typedef uint32_t WERROR;
 /* Configuration Manager Errors */
 /* Basically Win32 errors meanings are specific to the \ntsvcs pipe */
 
+#define WERR_CM_BUFFER_SMALL W_ERROR(26)
 #define WERR_CM_NO_MORE_HW_PROFILES W_ERROR(35)
 #define WERR_CM_NO_SUCH_VALUE W_ERROR(37)
 
index ce25dd65ffbd3125fbf699f0b90c1728f5b38c33..bab4cb90c766ad5b3af9d25b37fb0a2bbf4d2881 100644 (file)
@@ -11,7 +11,7 @@ import "lsa.idl", "security.idl";
   helpstring("Event Logger")
 ] interface eventlog
 {
-       typedef bitmap {
+       typedef [bitmap32bit] bitmap {
                EVENTLOG_SEQUENTIAL_READ = 0x0001,
                EVENTLOG_SEEK_READ       = 0x0002,
                EVENTLOG_FORWARDS_READ   = 0x0004,
@@ -100,8 +100,8 @@ import "lsa.idl", "security.idl";
                [in,unique]         eventlog_OpenUnknown0 *unknown0,
                [in,ref]    lsa_String *logname,
                [in,ref]    lsa_String *servername,
-               [in]        uint32 unknown2,
-               [in]        uint32 unknown3,
+               [in]        uint32 major_version,
+               [in]        uint32 minor_version,
                [out]   policy_handle *handle
        );
 
@@ -117,7 +117,7 @@ import "lsa.idl", "security.idl";
        /* Function: 0x0a */
        NTSTATUS eventlog_ReadEventLogW(
                [in] policy_handle *handle,
-               [in] uint32 flags,
+               [in] eventlogReadFlags flags,
                [in] uint32 offset,
                [in] [range(0,0x7FFFF)] uint32 number_of_bytes,
                [out,ref,size_is(number_of_bytes)] uint8 *data,
index ff548fe804f60aacb5cad21c8f85c6b1ba8bae01..1907195252138962a86cfe75e9701c7f51dbb826 100644 (file)
@@ -2,7 +2,6 @@
   miscellaneous IDL structures
 */
 
-
 [
        pointer_default(unique)
 ]
@@ -36,19 +35,4 @@ interface misc
                SEC_CHAN_DOMAIN      = 4,
                SEC_CHAN_BDC         = 6
        } netr_SchannelType;
-
-       /* SAM database types */
-       typedef [public,v1_enum] enum {
-               SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
-               SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
-               SAM_DATABASE_PRIVS   = 2 /* Privileges */
-       } netr_SamDatabaseID;
-
-       typedef [public,v1_enum] enum {
-               SAMR_REJECT_OTHER      = 0,
-               SAMR_REJECT_TOO_SHORT  = 1,
-               SAMR_REJECT_IN_HISTORY = 2,
-               SAMR_REJECT_COMPLEXITY = 5
-       } samr_RejectReason;
-
 }
diff --git a/librpc/idl/named_pipe_auth.idl b/librpc/idl/named_pipe_auth.idl
new file mode 100644 (file)
index 0000000..7d85eba
--- /dev/null
@@ -0,0 +1,44 @@
+#include "idl_types.h"
+/*
+  miscellaneous IDL structures
+*/
+
+import "netlogon.idl";
+
+[
+       pointer_default(unique)
+]
+interface named_pipe_auth
+{
+       const char *NAMED_PIPE_AUTH_MAGIC = "NPAM";
+
+       typedef [switch_type(uint32)] union {
+               [case(0)] ;/* anonymous */
+               [case(1)] netr_SamInfo3 info1;
+       } named_pipe_auth_req_info;
+
+       typedef [public,gensize] struct {
+               [flag(NDR_BIG_ENDIAN),
+                value(ndr_size_named_pipe_auth_req(r,ndr->flags)-4)]
+                       uint32 length;
+               [charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4];
+               uint32 level;
+               [switch_is(level)] named_pipe_auth_req_info info;
+       } named_pipe_auth_req;
+
+       typedef [switch_type(uint32)] union {
+               [case(0)] ;
+               [case(1)] ;
+       } named_pipe_auth_rep_info;
+
+       typedef [public,gensize] struct {
+               [flag(NDR_BIG_ENDIAN),
+                value(ndr_size_named_pipe_auth_rep(r,ndr->flags)-4)]
+                       uint32 length;
+               [charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4];
+               uint32 level;
+               [switch_is(level)] named_pipe_auth_rep_info info;
+               NTSTATUS status;
+       } named_pipe_auth_rep;
+}
+
index 0561f5becde8227e191b31b77bbc3f8f853228a5..cf4da7adfa9475702f9b4c2411fd1ce16fb3ebe9 100644 (file)
@@ -8,10 +8,14 @@ import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl";
 
 #include "idl_types.h"
 
+cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum")
+cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID")
+
 [
   uuid("12345678-1234-abcd-ef00-01234567cffb"),
   version(1.0),
   endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
+  helper("../librpc/ndr/ndr_netlogon.h"),
   pointer_default(unique)
 ]
 
@@ -19,6 +23,8 @@ interface netlogon
 {
        typedef bitmap samr_AcctFlags samr_AcctFlags;
        typedef bitmap samr_GroupAttrs samr_GroupAttrs;
+       typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit;
+       typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit;
 
        /*****************/
        /* Function 0x00 */
@@ -432,7 +438,7 @@ interface netlogon
                boolean8 lm_password_present;
                boolean8 password_expired;
                lsa_String comment;
-               lsa_String parameters;
+               lsa_BinaryString parameters;
                uint16 country_code;
                uint16 code_page;
                netr_USER_PRIVATE_INFO user_private_info;
@@ -958,13 +964,37 @@ interface netlogon
 
        /* i'm not at all sure how this call works */
 
+       typedef [bitmap16bit] bitmap {
+               NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED  = 0x0001,
+               NETR_CHANGELOG_CHANGED_PASSWORD         = 0x0002,
+               NETR_CHANGELOG_SID_INCLUDED             = 0x0004,
+               NETR_CHANGELOG_NAME_INCLUDED            = 0x0008,
+               NETR_CHANGELOG_FIRST_PROMOTION_OBJ      = 0x0010
+       } netr_ChangeLogFlags;
+
+       typedef [nodiscriminant] union {
+               [case(NETR_CHANGELOG_SID_INCLUDED)] dom_sid object_sid;
+               [case(NETR_CHANGELOG_NAME_INCLUDED)] nstring object_name;
+               [default];
+       } netr_ChangeLogObject;
+
+       typedef [public,gensize] struct {
+               uint32 serial_number1;
+               uint32 serial_number2;
+               uint32 object_rid;
+               netr_ChangeLogFlags flags;
+               netr_SamDatabaseID8Bit db_index;
+               netr_DeltaEnum8Bit delta_type;
+               [switch_is(flags & (NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] netr_ChangeLogObject object;
+       } netr_ChangeLogEntry;
+
        NTSTATUS netr_DatabaseRedo(
                [in]     [string,charset(UTF16)] uint16 logon_server[],
                [in]     [string,charset(UTF16)] uint16 computername[],
                [in]     netr_Authenticator *credential,
                [in,out,ref] netr_Authenticator *return_authenticator,
-               [in,ref][size_is(change_log_entry_size)] uint8 *change_log_entry,
-               [in]     uint32 change_log_entry_size,
+               [in]     [subcontext(4),subcontext_size(change_log_entry_size)] netr_ChangeLogEntry change_log_entry,
+               [in]     [value(ndr_size_netr_ChangeLogEntry(&change_log_entry, ndr->flags))] uint32 change_log_entry_size,
                [out,ref]    netr_DELTA_ENUM_ARRAY **delta_enum_array
                );
 
index 809ead90c3ceba306dcfa08d59407716c840ad70..be7fcdff13b7fece0ea90707479a17f9c94d7b63 100644 (file)
@@ -2,9 +2,12 @@
   plug and play services
 */
 
+import "winreg.idl";
+
 [
   uuid("8d9f4e40-a03d-11ce-8f69-08003e30051b"),
   version(1.0),
+  endpoint("ncacn_np:[\\pipe\\ntsvcs]","ncacn_np:[\\pipe\\plugplay]"),
   helpstring("Plug and Play services")
 ]
 interface ntsvcs
@@ -67,7 +70,7 @@ interface ntsvcs
        /******************/
        /* Function: 0x0a */
 
-       [todo] WERROR PNP_GetDeviceList(
+       WERROR PNP_GetDeviceList(
                [in,unique] [string,charset(UTF16)] uint16 *filter,
                [out,ref] [size_is(*length),length_is(*length)] uint16 *buffer,
                [in,out,ref] uint32 *length,
@@ -96,7 +99,7 @@ interface ntsvcs
        WERROR PNP_GetDeviceRegProp(
                [in,ref] [string,charset(UTF16)] uint16 *devicepath,
                [in] uint32 property,
-               [in,out,ref] uint32 *reg_data_type,
+               [in,out,ref] winreg_Type *reg_data_type,
                [out,ref] [size_is(*buffer_size)] [length_is(*buffer_size)] uint8 *buffer,
                [in,out,ref] uint32 *buffer_size,
                [in,out,ref] uint32 *needed,
@@ -237,31 +240,31 @@ interface ntsvcs
        /* Function: 0x28 */
 
        WERROR PNP_HwProfFlags(
-               [in] uint32 unknown1,
+               [in] uint32 action,
                [in,ref] [string,charset(UTF16)] uint16 *devicepath,
-               [in] uint32 unknown2,
-               [in,out,ref] uint32 *unknown3,
-               [in,out,unique] uint16 *unknown4,
+               [in] uint32 config,
+               [in,out,ref] uint32 *profile_flags,
+               [in,out,unique] uint16 *veto_type,
                [in,unique] [string,charset(UTF16)] uint16 *unknown5,
                [out,unique] [string,charset(UTF16)] uint16 **unknown5a,
-               [in] uint32 unknown6,
-               [in] uint32 unknown7
+               [in] uint32 name_length,
+               [in] uint32 flags
                );
 
        /******************/
        /* Function: 0x29 */
 
        typedef struct {
-               uint32 unknown1;
-               uint16 unknown2[160];
-               uint32 unknown3;
+               uint32 profile_handle;
+               uint16 friendly_name[80];
+               uint32 flags;
        } PNP_HwProfInfo;
 
        WERROR PNP_GetHwProfInfo(
                [in] uint32 idx,
                [in,out,ref] PNP_HwProfInfo *info,
-               [in] uint32 unknown1,
-               [in] uint32 unknown2
+               [in] uint32 size,
+               [in] uint32 flags
                );
 
        /******************/
similarity index 98%
rename from source3/librpc/idl/samr.idl
rename to librpc/idl/samr.idl
index f47e0994dc232a5588082ce538b3ad52c47348c8..46478ee9e87d363c9616d97cbfe87b4c072cfefd 100644 (file)
@@ -17,6 +17,22 @@ import "misc.idl", "lsa.idl", "security.idl";
 {
        typedef bitmap security_secinfo security_secinfo;
 
+       /* SAM database types */
+       typedef [public,v1_enum] enum {
+               SAM_DATABASE_DOMAIN  = 0, /* Domain users and groups */
+               SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */
+               SAM_DATABASE_PRIVS   = 2 /* Privileges */
+       } netr_SamDatabaseID;
+
+       typedef [public,v1_enum] enum {
+               SAMR_REJECT_OTHER      = 0,
+               SAMR_REJECT_TOO_SHORT  = 1,
+               SAMR_REJECT_IN_HISTORY = 2,
+               SAMR_REJECT_COMPLEXITY = 5
+       } samr_RejectReason;
+
+
+
        /* account control (acct_flags) bits */
        typedef [public,bitmap32bit] bitmap {
                ACB_DISABLED                    = 0x00000001,  /* 1 = User account disabled */
@@ -321,6 +337,11 @@ import "misc.idl", "lsa.idl", "security.idl";
                DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
        } samr_PasswordProperties;
 
+       typedef [v1_enum] enum {
+               DOMAIN_SERVER_ENABLED = 1,
+               DOMAIN_SERVER_DISABLED = 2
+       } samr_DomainServerState;
+
        typedef struct {
                uint16 min_password_length;
                uint16 password_history_length;
@@ -336,7 +357,7 @@ import "misc.idl", "lsa.idl", "security.idl";
                lsa_String domain_name;
                lsa_String primary; /* PDC name if this is a BDC */
                udlong sequence_num;
-               uint32 unknown2;
+               samr_DomainServerState domain_server_state;
                samr_Role role;
                uint32 unknown3;
                uint32 num_users;
@@ -370,7 +391,7 @@ import "misc.idl", "lsa.idl", "security.idl";
        } samr_DomInfo8;
 
        typedef struct {
-               uint32 unknown; /* w2k3 returns 1 */
+               samr_DomainServerState domain_server_state;
        } samr_DomInfo9;
 
        typedef struct {
@@ -417,7 +438,7 @@ import "misc.idl", "lsa.idl", "security.idl";
        /************************/
        /* Function    0x09     */
        /*
-         only levels 1, 3, 4, 6, 7, 9, 12 are valid for this 
+         only levels 1, 3, 4, 6, 7, 9, 12 are valid for this
          call in w2k3
        */
        NTSTATUS samr_SetDomainInfo(
@@ -436,14 +457,10 @@ import "misc.idl", "lsa.idl", "security.idl";
                [out,ref]     policy_handle *group_handle,
                [out,ref]     uint32 *rid
                );
-               
+
 
        /************************/
        /* Function    0x0b     */
-
-       const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */
-       const int MAX_SAM_ENTRIES_W95 = 50;
-
        NTSTATUS samr_EnumDomainGroups(
                [in]          policy_handle *domain_handle,
                [in,out,ref]  uint32 *resume_handle,
@@ -853,7 +870,7 @@ import "misc.idl", "lsa.idl", "security.idl";
        typedef struct {
                samr_AcctFlags acct_flags;
        } samr_UserInfo16;
-       
+
        typedef struct {
                NTTIME acct_expiry;
        } samr_UserInfo17;
@@ -959,7 +976,7 @@ import "misc.idl", "lsa.idl", "security.idl";
 
        typedef struct {
                samr_CryptPassword password;
-               uint8 pw_len;
+               uint8 password_expired;
        } samr_UserInfo24;
 
        typedef [flag(NDR_PAHEX)] struct {
@@ -973,7 +990,7 @@ import "misc.idl", "lsa.idl", "security.idl";
 
        typedef struct {
                samr_CryptPasswordEx password;
-               uint8 pw_len;
+               uint8 password_expired;
        } samr_UserInfo26;
 
        typedef [switch_type(uint16)] union {
@@ -1135,7 +1152,7 @@ import "misc.idl", "lsa.idl", "security.idl";
          this seems to be an alphabetic search function. The returned index
          is the index for samr_QueryDisplayInfo needed to get names occurring
          after the specified name. The supplied name does not need to exist
-         in the database (for example you can supply just a first letter for 
+         in the database (for example you can supply just a first letter for
          searching starting at that letter)
 
          The level corresponds to the samr_QueryDisplayInfo level
@@ -1330,7 +1347,7 @@ import "misc.idl", "lsa.idl", "security.idl";
        /************************/
        /* Function    0x3a     */
        /*
-         seems to be an exact alias for samr_SetUserInfo() 
+         seems to be an exact alias for samr_SetUserInfo()
        */
        [public] NTSTATUS samr_SetUserInfo2(
                [in,ref]                   policy_handle *user_handle,
@@ -1434,10 +1451,9 @@ import "misc.idl", "lsa.idl", "security.idl";
        NTSTATUS samr_RidToSid(
                [in,ref]    policy_handle *domain_handle,
                [in]        uint32        rid,
-               [out,ref]   dom_sid2      *sid
+               [out,ref]   dom_sid2      **sid
                );
 
-
        /************************/
        /* Function    0x42     */
 
index 690f40608114f6cc0bdcb0897e1801637f89917d..3f70e2c36e5919d977643d660b2e21bbaadee651 100644 (file)
@@ -5,27 +5,10 @@
 */
 
 import "misc.idl";
-
-/* 
-   use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
-   just a dom sid, but with the sub_auths represented as a conformant
-   array. As with all in-structure conformant arrays, the array length
-   is placed before the start of the structure. That's what gives rise
-   to the extra num_auths elemenent. We don't want the Samba code to
-   have to bother with such esoteric NDR details, so its easier to just
-   define it as a dom_sid and use pidl magic to make it all work. It
-   just means you need to mark a sid as a "dom_sid2" in the IDL when you
-   know it is of the conformant array variety
-*/
-cpp_quote("#define dom_sid2 dom_sid")
-
-/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
-cpp_quote("#define dom_sid28 dom_sid")
-
-/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */
-cpp_quote("#define dom_sid0 dom_sid")
+import "dom_sid.idl";
 
 [
+       helper("librpc/gen_ndr/ndr_dom_sid.h"),
        pointer_default(unique)
 ]
 interface security
@@ -257,7 +240,7 @@ interface security
        } sec_privilege;
 
 
-       typedef [bitmap8bit] bitmap {
+       typedef [public,bitmap8bit] bitmap {
                SEC_ACE_FLAG_OBJECT_INHERIT             = 0x01,
                SEC_ACE_FLAG_CONTAINER_INHERIT          = 0x02,
                SEC_ACE_FLAG_NO_PROPAGATE_INHERIT       = 0x04,
@@ -268,7 +251,7 @@ interface security
                SEC_ACE_FLAG_FAILED_ACCESS              = 0x80
        } security_ace_flags;
 
-       typedef [enum8bit] enum {
+       typedef [public,enum8bit] enum {
                SEC_ACE_TYPE_ACCESS_ALLOWED             = 0,
                SEC_ACE_TYPE_ACCESS_DENIED              = 1,
                SEC_ACE_TYPE_SYSTEM_AUDIT               = 2,
@@ -305,7 +288,7 @@ interface security
                [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type;
        } security_ace_object;
 
-       typedef [nodiscriminant] union {
+       typedef [public,nodiscriminant] union {
                [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object;
                [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object;
                [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object;
@@ -313,7 +296,7 @@ interface security
                [default];
        } security_ace_object_ctr;
 
-       typedef [public,gensize,nosize] struct {
+       typedef [public,nopull,gensize,nosize] struct {
                security_ace_type type;  /* SEC_ACE_TYPE_* */
                security_ace_flags flags; /* SEC_ACE_FLAG_* */
                [value(ndr_size_security_ace(r,ndr->flags))] uint16 size;
index fa8e10988c4fa51c6e526900473dc2571679c405..4b88f5e5f415cc08a00e0dd890e3b9c6960883c9 100644 (file)
@@ -89,13 +89,19 @@ import "misc.idl", "security.idl";
        /*****************/
        /* Function 0x01 */
 
-       typedef enum {
-               FIXME=1
+       /* Service Controls */
+
+       typedef [v1_enum] enum {
+               SVCCTL_CONTROL_STOP             = 0x00000001,
+               SVCCTL_CONTROL_PAUSE            = 0x00000002,
+               SVCCTL_CONTROL_CONTINUE         = 0x00000003,
+               SVCCTL_CONTROL_INTERROGATE      = 0x00000004,
+               SVCCTL_CONTROL_SHUTDOWN         = 0x00000005
        } SERVICE_CONTROL;
 
        WERROR svcctl_ControlService(
                [in,ref] policy_handle *handle,
-               [in] uint32 control,
+               [in] SERVICE_CONTROL control,
                [out,ref] SERVICE_STATUS *service_status
        );
 
@@ -218,10 +224,10 @@ import "misc.idl", "security.idl";
                [in,ref] policy_handle *handle,
                [in] uint32 type,
                [in] uint32 state,
-               [in] uint32 buf_size,
-               [out,size_is(buf_size)] uint8 service[*],
-               [out,ref] uint32 *bytes_needed,
-               [out,ref] uint32 *services_returned,
+               [out,ref,size_is(buf_size)] uint8 *service,
+               [in] [range(0,262144)] uint32 buf_size,
+               [out,ref] [range(0,262144)] uint32 *bytes_needed,
+               [out,ref] [range(0,262144)] uint32 *services_returned,
                [in,out,unique] uint32 *resume_handle
        );
 
@@ -535,9 +541,9 @@ import "misc.idl", "security.idl";
        WERROR svcctl_QueryServiceConfig2W(
                [in,ref] policy_handle *handle,
                [in] uint32 info_level,
-               [out] uint8 buffer[buf_size],
-               [in] uint32 buf_size,
-               [out,ref] uint32 *bytes_needed
+               [out,ref,size_is(buf_size)] uint8 *buffer,
+               [in] [range(0,8192)] uint32 buf_size,
+               [out,ref] [range(0,8192)] uint32 *bytes_needed
        );
 
        /*****************/
@@ -545,9 +551,9 @@ import "misc.idl", "security.idl";
        WERROR svcctl_QueryServiceStatusEx(
                [in,ref] policy_handle *handle,
                [in] uint32 info_level,
-               [out] uint8 buffer[buf_size],
-               [in] uint32 buf_size,
-               [out,ref] uint32 *bytes_needed
+               [out,ref,size_is(buf_size)] uint8 *buffer,
+               [in] [range(0,8192)] uint32 buf_size,
+               [out,ref] [range(0,8192)] uint32 *bytes_needed
        );
 
        /*****************/
@@ -572,12 +578,12 @@ import "misc.idl", "security.idl";
                [in] uint32 info_level,
                [in] uint32 type,
                [in] uint32 state,
-               [out] uint8 services[buf_size],
-               [in] uint32 buf_size,
-               [out,ref] uint32 *bytes_needed,
-               [out,ref] uint32 *service_returned,
-               [in,out,unique] uint32 *resume_handle,
-               [out,ref] [string,charset(UTF16)] uint16 **group_name
+               [out,ref,size_is(buf_size)] uint8 *services,
+               [in] [range(0,262144)] uint32 buf_size,
+               [out,ref] [range(0,262144)] uint32 *bytes_needed,
+               [out,ref] [range(0,262144)] uint32 *service_returned,
+               [in,out,unique] [range(0,262144)] uint32 *resume_handle,
+               [in,unique] [string,charset(UTF16)] uint16 *group_name
        );
 
        /*****************/
index c1af4791ae7a0388d0628300cd76885af36f0bba..4191ea67ceb7ff0fc9fe08752996dcbb8aa5c8bb 100644 (file)
@@ -117,20 +117,20 @@ interface xattr
           stored in "security.NTACL"
 
           Version 1. raw SD stored as Samba4 does it.
-          Version 2. raw SD + last changed timestamp so we
-                     can discard if this doesn't match the POSIX st_ctime.
+          Version 2. raw SD + last changed hash so we
+                     can discard if this doesn't match the underlying ACL hash.
        */
 
        const char *XATTR_NTACL_NAME = "security.NTACL";
 
        typedef [public] struct {
                security_descriptor *sd;
-               NTTIME last_changed;
-       } security_descriptor_timestamp;
+               uint8 hash[16];
+       } security_descriptor_hash;
 
        typedef [switch_type(uint16)] union {
                [case(1)] security_descriptor *sd;
-               [case(2)] security_descriptor_timestamp *sd_ts;
+               [case(2)] security_descriptor_hash *sd_hs;
        } xattr_NTACL_Info;
 
        typedef [public] struct {
index 127f6734e3707f56c5affa795feeb9ce997c7be9..eafaf688af270a6c2629f77046927ad887888a24 100644 (file)
@@ -511,6 +511,7 @@ enum ndr_err_code ndr_push_charset(struct ndr_push *ndr, int ndr_flags, const ch
 
 /* GUIDs */
 bool GUID_equal(const struct GUID *u1, const struct GUID *u2);
+NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid);
 NTSTATUS GUID_from_string(const char *s, struct GUID *guid);
 NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid);
 struct GUID GUID_zero(void);
@@ -518,6 +519,7 @@ bool GUID_all_zero(const struct GUID *u);
 int GUID_compare(const struct GUID *u1, const struct GUID *u2);
 char *GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid);
 char *GUID_string2(TALLOC_CTX *mem_ctx, const struct GUID *guid);
+char *GUID_hexstring(TALLOC_CTX *mem_ctx, const struct GUID *guid);
 char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid);
 struct GUID GUID_random(void);
 
diff --git a/librpc/ndr/ndr_netlogon.c b/librpc/ndr/ndr_netlogon.c
new file mode 100644 (file)
index 0000000..411f3b9
--- /dev/null
@@ -0,0 +1,65 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling special netlogon types
+
+   Copyright (C) Guenther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit r)
+{
+       if (r > 0xff) return NDR_ERR_BUFSIZE;
+       NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit *r)
+{
+       uint8_t v;
+       NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
+       *r = v;
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_SamDatabaseID8Bit(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID8Bit r)
+{
+       ndr_print_netr_SamDatabaseID(ndr, name, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_DeltaEnum8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_DeltaEnum8Bit r)
+{
+       if (r > 0xff) return NDR_ERR_BUFSIZE;
+       NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_DeltaEnum8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_DeltaEnum8Bit *r)
+{
+       uint8_t v;
+       NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
+       *r = v;
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DeltaEnum8Bit(struct ndr_print *ndr, const char *name, enum netr_DeltaEnum8Bit r)
+{
+       ndr_print_netr_DeltaEnum(ndr, name, r);
+}
diff --git a/librpc/ndr/ndr_netlogon.h b/librpc/ndr/ndr_netlogon.h
new file mode 100644 (file)
index 0000000..0e6bd6a
--- /dev/null
@@ -0,0 +1,28 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling special netlogon types
+
+   Copyright (C) Guenther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit r);
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit *r);
+_PUBLIC_ void ndr_print_netr_SamDatabaseID8Bit(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID8Bit r);
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_DeltaEnum8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_DeltaEnum8Bit r);
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_DeltaEnum8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_DeltaEnum8Bit *r);
+_PUBLIC_ void ndr_print_netr_DeltaEnum8Bit(struct ndr_print *ndr, const char *name, enum netr_DeltaEnum8Bit r);
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
new file mode 100644 (file)
index 0000000..4b13550
--- /dev/null
@@ -0,0 +1,118 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   fast routines for getting the wire size of security objects
+
+   Copyright (C) Andrew Tridgell 2003
+   Copyright (C) Stefan Metzmacher 2006-2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+/*
+  return the wire size of a security_ace
+*/
+size_t ndr_size_security_ace(const struct security_ace *ace, int flags)
+{
+       size_t ret;
+
+       if (!ace) return 0;
+
+       ret = 8 + ndr_size_dom_sid(&ace->trustee, flags);
+
+       switch (ace->type) {
+       case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+       case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+       case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+       case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+               ret += 4; /* uint32 bitmap ace->object.object.flags */
+               if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
+                       ret += 16; /* GUID ace->object.object.type.type */
+               }
+               if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+                       ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */
+               }
+               break;
+       default:
+               break;
+       }
+
+       return ret;
+}
+
+enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
+{
+       if (ndr_flags & NDR_SCALARS) {
+               uint32_t start_ofs = ndr->offset;
+               uint32_t size = 0;
+               uint32_t pad = 0;
+               NDR_CHECK(ndr_pull_align(ndr, 4));
+               NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
+               NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
+               NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+               NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
+               NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
+               NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
+               NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
+               size = ndr->offset - start_ofs;
+               if (r->size < size) {
+                       return ndr_pull_error(ndr, NDR_ERR_BUFSIZE,
+                                             "ndr_pull_security_ace: r->size %u < size %u",
+                                             (unsigned)r->size, size);
+               }
+               pad = r->size - size;
+               NDR_PULL_NEED_BYTES(ndr, pad);
+               ndr->offset += pad;
+       }
+       if (ndr_flags & NDR_BUFFERS) {
+               NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
+       }
+       return NDR_ERR_SUCCESS;
+}
+
+/*
+  return the wire size of a security_acl
+*/
+size_t ndr_size_security_acl(const struct security_acl *acl, int flags)
+{
+       size_t ret;
+       int i;
+       if (!acl) return 0;
+       ret = 8;
+       for (i=0;i<acl->num_aces;i++) {
+               ret += ndr_size_security_ace(&acl->aces[i], flags);
+       }
+       return ret;
+}
+
+/*
+  return the wire size of a security descriptor
+*/
+size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags)
+{
+       size_t ret;
+       if (!sd) return 0;
+       
+       ret = 20;
+       ret += ndr_size_dom_sid(sd->owner_sid, flags);
+       ret += ndr_size_dom_sid(sd->group_sid, flags);
+       ret += ndr_size_security_acl(sd->dacl, flags);
+       ret += ndr_size_security_acl(sd->sacl, flags);
+       return ret;
+}
+
index 1e6ee0a3db7b31087b12ca1d94dbc20ef9ced833..aa24ac4494540c4a1f8482f9a8f3e2eb652d087b 100644 (file)
 
 #include "includes.h"
 #include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ndr_misc.h"
 
 /**
   build a GUID from a string
 */
-_PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid)
+_PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
 {
        NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
        uint32_t time_low;
        uint32_t time_mid, time_hi_and_version;
        uint32_t clock_seq[2];
        uint32_t node[6];
+       uint8_t buf16[16];
+       DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16));
        int i;
 
-       if (s == NULL) {
+       if (s->data == NULL) {
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (11 == sscanf(s, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+       if (s->length == 36 && 
+           11 == sscanf((const char *)s->data, 
+                        "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
                         &time_low, &time_mid, &time_hi_and_version, 
                         &clock_seq[0], &clock_seq[1],
                         &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
                status = NT_STATUS_OK;
-       } else if (11 == sscanf(s, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
-                               &time_low, &time_mid, &time_hi_and_version, 
-                               &clock_seq[0], &clock_seq[1],
-                               &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
+       } else if (s->length == 38
+                  && 11 == sscanf((const char *)s->data, 
+                                  "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
+                                  &time_low, &time_mid, &time_hi_and_version, 
+                                  &clock_seq[0], &clock_seq[1],
+                                  &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
                status = NT_STATUS_OK;
+       } else if (s->length == 32) {
+               size_t rlen = strhex_to_str((char *)blob16.data, blob16.length,
+                                           (const char *)s->data, s->length);
+               if (rlen == blob16.length) {
+                       /* goto the ndr_pull_struct_blob() path */
+                       status = NT_STATUS_OK;
+                       s = &blob16;
+               }
+       }
+
+       if (s->length == 16) {
+               enum ndr_err_code ndr_err;
+               struct GUID guid2;
+               TALLOC_CTX *mem_ctx;
+
+               mem_ctx = talloc_new(NULL);
+               NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+               ndr_err = ndr_pull_struct_blob(s, mem_ctx, NULL, &guid2,
+                                              (ndr_pull_flags_fn_t)ndr_pull_GUID);
+               talloc_free(mem_ctx);
+               if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                       return ndr_map_error2ntstatus(ndr_err);
+               }
+               *guid = guid2;
+               return NT_STATUS_OK;
        }
 
        if (!NT_STATUS_IS_OK(status)) {
@@ -68,6 +101,16 @@ _PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid)
        return NT_STATUS_OK;
 }
 
+/**
+  build a GUID from a string
+*/
+_PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid)
+{
+       DATA_BLOB blob = data_blob_string_const(s);
+       return GUID_from_data_blob(&blob, guid);
+       return NT_STATUS_OK;
+}
+
 /**
   build a GUID from a string
 */
@@ -208,6 +251,31 @@ _PUBLIC_ char *GUID_string2(TALLOC_CTX *mem_ctx, const struct GUID *guid)
        return ret;
 }
 
+_PUBLIC_ char *GUID_hexstring(TALLOC_CTX *mem_ctx, const struct GUID *guid)
+{
+       char *ret;
+       DATA_BLOB guid_blob;
+       enum ndr_err_code ndr_err;
+       TALLOC_CTX *tmp_mem;
+
+       tmp_mem = talloc_new(mem_ctx);
+       if (!tmp_mem) {
+               return NULL;
+       }
+       ndr_err = ndr_push_struct_blob(&guid_blob, tmp_mem,
+                                      NULL,
+                                      guid,
+                                      (ndr_push_flags_fn_t)ndr_push_GUID);
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+               talloc_free(tmp_mem);
+               return NULL;
+       }
+
+       ret = data_blob_hex_string(mem_ctx, &guid_blob);
+       talloc_free(tmp_mem);
+       return ret;
+}
+
 _PUBLIC_ char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid)
 {
        return talloc_asprintf(mem_ctx, 
index b755431034ab7ccae503f0abcd841638de28a93d..a660989d198d17f1d861aa8ead11fe677b2b9b0c 100644 (file)
@@ -251,8 +251,8 @@ _PUBLIC_ NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struc
 
        if (p && PTR_DIFF(p, s) == 36) { /* 36 is the length of a UUID */
                NTSTATUS status;
-
-               status = GUID_from_string(s, &b->object.uuid);
+               DATA_BLOB blob = data_blob(s, 36);
+               status = GUID_from_data_blob(&blob, &b->object.uuid);
 
                if (NT_STATUS_IS_ERR(status)) {
                        DEBUG(0, ("Failed parsing UUID\n"));
index 2a23fad4a70e5522b7d3dfdf7184818a87a17edb..4109ce996211ad51881ebbcab302fff32a0461ec 100644 (file)
@@ -215,7 +215,10 @@ sub ParseInterface($$)
 
        $self->pidl_hdr("#ifndef __CLI_$uif\__");
        $self->pidl_hdr("#define __CLI_$uif\__");
-       $self->ParseFunction($if->{NAME}, $_) foreach (@{$if->{FUNCTIONS}});
+       foreach (@{$if->{FUNCTIONS}}) {
+               next if ($_->{PROPERTIES}{noopnum});
+               $self->ParseFunction($if->{NAME}, $_);
+       }
        $self->pidl_hdr("#endif /* __CLI_$uif\__ */");
 }
 
index 6034fb6f160ecdef84152cc2612f3282638cd1b5..eb3cdf20cb060d2c18fb19abcae946c109bf38c4 100644 (file)
@@ -142,6 +142,13 @@ sub ParseFunction($$)
                my @dir = @{$_->{DIRECTION}};
                if (grep(/in/, @dir) and grep(/out/, @dir)) {
                        pidl "r->out.$_->{NAME} = r->in.$_->{NAME};";
+               }
+       }
+
+       foreach (@{$fn->{ELEMENTS}}) {
+               my @dir = @{$_->{DIRECTION}};
+               if (grep(/in/, @dir) and grep(/out/, @dir)) {
+                       # noop
                } elsif (grep(/out/, @dir) and not
                                 has_property($_, "represent_as")) {
                        AllocOutVar($_, "r", "r->out.$_->{NAME}", $env);
@@ -205,7 +212,11 @@ sub ParseInterface($)
 
        pidl_hdr "#ifndef __SRV_$uif\__";
        pidl_hdr "#define __SRV_$uif\__";
-       ParseFunction($if, $_) foreach (@{$if->{FUNCTIONS}});
+
+       foreach (@{$if->{FUNCTIONS}}) {
+               next if ($_->{PROPERTIES}{noopnum});
+               ParseFunction($if, $_);
+       }
 
        pidl "";
        pidl "/* Tables */";
@@ -214,6 +225,7 @@ sub ParseInterface($)
        indent;
 
        foreach (@{$if->{FUNCTIONS}}) {
+               next if ($_->{PROPERTIES}{noopnum});
                pidl "{\"" . uc($_->{NAME}) . "\", NDR_" . uc($_->{NAME}) . ", api_$_->{NAME}},";
        }
 
index 38aee2c9d16cd1d30bacb14fac3a943918457a33..a3107d4672fcf61e5823e82906778dfb74954fdc 100644 (file)
@@ -702,7 +702,7 @@ sub Interface($$$)
                $self->pidl("if (!NT_STATUS_IS_OK(status)) {");
                $self->indent;
                $self->pidl("PyErr_SetNTSTATUS(status);");
-               $self->pidl("return;");
+               $self->pidl("return NULL;");
                $self->deindent;
                $self->pidl("}");
 
@@ -1181,7 +1181,6 @@ sub Parse($$$$$)
        $self->pidl("{");
        $self->indent;
        $self->pidl("PyObject *m;");
-       $self->pidl("NTSTATUS status;");
        $self->pidl("");
 
        foreach (@{$self->{ready_types}}) {
index fa38d8dd2c1ba327d78a61c9e44a1e1890a0b83a..c138149f6cb9fc51caf8f96f47d3d53bc0cc4eb1 100755 (executable)
@@ -4,7 +4,7 @@ DOCSRCDIR=`dirname $0`/../docs-xml
 
 cd $DOCSRCDIR || exit 1
 
-git-clean -d -x -f
+git clean -d -x -f
 autoconf && \
        ./configure --with-papersize=letter && \
        make smbdotconf/parameters.all.xml && \
index 04728d835d3fbde9708b38e0b0d699343eec236a..ab27f082225343f98ed1c3f7d4366b0ade4b2b51 100755 (executable)
@@ -137,7 +137,7 @@ function createReleaseTag
        return 0
     fi
 
-    if [ "x`git-tag -l ${OPT_TAG}`" != "x" ]; then
+    if [ "x`git tag -l ${OPT_TAG}`" != "x" ]; then
        echo -n "Tag exists.  Do you wish to overwrite? (y/N): "
        read answer
 
@@ -155,7 +155,7 @@ function createReleaseTag
        fi
     fi
 
-    git-tag -u ${OPT_KEYID} ${OPT_TAG}
+    git tag -u ${OPT_KEYID} ${OPT_TAG}
     exitOnError $? "Failed to create tag"
 
     return 0
@@ -170,7 +170,7 @@ function main
 
     cd $TOPDIR
 
-    git-checkout ${OPT_BRANCH}
+    git checkout ${OPT_BRANCH}
     exitOnError $? "Invalid branch name \"${OPT_BRANCH}\""
 
     (cd source3 && ./script/mkversion.sh)
@@ -188,7 +188,7 @@ function main
     echo "Creating release tarball for Samba $version"
 
     /bin/rm -rf ../samba-${version}
-    git-archive --format=tar --prefix=samba-${version}/ HEAD | (cd .. && tar xf -)
+    git archive --format=tar --prefix=samba-${version}/ HEAD | (cd .. && tar xf -)
     exitOnError $? "Failed to create release directory tree"
 
     pushd ../samba-${version}
index ce24001fd21b125955a75b7b089ebfa63e5bfa49..83e94a438238b5c491b7506d7e7ea41aa4b7947c 100644 (file)
@@ -17,6 +17,7 @@ localstatedir=@localstatedir@
 datarootdir=@datarootdir@
 
 selftest_prefix=@selftest_prefix@
+selftest_shrdir=@selftest_shrdir@
 smbtorture4_path=@smbtorture4_path@
 
 LIBS=@LIBS@
@@ -139,6 +140,9 @@ PRIVATE_DIR = $(PRIVATEDIR)
 # This is where SWAT images and help files go
 SWATDIR = @swatdir@
 
+# This is where locale(mo) files go
+LOCALEDIR= @localedir@
+
 # the directory where lock files go
 LOCKDIR = @lockdir@
 
@@ -172,7 +176,8 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \
        -DCONFIGDIR=\"$(CONFIGDIR)\" \
        -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" \
        -DCACHEDIR=\"$(CACHEDIR)\" \
-       -DSTATEDIR=\"$(STATEDIR)\"
+       -DSTATEDIR=\"$(STATEDIR)\" \
+       -DLOCALEDIR=\"$(LOCALEDIR)\"
 
 # Note that all executable programs now provide for an optional executable suffix.
 
@@ -224,6 +229,8 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \
           $(CHARSET_MODULES) $(AUTH_MODULES) $(NSS_INFO_MODULES) \
          $(GPEXT_MODULES)
 
+EXTRA_ALL_TARGETS = @EXTRA_ALL_TARGETS@
+
 ######################################################################
 # object file lists
 ######################################################################
@@ -267,7 +274,7 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \
             ../librpc/ndr/ndr_misc.o \
             librpc/gen_ndr/ndr_misc.o \
             librpc/gen_ndr/ndr_security.o \
-            librpc/ndr/ndr_sec_helper.o \
+            ../librpc/ndr/ndr_sec_helper.o \
             librpc/ndr/ndr_string.o \
             librpc/ndr/sid.o \
             ../librpc/ndr/uuid.o \
@@ -278,7 +285,8 @@ RPCCLIENT_NDR_OBJ = rpc_client/ndr.o
 LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \
                  librpc/gen_ndr/ndr_lsa.o
 
-LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o
+LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o \
+                 ../librpc/ndr/ndr_netlogon.o
 
 LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
                 $(LIBNDR_GEN_OBJ0) \
@@ -293,6 +301,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
                 librpc/gen_ndr/ndr_notify.o \
                 librpc/gen_ndr/ndr_xattr.o \
                 librpc/gen_ndr/ndr_epmapper.o \
+                librpc/gen_ndr/ndr_named_pipe_auth.o \
                 librpc/gen_ndr/ndr_ntsvcs.o
 
 RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
@@ -639,7 +648,9 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o
 VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o
 VFS_SYNCOPS_OBJ = modules/vfs_syncops.o
 VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o
+VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o
 VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o
+VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o
 
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
 
@@ -797,7 +808,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
             $(LIBADS_OBJ) $(POPT_LIB_OBJ) \
             $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(LDB_OBJ) 
 
-PAM_WINBIND_OBJ = nsswitch/pam_winbind.o $(WBCOMMON_OBJ) \
+PAM_WINBIND_OBJ = nsswitch/pam_winbind.o localedir.o $(WBCOMMON_OBJ) \
                  $(LIBREPLACE_OBJ) @BUILD_INIPARSER@
 
 LIBSMBCLIENT_OBJ0 = \
@@ -903,9 +914,9 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
          $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \
          $(LIBNDR_GEN_OBJ0)
 
-CIFS_MOUNT_OBJ = client/mount.cifs.o
+CIFS_MOUNT_OBJ = client/mount.cifs.o client/mtab.o
 
-CIFS_UMOUNT_OBJ = client/umount.cifs.o
+CIFS_UMOUNT_OBJ = client/umount.cifs.o client/mtab.o
 
 CIFS_UPCALL_OBJ = client/cifs.upcall.o
 
@@ -921,7 +932,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) \
 
 MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
-                $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS)
+                $(LIBNDR_GEN_OBJ0)
 
 MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
@@ -929,7 +940,7 @@ MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 
 LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \
                $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS)
+               $(LIBNDR_GEN_OBJ0)
 
 NSSTEST_OBJ = torture/nsstest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
                  $(LIB_NONSMBD_OBJ) \
@@ -948,7 +959,7 @@ LOG2PCAP_OBJ = utils/log2pcaphex.o
 
 LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \
                $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \
-               $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS)
+               $(LIBNDR_GEN_OBJ0)
 
 SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
                $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \
@@ -1156,7 +1167,8 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
 # now the rules...
 ######################################################################
 all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
-       $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@
+       $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \
+       $(EXTRA_ALL_TARGETS)
 
 basics::
 
@@ -1219,14 +1231,18 @@ samba3-idl::
                ../librpc/idl/initshutdown.idl ../librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \
                ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl ../librpc/idl/netlogon.idl \
                ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \
-               ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \
+               ../librpc/idl/xattr.idl ../librpc/idl/misc.idl ../librpc/idl/samr.idl \
                ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \
                ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \
-               ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl
+               ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \
+               ../librpc/idl/named_pipe_auth.idl librpc/idl/dom_sid.idl
+       @$(MAKE) ndr-tables
+
+NDR_TABLES = librpc/gen_ndr/tables.c
 
-librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h
-       @echo "Generating $@"
-       @$(PERL) ../librpc/tables.pl $^ > $@
+ndr-tables:: librpc/gen_ndr/*.h
+       @echo "Generating $(NDR_TABLES)"
+       @$(PERL) ../librpc/tables.pl $^ > $(NDR_TABLES)
 
 #####################################################################
 
@@ -1304,6 +1320,13 @@ dynconfig.o: dynconfig.c Makefile
                echo "$(COMPILE_CC_PATH)" 1>&2;\
                $(COMPILE_CC_PATH) >/dev/null 2>&1
 
+localedir.o: localedir.c Makefile
+       @echo Compiling $*.c
+       @$(COMPILE_CC_PATH) && exit 0;\
+               echo "The following command failed:" 1>&2;\
+               echo "$(COMPILE_CC_PATH)" 1>&2;\
+               $(COMPILE_CC_PATH) >/dev/null 2>&1
+
 lib/pidfile.o: lib/pidfile.c
        @echo Compiling $*.c
        @$(COMPILE_CC_PATH) && exit 0;\
@@ -2453,6 +2476,14 @@ bin/smb_traffic_analyzer.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZE
        @echo "Building plugin $@"
        @$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ)
 
+bin/acl_tdb.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_TDB_OBJ)
+       @echo "Building plugin $@"
+       @$(SHLD_MODULE) $(VFS_ACL_TDB_OBJ)
+
+bin/onefs.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ONEFS_OBJ)
+       @echo "Building plugin $@"
+       @$(SHLD_MODULE) $(VFS_ONEFS_OBJ) @ONEFS_LIBS@
+
 bin/registry.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/registry.o
        @echo "Building plugin $@"
        @$(SHLD_MODULE) libgpo/gpext/registry.o
@@ -2546,7 +2577,7 @@ bin/test_lp_load@EXEEXT@: $(BINARY_PREREQS) $(TEST_LP_LOAD_OBJ) @BUILD_POPT@ @LI
 
 install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \
                installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \
-               @INSTALL_PAM_MODULES@ installlibs
+               @INSTALL_PAM_MODULES@ installlibs installmo
 
 install-everything:: install installmodules
 
@@ -2559,7 +2590,7 @@ install-everything:: install installmodules
 # is not used
 
 installdirs::
-       @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR)
+       @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR) $(LOCALEDIR)
 
 installservers:: all installdirs
        @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) $(SBIN_PROGS)
@@ -2625,6 +2656,9 @@ revert::
 installman:: installdirs
        @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) C "@ROFF@"
 
+installmo:: all installdirs
+       @$(SHELL) $(srcdir)/script/installmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir)
+
 .PHONY: showlayout
 
 showlayout::
@@ -2644,7 +2678,10 @@ showlayout::
        @echo "  codepagedir: $(CODEPAGEDIR)"
 
 
-uninstall:: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@
+uninstall:: uninstallmo uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@
+
+uninstallmo::
+       @$(SHELL) $(srcdir)/script/uninstallmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir)
 
 uninstallman::
        @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C
@@ -2689,7 +2726,7 @@ uninstallpammodules::
        done
 
 # Toplevel clean files
-TOPFILES=dynconfig.o
+TOPFILES=dynconfig.o localedir.o
 
 cleanlibs::
        -rm -f ../lib/*/*.o ../lib/*/*/*.o \
@@ -2759,7 +2796,7 @@ etags::
        etags --append `find $(srcdir)/../source4/dsdb -name "*.[ch]"`
 
 ctags::
-       ctags `find $(srcdir)/.. -name "*.[ch]"`
+       ctags `find $(srcdir)/.. -name "*.[ch]" | grep -v include/proto\.h`
 
 realclean:: clean
        -rm -f config.log bin/.dummy script/findsmb script/gen-8bit-gap.sh
@@ -2835,7 +2872,7 @@ test_pam_modules:: pam_modules
 ##
 test:: all torture timelimit
        @echo Running Test suite
-       @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
+       @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" ${selftest_shrdir}
 
 valgrindtest:: all torture timelimit
        @echo Running Test suite with valgrind
index 7f95656befd7d8abcdaa453456374b3317a4d386..505098c76ac26b93d390d72a24f46b6ee6a60f71 100644 (file)
@@ -469,13 +469,13 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
                {
                case SEC_DOMAIN:
                        DEBUG(5,("Making default auth method list for security=domain\n"));
-                       auth_method_list = str_list_make(
+                       auth_method_list = str_list_make_v3(
                                talloc_tos(), "guest sam winbind:ntdomain",
                                NULL);
                        break;
                case SEC_SERVER:
                        DEBUG(5,("Making default auth method list for security=server\n"));
-                       auth_method_list = str_list_make(
+                       auth_method_list = str_list_make_v3(
                                talloc_tos(), "guest sam smbserver",
                                NULL);
                        break;
@@ -483,36 +483,36 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
                        if (lp_encrypted_passwords()) { 
                                if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
                                        DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
-                                       auth_method_list = str_list_make(
+                                       auth_method_list = str_list_make_v3(
                                                talloc_tos(),
                                                "guest sam winbind:trustdomain",
                                                NULL);
                                } else {
                                        DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
-                                       auth_method_list = str_list_make(
+                                       auth_method_list = str_list_make_v3(
                                                talloc_tos(), "guest sam",
                                                NULL);
                                }
                        } else {
                                DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
-                               auth_method_list = str_list_make(
+                               auth_method_list = str_list_make_v3(
                                        talloc_tos(), "guest unix", NULL);
                        }
                        break;
                case SEC_SHARE:
                        if (lp_encrypted_passwords()) {
                                DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n"));
-                               auth_method_list = str_list_make(
+                               auth_method_list = str_list_make_v3(
                                        talloc_tos(), "guest sam", NULL);
                        } else {
                                DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n"));
-                               auth_method_list = str_list_make(
+                               auth_method_list = str_list_make_v3(
                                        talloc_tos(), "guest unix", NULL);
                        }
                        break;
                case SEC_ADS:
                        DEBUG(5,("Making default auth method list for security=ADS\n"));
-                       auth_method_list = str_list_make(
+                       auth_method_list = str_list_make_v3(
                                talloc_tos(), "guest sam winbind:ntdomain",
                                NULL);
                        break;
index e739fdaabe92786cc39ea050ca53f1bb40e96c99..28d6601b5f3eaed8a05063bd009266439c9d7e73 100644 (file)
@@ -77,7 +77,7 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
 
 NT_USER_TOKEN *get_root_nt_token( void )
 {
-       struct nt_user_token *token = NULL;
+       struct nt_user_token *token, *for_cache;
        DOM_SID u_sid, g_sid;
        struct passwd *pw;
        void *cache_data;
@@ -102,14 +102,16 @@ NT_USER_TOKEN *get_root_nt_token( void )
        uid_to_sid(&u_sid, pw->pw_uid);
        gid_to_sid(&g_sid, pw->pw_gid);
 
-       token = create_local_nt_token(NULL, &u_sid, False,
+       token = create_local_nt_token(talloc_autofree_context(), &u_sid, False,
                                      1, &global_sid_Builtin_Administrators);
 
        token->privileges = se_disk_operators;
 
+       for_cache = token;
+
        memcache_add_talloc(
                NULL, SINGLETON_CACHE_TALLOC,
-               data_blob_string_const_null("root_nt_token"), token);
+               data_blob_string_const_null("root_nt_token"), &for_cache);
 
        return token;
 }
index 2a9c2b73041a222be23a69dbda1e076355111be9..da2f98bff86e8f1f9ac19962a19cd688165b447c 100644 (file)
 #include <mntent.h>
 #include <fcntl.h>
 #include <limits.h>
+#include "mount.h"
 
 #define MOUNT_CIFS_VERSION_MAJOR "1"
-#define MOUNT_CIFS_VERSION_MINOR "11"
+#define MOUNT_CIFS_VERSION_MINOR "12"
 
 #ifndef MOUNT_CIFS_VENDOR_SUFFIX
  #ifdef _SAMBA_BUILD_
 #define MOUNT_PASSWD_SIZE 64
 #define DOMAIN_SIZE 64
 
-/* exit status - bits below are ORed */
-#define EX_USAGE        1       /* incorrect invocation or permission */
-#define EX_SYSERR       2       /* out of memory, cannot fork, ... */
-#define EX_SOFTWARE     4       /* internal mount bug or wrong version */
-#define EX_USER         8       /* user interrupt */
-#define EX_FILEIO      16       /* problems writing, locking, ... mtab/fstab */
-#define EX_FAIL        32       /* mount failure */
-#define EX_SOMEOK      64       /* some mount succeeded */
-
 const char *thisprogram;
 int verboseflag = 0;
 static int got_password = 0;
@@ -1424,48 +1416,57 @@ mount_retry:
                printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n");
                rc = EX_FAIL;
        } else {
+               atexit(unlock_mtab);
+               rc = lock_mtab();
+               if (rc) {
+                       printf("cannot lock mtab");
+                       goto mount_exit;
+               }
                pmntfile = setmntent(MOUNTED, "a+");
-               if(pmntfile) {
-                       mountent.mnt_fsname = dev_name;
-                       mountent.mnt_dir = mountpoint;
-                       mountent.mnt_type = CONST_DISCARD(char *,"cifs");
-                       mountent.mnt_opts = (char *)malloc(220);
-                       if(mountent.mnt_opts) {
-                               char * mount_user = getusername();
-                               memset(mountent.mnt_opts,0,200);
-                               if(flags & MS_RDONLY)
-                                       strlcat(mountent.mnt_opts,"ro",220);
-                               else
-                                       strlcat(mountent.mnt_opts,"rw",220);
-                               if(flags & MS_MANDLOCK)
-                                       strlcat(mountent.mnt_opts,",mand",220);
-                               if(flags & MS_NOEXEC)
-                                       strlcat(mountent.mnt_opts,",noexec",220);
-                               if(flags & MS_NOSUID)
-                                       strlcat(mountent.mnt_opts,",nosuid",220);
-                               if(flags & MS_NODEV)
-                                       strlcat(mountent.mnt_opts,",nodev",220);
-                               if(flags & MS_SYNCHRONOUS)
-                                       strlcat(mountent.mnt_opts,",synch",220);
-                               if(mount_user) {
-                                       if(getuid() != 0) {
-                                               strlcat(mountent.mnt_opts,",user=",220);
-                                               strlcat(mountent.mnt_opts,mount_user,220);
-                                       }
-                                       /* free(mount_user); do not free static mem */
-                               }
-                       }
-                       mountent.mnt_freq = 0;
-                       mountent.mnt_passno = 0;
-                       rc = addmntent(pmntfile,&mountent);
-                       endmntent(pmntfile);
-                       SAFE_FREE(mountent.mnt_opts);
-                       if (rc)
-                               rc = EX_FILEIO;
-               } else {
+               if (!pmntfile) {
                        printf("could not update mount table\n");
+                       unlock_mtab();
                        rc = EX_FILEIO;
+                       goto mount_exit;
                }
+               mountent.mnt_fsname = dev_name;
+               mountent.mnt_dir = mountpoint;
+               mountent.mnt_type = CONST_DISCARD(char *,"cifs");
+               mountent.mnt_opts = (char *)malloc(220);
+               if(mountent.mnt_opts) {
+                       char * mount_user = getusername();
+                       memset(mountent.mnt_opts,0,200);
+                       if(flags & MS_RDONLY)
+                               strlcat(mountent.mnt_opts,"ro",220);
+                       else
+                               strlcat(mountent.mnt_opts,"rw",220);
+                       if(flags & MS_MANDLOCK)
+                               strlcat(mountent.mnt_opts,",mand",220);
+                       if(flags & MS_NOEXEC)
+                               strlcat(mountent.mnt_opts,",noexec",220);
+                       if(flags & MS_NOSUID)
+                               strlcat(mountent.mnt_opts,",nosuid",220);
+                       if(flags & MS_NODEV)
+                               strlcat(mountent.mnt_opts,",nodev",220);
+                       if(flags & MS_SYNCHRONOUS)
+                               strlcat(mountent.mnt_opts,",sync",220);
+                       if(mount_user) {
+                               if(getuid() != 0) {
+                                       strlcat(mountent.mnt_opts,
+                                               ",user=", 220);
+                                       strlcat(mountent.mnt_opts,
+                                               mount_user, 220);
+                               }
+                       }
+               }
+               mountent.mnt_freq = 0;
+               mountent.mnt_passno = 0;
+               rc = addmntent(pmntfile,&mountent);
+               endmntent(pmntfile);
+               unlock_mtab();
+               SAFE_FREE(mountent.mnt_opts);
+               if (rc)
+                       rc = EX_FILEIO;
        }
 mount_exit:
        if(mountpassword) {
diff --git a/source3/client/mount.h b/source3/client/mount.h
new file mode 100644 (file)
index 0000000..23ea4f0
--- /dev/null
@@ -0,0 +1,38 @@
+/* 
+ * Copyright (C) 2008 Jeff Layton (jlayton@samba.org)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ * * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* most of this info was taken from the util-linux-ng sources */
+
+#ifndef _MOUNT_H_
+#define _MOUNT_H_
+
+/* exit status - bits below are ORed */
+#define EX_USAGE       1       /* incorrect invocation or permission */
+#define EX_SYSERR      2       /* out of memory, cannot fork, ... */
+#define EX_SOFTWARE    4       /* internal mount bug or wrong version */
+#define EX_USER                8       /* user interrupt */
+#define EX_FILEIO      16      /* problems writing, locking, ... mtab/fstab */
+#define EX_FAIL               32       /* mount failure */
+#define EX_SOMEOK      64      /* some mount succeeded */
+
+#define _PATH_MOUNTED_LOCK     _PATH_MOUNTED "~"
+#define _PATH_MOUNTED_TMP      _PATH_MOUNTED ".tmp"
+
+extern int lock_mtab(void);
+extern void unlock_mtab(void);
+
+#endif /* ! _MOUNT_H_ */
diff --git a/source3/client/mtab.c b/source3/client/mtab.c
new file mode 100644 (file)
index 0000000..93fbd11
--- /dev/null
@@ -0,0 +1,219 @@
+/*
+ * mtab locking routines for use with mount.cifs and umount.cifs
+ * Copyright (C) 2008 Jeff Layton (jlayton@samba.org)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * This code was copied from the util-linux-ng sources and modified:
+ *
+ * git://git.kernel.org/pub/scm/utils/util-linux-ng/util-linux-ng.git
+ *
+ * ...specifically from mount/fstab.c. That file has no explicit license. The
+ * "default" license for anything in that tree is apparently GPLv2+, so I
+ * believe we're OK to copy it here.
+ *
+ * Jeff Layton <jlayton@samba.org> 
+ */
+
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <time.h>
+#include <fcntl.h>
+#include <mntent.h>
+#include <stdlib.h>
+#include <signal.h>
+#include "mount.h"
+
+
+/* Updating mtab ----------------------------------------------*/
+
+/* Flag for already existing lock file. */
+static int we_created_lockfile = 0;
+static int lockfile_fd = -1;
+
+/* Flag to indicate that signals have been set up. */
+static int signals_have_been_setup = 0;
+
+static void
+handler (int sig) {
+     exit(EX_USER);
+}
+
+static void
+setlkw_timeout (int sig) {
+     /* nothing, fcntl will fail anyway */
+}
+
+/* Remove lock file.  */
+void
+unlock_mtab (void) {
+       if (we_created_lockfile) {
+               close(lockfile_fd);
+               lockfile_fd = -1;
+               unlink (_PATH_MOUNTED_LOCK);
+               we_created_lockfile = 0;
+       }
+}
+
+/* Create the lock file.
+   The lock file will be removed if we catch a signal or when we exit. */
+/* The old code here used flock on a lock file /etc/mtab~ and deleted
+   this lock file afterwards. However, as rgooch remarks, that has a
+   race: a second mount may be waiting on the lock and proceed as
+   soon as the lock file is deleted by the first mount, and immediately
+   afterwards a third mount comes, creates a new /etc/mtab~, applies
+   flock to that, and also proceeds, so that the second and third mount
+   now both are scribbling in /etc/mtab.
+   The new code uses a link() instead of a creat(), where we proceed
+   only if it was us that created the lock, and hence we always have
+   to delete the lock afterwards. Now the use of flock() is in principle
+   superfluous, but avoids an arbitrary sleep(). */
+
+/* Where does the link point to? Obvious choices are mtab and mtab~~.
+   HJLu points out that the latter leads to races. Right now we use
+   mtab~.<pid> instead. Use 20 as upper bound for the length of %d. */
+#define MOUNTLOCK_LINKTARGET           _PATH_MOUNTED_LOCK "%d"
+#define MOUNTLOCK_LINKTARGET_LTH       (sizeof(_PATH_MOUNTED_LOCK)+20)
+
+/*
+ * The original mount locking code has used sleep(1) between attempts and
+ * maximal number of attemps has been 5.
+ *
+ * There was very small number of attempts and extremely long waiting (1s)
+ * that is useless on machines with large number of concurret mount processes.
+ *
+ * Now we wait few thousand microseconds between attempts and we have global
+ * time limit (30s) rather than limit for number of attempts. The advantage
+ * is that this method also counts time which we spend in fcntl(F_SETLKW) and
+ * number of attempts is not so much restricted.
+ *
+ * -- kzak@redhat.com [2007-Mar-2007]
+ */
+
+/* maximum seconds between first and last attempt */
+#define MOUNTLOCK_MAXTIME              30
+
+/* sleep time (in microseconds, max=999999) between attempts */
+#define MOUNTLOCK_WAITTIME             5000
+
+int
+lock_mtab (void) {
+       int i;
+       struct timespec waittime;
+       struct timeval maxtime;
+       char linktargetfile[MOUNTLOCK_LINKTARGET_LTH];
+
+       if (!signals_have_been_setup) {
+               int sig = 0;
+               struct sigaction sa;
+
+               sa.sa_handler = handler;
+               sa.sa_flags = 0;
+               sigfillset (&sa.sa_mask);
+
+               while (sigismember (&sa.sa_mask, ++sig) != -1
+                      && sig != SIGCHLD) {
+                       if (sig == SIGALRM)
+                               sa.sa_handler = setlkw_timeout;
+                       else
+                               sa.sa_handler = handler;
+                       sigaction (sig, &sa, (struct sigaction *) 0);
+               }
+               signals_have_been_setup = 1;
+       }
+
+       sprintf(linktargetfile, MOUNTLOCK_LINKTARGET, getpid ());
+
+       i = open (linktargetfile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
+       if (i < 0) {
+               /* linktargetfile does not exist (as a file)
+                  and we cannot create it. Read-only filesystem?
+                  Too many files open in the system?
+                  Filesystem full? */
+               return EX_FILEIO;
+       }
+       close(i);
+
+       gettimeofday(&maxtime, NULL);
+       maxtime.tv_sec += MOUNTLOCK_MAXTIME;
+
+       waittime.tv_sec = 0;
+       waittime.tv_nsec = (1000 * MOUNTLOCK_WAITTIME);
+
+       /* Repeat until it was us who made the link */
+       while (!we_created_lockfile) {
+               struct timeval now;
+               struct flock flock;
+               int errsv, j;
+
+               j = link(linktargetfile, _PATH_MOUNTED_LOCK);
+               errsv = errno;
+
+               if (j == 0)
+                       we_created_lockfile = 1;
+
+               if (j < 0 && errsv != EEXIST) {
+                       (void) unlink(linktargetfile);
+                       return EX_FILEIO;
+               }
+
+               lockfile_fd = open (_PATH_MOUNTED_LOCK, O_WRONLY);
+
+               if (lockfile_fd < 0) {
+                       /* Strange... Maybe the file was just deleted? */
+                       gettimeofday(&now, NULL);
+                       if (errno == ENOENT && now.tv_sec < maxtime.tv_sec) {
+                               we_created_lockfile = 0;
+                               continue;
+                       }
+                       (void) unlink(linktargetfile);
+                       return EX_FILEIO;
+               }
+
+               flock.l_type = F_WRLCK;
+               flock.l_whence = SEEK_SET;
+               flock.l_start = 0;
+               flock.l_len = 0;
+
+               if (j == 0) {
+                       /* We made the link. Now claim the lock. If we can't
+                        * get it, continue anyway
+                        */
+                       fcntl (lockfile_fd, F_SETLK, &flock);
+                       (void) unlink(linktargetfile);
+               } else {
+                       /* Someone else made the link. Wait. */
+                       gettimeofday(&now, NULL);
+                       if (now.tv_sec < maxtime.tv_sec) {
+                               alarm(maxtime.tv_sec - now.tv_sec);
+                               if (fcntl (lockfile_fd, F_SETLKW, &flock) == -1) {
+                                       (void) unlink(linktargetfile);
+                                       return EX_FILEIO;
+                               }
+                               alarm(0);
+                               nanosleep(&waittime, NULL);
+                       } else {
+                               (void) unlink(linktargetfile);
+                               return EX_FILEIO;
+                       }
+                       close(lockfile_fd);
+               }
+       }
+       return 0;
+}
+
index 3e2415ad005756141dbcf444bb0f8d0c0a972e7c..aff7cea39746b34f04196a954c0b4fd29a109dad 100644 (file)
 #include <errno.h>
 #include <string.h>
 #include <mntent.h>
+#include "mount.h"
 
 #define UNMOUNT_CIFS_VERSION_MAJOR "0"
-#define UNMOUNT_CIFS_VERSION_MINOR "5"
+#define UNMOUNT_CIFS_VERSION_MINOR "6"
 
 #ifndef UNMOUNT_CIFS_VENDOR_SUFFIX
  #ifdef _SAMBA_BUILD_
@@ -137,24 +138,6 @@ static int umount_check_perm(char * dir)
        return rc;
 }
 
-static int lock_mtab(void)
-{
-       int rc;
-       
-       rc = mknod(MOUNTED_LOCK , 0600, 0);
-       if(rc == -1)
-               printf("\ngetting lock file %s failed with %s\n",MOUNTED_LOCK,
-                               strerror(errno));
-               
-       return rc;      
-       
-}
-
-static void unlock_mtab(void)
-{
-       unlink(MOUNTED_LOCK);   
-}
-
 static int remove_from_mtab(char * mountpoint)
 {
        int rc;
@@ -168,6 +151,7 @@ static int remove_from_mtab(char * mountpoint)
 
        /* Do we first need to check if it is writable? */ 
 
+       atexit(unlock_mtab);
        if (lock_mtab()) {
                printf("Mount table locked\n");
                return -EACCES;
index 0aeefe41806cedd177d13f0b371c2fc64734fdbb..40e78e89d93c6448cefacc720f88fa9932ae5d4c 100644 (file)
@@ -399,7 +399,7 @@ dnl These have to be built static:
 default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template"
 
 dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer"
 
 if test "x$developer" = xyes; then
    default_static_modules="$default_static_modules rpc_rpcecho"
@@ -654,7 +654,7 @@ AUTH_LIBS="${AUTH_LIBS} ${CRYPT_LIBS}"
 
 AC_CHECK_HEADERS(aio.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h rpc/nettype.h)
 AC_CHECK_HEADERS(unistd.h grp.h sys/id.h memory.h alloca.h)
-AC_CHECK_HEADERS(limits.h float.h pthread.h)
+AC_CHECK_HEADERS(limits.h float.h pthread.h libintl.h)
 AC_CHECK_HEADERS(rpc/rpc.h rpcsvc/nis.h rpcsvc/ypclnt.h)
 AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/prctl.h)
 AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h)
@@ -1029,9 +1029,12 @@ AC_CHECK_FUNCS(memalign posix_memalign hstrerror)
 AC_CHECK_HEADERS(sys/mman.h)
 # setbuffer, shmget, shm_open are needed for smbtorture
 AC_CHECK_FUNCS(shmget shm_open)
+AC_CHECK_FUNCS(gettext dgettext)
 
 # Find a method of generating a stack trace
 AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h)
+# libexecinfo provides backtrace_symbols on FreeBSD
+AC_SEARCH_LIBS(backtrace_symbols, [execinfo])
 AC_CHECK_FUNCS(backtrace_symbols)
 AC_CHECK_LIB(exc, trace_back_stack)
 
@@ -1049,6 +1052,24 @@ if test x"$samba_cv_HAVE_GPFS" = x"yes"; then
 fi
 LIBS="$save_LIBS"
 
+#############################################
+# check if building on Isilon OneFS
+printf "%s" "checking for Isilon OneFS... "
+save_LIBS="$LIBS"
+LIBS="$LIBS -lisi_version"
+AC_TRY_LINK([#include <isi_version/isi_version.h>],
+          [get_isilon_copyright()],
+          samba_cv_HAVE_ONEFS=yes,
+          samba_cv_HAVE_ONEFS=no)
+echo $samba_cv_HAVE_ONEFS
+if test x"$samba_cv_HAVE_ONEFS" = x"yes"; then
+    AC_DEFINE(HAVE_ONEFS,1,[Whether building on Isilon OneFS])
+    default_shared_modules="$default_shared_modules vfs_onefs"
+    ONEFS_LIBS="-lisi_acl"
+fi
+AC_SUBST(ONEFS_LIBS)
+LIBS="$save_LIBS"
+
 # Note that all the libunwind symbols in the API are defined to internal
 # platform-specific version, so we must include libunwind.h before checking
 # any of them.
@@ -1433,6 +1454,25 @@ if test x"$samba_cv_stat_st_birthtime" = x"yes" ; then
     AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime])
 fi
 
+AC_CACHE_CHECK([whether there is DOS flags support in the stat struct], samba_cv_stat_dos_flags,
+    [
+       AC_TRY_COMPILE(
+           [#include <sys/stat.h>],
+           [
+               int a = UF_DOS_ARCHIVE;
+               int h = UF_DOS_HIDDEN;
+               int r = UF_DOS_RO;
+               int s = UF_DOS_SYSTEM;
+               int i = UF_DOS_NOINDEX;
+               int f = UF_DOS_FLAGS;
+           ],
+           samba_cv_stat_dos_flags=yes, samba_cv_stat_dos_flags=no)
+    ])
+
+if test x"$samba_cv_stat_dos_flags" = x"yes" ; then
+    AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct])
+fi
+
 #####################################
 # needed for SRV lookups
 AC_CHECK_LIB(resolv, dn_expand)
@@ -4346,6 +4386,22 @@ AC_ARG_WITH(syslog,
   AC_MSG_RESULT(no)
 )
 
+#################################################
+# check for custom syslog facility
+AC_MSG_CHECKING(whether to use a custom syslog facility)
+AC_ARG_WITH(syslog-facility,
+[AS_HELP_STRING([--with-syslog-facility], [Use a custom syslog facility (default=none)])],
+[
+  if test "$withval" = "no" ; then
+    AC_MSG_ERROR([argument to --with-syslog-facility must be a string])
+  else
+     if test "$withval" != "yes" ; then
+        syslog_facility="$withval"
+       AC_DEFINE_UNQUOTED(SYSLOG_FACILITY,$syslog_facility, [syslog facility to log to])
+     fi
+  fi
+])
+
 #################################################
 # check for experimental disk-quotas support
 
@@ -6087,7 +6143,9 @@ SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_acl_tdb, \$(VFS_ACL_TDB_OBJ), "bin/acl_tdb.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_traffic_analyzer.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_onefs, \$(VFS_ONEFS), "bin/onefs.$SHLIBEXT", VFS)
 
 SMB_SUBSYSTEM(VFS,smbd/vfs.o)
 
@@ -6233,7 +6291,7 @@ AC_ZLIB([ZLIB_OBJS=""], [
        do
                ZLIB_OBJS="$ZLIB_OBJS ../lib/zlib/$o"
        done
-       CFLAGS="$CFLAGS -I../lib/zlib"
+       CFLAGS="-I../lib/zlib $CFLAGS"
 ])
 
 dnl Remove -L/usr/lib/? from LDFLAGS and LIBS
diff --git a/source3/include/eventlog.h b/source3/include/eventlog.h
new file mode 100644 (file)
index 0000000..16affe3
--- /dev/null
@@ -0,0 +1,41 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Marcin Krzysztof Porwit    2005.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Defines for TDB keys */
+#define  EVT_OLDEST_ENTRY  "INFO/oldest_entry"
+#define  EVT_NEXT_RECORD   "INFO/next_record"
+#define  EVT_VERSION       "INFO/version"
+#define  EVT_MAXSIZE       "INFO/maxsize"
+#define  EVT_RETENTION     "INFO/retention"
+
+#define ELOG_APPL      "Application"
+#define ELOG_SYS       "System"
+#define ELOG_SEC       "Security"
+
+typedef struct elog_tdb {
+       struct elog_tdb *prev, *next;
+       char *name;
+       TDB_CONTEXT *tdb;
+       int ref_count;
+} ELOG_TDB;
+
+#define ELOG_TDB_CTX(x) ((x)->tdb)
+
+
+#define  EVENTLOG_DATABASE_VERSION_V1    1
index 4399c734d093d000ffe803c2a54a27f1735eaa1b..38d6ec06b98d41ef525b3d43486a1aa64c297759 100644 (file)
@@ -654,6 +654,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx);
 #include "async_smb.h"
 #include "async_sock.h"
 #include "services.h"
+#include "eventlog.h"
 
 #include "lib/smbconf/smbconf.h"
 
diff --git a/source3/include/localedir.h b/source3/include/localedir.h
new file mode 100644 (file)
index 0000000..2a291d3
--- /dev/null
@@ -0,0 +1,6 @@
+#ifndef __LOCALEDIR_H__
+#define __LOCALEDIR_H__
+
+extern const char *dyn_LOCALEDIR;
+
+#endif
index e756136b76ab062af280794c04aee0c6e79e8d3c..0224be099fa1cd5e40e46b8552cb760a64df4de7 100644 (file)
@@ -66,10 +66,12 @@ struct nss_info_methods {
                                  TALLOC_CTX *ctx, 
                                  ADS_STRUCT *ads, LDAPMessage *msg,
                                  char **homedir, char **shell, char **gecos, gid_t *p_gid);
-       NTSTATUS (*map_to_alias)( TALLOC_CTX *mem_ctx, const char *domain,
-                                 const char *name, char **alias );
-       NTSTATUS (*map_from_alias)( TALLOC_CTX *mem_ctx, const char *domain,
-                                   const char *alias, char **name );
+       NTSTATUS (*map_to_alias)(TALLOC_CTX *mem_ctx,
+                                struct nss_domain_entry *e,
+                                const char *name, char **alias);
+       NTSTATUS (*map_from_alias)(TALLOC_CTX *mem_ctx,
+                                  struct nss_domain_entry *e,
+                                  const char *alias, char **name);
        NTSTATUS (*close_fn)( void );
 };
 
index e6c97c69dc2c1f2566cff251417a958700a7d3d9..cc99ad74c288d20d8ba844221664a56b1293f2f2 100644 (file)
@@ -5,17 +5,17 @@
    Copyright (C) Luke Kenneth Casson Leighton 1996-1997
    Copyright (C) Paul Ashton 1997
    Copyright (C) Jeremy Allison 2000-2004
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -27,7 +27,7 @@
  * A bunch of stuff that was put into smb.h
  * in the NTDOM branch - it didn't belong there.
  */
+
 typedef struct _prs_struct {
        bool io; /* parsing in or out of data stream */
        /* 
@@ -138,7 +138,7 @@ struct dcinfo {
        struct netr_Credential seed_chal;
        struct netr_Credential clnt_chal; /* Client credential */
        struct netr_Credential srv_chal;  /* Server credential */
+
        unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
        unsigned char  mach_pw[16];   /* md4(machine password) */
 
@@ -154,13 +154,13 @@ struct dcinfo {
 typedef struct pipe_rpc_fns {
 
        struct pipe_rpc_fns *next, *prev;
-       
+
        /* RPC function table associated with the current rpc_bind (associated by context) */
-       
+
        const struct api_struct *cmds;
        int n_cmds;
        uint32 context_id;
-       
+
 } PIPE_RPC_FNS;
 
 /*
@@ -217,12 +217,12 @@ typedef struct pipes_struct {
 
        fstring name;
        fstring pipe_srv_name;
-       
+
        /* linked list of rpc dispatch tables associated 
           with the open rpc contexts */
-          
+
        PIPE_RPC_FNS *contexts;
-       
+
        RPC_HDR hdr; /* Incoming RPC header. */
        RPC_HDR_REQ hdr_req; /* Incoming request header. */
 
@@ -230,22 +230,16 @@ typedef struct pipes_struct {
 
        struct dcinfo *dc; /* Keeps the creds data from netlogon. */
 
-       /*
-        * Unix user name and credentials used when a pipe is authenticated.
-        */
-
-       struct current_user pipe_user;
        /*
         * Set to true when an RPC bind has been done on this pipe.
         */
-       
+
        bool pipe_bound;
-       
+
        /*
         * Set to true when we should return fault PDU's for everything.
         */
-       
+
        bool fault_state;
 
        /*
@@ -259,13 +253,13 @@ typedef struct pipes_struct {
         */
 
        bool rng_fault_state;
-       
+
        /*
         * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's
         */
-       
+
        bool endian;
-       
+
        /*
         * Struct to deal with multiple pdu inputs.
         */
index b014b2170c7f3b1700412ea22216118886bc6414..55b9249ea7a4cb1bcb140a8aff518aa18b430dd1 100644 (file)
@@ -77,7 +77,6 @@ enum NTLM_MESSAGE_TYPE
 
 typedef struct ntlmssp_state 
 {
-       TALLOC_CTX *mem_ctx;
        unsigned int ref_count;
        enum NTLMSSP_ROLE role;
        enum server_types server_role;
@@ -98,9 +97,9 @@ typedef struct ntlmssp_state
        DATA_BLOB lm_resp;
        DATA_BLOB nt_resp;
        DATA_BLOB session_key;
-       
+
        uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */
-       
+
        void *auth_context;
 
        /**
@@ -171,5 +170,4 @@ typedef struct ntlmssp_state
           response in at the time we want to process it.
           Store it here, until we need it */
        DATA_BLOB stored_response; 
-       
 } NTLMSSP_STATE;
index 360a0d04443abaf6beb38b26cb98b006d9f7ec38..744b723c83f6cd5d154ca9c7a61afefcbf921ca8 100644 (file)
 #ifndef _PASSDB_H
 #define _PASSDB_H
 
-
-/*
- * in samba4 idl
- * ACCT_NT_PWD_SET == SAMR_FIELD_PASSWORD and
- * ACCT_LM_PWD_SET == SAMR_FIELD_PASSWORD2
- */
-
-#define ACCT_NT_PWD_SET                0x01000000
-#define ACCT_LM_PWD_SET                0x02000000
-
 /*
  * bit flags representing initialized fields in struct samu
  */
index ac55a67c1915e6bd311ed98bb85670ce1306a0ff..f2bbb07f926f2c13fb6a6e0fb9ac77a3764baf73 100644 (file)
@@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid);
 bool procid_valid(const struct server_id *pid);
 bool procid_is_local(const struct server_id *pid);
 int this_is_smp(void);
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length);
 bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
@@ -1582,6 +1583,7 @@ bool validate_net_name( const char *name,
                const char *invalid_chars,
                int max_len);
 char *escape_shell_string(const char *src);
+char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep);
 
 /* The following definitions come from lib/util_unistr.c  */
 
@@ -1919,10 +1921,10 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
                                TALLOC_CTX *mem_ctx,
                                char ***ous,
                                size_t *num_ous);
-bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, 
-                                 const char *extended_dn, 
-                                 enum ads_extended_dn_flags flags, 
-                                 DOM_SID *sid);
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+                                       const char *extended_dn,
+                                       enum ads_extended_dn_flags flags,
+                                       DOM_SID *sid);
 char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
 char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
@@ -4772,10 +4774,12 @@ bool delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR
 void update_a_form(nt_forms_struct **list, const FORM *form, int count);
 int get_ntdrivers(fstring **list, const char *architecture, uint32 version);
 const char *get_short_archi(const char *long_archi);
-WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
-                                                         uint32 level, struct current_user *user);
-WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, 
-                                 struct current_user *user, WERROR *perr);
+WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe,
+                             NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
+                             uint32 level);
+WERROR move_driver_to_download_area(struct pipes_struct *p,
+                                   NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract,
+                                   uint32 level, WERROR *perr);
 int pack_devicemode(NT_DEVICEMODE *nt_devmode, uint8 *buf, int buflen);
 uint32 del_a_printer(const char *sharename);
 NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename);
@@ -4818,8 +4822,9 @@ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level,
 uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level);
 bool printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3 );
 bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info );
-WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user,
-                              uint32 version, bool delete_files );
+WERROR delete_printer_driver(struct pipes_struct *rpc_pipe,
+                            NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3,
+                            uint32 version, bool delete_files );
 WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr);
 bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **secdesc_ctr);
 void map_printer_permissions(SEC_DESC *sd);
@@ -4865,7 +4870,7 @@ bool sysv_cache_reload(void);
 
 NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn,
                        const char *fname,
-                       uint16_t current_vuid, files_struct **result);
+                       uint16_t current_vuid, files_struct *fsp);
 void print_fsp_end(files_struct *fsp, enum file_close_type close_type);
 
 /* The following definitions come from printing/printing.c  */
@@ -5295,7 +5300,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx,
 NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                          uint32 reg_type, uint32 access_mask,
                          POLICY_HND *reg_hnd);
-uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val );
 
 /* The following definitions come from rpc_client/cli_samr.c  */
 
@@ -5549,7 +5553,8 @@ void init_netr_SamInfo3(struct netr_SamInfo3 *r,
                        uint32_t sidcount,
                        struct netr_SidAttr *sids);
 NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info,
-                               uint8_t pipe_session_key[16],
+                               uint8_t *pipe_session_key,
+                               size_t pipe_session_key_len,
                                struct netr_SamInfo3 *sam3);
 void init_netr_IdentityInfo(struct netr_IdentityInfo *r,
                            const char *domain_name,
@@ -5595,7 +5600,7 @@ void init_samr_DomGeneralInformation(struct samr_DomGeneralInformation *r,
                                     const char *domain_name,
                                     const char *primary,
                                     uint64_t sequence_num,
-                                    uint32_t unknown2,
+                                    enum samr_DomainServerState domain_server_state,
                                     enum samr_Role role,
                                     uint32_t unknown3,
                                     uint32_t num_users,
@@ -5615,7 +5620,7 @@ void init_samr_DomInfo8(struct samr_DomInfo8 *r,
                        uint64_t sequence_num,
                        NTTIME domain_create_time);
 void init_samr_DomInfo9(struct samr_DomInfo9 *r,
-                       uint32_t unknown);
+                        enum samr_DomainServerState domain_server_state);
 void init_samr_DomInfo12(struct samr_DomInfo12 *r,
                         uint64_t lockout_duration,
                         uint64_t lockout_window,
@@ -5640,6 +5645,25 @@ void init_samr_alias_info1(struct samr_AliasInfoAll *r,
                           const char *description);
 void init_samr_alias_info3(struct lsa_String *r,
                           const char *description);
+void init_samr_user_info5(struct samr_UserInfo5 *r,
+                         const char *account_name,
+                         const char *full_name,
+                         uint32_t rid,
+                         uint32_t primary_gid,
+                         const char *home_directory,
+                         const char *home_drive,
+                         const char *logon_script,
+                         const char *profile_path,
+                         const char *description,
+                         const char *workstations,
+                         NTTIME last_logon,
+                         NTTIME last_logoff,
+                         struct samr_LogonHours logon_hours,
+                         uint16_t bad_password_count,
+                         uint16_t logon_count,
+                         NTTIME last_password_change,
+                         NTTIME acct_expiry,
+                         uint32_t acct_flags);
 void init_samr_user_info7(struct samr_UserInfo7 *r,
                          const char *account_name);
 void init_samr_user_info9(struct samr_UserInfo9 *r,
@@ -5709,11 +5733,43 @@ void init_samr_user_info23(struct samr_UserInfo23 *r,
                           uint8_t nt_password_set,
                           uint8_t lm_password_set,
                           uint8_t password_expired,
-                          uint8_t data[516],
-                          uint8_t pw_len);
+                          struct samr_CryptPassword *pwd_buf);
 void init_samr_user_info24(struct samr_UserInfo24 *r,
-                          uint8_t data[516],
-                          uint8_t pw_len);
+                          struct samr_CryptPassword *pwd_buf,
+                          uint8_t password_expired);
+void init_samr_user_info25(struct samr_UserInfo25 *r,
+                          NTTIME last_logon,
+                          NTTIME last_logoff,
+                          NTTIME last_password_change,
+                          NTTIME acct_expiry,
+                          NTTIME allow_password_change,
+                          NTTIME force_password_change,
+                          const char *account_name,
+                          const char *full_name,
+                          const char *home_directory,
+                          const char *home_drive,
+                          const char *logon_script,
+                          const char *profile_path,
+                          const char *description,
+                          const char *workstations,
+                          const char *comment,
+                          struct lsa_BinaryString *parameters,
+                          uint32_t rid,
+                          uint32_t primary_gid,
+                          uint32_t acct_flags,
+                          uint32_t fields_present,
+                          struct samr_LogonHours logon_hours,
+                          uint16_t bad_password_count,
+                          uint16_t logon_count,
+                          uint16_t country_code,
+                          uint16_t code_page,
+                          uint8_t nt_password_set,
+                          uint8_t lm_password_set,
+                          uint8_t password_expired,
+                          struct samr_CryptPasswordEx *pwd_buf);
+void init_samr_user_info26(struct samr_UserInfo26 *r,
+                          struct samr_CryptPasswordEx *pwd_buf,
+                          uint8_t password_expired);
 void init_samr_CryptPasswordEx(const char *pwd,
                               DATA_BLOB *session_key,
                               struct samr_CryptPasswordEx *pwd_buf);
@@ -5908,8 +5964,6 @@ void init_rpc_blob_str(RPC_DATA_BLOB *str, const char *buf, int len);
 void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf);
 void init_rpc_blob_bytes(RPC_DATA_BLOB *str, uint8 *buf, size_t len);
 bool smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth);
-void init_regval_buffer(REGVAL_BUFFER *str, const uint8 *buf, size_t len);
-bool smb_io_regval_buffer(const char *desc, prs_struct *ps, int depth, REGVAL_BUFFER *buf2);
 void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf);
 void copy_unistr2(UNISTR2 *str, const UNISTR2 *from);
 void init_string2(STRING2 *str, const char *buf, size_t max_len, size_t str_len);
@@ -5972,8 +6026,6 @@ bool policy_handle_is_valid(const POLICY_HND *hnd);
 
 bool ntsvcs_io_q_get_device_list(const char *desc, NTSVCS_Q_GET_DEVICE_LIST *q_u, prs_struct *ps, int depth);
 bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u, prs_struct *ps, int depth);
-bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth);
-bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u, prs_struct *ps, int depth);
 
 /* The following definitions come from rpc_parse/parse_prs.c  */
 
@@ -6029,7 +6081,6 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin
 bool prs_uint16uni(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len);
 bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len);
 bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str);
-bool prs_regval_buffer(bool charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf);
 bool prs_string2(bool charmode, const char *name, prs_struct *ps, int depth, STRING2 *str);
 bool prs_unistr2(bool charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str);
 bool prs_unistr3(bool charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth);
@@ -6822,7 +6873,6 @@ WERROR _PNP_GetVersion(pipes_struct *p,
 WERROR _PNP_GetDeviceListSize(pipes_struct *p,
                              struct PNP_GetDeviceListSize *r);
 WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, NTSVCS_R_GET_DEVICE_LIST *r_u );
-WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u );
 WERROR _PNP_ValidateDeviceInstance(pipes_struct *p,
                                   struct PNP_ValidateDeviceInstance *r);
 WERROR _PNP_GetHwProfInfo(pipes_struct *p,
@@ -6968,7 +7018,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p);
 bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in,
                                        uint32 *p_ss_padding_len, NTSTATUS *pstatus);
 bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len);
-struct current_user *get_current_user(struct current_user *user, pipes_struct *p);
 void free_pipe_rpc_context( PIPE_RPC_FNS *list );
 bool api_pipe_request(pipes_struct *p);
 
@@ -6979,8 +7028,8 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p);
 void init_rpc_pipe_hnd(void);
 
 bool fsp_is_np(struct files_struct *fsp);
-NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn,
-                const char *name, struct files_struct **pfsp);
+NTSTATUS np_open(struct smb_request *smb_req, const char *name,
+                struct files_struct **pfsp);
 NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len,
                  ssize_t *nwritten);
 NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len,
@@ -7865,9 +7914,9 @@ void file_sync_all(connection_struct *conn);
 void file_free(struct smb_request *req, files_struct *fsp);
 files_struct *file_fnum(uint16 fnum);
 files_struct *file_fsp(struct smb_request *req, uint16 fid);
-NTSTATUS dup_file_fsp(struct smb_request *req, files_struct *fsp,
+void dup_file_fsp(struct smb_request *req, files_struct *from,
                      uint32 access_mask, uint32 share_access,
-                     uint32 create_options, files_struct **result);
+                     uint32 create_options, files_struct *to);
 
 /* The following definitions come from smbd/ipc.c  */
 
@@ -7962,7 +8011,8 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
                                connection_struct **pconn,
                                int snum,
                                const char *path,
-                           char **poldcwd);
+                               struct auth_serversupplied_info *server_info,
+                               char **poldcwd);
 
 /* The following definitions come from smbd/negprot.c  */
 
@@ -7971,11 +8021,11 @@ void reply_negprot(struct smb_request *req);
 /* The following definitions come from smbd/notify.c  */
 
 void change_notify_reply(connection_struct *conn,
-                       const uint8 *request_buf, uint32 max_param,
+                        struct smb_request *req, uint32 max_param,
                         struct notify_change_buf *notify_buf);
 NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter,
                              bool recursive);
-NTSTATUS change_notify_add_request(const struct smb_request *req,
+NTSTATUS change_notify_add_request(struct smb_request *req,
                                uint32 max_param,
                                uint32 filter, bool recursive,
                                struct files_struct *fsp);
@@ -8176,6 +8226,7 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req);
 /* The following definitions come from smbd/posix_acls.c  */
 
 void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid);
+bool nt4_compatible_acls(void);
 NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
 NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
@@ -8231,7 +8282,6 @@ void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes);
 const char *smb_fn_name(int type);
 void add_to_common_flags2(uint32 v);
 void remove_from_common_flags2(uint32 v);
-void construct_reply_common(const char *inbuf, char *outbuf);
 void construct_reply_common_req(struct smb_request *req, char *outbuf);
 void chain_reply(struct smb_request *req);
 void check_reload(time_t t);
@@ -8424,10 +8474,6 @@ bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir);
 void load_registry_shares(void);
 int add_home_service(const char *service, const char *username, const char *homedir);
 int find_service(fstring service);
-connection_struct *make_connection_with_chdir(const char *service_in,
-                                             DATA_BLOB password, 
-                                             const char *dev, uint16 vuid,
-                                             NTSTATUS *status);
 connection_struct *make_connection(const char *service_in, DATA_BLOB password, 
                                   const char *pdev, uint16 vuid,
                                   NTSTATUS *status);
@@ -8458,7 +8504,8 @@ bool user_ok_token(const char *username, const char *domain,
                   struct nt_user_token *token, int snum);
 bool is_share_read_only_for_token(const char *username,
                                  const char *domain,
-                                 struct nt_user_token *token, int snum);
+                                 struct nt_user_token *token,
+                                 connection_struct *conn);
 
 /* The following definitions come from smbd/srvstr.c  */
 
@@ -8663,6 +8710,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domname,
 NTSTATUS idmap_new_mapping(const struct dom_sid *psid, enum id_type type,
                           struct unixid *pxid);
 NTSTATUS idmap_set_mapping(const struct id_map *map);
+NTSTATUS idmap_remove_mapping(const struct id_map *map);
 
 /* The following definitions come from winbindd/idmap_cache.c  */
 
index 3f5d03ed6339d64b32d0535cdf9470ff57f1ef46..f17e448d9edfbea9d9e1b8b59a6f4444cd0a76a0 100644 (file)
 /* Event types */
 /* defined in librpc/gen_ndr/eventlog.h */
 
-/* Defines for TDB keys */
-#define  EVT_OLDEST_ENTRY  "INFO/oldest_entry"
-#define  EVT_NEXT_RECORD   "INFO/next_record"
-#define  EVT_VERSION       "INFO/version"
-#define  EVT_MAXSIZE       "INFO/maxsize"
-#define  EVT_RETENTION     "INFO/retention"
-
-#define ELOG_APPL      "Application"
-#define ELOG_SYS       "System"
-#define ELOG_SEC       "Security"
-
-typedef struct elog_tdb {
-       struct elog_tdb *prev, *next;
-       char *name;
-       TDB_CONTEXT *tdb;
-       int ref_count;
-} ELOG_TDB;
-
-#define ELOG_TDB_CTX(x) ((x)->tdb)
-
-
-#define  EVENTLOG_DATABASE_VERSION_V1    1
-
 /***********************************/
 
 typedef struct 
index 0056d16eb9639a3718f1ecb6a326c593835cb078..dc74298cb9ef807a75c6ac6a0471308934b06c43 100644 (file)
@@ -47,23 +47,4 @@ typedef struct {
        WERROR status;
 } NTSVCS_R_GET_DEVICE_LIST;
 
-/**************************/
-
-typedef struct {
-       UNISTR2 devicepath;
-       uint32 property;
-       uint32 unknown2;
-       uint32 buffer_size1;
-       uint32 buffer_size2;
-       uint32 unknown5;
-} NTSVCS_Q_GET_DEVICE_REG_PROPERTY;
-
-typedef struct {
-       uint32 unknown1;
-       REGVAL_BUFFER value;
-       uint32 size;
-       uint32 needed;
-       WERROR status;
-} NTSVCS_R_GET_DEVICE_REG_PROPERTY;
-
 #endif /* _RPC_NTSVCS_H */
index 27858405e7c6f97ceeb1c9a7ab169d3fbec4c164..7dd849d5b41deeeb8a33dd3298bbb5c2ead94b9a 100644 (file)
 #define SVCCTL_DEMAND_START                        0x00000003
 #define SVCCTL_DISABLED                            0x00000004
 
-/* Service Controls */
-
-#define SVCCTL_CONTROL_STOP                    0x00000001
-#define SVCCTL_CONTROL_PAUSE                   0x00000002
-#define SVCCTL_CONTROL_CONTINUE                        0x00000003
-#define SVCCTL_CONTROL_INTERROGATE             0x00000004
-#define SVCCTL_CONTROL_SHUTDOWN                 0x00000005
-
 #define SVC_HANDLE_IS_SCM                      0x0000001
 #define SVC_HANDLE_IS_SERVICE                  0x0000002
 #define SVC_HANDLE_IS_DBLOCK                   0x0000003
index 46ca2365533967c72ced88901b91ea5394dffa9e..119ceeb158c28779264f4c9f04a53f2facb36f17 100644 (file)
@@ -52,8 +52,8 @@
                                return ERROR_NT(NT_STATUS_INVALID_HANDLE); \
                        } while(0)
 
-#define CHECK_READ(fsp,inbuf) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \
-                       ((SVAL((inbuf),smb_flg2) & FLAGS2_READ_PERMIT_EXECUTE) && \
+#define CHECK_READ(fsp,req) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \
+                       ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \
                         (fsp->access_mask & FILE_EXECUTE))))
 
 #define CHECK_WRITE(fsp) ((fsp)->can_write && ((fsp)->fh->fd != -1))
index 7b3aeaa2c77193b6bc0568f86c008548d7c9bde7..8fbc21b12d426fc1dc238f60172e8735b715b22b 100644 (file)
@@ -92,7 +92,7 @@
 
 /* POSIX ACL operations. */
 #define SMB_VFS_CHMOD_ACL(conn, name, mode) ((conn)->vfs.ops.chmod_acl((conn)->vfs.handles.chmod_acl, (name), (mode)))
-#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.chmod_acl, (fsp), (mode)))
+#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.fchmod_acl, (fsp), (mode)))
 
 #define SMB_VFS_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs.ops.sys_acl_get_entry((conn)->vfs.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p)))
 #define SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs.ops.sys_acl_get_tag_type((conn)->vfs.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p)))
 
 /* POSIX ACL operations. */
 #define SMB_VFS_OPAQUE_CHMOD_ACL(conn, name, mode) ((conn)->vfs_opaque.ops.chmod_acl((conn)->vfs_opaque.handles.chmod_acl, (name), (mode)))
-#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.chmod_acl, (fsp), (mode)))
+#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.fchmod_acl, (fsp), (mode)))
 
 #define SMB_VFS_OPAQUE_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs_opaque.ops.sys_acl_get_entry((conn)->vfs_opaque.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p)))
 #define SMB_VFS_OPAQUE_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs_opaque.ops.sys_acl_get_tag_type((conn)->vfs_opaque.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p)))
 
 /* POSIX ACL operations. */
 #define SMB_VFS_NEXT_CHMOD_ACL(handle, name, mode) ((handle)->vfs_next.ops.chmod_acl((handle)->vfs_next.handles.chmod_acl, (name), (mode)))
-#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.chmod_acl, (fsp), (mode)))
+#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.fchmod_acl, (fsp), (mode)))
 
 #define SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id, entry_p) ((handle)->vfs_next.ops.sys_acl_get_entry((handle)->vfs_next.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p)))
 #define SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d, tag_type_p) ((handle)->vfs_next.ops.sys_acl_get_tag_type((handle)->vfs_next.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p)))
index 986dff48d7d2ca31b004fcce8caa125a23cd6be5..d64fcb66d989d56d05d56fa34fabf0466687b0e2 100644 (file)
@@ -472,7 +472,7 @@ bool debug_parse_levels(const char *params_str)
        if (AllowDebugChange == False)
                return True;
 
-       params = str_list_make(talloc_tos(), params_str, NULL);
+       params = str_list_make_v3(talloc_tos(), params_str, NULL);
 
        if (debug_parse_params(params)) {
                debug_dump_status(5);
index 9c892fedfac5cd68f175675ce4858a80fda37901..606d72ab5ac5428bdf44fc5ba55b6139bc20d21b 100644 (file)
@@ -63,14 +63,6 @@ static int memcache_destructor(struct memcache *cache) {
 
        for (e = cache->mru; e != NULL; e = next) {
                next = e->next;
-               if (memcache_is_talloc((enum memcache_number)e->n)
-                   && (e->valuelength == sizeof(void *))) {
-                       DATA_BLOB key, value;
-                       void *ptr;
-                       memcache_element_parse(e, &key, &value);
-                       memcpy(&ptr, value.data, sizeof(ptr));
-                       TALLOC_FREE(ptr);
-               }
                SAFE_FREE(e);
        }
        return 0;
@@ -214,6 +206,16 @@ static void memcache_delete_element(struct memcache *cache,
        }
        DLIST_REMOVE(cache->mru, e);
 
+       if (memcache_is_talloc(e->n)) {
+               DATA_BLOB cache_key, cache_value;
+               void *ptr;
+
+               memcache_element_parse(e, &cache_key, &cache_value);
+               SMB_ASSERT(cache_value.length == sizeof(ptr));
+               memcpy(&ptr, cache_value.data, sizeof(ptr));
+               TALLOC_FREE(ptr);
+       }
+
        cache->size -= memcache_element_size(e->keylength, e->valuelength);
 
        SAFE_FREE(e);
@@ -276,6 +278,12 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
                memcache_element_parse(e, &cache_key, &cache_value);
 
                if (value.length <= cache_value.length) {
+                       if (memcache_is_talloc(e->n)) {
+                               void *ptr;
+                               SMB_ASSERT(cache_value.length == sizeof(ptr));
+                               memcpy(&ptr, cache_value.data, sizeof(ptr));
+                               TALLOC_FREE(ptr);
+                       }
                        /*
                         * We can reuse the existing record
                         */
@@ -332,9 +340,20 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
 }
 
 void memcache_add_talloc(struct memcache *cache, enum memcache_number n,
-                        DATA_BLOB key, void *ptr)
+                        DATA_BLOB key, void *pptr)
 {
-       memcache_add(cache, n, key, data_blob_const(&ptr, sizeof(ptr)));
+       void **ptr = (void **)pptr;
+       void *p;
+
+       if (cache == NULL) {
+               cache = global_cache;
+       }
+       if (cache == NULL) {
+               return;
+       }
+
+       p = talloc_move(cache, ptr);
+       memcache_add(cache, n, key, data_blob_const(&p, sizeof(p)));
 }
 
 void memcache_flush(struct memcache *cache, enum memcache_number n)
index 298730606668b767134fd1fba72e40858b0b9812..df853366039f1d4cbb2b1205fec849406234962c 100644 (file)
@@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
                        ptrustee = creator;
                        new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+               } else if (container &&
+                               !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+                       ptrustee = &ace->trustee;
                }
 
                init_sec_ace(new_ace, ptrustee, ace->type,
@@ -563,19 +566,20 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
        }
 
        /* Create child security descriptor to return */
-
-       new_dacl = make_sec_acl(ctx,
+       if (new_ace_list_ndx) {
+               new_dacl = make_sec_acl(ctx,
                                NT4_ACL_REVISION,
                                new_ace_list_ndx,
                                new_ace_list);
 
-       if (!new_dacl) {
-               return NT_STATUS_NO_MEMORY;
+               if (!new_dacl) {
+                       return NT_STATUS_NO_MEMORY;
+               }
        }
+
        *ppsd = make_sec_desc(ctx,
                        SECURITY_DESCRIPTOR_REVISION_1,
-                       SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
-                               SEC_DESC_DACL_DEFAULTED,
+                       SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
                        owner_sid,
                        group_sid,
                        NULL,
index 820cf376beb79baf2d6552101f4b89474a47d8e1..074b523ae0b8a320076629d7284ebfd0b9f366ff 100644 (file)
@@ -1497,7 +1497,7 @@ uid_t nametouid(const char *name)
        char *p;
        uid_t u;
 
-       pass = getpwnam_alloc(NULL, name);
+       pass = getpwnam_alloc(talloc_autofree_context(), name);
        if (pass) {
                u = pass->pw_uid;
                TALLOC_FREE(pass);
@@ -2255,8 +2255,8 @@ char *myhostname(void)
        static char *ret;
        if (ret == NULL) {
                /* This is cached forever so
-                * use NULL talloc ctx. */
-               ret = talloc_get_myname(NULL);
+                * use talloc_autofree_context() ctx. */
+               ret = talloc_get_myname(talloc_autofree_context());
        }
        return ret;
 }
@@ -2878,6 +2878,25 @@ int this_is_smp(void)
 #endif
 }
 
+/****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+       if ((offset + length < offset) || (offset + length < length)) {
+               /* wrap */
+               return true;
+       }
+       if ((offset > bufsize) || (offset + length > bufsize)) {
+               /* overflow */
+               return true;
+       }
+       return false;
+}
+
 /****************************************************************
  Check if an offset into a buffer is safe.
  If this returns True it's safe to indirect into the byte at
index c0d37f1094b7c3c80fb88ac7c1f4f81e31bba67b..b0baa12c3e54f123e9299454e75e644ddc1d892e 100644 (file)
@@ -44,30 +44,28 @@ void flush_pwnam_cache(void)
 
 struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name)
 {
-       struct passwd *temp, *cached;
+       struct passwd *pw, *for_cache;
 
-       temp = (struct passwd *)memcache_lookup_talloc(
+       pw = (struct passwd *)memcache_lookup_talloc(
                NULL, GETPWNAM_CACHE, data_blob_string_const_null(name));
-       if (temp != NULL) {
-               return tcopy_passwd(mem_ctx, temp);
+       if (pw != NULL) {
+               return tcopy_passwd(mem_ctx, pw);
        }
 
-       temp = sys_getpwnam(name);
-       if (temp == NULL) {
+       pw = sys_getpwnam(name);
+       if (pw == NULL) {
                return NULL;
        }
 
-       cached = tcopy_passwd(NULL, temp);
-       if (cached == NULL) {
-               /*
-                * Just don't add this into the cache, ignore the failure
-                */
-               return temp;
+       for_cache = tcopy_passwd(talloc_autofree_context(), pw);
+       if (for_cache == NULL) {
+               return NULL;
        }
 
-       memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name),
-                           cached);
-       return tcopy_passwd(mem_ctx, temp);
+       memcache_add_talloc(NULL, GETPWNAM_CACHE,
+                           data_blob_string_const_null(name), &for_cache);
+
+       return tcopy_passwd(mem_ctx, pw);
 }
 
 struct passwd *getpwuid_alloc(TALLOC_CTX *mem_ctx, uid_t uid) 
index 046ce61ea31a83a7cd32da061371e55fcceaa0e1..fde4f825e81416b45ade0b5f08ff7b5eef19f7cf 100644 (file)
@@ -2532,3 +2532,19 @@ char *escape_shell_string(const char *src)
        *dest++ = '\0';
        return ret;
 }
+
+/***************************************************
+ Wrapper for str_list_make() to restore the s3 behavior.
+ In samba 3.2 passing NULL or an empty string returned NULL.
+
+ In master, it now returns a list of length 1 with the first string set
+ to NULL (an empty list)
+***************************************************/
+
+char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep)
+{
+       if (!string || !*string) {
+               return NULL;
+       }
+       return str_list_make(mem_ctx, string, sep);
+}
index 883f5824452cb5fc4045e394110aab8180d9efdc..c4e67091ddbea2f1e2727f025f408baf730ccf1c 100644 (file)
@@ -725,8 +725,11 @@ int ads_keytab_list(const char *keytab_name)
 
                ret = smb_krb5_enctype_to_string(context, enctype, &etype_s);
                if (ret) {
-                       SAFE_FREE(princ_s);
-                       goto out;
+                       if (asprintf(&etype_s, "UNKNOWN: %d\n", enctype) == -1)
+                       {
+                               SAFE_FREE(princ_s);
+                               goto out;
+                       }
                }
 
                printf("%3d  %s\t\t %s\n", kt_entry.vno, etype_s, princ_s);
index 2dcd1fd6aee19a6978ed55740e10e48d23f4dd76..932e42e0766fbd587cfa05932df8549cc81dbed6 100644 (file)
@@ -301,11 +301,11 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads)
                        if ( use_own_domain )
                                c_realm = lp_workgroup();
                }
+       }
 
-               if ( !c_realm || !*c_realm ) {
-                       DEBUG(0,("ads_find_dc: no realm or workgroup!  Don't know what to do\n"));
-                       return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
-               }
+       if ( !c_realm || !*c_realm ) {
+               DEBUG(0,("ads_find_dc: no realm or workgroup!  Don't know what to do\n"));
+               return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */
        }
 
        realm = c_realm;
@@ -3111,60 +3111,66 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
 
 /**
  * pull a DOM_SID from an extended dn string
- * @param mem_ctx TALLOC_CTX 
+ * @param mem_ctx TALLOC_CTX
  * @param extended_dn string
  * @param flags string type of extended_dn
  * @param sid pointer to a DOM_SID
- * @return boolean inidicating success
+ * @return NT_STATUS_OK on success,
+ *        NT_INVALID_PARAMETER on error,
+ *        NT_STATUS_NOT_FOUND if no SID present
  **/
-bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, 
-                                 const char *extended_dn, 
-                                 enum ads_extended_dn_flags flags, 
-                                 DOM_SID *sid)
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+                                       const char *extended_dn,
+                                       enum ads_extended_dn_flags flags,
+                                       DOM_SID *sid)
 {
        char *p, *q, *dn;
 
        if (!extended_dn) {
-               return False;
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
 
        /* otherwise extended_dn gets stripped off */
        if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) {
-               return False;
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
-       /* 
+       /*
         * ADS_EXTENDED_DN_HEX_STRING:
         * <GUID=238e1963cb390f4bb032ba0105525a29>;<SID=010500000000000515000000bb68c8fd6b61b427572eb04556040000>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
         *
         * ADS_EXTENDED_DN_STRING (only with w2k3):
-       <GUID=63198e23-39cb-4b0f-b032-ba0105525a29>;<SID=S-1-5-21-4257769659-666132843-1169174103-1110>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+        * <GUID=63198e23-39cb-4b0f-b032-ba0105525a29>;<SID=S-1-5-21-4257769659-666132843-1169174103-1110>;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de
+        *
+        * Object with no SID, such as an Exchange Public Folder
+        * <GUID=28907fb4bdf6854993e7f0a10b504e7c>;CN=public,CN=Microsoft Exchange System Objects,DC=sd2k3ms,DC=west,DC=isilon,DC=com
         */
 
        p = strchr(dn, ';');
        if (!p) {
-               return False;
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
 
        if (strncmp(p, ";<SID=", strlen(";<SID=")) != 0) {
-               return False;
+               DEBUG(5,("No SID present in extended dn\n"));
+               return ADS_ERROR_NT(NT_STATUS_NOT_FOUND);
        }
 
        p += strlen(";<SID=");
 
        q = strchr(p, '>');
        if (!q) {
-               return False;
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
-       
+
        *q = '\0';
 
        DEBUG(100,("ads_get_sid_from_extended_dn: sid string is %s\n", p));
 
        switch (flags) {
-       
+
        case ADS_EXTENDED_DN_STRING:
                if (!string_to_sid(sid, p)) {
-                       return False;
+                       return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
                }
                break;
        case ADS_EXTENDED_DN_HEX_STRING: {
@@ -3173,21 +3179,21 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
 
                buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p));
                if (buf_len == 0) {
-                       return False;
+                       return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
                }
 
                if (!sid_parse(buf, buf_len, sid)) {
                        DEBUG(10,("failed to parse sid\n"));
-                       return False;
+                       return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
                }
                break;
                }
        default:
                DEBUG(10,("unknown extended dn format\n"));
-               return False;
+               return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
        }
 
-       return True;
+       return ADS_ERROR_NT(NT_STATUS_OK);
 }
 
 /**
@@ -3200,18 +3206,19 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
  * @param sids pointer to sid array to allocate
  * @return the count of SIDs pulled
  **/
- int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, 
-                                  TALLOC_CTX *mem_ctx, 
-                                  LDAPMessage *msg, 
+ int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads,
+                                  TALLOC_CTX *mem_ctx,
+                                  LDAPMessage *msg,
                                   const char *field,
                                   enum ads_extended_dn_flags flags,
                                   DOM_SID **sids)
 {
        int i;
-       size_t dn_count;
+       ADS_STATUS rc;
+       size_t dn_count, ret_count = 0;
        char **dn_strings;
 
-       if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, 
+       if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field,
                                           &dn_count)) == NULL) {
                return 0;
        }
@@ -3223,18 +3230,25 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
        }
 
        for (i=0; i<dn_count; i++) {
-
-               if (!ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i], 
-                                                 flags, &(*sids)[i])) {
-                       TALLOC_FREE(*sids);
-                       TALLOC_FREE(dn_strings);
-                       return 0;
+               rc = ads_get_sid_from_extended_dn(mem_ctx, dn_strings[i],
+                                                 flags, &(*sids)[i]);
+               if (!ADS_ERR_OK(rc)) {
+                       if (NT_STATUS_EQUAL(ads_ntstatus(rc),
+                           NT_STATUS_NOT_FOUND)) {
+                               continue;
+                       }
+                       else {
+                               TALLOC_FREE(*sids);
+                               TALLOC_FREE(dn_strings);
+                               return 0;
+                       }
                }
+               ret_count++;
        }
 
        TALLOC_FREE(dn_strings);
 
-       return dn_count;
+       return ret_count;
 }
 
 /********************************************************************
index 0e77f0a8566ffba6b14355b079ab55b4eda1c43c..26813864e5601d2b8b3c480536296217d48a5b73 100644 (file)
@@ -44,7 +44,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
                goto parse_error;
        }
 
-       ext_list = str_list_make(mem_ctx, extension_raw, "]");
+       ext_list = str_list_make_v3(mem_ctx, extension_raw, "]");
        if (!ext_list) {
                goto parse_error;
        }
@@ -87,7 +87,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
                        p++;
                }
 
-               ext_strings = str_list_make(mem_ctx, p, "}");
+               ext_strings = str_list_make_v3(mem_ctx, p, "}");
                if (ext_strings == NULL) {
                        goto parse_error;
                }
@@ -162,7 +162,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
 
        DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw));
 
-       link_list = str_list_make(mem_ctx, gp_link_raw, "]");
+       link_list = str_list_make_v3(mem_ctx, gp_link_raw, "]");
        if (!link_list) {
                goto parse_error;
        }
index 6a3139d6ad3cfb4b6dc9f8378835c687353c7f7b..a05bfdcbe29d85efacea084707e8303f4c19472d 100644 (file)
 
 #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC)
 
-/**
- * Internal helper function to add data to the list
- * of keytab entries. It builds the prefix from the input.
- */
-static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx,
-                                     struct libnet_keytab_context *ctx,
-                                     uint32_t kvno,
-                                     const char *name,
-                                     const char *prefix,
-                                     const krb5_enctype enctype,
-                                     DATA_BLOB blob)
-{
-       struct libnet_keytab_entry entry;
-
-       entry.kvno = kvno;
-       entry.name = talloc_strdup(mem_ctx, name);
-       entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s",
-                                         prefix ? prefix : "",
-                                         prefix ? "/" : "",
-                                         name, ctx->dns_domain_name);
-       entry.enctype = enctype;
-       entry.password = blob;
-       NT_STATUS_HAVE_NO_MEMORY(entry.name);
-       NT_STATUS_HAVE_NO_MEMORY(entry.principal);
-       NT_STATUS_HAVE_NO_MEMORY(entry.password.data);
-
-       ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry,
-                    &ctx->entries, &ctx->count);
-       NT_STATUS_HAVE_NO_MEMORY(ctx->entries);
-
-       return NT_STATUS_OK;
-}
-
 static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
                               struct replUpToDateVectorBlob **pold_utdv)
 {
@@ -134,10 +101,10 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx,
                        goto done;
                }
 
-               status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0,
-                                              ctx->nc_dn, "UTDV",
-                                              ENCTYPE_NULL,
-                                              blob);
+               status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0,
+                                                            ctx->nc_dn, "UTDV",
+                                                            ENCTYPE_NULL,
+                                                            blob);
                if (!NT_STATUS_IS_OK(status)) {
                        goto done;
                }
@@ -391,11 +358,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
        }
 
        if (name) {
-               status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn,
-                                              "SAMACCOUNTNAME",
-                                              ENCTYPE_NULL,
-                                              data_blob_talloc(mem_ctx, name,
-                                                       strlen(name) + 1));
+               status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn,
+                                                            "SAMACCOUNTNAME",
+                                                            ENCTYPE_NULL,
+                                                            data_blob_talloc(mem_ctx, name,
+                                                            strlen(name) + 1));
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
                }
@@ -454,9 +421,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
        }
        DEBUGADD(1,("\n"));
 
-       status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL,
-                                      ENCTYPE_ARCFOUR_HMAC,
-                                      data_blob_talloc(mem_ctx, nt_passwd, 16));
+       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL,
+                                                    ENCTYPE_ARCFOUR_HMAC,
+                                                    data_blob_talloc(mem_ctx, nt_passwd, 16));
 
        if (!NT_STATUS_IS_OK(status)) {
                return status;
@@ -469,11 +436,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
                        if (!pkb4->keys[i].value) {
                                continue;
                        }
-                       status = add_to_keytab_entries(mem_ctx, ctx, kvno,
-                                                      name,
-                                                      NULL,
-                                                      pkb4->keys[i].keytype,
-                                                      *pkb4->keys[i].value);
+                       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno,
+                                                                    name,
+                                                                    NULL,
+                                                                    pkb4->keys[i].keytype,
+                                                                    *pkb4->keys[i].value);
                        if (!NT_STATUS_IS_OK(status)) {
                                return status;
                        }
@@ -482,11 +449,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
                        if (!pkb4->old_keys[i].value) {
                                continue;
                        }
-                       status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
-                                                      name,
-                                                      NULL,
-                                                      pkb4->old_keys[i].keytype,
-                                                      *pkb4->old_keys[i].value);
+                       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
+                                                                    name,
+                                                                    NULL,
+                                                                    pkb4->old_keys[i].keytype,
+                                                                    *pkb4->old_keys[i].value);
                        if (!NT_STATUS_IS_OK(status)) {
                                return status;
                        }
@@ -495,11 +462,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
                        if (!pkb4->older_keys[i].value) {
                                continue;
                        }
-                       status = add_to_keytab_entries(mem_ctx, ctx, kvno - 2,
-                                                      name,
-                                                      NULL,
-                                                      pkb4->older_keys[i].keytype,
-                                                      *pkb4->older_keys[i].value);
+                       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 2,
+                                                                    name,
+                                                                    NULL,
+                                                                    pkb4->older_keys[i].keytype,
+                                                                    *pkb4->older_keys[i].value);
                        if (!NT_STATUS_IS_OK(status)) {
                                return status;
                        }
@@ -511,10 +478,10 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
                        if (!pkb3->keys[i].value) {
                                continue;
                        }
-                       status = add_to_keytab_entries(mem_ctx, ctx, kvno, name,
-                                                      NULL,
-                                                      pkb3->keys[i].keytype,
-                                                      *pkb3->keys[i].value);
+                       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name,
+                                                                    NULL,
+                                                                    pkb3->keys[i].keytype,
+                                                                    *pkb3->keys[i].value);
                        if (!NT_STATUS_IS_OK(status)) {
                                return status;
                        }
@@ -523,11 +490,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
                        if (!pkb3->old_keys[i].value) {
                                continue;
                        }
-                       status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
-                                                      name,
-                                                      NULL,
-                                                      pkb3->old_keys[i].keytype,
-                                                      *pkb3->old_keys[i].value);
+                       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1,
+                                                                    name,
+                                                                    NULL,
+                                                                    pkb3->old_keys[i].keytype,
+                                                                    *pkb3->old_keys[i].value);
                        if (!NT_STATUS_IS_OK(status)) {
                                return status;
                        }
@@ -549,9 +516,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx,
        }
 
        for (; i<pwd_history_len; i++) {
-               status = add_to_keytab_entries(mem_ctx, ctx, kvno--, name, NULL,
-                               ENCTYPE_ARCFOUR_HMAC,
-                               data_blob_talloc(mem_ctx, &pwd_history[i*16], 16));
+               status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno--, name, NULL,
+                                                            ENCTYPE_ARCFOUR_HMAC,
+                                                            data_blob_talloc(mem_ctx, &pwd_history[i*16], 16));
                if (!NT_STATUS_IS_OK(status)) {
                        break;
                }
index 6935e000dc224b44c609bb6cdab61f4ad8227286..908fb78ab4ddffaa439943cf4970648ad019aa6d 100644 (file)
@@ -762,7 +762,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
        struct lsa_String lsa_acct_name;
        uint32_t user_rid;
        uint32_t acct_flags = ACB_WSTRUST;
-       uchar md4_trust_password[16];
        struct samr_Ids user_rids;
        struct samr_Ids name_types;
        union samr_UserInfo user_info;
@@ -898,14 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
                goto done;
        }
 
-       /* Create a random machine account password and generate the hash */
-
-       E_md4hash(r->in.machine_password, md4_trust_password);
-
-       init_samr_CryptPasswordEx(r->in.machine_password,
-                                 &cli->user_session_key,
-                                 &crypt_pwd_ex);
-
        /* Fill in the additional account flags now */
 
        acct_flags |= ACB_PWNOEXP;
@@ -916,23 +907,40 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
                ;;
        }
 
-       /* Set password and account flags on machine account */
-
-       ZERO_STRUCT(user_info.info25);
-
-       user_info.info25.info.fields_present = ACCT_NT_PWD_SET |
-                                              ACCT_LM_PWD_SET |
-                                              SAMR_FIELD_ACCT_FLAGS;
-
-       user_info.info25.info.acct_flags = acct_flags;
-       memcpy(&user_info.info25.password.data, crypt_pwd_ex.data,
-              sizeof(crypt_pwd_ex.data));
+       /* Set account flags on machine account */
+       ZERO_STRUCT(user_info.info16);
+       user_info.info16.acct_flags = acct_flags;
 
        status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
                                         &user_pol,
-                                        25,
+                                        16,
                                         &user_info);
 
+       if (!NT_STATUS_IS_OK(status)) {
+
+               rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+                                      &user_pol);
+
+               libnet_join_set_error_string(mem_ctx, r,
+                       "Failed to set account flags for machine account (%s)\n",
+                       nt_errstr(status));
+               goto done;
+       }
+
+       /* Set password on machine account - first try level 26 */
+
+       init_samr_CryptPasswordEx(r->in.machine_password,
+                                 &cli->user_session_key,
+                                 &crypt_pwd_ex);
+
+       init_samr_user_info26(&user_info.info26, &crypt_pwd_ex,
+                             PASS_DONT_CHANGE_AT_NEXT_LOGON);
+
+       status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+                                         &user_pol,
+                                         26,
+                                         &user_info);
+
        if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
 
                /* retry with level 24 */
@@ -941,7 +949,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
                                        &cli->user_session_key,
                                        &crypt_pwd);
 
-               init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24);
+               init_samr_user_info24(&user_info.info24, &crypt_pwd,
+                                     PASS_DONT_CHANGE_AT_NEXT_LOGON);
 
                status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
                                                  &user_pol,
@@ -1638,24 +1647,31 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
 static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
                                       struct libnet_JoinCtx *r)
 {
+       bool valid_security = false;
+       bool valid_workgroup = false;
+       bool valid_realm = false;
+
        /* check if configuration is already set correctly */
 
+       valid_workgroup = strequal(lp_workgroup(), r->out.netbios_domain_name);
+
        switch (r->out.domain_is_ad) {
                case false:
-                       if ((strequal(lp_workgroup(),
-                                     r->out.netbios_domain_name)) &&
-                           (lp_security() == SEC_DOMAIN)) {
+                       valid_security = (lp_security() == SEC_DOMAIN);
+                       if (valid_workgroup && valid_security) {
                                /* nothing to be done */
                                return WERR_OK;
                        }
                        break;
                case true:
-                       if ((strequal(lp_workgroup(),
-                                     r->out.netbios_domain_name)) &&
-                           (strequal(lp_realm(),
-                                     r->out.dns_domain_name)) &&
-                           ((lp_security() == SEC_ADS) ||
-                            (lp_security() == SEC_DOMAIN))) {
+                       valid_realm = strequal(lp_realm(), r->out.dns_domain_name);
+                       switch (lp_security()) {
+                       case SEC_DOMAIN:
+                       case SEC_ADS:
+                               valid_security = true;
+                       }
+
+                       if (valid_workgroup && valid_realm && valid_security) {
                                /* nothing to be done */
                                return WERR_OK;
                        }
@@ -1665,9 +1681,41 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx,
        /* check if we are supposed to manipulate configuration */
 
        if (!r->in.modify_config) {
+
+               char *wrong_conf = talloc_strdup(mem_ctx, "");
+
+               if (!valid_workgroup) {
+                       wrong_conf = talloc_asprintf_append(wrong_conf,
+                               "\"workgroup\" set to '%s', should be '%s'",
+                               lp_workgroup(), r->out.netbios_domain_name);
+                       W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+               }
+
+               if (!valid_realm) {
+                       wrong_conf = talloc_asprintf_append(wrong_conf,
+                               "\"realm\" set to '%s', should be '%s'",
+                               lp_realm(), r->out.dns_domain_name);
+                       W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+               }
+
+               if (!valid_security) {
+                       const char *sec = NULL;
+                       switch (lp_security()) {
+                       case SEC_SHARE: sec = "share"; break;
+                       case SEC_USER:  sec = "user"; break;
+                       case SEC_DOMAIN: sec = "domain"; break;
+                       case SEC_ADS: sec = "ads"; break;
+                       }
+                       wrong_conf = talloc_asprintf_append(wrong_conf,
+                               "\"security\" set to '%s', should be %s",
+                               sec, r->out.domain_is_ad ?
+                               "either 'domain' or 'ads'" : "'domain'");
+                       W_ERROR_HAVE_NO_MEMORY(wrong_conf);
+               }
+
                libnet_join_set_error_string(mem_ctx, r,
-                       "Invalid configuration and configuration modification "
-                       "was not requested");
+                       "Invalid configuration (%s) and configuration modification "
+                       "was not requested", wrong_conf);
                return WERR_CAN_NOT_COMPLETE;
        }
 
index 46c17b219c931783e780275d06a4800549ceec41..990f6f6a6372f8b8781bc2216203ed6378576109 100644 (file)
@@ -401,4 +401,37 @@ cont:
        return entry;
 }
 
+/**
+ * Helper function to add data to the list
+ * of keytab entries. It builds the prefix from the input.
+ */
+NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx,
+                                            struct libnet_keytab_context *ctx,
+                                            uint32_t kvno,
+                                            const char *name,
+                                            const char *prefix,
+                                            const krb5_enctype enctype,
+                                            DATA_BLOB blob)
+{
+       struct libnet_keytab_entry entry;
+
+       entry.kvno = kvno;
+       entry.name = talloc_strdup(mem_ctx, name);
+       entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s",
+                                         prefix ? prefix : "",
+                                         prefix ? "/" : "",
+                                         name, ctx->dns_domain_name);
+       entry.enctype = enctype;
+       entry.password = blob;
+       NT_STATUS_HAVE_NO_MEMORY(entry.name);
+       NT_STATUS_HAVE_NO_MEMORY(entry.principal);
+       NT_STATUS_HAVE_NO_MEMORY(entry.password.data);
+
+       ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry,
+                    &ctx->entries, &ctx->count);
+       NT_STATUS_HAVE_NO_MEMORY(ctx->entries);
+
+       return NT_STATUS_OK;
+}
+
 #endif /* HAVE_KRB5 */
index 69a16c1c7d4380bcada5a686e985d633bd14ff75..9a193b724da6569beb25dde73194a501dbc48a7d 100644 (file)
@@ -55,6 +55,13 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c
                                                 const char *principal, int kvno,
                                                 const krb5_enctype enctype,
                                                 TALLOC_CTX *mem_ctx);
+NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx,
+                                            struct libnet_keytab_context *ctx,
+                                            uint32_t kvno,
+                                            const char *name,
+                                            const char *prefix,
+                                            const krb5_enctype enctype,
+                                            DATA_BLOB blob);
 #endif
 
 /* The following definitions come from libnet/libnet_samsync.c  */
index 00caf2b8c1f8487eb1c86958a11bf3f725354ec6..435181016992fb4e02c762c0c31bc5c9da1d871c 100644 (file)
@@ -282,47 +282,112 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx,
  * libnet_samsync
  */
 
-NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
-                       struct samsync_context *ctx)
+void libnet_init_netr_ChangeLogEntry(struct samsync_object *o,
+                                    struct netr_ChangeLogEntry *e)
+{
+       ZERO_STRUCTP(e);
+
+       e->db_index             = o->database_id;
+       e->delta_type           = o->object_type;
+
+       switch (e->delta_type) {
+               case NETR_DELTA_DOMAIN:
+               case NETR_DELTA_DELETE_GROUP:
+               case NETR_DELTA_RENAME_GROUP:
+               case NETR_DELTA_DELETE_USER:
+               case NETR_DELTA_RENAME_USER:
+               case NETR_DELTA_DELETE_ALIAS:
+               case NETR_DELTA_RENAME_ALIAS:
+               case NETR_DELTA_DELETE_TRUST:
+               case NETR_DELTA_DELETE_ACCOUNT:
+               case NETR_DELTA_DELETE_SECRET:
+               case NETR_DELTA_DELETE_GROUP2:
+               case NETR_DELTA_DELETE_USER2:
+               case NETR_DELTA_MODIFY_COUNT:
+                       break;
+               case NETR_DELTA_USER:
+               case NETR_DELTA_GROUP:
+               case NETR_DELTA_GROUP_MEMBER:
+               case NETR_DELTA_ALIAS:
+               case NETR_DELTA_ALIAS_MEMBER:
+                       e->object_rid = o->object_identifier.rid;
+                       break;
+               case NETR_DELTA_SECRET:
+                       e->object.object_name = o->object_identifier.name;
+                       e->flags = NETR_CHANGELOG_NAME_INCLUDED;
+                       break;
+               case NETR_DELTA_TRUSTED_DOMAIN:
+               case NETR_DELTA_ACCOUNT:
+               case NETR_DELTA_POLICY:
+                       e->object.object_sid = o->object_identifier.sid;
+                       e->flags = NETR_CHANGELOG_SID_INCLUDED;
+                       break;
+               default:
+                       break;
+       }
+}
+
+/**
+ * libnet_samsync_delta
+ */
+
+static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx,
+                                    enum netr_SamDatabaseID database_id,
+                                    uint64_t *sequence_num,
+                                    struct samsync_context *ctx,
+                                    struct netr_ChangeLogEntry *e)
 {
        NTSTATUS result;
-       TALLOC_CTX *mem_ctx;
+       NTSTATUS callback_status;
        const char *logon_server = ctx->cli->desthost;
        const char *computername = global_myname();
        struct netr_Authenticator credential;
        struct netr_Authenticator return_authenticator;
        uint16_t restart_state = 0;
        uint32_t sync_context = 0;
-       const char *debug_str;
        DATA_BLOB session_key;
 
        ZERO_STRUCT(return_authenticator);
 
-       if (!(mem_ctx = talloc_init("libnet_samsync"))) {
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id);
-       if (debug_str) {
-               d_fprintf(stderr, "%s\n", debug_str);
-       }
-
        do {
                struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
-               NTSTATUS callback_status;
 
                netlogon_creds_client_step(ctx->cli->dc, &credential);
 
-               result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx,
-                                                  logon_server,
-                                                  computername,
-                                                  &credential,
-                                                  &return_authenticator,
-                                                  database_id,
-                                                  restart_state,
-                                                  &sync_context,
-                                                  &delta_enum_array,
-                                                  0xffff);
+               if (ctx->single_object_replication &&
+                   !ctx->force_full_replication) {
+                       result = rpccli_netr_DatabaseRedo(ctx->cli, mem_ctx,
+                                                         logon_server,
+                                                         computername,
+                                                         &credential,
+                                                         &return_authenticator,
+                                                         *e,
+                                                         0,
+                                                         &delta_enum_array);
+               } else if (!ctx->force_full_replication &&
+                          sequence_num && (*sequence_num > 0)) {
+                       result = rpccli_netr_DatabaseDeltas(ctx->cli, mem_ctx,
+                                                           logon_server,
+                                                           computername,
+                                                           &credential,
+                                                           &return_authenticator,
+                                                           database_id,
+                                                           sequence_num,
+                                                           &delta_enum_array,
+                                                           0xffff);
+               } else {
+                       result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx,
+                                                          logon_server,
+                                                          computername,
+                                                          &credential,
+                                                          &return_authenticator,
+                                                          database_id,
+                                                          restart_state,
+                                                          &sync_context,
+                                                          &delta_enum_array,
+                                                          0xffff);
+               }
+
                if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
                        return result;
                }
@@ -346,9 +411,10 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
                                        delta_enum_array);
 
                /* Process results */
-               callback_status = ctx->delta_fn(mem_ctx, database_id,
-                                               delta_enum_array,
-                                               NT_STATUS_IS_OK(result), ctx);
+               callback_status = ctx->ops->process_objects(mem_ctx, database_id,
+                                                           delta_enum_array,
+                                                           sequence_num,
+                                                           ctx);
                if (!NT_STATUS_IS_OK(callback_status)) {
                        result = callback_status;
                        goto out;
@@ -362,14 +428,86 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
        } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
  out:
-       if (NT_STATUS_IS_ERR(result) && !ctx->error_message) {
+
+       return result;
+}
+
+/**
+ * libnet_samsync
+ */
+
+NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
+                       struct samsync_context *ctx)
+{
+       NTSTATUS status = NT_STATUS_OK;
+       NTSTATUS callback_status;
+       TALLOC_CTX *mem_ctx;
+       const char *debug_str;
+       uint64_t sequence_num = 0;
+       int i = 0;
+
+       if (!(mem_ctx = talloc_new(ctx))) {
+               return NT_STATUS_NO_MEMORY;
+       }
+
+       if (!ctx->ops) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (ctx->ops->startup) {
+               status = ctx->ops->startup(mem_ctx, ctx,
+                                          database_id, &sequence_num);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+       }
+
+       debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id);
+       if (debug_str) {
+               d_fprintf(stderr, "%s\n", debug_str);
+       }
+
+       if (!ctx->single_object_replication) {
+               status = libnet_samsync_delta(mem_ctx, database_id,
+                                             &sequence_num, ctx, NULL);
+               goto done;
+       }
+
+       for (i=0; i<ctx->num_objects; i++) {
+
+               struct netr_ChangeLogEntry e;
+
+               if (ctx->objects[i].database_id != database_id) {
+                       continue;
+               }
+
+               libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e);
+
+               status = libnet_samsync_delta(mem_ctx, database_id,
+                                             &sequence_num, ctx, &e);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+       }
+
+ done:
+
+       if (NT_STATUS_IS_OK(status) && ctx->ops->finish) {
+               callback_status = ctx->ops->finish(mem_ctx, ctx,
+                                                  database_id, sequence_num);
+               if (!NT_STATUS_IS_OK(callback_status)) {
+                       status = callback_status;
+               }
+       }
+
+       if (NT_STATUS_IS_ERR(status) && !ctx->error_message) {
 
                ctx->error_message = talloc_asprintf(ctx,
                        "Failed to fetch %s database: %s",
                        samsync_database_str(database_id),
-                       nt_errstr(result));
+                       nt_errstr(status));
 
-               if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) {
+               if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) {
 
                        ctx->error_message =
                                talloc_asprintf_append(ctx->error_message,
@@ -380,7 +518,7 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id,
 
        talloc_destroy(mem_ctx);
 
-       return result;
+       return status;
 }
 
 /**
index 1f10d2c1c063efad7fe9a68f8c281f114917111f..3a686a7f45581811a22bfb20a109c873ae4b9b9d 100644 (file)
@@ -27,11 +27,31 @@ enum net_samsync_mode {
 
 struct samsync_context;
 
-typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *,
-                                      enum netr_SamDatabaseID,
-                                      struct netr_DELTA_ENUM_ARRAY *,
-                                      bool,
-                                      struct samsync_context *);
+struct samsync_ops {
+       NTSTATUS (*startup)(TALLOC_CTX *mem_ctx,
+                           struct samsync_context *ctx,
+                           enum netr_SamDatabaseID id,
+                           uint64_t *sequence_num);
+       NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx,
+                                   enum netr_SamDatabaseID id,
+                                   struct netr_DELTA_ENUM_ARRAY *array,
+                                   uint64_t *sequence_num,
+                                   struct samsync_context *ctx);
+       NTSTATUS (*finish)(TALLOC_CTX *mem_ctx,
+                          struct samsync_context *ctx,
+                          enum netr_SamDatabaseID id,
+                          uint64_t sequence_num);
+};
+
+struct samsync_object {
+       uint16_t database_id;
+       uint16_t object_type;
+       union {
+               uint32_t rid;
+               const char *name;
+               struct dom_sid sid;
+       } object_identifier;
+};
 
 struct samsync_context {
        enum net_samsync_mode mode;
@@ -46,28 +66,21 @@ struct samsync_context {
        char *result_message;
        char *error_message;
 
+       bool single_object_replication;
+       bool force_full_replication;
+       bool clean_old_entries;
+
+       uint32_t num_objects;
+       struct samsync_object *objects;
+
        struct rpc_pipe_client *cli;
-       samsync_delta_fn_t delta_fn;
+
+       const struct samsync_ops *ops;
+
        void *private_data;
 };
 
-NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
-                               enum netr_SamDatabaseID database_id,
-                               struct netr_DELTA_ENUM_ARRAY *r,
-                               bool last_query,
-                               struct samsync_context *ctx);
-NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx,
-                          enum netr_SamDatabaseID database_id,
-                          struct netr_DELTA_ENUM_ARRAY *r,
-                          bool last_query,
-                          struct samsync_context *ctx);
-NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx,
-                            enum netr_SamDatabaseID database_id,
-                            struct netr_DELTA_ENUM_ARRAY *r,
-                            bool last_query,
-                            struct samsync_context *ctx);
-NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
-                                 enum netr_SamDatabaseID database_id,
-                                 struct netr_DELTA_ENUM_ARRAY *r,
-                                 bool last_query,
-                                 struct samsync_context *ctx);
+extern const struct samsync_ops libnet_samsync_ldif_ops;
+extern const struct samsync_ops libnet_samsync_keytab_ops;
+extern const struct samsync_ops libnet_samsync_display_ops;
+extern const struct samsync_ops libnet_samsync_passdb_ops;
index 1dd9a1add5d5cce63d4cc6afb9c9eeebca2724ad..c8d9ec6f096155b583e0ef55e9bb1780ed840b8b 100644 (file)
@@ -163,7 +163,6 @@ static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r)
 static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx,
                                  enum netr_SamDatabaseID database_id,
                                  struct netr_DELTA_ENUM *r,
-                                 bool last_query,
                                  struct samsync_context *ctx)
 {
        union netr_DELTA_UNION u = r->delta_union;
@@ -285,18 +284,22 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx,
        return NT_STATUS_OK;
 }
 
-NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx,
-                            enum netr_SamDatabaseID database_id,
-                            struct netr_DELTA_ENUM_ARRAY *r,
-                            bool last_query,
-                            struct samsync_context *ctx)
+static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx,
+                                   enum netr_SamDatabaseID database_id,
+                                   struct netr_DELTA_ENUM_ARRAY *r,
+                                   uint64_t *sequence_num,
+                                   struct samsync_context *ctx)
 {
        int i;
 
        for (i = 0; i < r->num_deltas; i++) {
                display_sam_entry(mem_ctx, database_id, &r->delta_enum[i],
-                                 last_query, ctx);
+                                 ctx);
        }
 
        return NT_STATUS_OK;
 }
+
+const struct samsync_ops libnet_samsync_display_ops = {
+       .process_objects        = display_sam_entries,
+};
index 4b0cc06d944762e0e6fdd430c90c9b227ede70af..cdb344604d8d33f4183c8e3528fecb72d4b392ed 100644 (file)
@@ -75,30 +75,28 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx,
                                       enum netr_SamDatabaseID database_id,
                                       uint32_t rid,
                                       struct netr_DELTA_USER *r,
-                                      bool last_query,
                                       struct libnet_keytab_context *ctx)
 {
-       struct libnet_keytab_entry entry;
+       NTSTATUS status;
+       uint32_t kvno = 0;
+       DATA_BLOB blob;
 
        if (memcmp(r->ntpassword.hash, ctx->zero_buf, 16) == 0) {
                return NT_STATUS_OK;
        }
 
-       entry.name = talloc_strdup(mem_ctx, r->account_name.string);
-       entry.principal = talloc_asprintf(mem_ctx, "%s@%s",
-                                         r->account_name.string,
-                                         ctx->dns_domain_name);
-       entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16);
-       entry.kvno = ads_get_kvno(ctx->ads, entry.name);
-       entry.enctype = ENCTYPE_NULL;
-
-       NT_STATUS_HAVE_NO_MEMORY(entry.name);
-       NT_STATUS_HAVE_NO_MEMORY(entry.principal);
-       NT_STATUS_HAVE_NO_MEMORY(entry.password.data);
-
+       kvno = ads_get_kvno(ctx->ads, r->account_name.string);
+       blob = data_blob_const(r->ntpassword.hash, 16);
 
-       ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry,
-                    &ctx->entries, &ctx->count);
+       status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx,
+                                                    kvno,
+                                                    r->account_name.string,
+                                                    NULL,
+                                                    ENCTYPE_ARCFOUR_HMAC,
+                                                    blob);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
 
        return NT_STATUS_OK;
 }
@@ -106,72 +104,163 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
-                                 enum netr_SamDatabaseID database_id,
-                                 struct netr_DELTA_ENUM_ARRAY *r,
-                                 bool last_query,
-                                 struct samsync_context *ctx)
+static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx,
+                           struct samsync_context *ctx,
+                           enum netr_SamDatabaseID database_id,
+                           uint64_t *sequence_num)
 {
-       NTSTATUS status = NT_STATUS_OK;
        krb5_error_code ret = 0;
-       static struct libnet_keytab_context *keytab_ctx = NULL;
-       int i;
-
-       if (!keytab_ctx) {
-               ret = libnet_keytab_init(mem_ctx, ctx->output_filename,
-                                        &keytab_ctx);
-               if (ret) {
-                       status = krb5_to_nt_status(ret);
-                       goto out;
-               }
+       NTSTATUS status;
+       struct libnet_keytab_context *keytab_ctx;
+       struct libnet_keytab_entry *entry;
+       uint64_t old_sequence_num = 0;
+       const char *principal = NULL;
+
+       ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx);
+       if (ret) {
+               return krb5_to_nt_status(ret);
        }
 
+       keytab_ctx->clean_old_entries = ctx->clean_old_entries;
+       ctx->private_data = keytab_ctx;
+
        status = keytab_ad_connect(mem_ctx,
                                   ctx->domain_name,
                                   ctx->username,
                                   ctx->password,
                                   keytab_ctx);
        if (!NT_STATUS_IS_OK(status)) {
-               goto out;
+               TALLOC_FREE(keytab_ctx);
+               return status;
        }
 
+       principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s",
+                                   keytab_ctx->dns_domain_name);
+       NT_STATUS_HAVE_NO_MEMORY(principal);
+
+       entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
+                                    mem_ctx);
+       if (entry && (entry->password.length == 8)) {
+               old_sequence_num = BVAL(entry->password.data, 0);
+       }
+
+       if (sequence_num) {
+               *sequence_num = old_sequence_num;
+       }
+
+       return status;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
+                                        enum netr_SamDatabaseID database_id,
+                                        struct netr_DELTA_ENUM_ARRAY *r,
+                                        uint64_t *sequence_num,
+                                        struct samsync_context *ctx)
+{
+       struct libnet_keytab_context *keytab_ctx =
+               (struct libnet_keytab_context *)ctx->private_data;
+
+       NTSTATUS status = NT_STATUS_OK;
+       int i;
+
        for (i = 0; i < r->num_deltas; i++) {
 
-               if (r->delta_enum[i].delta_type != NETR_DELTA_USER) {
+               switch (r->delta_enum[i].delta_type) {
+               case NETR_DELTA_USER:
+                       break;
+               case NETR_DELTA_DOMAIN:
+                       if (sequence_num) {
+                               *sequence_num =
+                                       r->delta_enum[i].delta_union.domain->sequence_num;
+                       }
+                       continue;
+               case NETR_DELTA_MODIFY_COUNT:
+                       if (sequence_num) {
+                               *sequence_num =
+                                       *r->delta_enum[i].delta_union.modified_count;
+                       }
+                       continue;
+               default:
                        continue;
                }
 
                status = fetch_sam_entry_keytab(mem_ctx, database_id,
                                                r->delta_enum[i].delta_id_union.rid,
                                                r->delta_enum[i].delta_union.user,
-                                               last_query,
                                                keytab_ctx);
                if (!NT_STATUS_IS_OK(status)) {
                        goto out;
                }
        }
+ out:
+       return status;
+}
 
-       if (last_query) {
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx,
+                            struct samsync_context *ctx,
+                            enum netr_SamDatabaseID database_id,
+                            uint64_t sequence_num)
+{
+       struct libnet_keytab_context *keytab_ctx =
+               (struct libnet_keytab_context *)ctx->private_data;
+       krb5_error_code ret;
+       NTSTATUS status;
+       struct libnet_keytab_entry *entry;
+       uint64_t old_sequence_num = 0;
+       const char *principal = NULL;
+
+       principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s",
+                                   keytab_ctx->dns_domain_name);
+       NT_STATUS_HAVE_NO_MEMORY(principal);
+
+
+       entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL,
+                                    mem_ctx);
+       if (entry && (entry->password.length == 8)) {
+               old_sequence_num = BVAL(entry->password.data, 0);
+       }
 
-               ret = libnet_keytab_add(keytab_ctx);
-               if (ret) {
-                       status = krb5_to_nt_status(ret);
-                       ctx->error_message = talloc_asprintf(mem_ctx,
-                               "Failed to add entries to keytab %s: %s",
-                               keytab_ctx->keytab_name, error_message(ret));
-                       goto out;
-               }
 
-               ctx->result_message = talloc_asprintf(mem_ctx,
-                       "Vampired %d accounts to keytab %s",
-                       keytab_ctx->count,
-                       keytab_ctx->keytab_name);
+       if (sequence_num > old_sequence_num) {
+               DATA_BLOB blob;
+               blob = data_blob_talloc_zero(mem_ctx, 8);
+               SBVAL(blob.data, 0, sequence_num);
+
+               status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx,
+                                                            0,
+                                                            "SEQUENCE_NUM",
+                                                            NULL,
+                                                            ENCTYPE_NULL,
+                                                            blob);
+               if (!NT_STATUS_IS_OK(status)) {
+                       goto done;
+               }
+       }
 
+       ret = libnet_keytab_add(keytab_ctx);
+       if (ret) {
+               status = krb5_to_nt_status(ret);
+               ctx->error_message = talloc_asprintf(ctx,
+                       "Failed to add entries to keytab %s: %s",
+                       keytab_ctx->keytab_name, error_message(ret));
                TALLOC_FREE(keytab_ctx);
+               return status;
        }
 
-       return NT_STATUS_OK;
- out:
+       ctx->result_message = talloc_asprintf(ctx,
+               "Vampired %d accounts to keytab %s",
+               keytab_ctx->count,
+               keytab_ctx->keytab_name);
+
+       status = NT_STATUS_OK;
+
+ done:
        TALLOC_FREE(keytab_ctx);
 
        return status;
@@ -179,13 +268,35 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
 
 #else
 
-NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
-                                 enum netr_SamDatabaseID database_id,
-                                 struct netr_DELTA_ENUM_ARRAY *r,
-                                 bool last_query,
-                                 struct samsync_context *ctx)
+static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx,
+                           struct samsync_context *ctx,
+                           enum netr_SamDatabaseID database_id,
+                           uint64_t *sequence_num)
+{
+       return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx,
+                                        enum netr_SamDatabaseID database_id,
+                                        struct netr_DELTA_ENUM_ARRAY *r,
+                                        uint64_t *sequence_num,
+                                        struct samsync_context *ctx)
+{
+       return NT_STATUS_NOT_SUPPORTED;
+}
+
+static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx,
+                            struct samsync_context *ctx,
+                            enum netr_SamDatabaseID database_id,
+                            uint64_t sequence_num)
 {
        return NT_STATUS_NOT_SUPPORTED;
 }
 
 #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */
+
+const struct samsync_ops libnet_samsync_keytab_ops = {
+       .startup                = init_keytab,
+       .process_objects        = fetch_sam_entries_keytab,
+       .finish                 = close_keytab
+};
index dd5380b6b84f20906d1f800343c974fa50041654..c72eadf03fe39130362acc0a14d7ba7a3512fa09 100644 (file)
 static uint32 ldif_gid = 999;
 static uint32 ldif_uid = 999;
 
+/* global counters */
+static uint32_t g_index = 0;
+static uint32_t a_index = 0;
+
 /* Structure for mapping accounts to groups */
 /* Array element is the group rid */
 typedef struct _groupmap {
@@ -1046,8 +1050,8 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx,
                                     enum netr_SamDatabaseID database_id,
                                     struct netr_DELTA_ENUM *r,
                                     struct samsync_context *ctx,
-                                    uint32_t *a_index,
-                                    uint32_t *g_index)
+                                    uint32_t *a_index_p,
+                                    uint32_t *g_index_p)
 {
        union netr_DELTA_UNION u = r->delta_union;
        union netr_DELTA_ID_UNION id = r->delta_id_union;
@@ -1061,34 +1065,34 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx,
                case NETR_DELTA_GROUP:
                        fetch_group_info_to_ldif(mem_ctx,
                                                 u.group,
-                                                &l->groupmap[*g_index],
+                                                &l->groupmap[*g_index_p],
                                                 l->add_file,
                                                 ctx->domain_sid_str,
                                                 l->suffix);
-                       (*g_index)++;
+                       (*g_index_p)++;
                        break;
 
                case NETR_DELTA_USER:
                        fetch_account_info_to_ldif(mem_ctx,
                                                   u.user,
                                                   l->groupmap,
-                                                  &l->accountmap[*a_index],
+                                                  &l->accountmap[*a_index_p],
                                                   l->add_file,
                                                   ctx->domain_sid_str,
                                                   l->suffix,
                                                   l->num_alloced);
-                       (*a_index)++;
+                       (*a_index_p)++;
                        break;
 
                case NETR_DELTA_ALIAS:
                        fetch_alias_info_to_ldif(mem_ctx,
                                                 u.alias,
-                                                &l->groupmap[*g_index],
+                                                &l->groupmap[*g_index_p],
                                                 l->add_file,
                                                 ctx->domain_sid_str,
                                                 l->suffix,
                                                 database_id);
-                       (*g_index)++;
+                       (*g_index_p)++;
                        break;
 
                case NETR_DELTA_GROUP_MEMBER:
@@ -1156,15 +1160,12 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx,
 /****************************************************************
 ****************************************************************/
 
-NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
-                               enum netr_SamDatabaseID database_id,
-                               struct netr_DELTA_ENUM_ARRAY *r,
-                               bool last_query,
-                               struct samsync_context *ctx)
+static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx,
+                         struct samsync_context *ctx,
+                         enum netr_SamDatabaseID database_id,
+                         uint64_t *sequence_num)
 {
        NTSTATUS status;
-       int i;
-       uint32_t g_index = 0, a_index = 0;
        struct samsync_ldif_context *ldif_ctx =
                (struct samsync_ldif_context *)ctx->private_data;
 
@@ -1174,11 +1175,28 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
                                   ctx->domain_sid_str,
                                   &ldif_ctx);
        if (!NT_STATUS_IS_OK(status)) {
-               goto failed;
+               return status;
        }
 
        ctx->private_data = ldif_ctx;
 
+       return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
+                                      enum netr_SamDatabaseID database_id,
+                                      struct netr_DELTA_ENUM_ARRAY *r,
+                                      uint64_t *sequence_num,
+                                      struct samsync_context *ctx)
+{
+       NTSTATUS status;
+       int i;
+       struct samsync_ldif_context *ldif_ctx =
+               (struct samsync_ldif_context *)ctx->private_data;
+
        status = ldif_realloc_maps(mem_ctx, ldif_ctx, r->num_deltas);
        if (!NT_STATUS_IS_OK(status)) {
                goto failed;
@@ -1193,18 +1211,6 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
                }
        }
 
-       /* This was the last query */
-       if (last_query) {
-               ldif_write_output(database_id, ldif_ctx);
-               if (ldif_ctx->ldif_file != stdout) {
-                       ctx->result_message = talloc_asprintf(mem_ctx,
-                               "Vampired %d accounts and %d groups to %s",
-                               a_index, g_index, ctx->output_filename);
-               }
-               ldif_free_context(ldif_ctx);
-               ctx->private_data = NULL;
-       }
-
        return NT_STATUS_OK;
 
  failed:
@@ -1214,15 +1220,62 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx,
        return status;
 }
 
+/****************************************************************
+****************************************************************/
+
+static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx,
+                          struct samsync_context *ctx,
+                          enum netr_SamDatabaseID database_id,
+                          uint64_t sequence_num)
+{
+       struct samsync_ldif_context *ldif_ctx =
+               (struct samsync_ldif_context *)ctx->private_data;
+
+       /* This was the last query */
+       ldif_write_output(database_id, ldif_ctx);
+       if (ldif_ctx->ldif_file != stdout) {
+               ctx->result_message = talloc_asprintf(ctx,
+                       "Vampired %d accounts and %d groups to %s",
+                       a_index, g_index, ctx->output_filename);
+       }
+
+