Jelmer Vernooij [Wed, 8 Dec 2004 22:02:49 +0000 (22:02 +0000)]
r4105: Fix IDL for QueryValue() and add a torture test for it.
Thanks to Michael Allen for some hints on what was wrong with the previous IDL.
Stefan Metzmacher [Wed, 8 Dec 2004 11:30:26 +0000 (11:30 +0000)]
r4102: more uint64 vs HYPER_T fixes
NOTE:
[u]int64 uses 4 Byte alignment
and HYPER_T uses 8 Byte alignment
metze
Andrew Tridgell [Wed, 8 Dec 2004 11:02:47 +0000 (11:02 +0000)]
r4101: ignore secondary session requests to cope with a OS/2 bug reported by
Guenter Kukkukk
Stefan Metzmacher [Wed, 8 Dec 2004 10:54:09 +0000 (10:54 +0000)]
r4100: fix drsuapi_DsReplicaObjMetaData2() idl
(many thanks to tridge for telling me that HYPER_T isn't the same as uint64!)
metze
Tim Potter [Wed, 8 Dec 2004 10:36:14 +0000 (10:36 +0000)]
r4099: Spelling fixes.
Andrew Tridgell [Wed, 8 Dec 2004 10:24:10 +0000 (10:24 +0000)]
r4098: catch null guid string so RPC-DRSUAPI works against my server
Stefan Metzmacher [Wed, 8 Dec 2004 10:13:45 +0000 (10:13 +0000)]
r4097: add missing file from last commit
sorry!:-)
metze
Stefan Metzmacher [Wed, 8 Dec 2004 08:21:35 +0000 (08:21 +0000)]
r4096: move the samdb code to source/dsdb/
the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...
I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
- understands naming contexts (directory parrtitions)
- do schema and acl checking checking
- maintain objectGUID, timestamps and USN number,
maybe linked attributes ('member' and 'memberOf' attributes)
- store metadata on a attribute=value combination...
metze
Andrew Tridgell [Wed, 8 Dec 2004 08:09:42 +0000 (08:09 +0000)]
r4095: smbsrv_terminate_connection() doesn't exit() in single processor mode, so after we
call it we need to return, and not continue processing packets
Stefan Metzmacher [Tue, 7 Dec 2004 12:20:28 +0000 (12:20 +0000)]
r4087: - add idl and torture tests for drsuapi_DsReplicaGetInfo()
(NOTE: that the drsuapi_DsReplicaObjMetaData2 struct is not corrently parsed yet
and there're some unknown fields left in someother infotypes)
metze
Stefan Metzmacher [Tue, 7 Dec 2004 09:26:00 +0000 (09:26 +0000)]
r4086: - make dcerpc_ndr_request_table_send() the default and rename it to just
dcerpc_ndr_request_send()
- this allows us to call dcerpc_log_packet() when we receive a packet we
can't parse correctly
metze
Stefan Metzmacher [Tue, 7 Dec 2004 09:21:13 +0000 (09:21 +0000)]
r4085: print out dcerpc_fault's as names
metze
Stefan Metzmacher [Tue, 7 Dec 2004 09:18:56 +0000 (09:18 +0000)]
r4084: add some more error codes
metze
Stefan Metzmacher [Mon, 6 Dec 2004 17:48:51 +0000 (17:48 +0000)]
r4082: support alter_context requests
metze
Stefan Metzmacher [Mon, 6 Dec 2004 17:44:33 +0000 (17:44 +0000)]
r4081: use clearer names
metze
Stefan Metzmacher [Mon, 6 Dec 2004 15:45:48 +0000 (15:45 +0000)]
r4080: missing file from the last commit
metze
Stefan Metzmacher [Mon, 6 Dec 2004 15:44:17 +0000 (15:44 +0000)]
r4079: implement the gensec_have_feature() correctly by asking
the backend what is actually in use
metze
Stefan Metzmacher [Mon, 6 Dec 2004 15:17:43 +0000 (15:17 +0000)]
r4078: use clearer names
metze
Stefan Metzmacher [Mon, 6 Dec 2004 15:14:42 +0000 (15:14 +0000)]
r4077: don't add wrapping to empty blobs
metze
Stefan Metzmacher [Mon, 6 Dec 2004 15:10:31 +0000 (15:10 +0000)]
r4076: fix compiler warning
metze
Stefan Metzmacher [Mon, 6 Dec 2004 11:10:15 +0000 (11:10 +0000)]
r4075: implement RemoteTOD server function
metze
Andrew Tridgell [Mon, 6 Dec 2004 07:13:50 +0000 (07:13 +0000)]
r4074: make the RAW-ACLS test use the new lsa helper functions to determine
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.
Andrew Tridgell [Mon, 6 Dec 2004 07:12:38 +0000 (07:12 +0000)]
r4073: - added a set of lsa helper routines to make lsa lookups that are
related to filesharing. For example, in order to manipulate ACLs
properly its important to be able to call LookupSids, and to be able
to lookup what privileges a SID has.
- added 3 new commands to smbclient "lookupname", "lookupsid" and
"privileges"
Andrew Tridgell [Mon, 6 Dec 2004 07:10:25 +0000 (07:10 +0000)]
r4072: - changed the names of some of the well known sids to be more consistent
- added string constants for the important privileges.
Andrew Tridgell [Mon, 6 Dec 2004 06:45:51 +0000 (06:45 +0000)]
r4071: - ldap does allow adding additional attribute values with a modify
operation, but not if the value already exists
- fixed syntax of test.ldif for ldap backend
Stefan Metzmacher [Sun, 5 Dec 2004 16:29:27 +0000 (16:29 +0000)]
r4070: move some defines from asn_1.h to the places they belong to
metze
Andrew Tridgell [Sun, 5 Dec 2004 11:13:14 +0000 (11:13 +0000)]
r4069: better error code for SMBwriteBMPX
Andrew Tridgell [Sun, 5 Dec 2004 07:59:42 +0000 (07:59 +0000)]
r4068: added LANMAN2.1 to list of supported protocols (for OS/2)
Andrew Tridgell [Sun, 5 Dec 2004 07:58:58 +0000 (07:58 +0000)]
r4067: no matches in findnext is not an error
Andrew Tridgell [Sun, 5 Dec 2004 07:53:57 +0000 (07:53 +0000)]
r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
Andrew Tridgell [Sun, 5 Dec 2004 07:43:38 +0000 (07:43 +0000)]
r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
Stefan Metzmacher [Sat, 4 Dec 2004 14:28:06 +0000 (14:28 +0000)]
r4064: use the same name for type on both ends
for long term we should remove all typedef's
metze
Stefan Metzmacher [Sat, 4 Dec 2004 13:56:25 +0000 (13:56 +0000)]
r4063: - change char * -> uint8_t in struct request_buffer
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)
all this fixes a lot of gcc-4 warnings
metze
Andrew Tridgell [Sat, 4 Dec 2004 12:42:40 +0000 (12:42 +0000)]
r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange
though - I expect we'll need to tweak that some more.
Andrew Tridgell [Sat, 4 Dec 2004 10:16:47 +0000 (10:16 +0000)]
r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
Andrew Tridgell [Sat, 4 Dec 2004 10:15:54 +0000 (10:15 +0000)]
r4060: removed an unused file
Andrew Tridgell [Sat, 4 Dec 2004 10:14:03 +0000 (10:14 +0000)]
r4059: moved the ldb -o option parsing to a common routine
Andrew Tridgell [Sat, 4 Dec 2004 09:30:38 +0000 (09:30 +0000)]
r4058: added a type safe version of smb_xmalloc()
Günther Deschner [Sat, 4 Dec 2004 00:14:47 +0000 (00:14 +0000)]
r4057: unknown5 represents the account policy "Users must logon to change
password".
Guenther
Andrew Tridgell [Fri, 3 Dec 2004 13:04:10 +0000 (13:04 +0000)]
r4056: modified the access check code based on results from RAW-ACLS
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS
yet, but its close.
Andrew Tridgell [Fri, 3 Dec 2004 07:20:30 +0000 (07:20 +0000)]
r4055: fixed more places to use type safe allocation macros
Andrew Tridgell [Fri, 3 Dec 2004 06:42:06 +0000 (06:42 +0000)]
r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()
Andrew Tridgell [Fri, 3 Dec 2004 06:25:56 +0000 (06:25 +0000)]
r4053: expanded and fixed a bug in the RAW-ACLS test
Andrew Tridgell [Fri, 3 Dec 2004 06:24:38 +0000 (06:24 +0000)]
r4052: fixed a bunch of code to use the type safe _p allocation macros
Andrew Tridgell [Fri, 3 Dec 2004 05:27:43 +0000 (05:27 +0000)]
r4051: use talloc_array() instead of talloc() when allocating arrays in auto-generated ndr code
Andrew Tridgell [Fri, 3 Dec 2004 05:24:09 +0000 (05:24 +0000)]
r4050: make sure we add objectClass and sAMAccountName
Andrew Tridgell [Fri, 3 Dec 2004 05:01:20 +0000 (05:01 +0000)]
r4049: a simple perl script to add a new user to Samba4 ldb
Andrew Tridgell [Fri, 3 Dec 2004 03:08:36 +0000 (03:08 +0000)]
r4048: a very simple howto for new developers to tell them how to build and install samba4
Stefan Metzmacher [Thu, 2 Dec 2004 18:32:48 +0000 (18:32 +0000)]
r4046: add more servicePrincipalName's for the dc account
metze
Stefan Metzmacher [Thu, 2 Dec 2004 18:27:08 +0000 (18:27 +0000)]
r4045: readd krb5 support defaulted to disable
use:
gensec:krb5=yes
gensec:ms_krb5=yes
to enable it
or -k on the client tools on the command line
metze
Stefan Metzmacher [Thu, 2 Dec 2004 18:15:39 +0000 (18:15 +0000)]
r4044: only send supportedMech when we also send other data
metze
Stefan Metzmacher [Thu, 2 Dec 2004 12:12:26 +0000 (12:12 +0000)]
r4042: fix segfault on server schannel connections
metze
Stefan Metzmacher [Thu, 2 Dec 2004 11:40:18 +0000 (11:40 +0000)]
r4041: fix cut-n-paste typo
metze
Stefan Metzmacher [Thu, 2 Dec 2004 10:35:25 +0000 (10:35 +0000)]
r4040: sorry today is not my day...
uint32 != uint8_t ...
metze
Andrew Tridgell [Thu, 2 Dec 2004 10:28:19 +0000 (10:28 +0000)]
r4039: added a test for an element > 128 bytes in length, to ensure we test
for sign extending errors in element length
Stefan Metzmacher [Thu, 2 Dec 2004 10:14:40 +0000 (10:14 +0000)]
r4038: fix sign/unsign bug I introduced in -r 4022
this caused new ldb record to be corrupt if the length was > 12b byte
thanks tridge for finding this
metze
Andrew Tridgell [Thu, 2 Dec 2004 04:51:56 +0000 (04:51 +0000)]
r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
Andrew Tridgell [Thu, 2 Dec 2004 04:38:41 +0000 (04:38 +0000)]
r4036: expanded the RAW-ACLS torture test to include tests for the
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
Andrew Tridgell [Thu, 2 Dec 2004 04:37:36 +0000 (04:37 +0000)]
r4035: more effort on consistent naming of the access mask bits.
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
Andrew Tridgell [Thu, 2 Dec 2004 04:34:11 +0000 (04:34 +0000)]
r4034: add a function security_descriptor_create() which can be used to
easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
Andrew Tridgell [Thu, 2 Dec 2004 04:31:08 +0000 (04:31 +0000)]
r4033: removed a pointless comment
Stefan Metzmacher [Wed, 1 Dec 2004 16:51:37 +0000 (16:51 +0000)]
r4027: add a useful function for debugging
metze
Andrew Tridgell [Wed, 1 Dec 2004 11:35:01 +0000 (11:35 +0000)]
r4026: added NT ACL checking on pvfs_open() for existing files. I need to
work out some way to do a decent test suite for this.
Andrew Tridgell [Wed, 1 Dec 2004 05:22:24 +0000 (05:22 +0000)]
r4025: added a sec_access_check() function for checking security descriptors
against a users security token and access_mask
Stefan Metzmacher [Tue, 30 Nov 2004 22:55:36 +0000 (22:55 +0000)]
r4022: fix compiler warnings
metze
Andrew Tridgell [Tue, 30 Nov 2004 05:45:37 +0000 (05:45 +0000)]
r4015: correct copyright attributions
Andrew Tridgell [Tue, 30 Nov 2004 05:41:21 +0000 (05:41 +0000)]
r4014: removed unused MacExtension.h header
Andrew Tridgell [Tue, 30 Nov 2004 05:37:57 +0000 (05:37 +0000)]
r4013: got rid of a bunch of unused or unmaintained code
- removed the clitar code. It is unmaintained, and a horribly badly done hack
- removed client.h as it contained mostly unused definitions
- removed the unused clidfs.c code
Andrew Tridgell [Tue, 30 Nov 2004 04:34:18 +0000 (04:34 +0000)]
r4012: split out the lsa lookup single name logic into a separate function
Andrew Tridgell [Tue, 30 Nov 2004 04:33:27 +0000 (04:33 +0000)]
r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
Andrew Tridgell [Tue, 30 Nov 2004 02:15:43 +0000 (02:15 +0000)]
r4010: fixed parsing of null attributes in the ldb ldif parser
Stefan Metzmacher [Mon, 29 Nov 2004 17:51:13 +0000 (17:51 +0000)]
r4003: run successful against a nt4 sp6 pdc with one nt4 sp6 trust and a w2k3 trust
metze
Stefan Metzmacher [Mon, 29 Nov 2004 14:59:33 +0000 (14:59 +0000)]
r4002: NT 4.0 sp6a can't do schannel 128
metze
Stefan Metzmacher [Mon, 29 Nov 2004 14:46:17 +0000 (14:46 +0000)]
r4001: fix segfault fix auth failed
metze
Stefan Metzmacher [Mon, 29 Nov 2004 12:01:46 +0000 (12:01 +0000)]
r4000: DATA_BLOB.data is uint8_t * not void * :-)
(thanks abartlet for telling me)
metze
Stefan Metzmacher [Mon, 29 Nov 2004 11:13:56 +0000 (11:13 +0000)]
r3999: - reply with the same DsBindInfo blob as w2k3 in the server function
- add idl for drsuapi_DsReplicaSync() not yet complete
- just return WERR_OK for the drsuapi_DsReplicaSync() server function
metze
Stefan Metzmacher [Mon, 29 Nov 2004 11:08:15 +0000 (11:08 +0000)]
r3998: allow const arrays (see next commit to drsuapi.idl)
metze
Stefan Metzmacher [Mon, 29 Nov 2004 11:04:36 +0000 (11:04 +0000)]
r3997: fix STR_CHARLEN pull case
metze
Stefan Metzmacher [Mon, 29 Nov 2004 10:54:52 +0000 (10:54 +0000)]
r3996: add some comments
metze
Andrew Tridgell [Mon, 29 Nov 2004 06:42:02 +0000 (06:42 +0000)]
r3995: improved the default ACL mapping from unix perms
Andrew Tridgell [Mon, 29 Nov 2004 06:19:50 +0000 (06:19 +0000)]
r3994: - removed the unused reference count code in lsa server
- fixed the sid_index field in lsa LookupSids and LookupNames
Andrew Tridgell [Mon, 29 Nov 2004 06:18:58 +0000 (06:18 +0000)]
r3993: use distinctive fnums in the ipc backend, to make monitoring sniffs easier
Andrew Tridgell [Mon, 29 Nov 2004 04:24:50 +0000 (04:24 +0000)]
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping
Andrew Tridgell [Mon, 29 Nov 2004 03:23:31 +0000 (03:23 +0000)]
r3991: for uid->sid and gid->sid to be efficient we need to index on unixID
and unixName in samdb.
Andrew Tridgell [Mon, 29 Nov 2004 03:22:44 +0000 (03:22 +0000)]
r3990: take advantage of the uid->sid and gid->sid code to create a much
better default NT ACL in pvfs
Andrew Tridgell [Mon, 29 Nov 2004 03:21:46 +0000 (03:21 +0000)]
r3989: added a linear algorithmic mapping for uid->sid and gid->sid within
our local domain. Note that this linear mapping does not suffer from
the "foreign sid" problems of the linear mappings we have previously
rejected for the sid->uid problem.
the mapping allows for 1 billion automatically allocated users or
groups for the local domain.
Andrew Tridgell [Mon, 29 Nov 2004 03:19:28 +0000 (03:19 +0000)]
r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child talloc
relationship
Stefan Metzmacher [Sat, 27 Nov 2004 15:10:57 +0000 (15:10 +0000)]
r3984: success full parse the repsFrom/repsTo LDAP fields
metze
Andrew Tridgell [Sat, 27 Nov 2004 00:28:03 +0000 (00:28 +0000)]
r3983: posix:fakeoplocks should default to False, not True !
Andrew Tridgell [Sat, 27 Nov 2004 00:24:36 +0000 (00:24 +0000)]
r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
Günther Deschner [Fri, 26 Nov 2004 16:50:29 +0000 (16:50 +0000)]
r3981: Use correct access-mask when querying aliases.
Guenther
Andrew Tridgell [Fri, 26 Nov 2004 13:02:58 +0000 (13:02 +0000)]
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()
Andrew Tridgell [Fri, 26 Nov 2004 12:30:39 +0000 (12:30 +0000)]
r3979: added server side code for lsa_LookupSids2() and fixed authority_name
return code to include our own domain.
editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes
Andrew Tridgell [Fri, 26 Nov 2004 06:33:38 +0000 (06:33 +0000)]
r3978: added IDL and test code for lsa_LookupSids2() and lsa_LookupNames2()
Andrew Tridgell [Fri, 26 Nov 2004 05:58:03 +0000 (05:58 +0000)]
r3977: fixed the lmPwdHash change in the rpc server (we were not fetching the
lm hash from the samdb, and thus not checking the verifier)
fixed the client side to calculate the lm verifier based on the nt
hash, not the lm hash (confirmed using w2k3)
Andrew Tridgell [Thu, 25 Nov 2004 23:05:43 +0000 (23:05 +0000)]
r3976: changed NBENCH to use the same recording method as the latest dbench,
where the warmup phase continues until all clients have done some file
IO. This gives more repeatable results when under high load
Andrew Tridgell [Thu, 25 Nov 2004 21:01:54 +0000 (21:01 +0000)]
r3975: added LFN filesystem attribute bit definition from ethereal
apologies for not committing this earlier
Stefan Metzmacher [Thu, 25 Nov 2004 20:03:46 +0000 (20:03 +0000)]
r3972: use GUID_* naming context and move GUID_* functions to one place
metze
Stefan Metzmacher [Thu, 25 Nov 2004 20:01:47 +0000 (20:01 +0000)]
r3971: fix compiler warnings
metze
Stefan Metzmacher [Thu, 25 Nov 2004 19:59:08 +0000 (19:59 +0000)]
r3970: fix compiler warning
metze