samba.git
8 years agos4-smbtorture: allow to test returned type after specific error code in PrinterData...
Günther Deschner [Wed, 10 Nov 2010 09:19:01 +0000 (10:19 +0100)]
s4-smbtorture: allow to test returned type after specific error code in PrinterData tests.

Guenther

8 years agos3/time_audit: fix a change that was just for debuggin purposeѕ
Björn Jacke [Wed, 10 Nov 2010 11:39:41 +0000 (12:39 +0100)]
s3/time_audit: fix a change that was just for debuggin purposeѕ

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Wed Nov 10 12:28:41 UTC 2010 on sn-devel-104

8 years agos4-pyldb: Handle internal errors in py_ldb_contains() properly
Kamen Mazdrashki [Mon, 8 Nov 2010 22:21:57 +0000 (00:21 +0200)]
s4-pyldb: Handle internal errors in py_ldb_contains() properly

It is an exceptional condition for ldb_search() to return
more than one results during SCOPE_BASE search on DN

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Wed Nov 10 09:02:00 UTC 2010 on sn-devel-104

8 years agos4-pydsdb: py_dsdb_am_rodc() may call samdb_rodc() only once to get the job done :)
Kamen Mazdrashki [Mon, 8 Nov 2010 21:57:31 +0000 (23:57 +0200)]
s4-pydsdb: py_dsdb_am_rodc() may call samdb_rodc() only once to get the job done :)

8 years agos4-pydsdb: py_dsdb_load_partition_usn() - simplify error handling in
Kamen Mazdrashki [Mon, 8 Nov 2010 21:50:23 +0000 (23:50 +0200)]
s4-pydsdb: py_dsdb_load_partition_usn() - simplify error handling in

and print on which partition error has occured

8 years agos4-pydsdb-py_samdb_ntds_objectGUID(): Avoid potential memory leak
Kamen Mazdrashki [Mon, 8 Nov 2010 21:40:14 +0000 (23:40 +0200)]
s4-pydsdb-py_samdb_ntds_objectGUID(): Avoid potential memory leak

in case py_ldb is not a valid LDB

8 years agos4-pydsdb-py_dsdb_get_oid_from_attid(): Avoid potential memory leak
Kamen Mazdrashki [Mon, 8 Nov 2010 21:36:09 +0000 (23:36 +0200)]
s4-pydsdb-py_dsdb_get_oid_from_attid(): Avoid potential memory leak

in case py_ldb is not a valid LDB

8 years agos4-pydsdb.c: Fix small memory leak in py_samdb_set_domain_sid()
Kamen Mazdrashki [Mon, 8 Nov 2010 21:09:44 +0000 (23:09 +0200)]
s4-pydsdb.c: Fix small memory leak in py_samdb_set_domain_sid()

8 years agos4/syntax: Add tests for DN+String and DN+Binary
Anatoliy Atanasov [Tue, 9 Nov 2010 20:58:39 +0000 (22:58 +0200)]
s4/syntax: Add tests for DN+String and DN+Binary

These tests aim to verify the behavior for 2.5.5.7 and 2.5.5.14 syntaxes.

Autobuild-User: Anatoliy Atanasov <anatoliy@samba.org>
Autobuild-Date: Wed Nov 10 06:57:04 UTC 2010 on sn-devel-104

8 years agoFix memleak I accidently introduced when reading from tdb.
Jeremy Allison [Wed, 10 Nov 2010 00:55:43 +0000 (16:55 -0800)]
Fix memleak I accidently introduced when reading from tdb.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 10 01:56:21 UTC 2010 on sn-devel-104

8 years agoFix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new...
Jeremy Allison [Tue, 9 Nov 2010 23:07:49 +0000 (15:07 -0800)]
Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC

Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.

Jeremy.

8 years agoEnsure we check the return from make_user_info before dereferencing the value returne...
Jeremy Allison [Tue, 9 Nov 2010 21:24:03 +0000 (13:24 -0800)]
Ensure we check the return from make_user_info before dereferencing the value returned by it.

Jeremy.

8 years agoRemove fstring from map_username. Create a more sane interface than the called-parame...
Jeremy Allison [Tue, 9 Nov 2010 20:07:25 +0000 (12:07 -0800)]
Remove fstring from map_username. Create a more sane interface than the called-parameter-is-modified.

Jeremy.

8 years agos3/vfs_time_audit: use monotonic clock for time deltas
Björn Jacke [Tue, 9 Nov 2010 23:40:29 +0000 (00:40 +0100)]
s3/vfs_time_audit: use monotonic clock for time deltas

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Wed Nov 10 01:13:22 UTC 2010 on sn-devel-104

8 years agos4: point to the wiki howto for s4
Andrew Tridgell [Tue, 9 Nov 2010 22:57:25 +0000 (09:57 +1100)]
s4: point to the wiki howto for s4

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov  9 23:38:28 UTC 2010 on sn-devel-104

8 years agos4-join: raise mininum password length to 32 in new join code
Andrew Tridgell [Tue, 9 Nov 2010 22:14:57 +0000 (09:14 +1100)]
s4-join: raise mininum password length to 32 in new join code

8 years agos4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()
Stefan Metzmacher [Tue, 9 Nov 2010 18:50:40 +0000 (19:50 +0100)]
s4:dsdb/operational.c: use DSDB_SECRET_ATTRIBUTES_EX()

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov  9 22:43:44 UTC 2010 on sn-devel-104

8 years agos4:dsdb/common: add DSDB_SECRET_ATTRIBUTES_EX()
Stefan Metzmacher [Tue, 9 Nov 2010 21:22:40 +0000 (22:22 +0100)]
s4:dsdb/common: add DSDB_SECRET_ATTRIBUTES_EX()

metze

8 years agos4:dsdb/local_password: use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:50:17 +0000 (19:50 +0100)]
s4:dsdb/local_password: use DSDB_SECRET_ATTRIBUTES

metze

8 years agos4:dsdb/schema/schema_filtered.c: make never_in_filtered_attrs static const
Stefan Metzmacher [Tue, 9 Nov 2010 18:49:29 +0000 (19:49 +0100)]
s4:dsdb/schema/schema_filtered.c: make never_in_filtered_attrs static const

metze

8 years agos4:dsdb/schema/schema_filtered.c: use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:48:55 +0000 (19:48 +0100)]
s4:dsdb/schema/schema_filtered.c: use DSDB_SECRET_ATTRIBUTES

metze

8 years agos4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we don't...
Stefan Metzmacher [Tue, 9 Nov 2010 18:53:45 +0000 (19:53 +0100)]
s4:rpc_server/drsuapi: don't ask for constructed "distinguishedName" if we don't use it

metze

8 years agos4:rpc_server/drsuapi: make msg_attrs static const
Stefan Metzmacher [Tue, 9 Nov 2010 18:52:49 +0000 (19:52 +0100)]
s4:rpc_server/drsuapi: make msg_attrs static const

metze

8 years agos4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use DSDB_SECRET_ATTRIBUTES
Stefan Metzmacher [Tue, 9 Nov 2010 18:45:31 +0000 (19:45 +0100)]
s4:rpc_server/drsuapi: let dcesrv_drsuapi_DsGetNCChanges() use DSDB_SECRET_ATTRIBUTES

We should replicate all secret attributes back to other DCs.

metze

8 years agos4:dsdb/common: create a DSDB_SECRET_ATTRIBUTES define with all secret attributes
Stefan Metzmacher [Tue, 9 Nov 2010 18:44:12 +0000 (19:44 +0100)]
s4:dsdb/common: create a DSDB_SECRET_ATTRIBUTES define with all secret attributes

We should have them just in one place, so that we don't forget some of them.

metze

8 years agos3: Quieten a bogus error message
Volker Lendecke [Tue, 9 Nov 2010 19:29:17 +0000 (20:29 +0100)]
s3: Quieten a bogus error message

This happens if you set "auth methods = winbind" without a fallback method.

The return NT_STATUS_LOGON_FAILURE; is not strictly require here, because we
fall through to the equivalent statement a few lines down, but it makes the
code a bit clearer IMO.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 20:15:59 UTC 2010 on sn-devel-104

8 years agos3: Package autorid module
Volker Lendecke [Tue, 9 Nov 2010 15:38:27 +0000 (08:38 -0700)]
s3: Package autorid module

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 16:21:48 UTC 2010 on sn-devel-104

8 years agoraw.h is only needed in the S4 build
Volker Lendecke [Tue, 9 Nov 2010 14:06:48 +0000 (15:06 +0100)]
raw.h is only needed in the S4 build

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov  9 14:49:14 UTC 2010 on sn-devel-104

8 years agos4:provision_self_join.ldif - the object SID in AD is called "objectSid"
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:27:57 +0000 (13:27 +0100)]
s4:provision_self_join.ldif - the object SID in AD is called "objectSid"

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov  9 13:18:29 UTC 2010 on sn-devel-104

8 years agos4:provision.py - strip trailing whitespaces
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:25:12 +0000 (13:25 +0100)]
s4:provision.py - strip trailing whitespaces

8 years agos4:provision - switch to "clearTextPassword" for setting passwords
Matthias Dieter Wallnöfer [Tue, 9 Nov 2010 12:22:00 +0000 (13:22 +0100)]
s4:provision - switch to "clearTextPassword" for setting passwords

This is the default password set/change attribute for s4 specific purposes
(otherwise in respect to Windows it's "unicodePwd"). We move away from
"userPassword" since on Windows it's not activated by default - and s4 will
follow soon.

8 years agos4-test: make sure the selftest prefix exists
Andrew Tridgell [Mon, 8 Nov 2010 23:22:48 +0000 (10:22 +1100)]
s4-test: make sure the selftest prefix exists

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov  9 00:05:22 UTC 2010 on sn-devel-104

8 years agos4-drs: reduce verbosity of dreplsrv_out_connection_attach
Andrew Tridgell [Mon, 8 Nov 2010 23:05:49 +0000 (10:05 +1100)]
s4-drs: reduce verbosity of dreplsrv_out_connection_attach

8 years agoheimdal: fixed a shadowed variable warning for error_message
Andrew Tridgell [Mon, 8 Nov 2010 21:51:20 +0000 (08:51 +1100)]
heimdal: fixed a shadowed variable warning for error_message

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-attid: Uppercase ATTID type constants
Kamen Mazdrashki [Mon, 8 Nov 2010 14:27:22 +0000 (16:27 +0200)]
s4-attid: Uppercase ATTID type constants

Thanks Metze for noting this!

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Mon Nov  8 23:06:41 UTC 2010 on sn-devel-104

8 years agos4-test: Initial implementation for Schema replication black box test
Kamen Mazdrashki [Sun, 7 Nov 2010 02:41:50 +0000 (04:41 +0200)]
s4-test: Initial implementation for Schema replication black box test

8 years agoSecond part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd...
Jeremy Allison [Mon, 8 Nov 2010 21:41:34 +0000 (13:41 -0800)]
Second part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.

Ensure we return after calling passdb for SID lookups for which we are
authoritative.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov  8 22:24:34 UTC 2010 on sn-devel-104

8 years agoEnsure we always have a mapped group for "Domain Users".
Jeremy Allison [Mon, 8 Nov 2010 21:39:51 +0000 (13:39 -0800)]
Ensure we always have a mapped group for "Domain Users".
Needed for DC tests to pass with bugfix for bug #7777.

Jeremy.

8 years agoFirst part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd...
Jeremy Allison [Mon, 8 Nov 2010 21:38:13 +0000 (13:38 -0800)]
First part of fix for bug #7777 - When requesting lookups for BUILTIN sids, winbindd allocates new uids/gids in error.

Ensure idmap_init_passdb_domain() correctly initialized the default
domain first.

Jeremy.

8 years agos3/configure: fix typo and warning
Björn Jacke [Mon, 8 Nov 2010 20:14:44 +0000 (21:14 +0100)]
s3/configure: fix typo and warning

Autobuild-User: Björn Jacke <bjacke@samba.org>
Autobuild-Date: Mon Nov  8 20:58:20 UTC 2010 on sn-devel-104

8 years agos4:password_hash LDB module - introduce a "userPassword" flag which enables/disables...
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 14:42:29 +0000 (15:42 +0100)]
s4:password_hash LDB module - introduce a "userPassword" flag which enables/disables the two "userPassword" behaviours

- Enabled: "userPassword" password change behaviour (will later be linked to the
  "dSHeuristics")
- Disabled: "userPassword" plain attribute behaviour (default)

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 15:28:06 UTC 2010 on sn-devel-104

8 years agos4:pyldb.c - fix "py_ldb_contains" according to the comment by Jelmer
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 14:24:41 +0000 (15:24 +0100)]
s4:pyldb.c - fix "py_ldb_contains" according to the comment by Jelmer

8 years agos3-waf: add idmap_autorid to the build.
Günther Deschner [Mon, 8 Nov 2010 13:34:51 +0000 (14:34 +0100)]
s3-waf: add idmap_autorid to the build.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Nov  8 14:17:27 UTC 2010 on sn-devel-104

8 years agos3: Fix an uninitialized variable
Volker Lendecke [Mon, 8 Nov 2010 11:59:59 +0000 (12:59 +0100)]
s3: Fix an uninitialized variable

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Nov  8 13:22:06 UTC 2010 on sn-devel-104

8 years agos3: Build idmap_autorid by default
Volker Lendecke [Mon, 8 Nov 2010 11:54:49 +0000 (12:54 +0100)]
s3: Build idmap_autorid by default

8 years agos3:idmap: add a new ID mapping module autorid
Christian Ambach [Wed, 7 Jul 2010 10:35:36 +0000 (12:35 +0200)]
s3:idmap: add a new ID mapping module autorid

This is an initial implementation of the idmap_autorid module.
It works similar to the idmap_rid module but requires less
configuration. It will automatically pick ranges for each domain,
so you do not have to bother any more about adding an idmap
configuration for all of the domains in the forest.

This is very easy to use and to configure and much more
deterministic and faster than idmap_tdb, the typical choice
of Samba users up to now.

8 years agos3:winbind add wcache_tdc_fetch_domainbysid
Christian Ambach [Fri, 29 Oct 2010 13:53:20 +0000 (15:53 +0200)]
s3:winbind add wcache_tdc_fetch_domainbysid

add a function to lookup a domain in the winbind cache by domain SID

8 years agos3: Put some parentheses around conditionals
Volker Lendecke [Mon, 8 Nov 2010 10:55:07 +0000 (11:55 +0100)]
s3: Put some parentheses around conditionals

8 years agos3: Consistently use stdbool types in new code
Volker Lendecke [Mon, 8 Nov 2010 10:50:51 +0000 (11:50 +0100)]
s3: Consistently use stdbool types in new code

8 years agos3:winbind add timeouts to winbind cache
Christian Ambach [Thu, 4 Nov 2010 16:10:25 +0000 (17:10 +0100)]
s3:winbind add timeouts to winbind cache

This adds a timeout value to cache entries and the NDR records
in the winbind cache.

The previous approach of just comparing the sequence number has some issues,
e.g. when retrying a wbinfo -n operation for a user in a not yet trusted
domain was always failing even after the trusted domain was added.

The new approach compares sequence number and timeout value to
determine if a cache entry is still valid or not.

I increased the cache version number so an old cache will be wiped
automatically after upgrade.

8 years agos4:passwords.py - test empty password attributes behaviour
Matthias Dieter Wallnöfer [Mon, 1 Nov 2010 18:54:07 +0000 (19:54 +0100)]
s4:passwords.py - test empty password attributes behaviour

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 12:09:56 UTC 2010 on sn-devel-104

8 years agos4:password_hash LDB module - deleting password attributes is a little more complicated
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 10:33:53 +0000 (11:33 +0100)]
s4:password_hash LDB module - deleting password attributes is a little more complicated

8 years agos4:samdb_msg_find_old_and_new_ldb_val - rework
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:08:19 +0000 (22:08 +0100)]
s4:samdb_msg_find_old_and_new_ldb_val - rework

- don't crash when no values where specified
- return ERR_CONSTRAINT_VIOLATION on malformed messages
- only check for flags when we are involved in a LDB modify operation

8 years agos4:password_hash LDB module - clear the fact that a delete of password attributes...
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 10:31:16 +0000 (11:31 +0100)]
s4:password_hash LDB module - clear the fact that a delete of password attributes isn't possible

8 years agos4:acl LDB module - define the delete passwords special case a bit better
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:37:39 +0000 (22:37 +0100)]
s4:acl LDB module - define the delete passwords special case a bit better

8 years agos4:passwords.py - add another two failure cases
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 21:35:29 +0000 (22:35 +0100)]
s4:passwords.py - add another two failure cases

8 years agoldb:pyldb.c - "py_ldb_msg_element_get" - here we can safely use "unsigned int" for...
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:50:25 +0000 (17:50 +0100)]
ldb:pyldb.c - "py_ldb_msg_element_get" - here we can safely use "unsigned int" for the element reference

We don't make use of "Py_List*" calls

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 11:21:27 UTC 2010 on sn-devel-104

8 years agoldb:pyldb.c - "py_ldb_contains" - return only "0" not found, "1" found, "-1" error
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:49:18 +0000 (17:49 +0100)]
ldb:pyldb.c - "py_ldb_contains" - return only "0" not found, "1" found, "-1" error

8 years agoldb:pyldb.c - most of the times "time_t" is defined as "long int"
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:29:27 +0000 (16:29 +0100)]
ldb:pyldb.c - most of the times "time_t" is defined as "long int"

Therefore use a signed long int for conversions.

http://stackoverflow.com/questions/471248/what-is-ultimately-a-time-t-typedef-to

8 years agoldb:pyldb.c - fix some "Py_ssize_t" output warnings
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 17:03:22 +0000 (18:03 +0100)]
ldb:pyldb.c - fix some "Py_ssize_t" output warnings

8 years agoldb:pyldb.c - use "Py_ssize_t" for counting list entries
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:48:39 +0000 (17:48 +0100)]
ldb:pyldb.c - use "Py_ssize_t" for counting list entries

This seems to be the most appopriate type

8 years agoldb:pyldb.c - fix indentation
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:29:06 +0000 (16:29 +0100)]
ldb:pyldb.c - fix indentation

8 years agos4:pydsdb.c - use "Py_ssize_t" for Python list counters
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 15:28:33 +0000 (16:28 +0100)]
s4:pydsdb.c - use "Py_ssize_t" for Python list counters

Seems to be the most appropriate type

8 years agos4:pydsdb.c - introduce Python 2.4 compatibility defines
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 16:54:36 +0000 (17:54 +0100)]
s4:pydsdb.c - introduce Python 2.4 compatibility defines

8 years agos4:objectguid/repl_meta_data LDB module - deny "objectGUID" updates
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 09:16:45 +0000 (10:16 +0100)]
s4:objectguid/repl_meta_data LDB module - deny "objectGUID" updates

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov  8 10:36:50 UTC 2010 on sn-devel-104

8 years agos4:objectclass LDB module - no idea why we'd need the "objectGUID" here
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 09:26:02 +0000 (10:26 +0100)]
s4:objectclass LDB module - no idea why we'd need the "objectGUID" here

8 years agos4:objectguid LDB module - make use of "dsdb_next_callback"
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 09:31:49 +0000 (10:31 +0100)]
s4:objectguid LDB module - make use of "dsdb_next_callback"

8 years agos4:drsuapi RPC server - writespn.c - fix indentations
Matthias Dieter Wallnöfer [Mon, 8 Nov 2010 08:58:59 +0000 (09:58 +0100)]
s4:drsuapi RPC server - writespn.c - fix indentations

8 years agos4-drs: allow bypass of writespn checking for some SPNs
Andrew Tridgell [Mon, 8 Nov 2010 08:01:36 +0000 (19:01 +1100)]
s4-drs: allow bypass of writespn checking for some SPNs

this allows accounts (and in particular RODCs) to make SPN updates on
their own account if they take the form SERVICE/hostname

we may be able to remove this in the future after some changes in our
ACL checking for userPrincipalName

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 08:45:16 UTC 2010 on sn-devel-104

8 years agoheimdal Add clock-skew handling to DCE-style GSSAPI
Andrew Bartlett [Mon, 8 Nov 2010 06:38:38 +0000 (17:38 +1100)]
heimdal Add clock-skew handling to DCE-style GSSAPI

The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style.  This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.

Andrew Bartlett

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 07:58:09 UTC 2010 on sn-devel-104

8 years agos4-auth Supply more useful error messages on Kerberos failure
Andrew Bartlett [Mon, 8 Nov 2010 05:55:17 +0000 (16:55 +1100)]
s4-auth Supply more useful error messages on Kerberos failure

The practice of returning only NT_STATUS_INVALID_PARAMETER hasn't
helped our users to debug problems effectivly, and so we now return
more errors and try and give a more useful debug message when then
happen.

Andrew Bartlett

8 years agos4-auth Fix typos in samba4 auth code
Brad Hards [Mon, 8 Nov 2010 01:15:50 +0000 (12:15 +1100)]
s4-auth Fix typos in samba4 auth code

8 years agos4-dsdb Explain why we may not use the GC name in some situations.
Andrew Bartlett [Mon, 8 Nov 2010 01:13:32 +0000 (12:13 +1100)]
s4-dsdb Explain why we may not use the GC name in some situations.

This delicate balance caused us a bit of a puzzle when we could not work
out why an DC join failed with the new python scripts.

Andrew Bartlett

8 years agos4-selftest fix indentation
Andrew Bartlett [Sat, 6 Nov 2010 02:48:31 +0000 (13:48 +1100)]
s4-selftest fix indentation

8 years agos4-repl: fixed replication notifications to RODCs
Andrew Tridgell [Mon, 8 Nov 2010 06:14:09 +0000 (17:14 +1100)]
s4-repl: fixed replication notifications to RODCs

We need a separate source dsa list for RODCs, as they are not in the
repsFrom for our partitions, but are in the repsTo. This adds a new
'notifies' list, which contains all the source dsas for the DCs that
we should send notifies to, but which we don't replicate from

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 06:57:43 UTC 2010 on sn-devel-104

8 years agofix
Andrew Tridgell [Mon, 8 Nov 2010 06:13:12 +0000 (17:13 +1100)]
fix

8 years agos4-debug: lowered the debug level of some unimportant messages
Andrew Tridgell [Mon, 8 Nov 2010 05:02:21 +0000 (16:02 +1100)]
s4-debug: lowered the debug level of some unimportant messages

8 years agos4-ldb: don't give an error if a module is already registered
Andrew Tridgell [Mon, 8 Nov 2010 04:46:09 +0000 (15:46 +1100)]
s4-ldb: don't give an error if a module is already registered

this can happen when both the build and install paths are used to load
ldb modules

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 05:28:14 UTC 2010 on sn-devel-104

8 years agowaf: go back to the previous method of handling .inst. rules
Andrew Tridgell [Mon, 8 Nov 2010 04:45:18 +0000 (15:45 +1100)]
waf: go back to the previous method of handling .inst. rules

the change broke the library linkages for some library, as spotted by
Brad

8 years agowaf: fixed the names of the installed libraries after the last change
Andrew Tridgell [Mon, 8 Nov 2010 01:47:09 +0000 (12:47 +1100)]
waf: fixed the names of the installed libraries after the last change

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 02:31:18 UTC 2010 on sn-devel-104

8 years agos4-dns: ensure we get the right case on the grant rule for administrator
Andrew Tridgell [Mon, 8 Nov 2010 00:55:02 +0000 (11:55 +1100)]
s4-dns: ensure we get the right case on the grant rule for administrator

it may be 'Administrator' in the database, and bind match rules are
case sensitive

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 01:41:43 UTC 2010 on sn-devel-104

8 years agowaf: fixed tabs/spaces for python3.0
Andrew Tridgell [Mon, 8 Nov 2010 00:11:32 +0000 (11:11 +1100)]
waf: fixed tabs/spaces for python3.0

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov  8 00:55:13 UTC 2010 on sn-devel-104

8 years agowaf: prevent us from modifying non-install libs during make install
Andrew Tridgell [Mon, 8 Nov 2010 00:01:13 +0000 (11:01 +1100)]
waf: prevent us from modifying non-install libs during make install

we need to ensure that 'make install' does not change any of our build
libraries, and only changes the .inst.so libraries, otherwise doing a
make test in the build directory directly after a make install could
use the installed libraries, which would mean using the wrong
LDB_MODULES_PATH

this could cause the "unknown error" loading ldb modules when running
some commands directly after a make install

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-ldb: better error message when we try to register a module twice
Andrew Tridgell [Sun, 7 Nov 2010 23:58:28 +0000 (10:58 +1100)]
s4-ldb: better error message when we try to register a module twice

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

8 years agos4-pydrs: validate the DsGetNCChanges response
Andrew Tridgell [Sun, 7 Nov 2010 23:14:50 +0000 (10:14 +1100)]
s4-pydrs: validate the DsGetNCChanges response

check that object_count matches up with first_object

8 years agos4-join: modify join behaviour according to domain level
Andrew Tridgell [Sun, 7 Nov 2010 02:55:20 +0000 (13:55 +1100)]
s4-join: modify join behaviour according to domain level

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov  7 23:32:16 UTC 2010 on sn-devel-104

8 years agos4-drs: allow override of the replica_flags
Andrew Tridgell [Sun, 7 Nov 2010 02:53:13 +0000 (13:53 +1100)]
s4-drs: allow override of the replica_flags

8 years agos4-dsdb: give the DN on a shema attribute failure
Andrew Tridgell [Sun, 7 Nov 2010 00:25:00 +0000 (11:25 +1100)]
s4-dsdb: give the DN on a shema attribute failure

8 years agos4:ldap.py - add more "objectGUID" related tests
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 19:10:48 +0000 (20:10 +0100)]
s4:ldap.py - add more "objectGUID" related tests

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 21:12:03 UTC 2010 on sn-devel-104

8 years agos4:objectguid LDB module - fix typo in output message
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 19:10:29 +0000 (20:10 +0100)]
s4:objectguid LDB module - fix typo in output message

8 years agos4:objectguid LDB module - objectGUIDs cannot be specified on add operations
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 19:09:51 +0000 (20:09 +0100)]
s4:objectguid LDB module - objectGUIDs cannot be specified on add operations

8 years agos4:upgradeprovision - remove some "recalculate_sd" uses
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 17:51:43 +0000 (18:51 +0100)]
s4:upgradeprovision - remove some "recalculate_sd" uses

We need "recalculate_sd" only when no external "nTSecurityDescriptor" change
is performed. Otherwise the recalculation is performed automatically.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 18:52:42 UTC 2010 on sn-devel-104

8 years agos4:descriptor LDB module - make the "nTSecurityDescriptor" attribute fully behave...
Matthias Dieter Wallnöfer [Mon, 1 Nov 2010 16:51:36 +0000 (17:51 +0100)]
s4:descriptor LDB module - make the "nTSecurityDescriptor" attribute fully behave as in AD

- fix crash when provided "nTSecurityDescriptor" attribute is empty
- print out the correct error codes if it's provided multi-valued
- simplify the "recalculate_sd" control handling

8 years agos4:ldb_modules/util.c - "dsdb_get_single_valued_attr" - support the attribute fetch...
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 10:27:26 +0000 (11:27 +0100)]
s4:ldb_modules/util.c - "dsdb_get_single_valued_attr" - support the attribute fetch also on LDB add operations

We've to completely ignore the flags in that case.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 11:10:23 UTC 2010 on sn-devel-104

8 years agoldb:ldb_pack.c - the "dn" attribute isn't allowed in the message part, only the ...
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 09:04:22 +0000 (10:04 +0100)]
ldb:ldb_pack.c - the "dn" attribute isn't allowed in the message part, only the "distinguishedName" one

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Nov  7 10:11:02 UTC 2010 on sn-devel-104

8 years agos4:torture/dssync.c - remove unused variable
Matthias Dieter Wallnöfer [Sun, 7 Nov 2010 08:55:19 +0000 (09:55 +0100)]
s4:torture/dssync.c - remove unused variable

8 years agos4:descriptor LDB module - save a pointer to the request message on the temporary...
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 22:04:55 +0000 (23:04 +0100)]
s4:descriptor LDB module - save a pointer to the request message on the temporary "ac" context

This prevents two calls of "ldb_msg_copy_shallow".

8 years agos4:descriptor LDB module - by "dsdb_next_callback" we don't need anymore the default...
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 21:49:08 +0000 (22:49 +0100)]
s4:descriptor LDB module - by "dsdb_next_callback" we don't need anymore the default operation callback implementations

Only customised ones still need to remain.

8 years agos4:descriptor LDB module - remove a bit pointless memory context
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 21:39:40 +0000 (22:39 +0100)]
s4:descriptor LDB module - remove a bit pointless memory context

For only one operation we do not need an additional "mem_ctx". "ac" should be
enough (see for example the samldb LDB module).

8 years agos4:descriptor LDB module - remove a "ldb_msg_sanity_check" call
Matthias Dieter Wallnöfer [Sat, 6 Nov 2010 21:38:15 +0000 (22:38 +0100)]
s4:descriptor LDB module - remove a "ldb_msg_sanity_check" call

This check (the structural objectclass) is performed in the objectclass LDB
module.