Andrew Tridgell [Thu, 22 Apr 2010 06:41:32 +0000 (16:41 +1000)]
s4-drs: removed dsdb_validate_client_flags()
This test is in the wrong place. We end up validating our own flags.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 22 Apr 2010 04:56:19 +0000 (14:56 +1000)]
s4-drs: only allow replication with the right invocationId
Non-administrator replication checks the invocationId matches
the sid of the user token being used
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 22 Apr 2010 04:55:54 +0000 (14:55 +1000)]
s4-dsdb: removed an unused variable
Andrew Tridgell [Thu, 22 Apr 2010 04:54:52 +0000 (14:54 +1000)]
s4-dsdb: added dsdb_validate_invocation_id()
this validates that a invocationID matches an account sid
This will be used to ensure that we don't allow DRS replication
from someone a non-DC or administrator
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 22 Apr 2010 04:53:53 +0000 (14:53 +1000)]
s4-dsdb: added dsdb_get_extended_dn_sid()
This will be used by the RODC code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 22 Apr 2010 04:52:19 +0000 (14:52 +1000)]
build: we don't need this makefile magic any more
The waf build now checks for all A=B variables passed via make
and sets the same waf internal variable. This means all waf options
are available via make.
Removing this from the Makefile makes us less reliant on a modern
version of make.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 22 Apr 2010 03:32:55 +0000 (13:32 +1000)]
s4-dsdb: moved rodc schema validation to samldb.c
This means we are only doing the checks for schema changes
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Fernando J V da Silva [Thu, 15 Apr 2010 21:54:13 +0000 (18:54 -0300)]
s4-drs: Use new samdb_rodc() function in s4 code
This patch fits the calling to the new samdb_rodc() function and
fix a little bug in this function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Fernando J V da Silva [Thu, 15 Apr 2010 20:42:08 +0000 (17:42 -0300)]
s4-drs: Do not send RODC filtered attributes to RODCs on GetNCChanges reply
During building an object to send it on a GetNCChanges reply, it checks
the attributes and if any of them is a RODC filtered and the recipient
is a RODC, then such attribute is not sent.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Fernando J V da Silva [Thu, 15 Apr 2010 20:39:54 +0000 (17:39 -0300)]
s40-drs: Do not send GetNCChanges messages to RODCs
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Fernando J V da Silva [Thu, 15 Apr 2010 20:38:47 +0000 (17:38 -0300)]
s4-drs: dsdb_validate_client_flags() function
This function is intended to check if some client is not lying about
his flags. At this moment, it only checks for RODC flags.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Fernando J V da Silva [Thu, 15 Apr 2010 20:37:40 +0000 (17:37 -0300)]
s4-drs: samdb_is_rodc() function and new samdb_rodc() function
This patch creates the samdb_is_rodc() function, which looks for
the NTDSDSA object for a DC that has a specific invocationId
and if msDS-isRODC is present on such object and it is TRUE, then
consider the DC as a RODC.
The new samdb_rodc() function uses the samdb_is_rodc() function
for the local server.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Fernando J V da Silva [Thu, 25 Mar 2010 19:58:58 +0000 (16:58 -0300)]
s4-drs: Do not allow system-critical attributes to be RODC filtered
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 22 Apr 2010 07:20:21 +0000 (17:20 +1000)]
s4:provision Make OpenLDAP backend more robust
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.
Andrew Bartlett
Andrew Bartlett [Thu, 22 Apr 2010 01:39:21 +0000 (11:39 +1000)]
s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
The SIDs in some queries were not being passed as binary, but as
strings in comparison with the securityIdentifer object. We need to
recognise that these are SIDs in the simple_ldap_map.
Andrew Bartlett
Andrew Bartlett [Thu, 22 Apr 2010 01:38:43 +0000 (11:38 +1000)]
s4:provison Pass nosync in for the OpenLDAP cn=config too
Andrew Bartlett [Thu, 22 Apr 2010 01:37:41 +0000 (11:37 +1000)]
s4:selftest Ensure we don't fsync() all day in the LDAP backend test
Passing this option greatly reduces the time spent in the test.
Andrew Bartlett
Andrew Bartlett [Tue, 20 Apr 2010 05:35:51 +0000 (15:35 +1000)]
s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
This is rather than rdn_name, which tries to do the job on the client
side. We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).
Andrew Bartlett
Andrew Bartlett [Tue, 20 Apr 2010 04:49:30 +0000 (14:49 +1000)]
s4:dsdb Revert accidentilly commited change for LDAP backends
In the future, LDAP backends will be resposible for maintaining the
'name' attributes.
Andrew Bartlett
Andrew Bartlett [Tue, 20 Apr 2010 22:00:44 +0000 (08:00 +1000)]
s4:provision Use more reasonable values for DB_CONFIG
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient. This new one, kindly supplied
by Matthew Backes <mbackes@symas.com> uses a more reasonable set of
buffer sizes.
Andrew Bartlett
Andrew Tridgell [Thu, 22 Apr 2010 02:03:22 +0000 (12:03 +1000)]
build: added --enable-auto-reconfigure
this is off by default until some issues are resolved. See my mail to
samba-technical for details.
Matthias Dieter Wallnöfer [Wed, 21 Apr 2010 16:04:53 +0000 (18:04 +0200)]
s4:netlogon RPC server - fix a counter variable type
Andrew Tridgell [Wed, 21 Apr 2010 07:29:00 +0000 (17:29 +1000)]
build: recalculate project deps when NONSHARED_BINARIES changes
Andrew Tridgell [Wed, 21 Apr 2010 07:13:16 +0000 (17:13 +1000)]
build: added --nonshared-binary=LIST option
This allows you to specify some binaries that should be built without
shared libs. A non-shared smbtorture will make testing s3 in the build
farm easier
Andrew Tridgell [Wed, 21 Apr 2010 06:21:30 +0000 (16:21 +1000)]
s4-waf: python devel headers are mandatory for the source4 build
Andrew Tridgell [Wed, 21 Apr 2010 06:17:08 +0000 (16:17 +1000)]
build: make python development headers not mandatory in standalone libs
This needed an update to the python tool in waf
thanks to Kai for spotting this
Andrew Tridgell [Wed, 21 Apr 2010 05:36:26 +0000 (15:36 +1000)]
waftest: updated the cross compilation environment I test with
Andrew Tridgell [Wed, 21 Apr 2010 05:35:55 +0000 (15:35 +1000)]
s4-server: show build host in samba -b output
Andrew Tridgell [Wed, 21 Apr 2010 05:15:55 +0000 (15:15 +1000)]
build: fixed uname output to be on target machine when cross compiling
this also makes the output of define_ret configure tests show up
in the configure output
Andrew Tridgell [Wed, 21 Apr 2010 03:35:52 +0000 (13:35 +1000)]
s4-upgradeprovision: fixed --realm option duplicate in upgrade_from_s3
Andrew Tridgell [Wed, 21 Apr 2010 02:39:32 +0000 (12:39 +1000)]
s4-drs: accept zero revision in drs selftest
Kamen, please have a look at this. We need to accept revision zero as
w2k8r2 sends it during initial schema replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 02:32:26 +0000 (12:32 +1000)]
s4-provision: cope with --realm being in getopt.py
we still need to allow for interactive querying of the realm
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 02:02:33 +0000 (12:02 +1000)]
s4-waf: create the smbd.tmp/messaging directory
this prevents a warning when we run net vampire from the install dir
when samba has never been run previously
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 02:01:47 +0000 (12:01 +1000)]
s4-python: added --realm option to python scripts
this is needed for net vampire
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 02:01:16 +0000 (12:01 +1000)]
s4-provision: set "setup_dir" to the right path
This needs to cope with both running from the build tree or running
from the install tree. We use the provision.smb.conf.dc as a sentinal
to detect if we are in the build tree.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 01:34:24 +0000 (11:34 +1000)]
s4-schema: allow revision numbers of zero
w2k8r2 sends a revision of zero in the initial schema replication
during a net vampire
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 01:33:43 +0000 (11:33 +1000)]
s4-python: accept --option arguments in python cmdline parsing
also fixed the -d option to use lp.set() which calls lp_set_cmdline()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 01:32:58 +0000 (11:32 +1000)]
s4-devel: allow extra net command line options and gdb
This allows you to run:
GDB="gdb --args" vampire_ad.sh
and also to add higher debug levels like this:
vampire_ad.sh -d100
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 21 Apr 2010 01:31:59 +0000 (11:31 +1000)]
s4-pynet: accept None for target_dir in vampire
Jim McDonough [Tue, 20 Apr 2010 21:45:06 +0000 (17:45 -0400)]
Fix i18n of net conf import error message.
Thanks gd
Jim McDonough [Tue, 20 Apr 2010 20:28:47 +0000 (16:28 -0400)]
Display an error on net conf import failures.
When something goes wrong, such as a typo in a parameter
name, we'll now display the failure instead of just returning
with -1 and no message.
Günther Deschner [Tue, 20 Apr 2010 17:50:37 +0000 (19:50 +0200)]
s4-smbtorture: add spoolss DriverInfo and winreg consistency test.
Guenther
Günther Deschner [Tue, 20 Apr 2010 17:29:12 +0000 (19:29 +0200)]
s4-smbtorture: add function to get a printserver's environment.
Guenther
Günther Deschner [Tue, 20 Apr 2010 16:16:03 +0000 (18:16 +0200)]
s4-smbtorture: simplify macros used in PrinterInfo winreg consistency teste.
Guenther
Günther Deschner [Tue, 20 Apr 2010 14:25:27 +0000 (16:25 +0200)]
s4-smbtorture: refactor test_GetPrinterDriver2().
Guenther
Stefan Metzmacher [Tue, 20 Apr 2010 13:58:02 +0000 (15:58 +0200)]
s4:dynconfig: fix the autoconf build and pass -DPYTHONDIR=\"$(pythondir)\"
metze
Stefan Metzmacher [Tue, 20 Apr 2010 14:00:52 +0000 (16:00 +0200)]
s4:rpc_server/netlogon: add no memory checks
metze
Andrew Tridgell [Tue, 20 Apr 2010 13:42:28 +0000 (23:42 +1000)]
s4-netlogon: fixed dc_unc and dc_address_type
These are needed for dcpromo from w2k8r2
Andrew Tridgell [Tue, 20 Apr 2010 13:17:32 +0000 (23:17 +1000)]
build: added uname display and SYSTEM_UNAME define
suggestion from Metze
Andrew Tridgell [Tue, 20 Apr 2010 11:45:33 +0000 (21:45 +1000)]
util-runcmd: ignore spurious ECHILD errors
when we get ECHILD in samba_runcmd it is because the parent has set
SIGCHLD to SIG_IGN. In that case the child status information is
lost. We then have to fallback on the logging of child error messages
for any useful information on what happened to the child.
A longer term fix is to stop using SIG_IGN for SIGCHLD in the standard
process model of s4.
Günther Deschner [Tue, 20 Apr 2010 12:15:24 +0000 (14:15 +0200)]
s4-smbtorture: add test for csetprinter field behaviour in printer info level 0.
Suprisingly, that value is always 0 (at least on w2k8r2).
Guenther
Andrew Tridgell [Tue, 20 Apr 2010 10:30:41 +0000 (20:30 +1000)]
s4-net: don't show a full python exception when you can't open sam.ldb
Andrew Tridgell [Tue, 20 Apr 2010 10:27:41 +0000 (20:27 +1000)]
s4-net: show a list of commands when someone runs "net" with no arguments
Andrew Tridgell [Tue, 20 Apr 2010 10:24:08 +0000 (20:24 +1000)]
s4-python: added PYTHONDIR to python search path
we put it after the scripting/python dir, so we look in the build
directory (if applicable) first.
Andrew Tridgell [Tue, 20 Apr 2010 10:23:04 +0000 (20:23 +1000)]
s4-dynconfig: added dyn_PYTHONDIR
Günther Deschner [Mon, 19 Apr 2010 16:51:26 +0000 (18:51 +0200)]
s3-spoolss: fix winreg spoolss helper call documentation.
Guenther
Günther Deschner [Mon, 19 Apr 2010 16:34:36 +0000 (18:34 +0200)]
s3-spoolss: avoid passing down full "struct pipes_struct".
Guenther
Matthias Dieter Wallnöfer [Sun, 18 Apr 2010 16:49:51 +0000 (18:49 +0200)]
s4:netlogon RPC - "fill_one_domain_info" - use "lp_workgroup" for the DC short domainname discovery
Here we don't need to use "lp_sam_name" since in this function we are always a
DC.
Matthias Dieter Wallnöfer [Tue, 20 Apr 2010 07:01:22 +0000 (09:01 +0200)]
s4:torture/rpc/netlogon.c - fix typo
Andrew Tridgell [Tue, 20 Apr 2010 05:33:00 +0000 (15:33 +1000)]
pytalloc: ensure talloc_ctx is directly after PyObject_HEAD
the talloc python interface for tp_alloc and tp_dealloc relies on a
cast to a py_talloc_Object to find the talloc_ctx (see
py_talloc_dealloc). This means we rely on the talloc_ctx for the
object being directly after the PyObject_HEAD
This fixes the talloc free with references bug in samba_dnsupdate
The actual problem was the tp_alloc() call in
PyCredentialCacheContainer_from_ccache_container() which used a cast
from a py_talloc_Object to a PyCredentialCacheContainerObject. That
case effectively changed the parent/child relationship between the
talloc_ctx and the ccc ptr.
This patch changes all the structures that follow this pattern to put
the TALLOC_CTX directly after the PyObject_HEAD, to ensure that if
anyone else decides to do a dangerous cast like this that it won't
cause the same sort of subtle breakage.
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Andrew Tridgell [Tue, 20 Apr 2010 05:30:57 +0000 (15:30 +1000)]
talloc: there is no ambiguity when freeing a ptr with a null parent
when a ptr has a single reference and a NULL parent, then
talloc_free(ptr) is not ambiguous, as the caller could not have done a
talloc_free(NULL) to free the memory
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Andrew Tridgell [Tue, 20 Apr 2010 03:53:35 +0000 (13:53 +1000)]
tdb: update tdb ABI to use hide_symbols=True
We now use -fvisibilty=hidden to hide symbols from outside the tdb
shared library.
This also moved tdb_transaction_recover() into the tdb_private.h
header, as it should never have been a public API. For that reason we
are changing the version number. We're only doing a minor version
increment as it is extremely unlikely that anyone was actually using
tdb_transaction_recover() as its locking requirements were rather
unusual.
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Andrew Tridgell [Tue, 20 Apr 2010 03:51:16 +0000 (13:51 +1000)]
build: include uninitialised data in the ABI symbols
This is needed for symbols like tdb_null in tdb, which are part
of the public ABI
Pair-Programmed-With: Rusty Russell <rusty@samba.org>
Andrew Tridgell [Tue, 20 Apr 2010 02:51:43 +0000 (12:51 +1000)]
build: quote cross-answer strings
This allows for spaces and special characters in cross-answers
Andrew Tridgell [Tue, 20 Apr 2010 02:49:50 +0000 (12:49 +1000)]
build: allow "waf --abi-check" to force a re-check of the ABI
Andrew Bartlett [Tue, 20 Apr 2010 04:24:22 +0000 (14:24 +1000)]
s4:provisionbackend Print the command we failed to start slapd with
This makes it easier to put failed startups into a debugger.
Andrew Bartlett
Andrew Bartlett [Tue, 20 Apr 2010 01:48:51 +0000 (11:48 +1000)]
s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()
By putting these values into the cache on the LDB, this reduces some
of the noise in provision, particularly with the LDAP backend.
Andrew Bartlett
Jeremy Allison [Mon, 19 Apr 2010 21:32:08 +0000 (14:32 -0700)]
Now SMB2 error messages are correctly being returned with the 1 byte data area, smbd_smb2_request_error_ex() must call smbd_smb2_request_done_ex() in order to do the padding correctly on compound replies.
Jeremy.
Jeremy Allison [Mon, 19 Apr 2010 20:43:42 +0000 (13:43 -0700)]
Ensure vectors are always allocated with consistent size. Removes one byte alloc on SMB2 error packet. Always use talloc_zero_array on out vectors - fixes valgrind errors in tevent writes.
Jeremy.
Jeremy Allison [Mon, 19 Apr 2010 20:42:55 +0000 (13:42 -0700)]
Fix valgrind error where a strdup of name reads one byte beyond the end. Ensure buffer returned from inotify is null terminated.
Jeremy.
Nadezhda Ivanova [Mon, 19 Apr 2010 21:23:42 +0000 (00:23 +0300)]
Removed more excess looping and fixed problem with incorrect IO flag handling.
Jeremy Allison [Mon, 19 Apr 2010 18:38:49 +0000 (11:38 -0700)]
Remove an unused auto variable.
Jeremy.
Volker Lendecke [Mon, 19 Apr 2010 13:56:30 +0000 (15:56 +0200)]
libwbclient: wbcFreeMemory deals fine with a NULL pointer
Volker Lendecke [Mon, 19 Apr 2010 13:50:11 +0000 (15:50 +0200)]
libwbclient: Fix wbcListGroups against too small num_entries
Thanks for the s4 winbind sending 0 here and Tridge to point it out to me :-)
Volker Lendecke [Mon, 19 Apr 2010 13:50:11 +0000 (15:50 +0200)]
libwbclient: Fix wbcListUsers against too small num_entries
Thanks for the s4 winbind sending 0 here and Tridge to point it out to me :-)
Stefan Metzmacher [Mon, 19 Apr 2010 14:08:59 +0000 (16:08 +0200)]
s4:winbind: fill response.data.num_entries for WINBINDD_LIST_USERS
metze
Stefan Metzmacher [Mon, 19 Apr 2010 14:08:41 +0000 (16:08 +0200)]
s4:winbind: fill response.data.num_entries for WINBINDD_LIST_GROUPS
metze
Stefan Metzmacher [Mon, 19 Apr 2010 14:07:28 +0000 (16:07 +0200)]
s4:winbind: fill response.data.num_entries for WINBINDD_LIST_TRUSTDOM
metze
Volker Lendecke [Mon, 19 Apr 2010 13:24:59 +0000 (15:24 +0200)]
s3: Remove a leftover of my lua experiments
Volker Lendecke [Sun, 18 Apr 2010 12:14:43 +0000 (14:14 +0200)]
s3: Move the in-memory ccache to the parent
None of this blocks, so there is no reason to keep this in
a winbind child process
Volker Lendecke [Sun, 18 Apr 2010 12:10:35 +0000 (14:10 +0200)]
nsswitch: Add wbinfo --pam-logon
This does a wbcLogonUser with credential caching
Volker Lendecke [Sat, 17 Apr 2010 19:31:57 +0000 (21:31 +0200)]
s3: Test for wb ccache access by smbclient
Volker Lendecke [Sun, 4 Apr 2010 13:15:00 +0000 (15:15 +0200)]
libwbclient: remove async libwbclient and talloc from libwbclient.so
Except for tests there is right now no active user of this. We can easily
re-add this when smbd makes more use of it.
Volker Lendecke [Sun, 4 Apr 2010 12:20:15 +0000 (14:20 +0200)]
libwbclient does not need talloc_free anymore
Volker Lendecke [Sat, 3 Apr 2010 20:11:08 +0000 (22:11 +0200)]
libwbclient: Make wbcListTrusts not use talloc
Volker Lendecke [Sat, 3 Apr 2010 12:52:08 +0000 (14:52 +0200)]
libwbclient: Make wbc_create_error_info not use talloc
Volker Lendecke [Sun, 4 Apr 2010 12:01:23 +0000 (14:01 +0200)]
libwbclient: Make wbcCredentialCache not use talloc
Volker Lendecke [Sun, 4 Apr 2010 09:58:04 +0000 (11:58 +0200)]
libwbclient: Make wbcAuthenticateUserEx not use talloc
Volker Lendecke [Sun, 4 Apr 2010 09:57:39 +0000 (11:57 +0200)]
libwbclient: Make wbc_create_logon_info not use talloc
Volker Lendecke [Sat, 3 Apr 2010 21:08:20 +0000 (23:08 +0200)]
libwbclient: Make wbc_create_auth_info not use talloc
Volker Lendecke [Sat, 3 Apr 2010 20:22:17 +0000 (22:22 +0200)]
libwbclient: Make wbc_create_password_policy_info not use talloc
Volker Lendecke [Sat, 17 Apr 2010 18:16:14 +0000 (20:16 +0200)]
libwbclient: Test wbcGetGroups
Volker Lendecke [Sat, 3 Apr 2010 20:20:04 +0000 (22:20 +0200)]
libwbclient: Make wbcGetGroups not use talloc
Volker Lendecke [Sat, 3 Apr 2010 17:57:48 +0000 (19:57 +0200)]
libwbclient: Make wbc_create_domain_controller_info_ex not use talloc
Volker Lendecke [Sat, 17 Apr 2010 17:57:11 +0000 (19:57 +0200)]
libwbclient: Make wbcLookupDomainController not use talloc
Volker Lendecke [Sat, 3 Apr 2010 11:45:36 +0000 (13:45 +0200)]
libwbclient: Make wbcLookupUserSids not use talloc
Volker Lendecke [Sat, 17 Apr 2010 13:51:27 +0000 (15:51 +0200)]
s3: Change the make test password to "testPw"
This way we can change back to it when testing testing wbcChangeUserPassword,
"test" is too short (<5 chars)
Volker Lendecke [Sat, 17 Apr 2010 13:50:31 +0000 (15:50 +0200)]
libwbclient: Test wbcChangeUserPassword
Volker Lendecke [Sat, 17 Apr 2010 12:05:57 +0000 (14:05 +0200)]
libwbclient: Abstract out test_wbc_authenticate_user for reuse
Volker Lendecke [Fri, 16 Apr 2010 14:28:05 +0000 (16:28 +0200)]
s3-winbind: Allow changing the password for pdb