Günther Deschner [Sun, 9 May 2010 22:07:10 +0000 (00:07 +0200)]
s3-libgpo: move group policy protos to where they belong.
Guenther
Günther Deschner [Mon, 17 May 2010 18:49:31 +0000 (20:49 +0200)]
s3-includes: remove some unused defines.
Guenther
Günther Deschner [Fri, 14 May 2010 22:34:35 +0000 (00:34 +0200)]
s3-kerberos: temporary fix for ipv6 in print_kdc_line().
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
Günther Deschner [Fri, 14 May 2010 21:23:34 +0000 (23:23 +0200)]
s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
Guenther
Günther Deschner [Fri, 14 May 2010 21:21:47 +0000 (23:21 +0200)]
s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.
IPv6 gurus, please check
Successfully tested in two independent IPv6 networks now.
Guenther
Anatoliy Atanasov [Mon, 17 May 2010 09:49:37 +0000 (12:49 +0300)]
s4-rodc: Set am_rodc flag during provision
Anatoliy Atanasov [Thu, 13 May 2010 12:07:50 +0000 (15:07 +0300)]
s4-rodc: Cache am_rodc flag
Michael Adam [Mon, 17 May 2010 08:39:00 +0000 (10:39 +0200)]
s3:winbind:idmap_tdb: don't check ranges when an invalid entry was found.
There is no point in checking the ranges this if the record found had an
invalid/unknown type: the mapping is not filled in. If it were initialized
to some defaults before, the check just might replace the status
NT_STATUS_INTERNAL_DB_ERROR with a NT_STATUS_NONE_MAPPED, which is not
as precise.
Kai Blin [Mon, 17 May 2010 08:50:39 +0000 (10:50 +0200)]
wbinfo: Add better libwbclient error reporting
Matthew McGillis [Thu, 6 May 2010 05:43:28 +0000 (22:43 -0700)]
added documentation for the -I flag
Matthew McGillis [Thu, 6 May 2010 05:35:02 +0000 (22:35 -0700)]
added support for a -I flag
Matthew McGillis [Thu, 6 May 2010 05:26:15 +0000 (22:26 -0700)]
Consolidate all set SEC_DESC into single procedure set_secdesc
Jelmer Vernooij [Sat, 15 May 2010 22:21:19 +0000 (00:21 +0200)]
s3-selftest: Allow overriding the subunit formatter.
(e.g. "make selftest SUBUNIT_FORMATTER=cat")
Matthias Dieter Wallnöfer [Fri, 14 May 2010 16:56:51 +0000 (18:56 +0200)]
s4:repl_meta_data LDB module - fix counter types
Matthias Dieter Wallnöfer [Fri, 14 May 2010 16:59:36 +0000 (18:59 +0200)]
s4:net domainlevel tool - fix up the error handling as Jelmer suggested
Sorry, I've copied this from the "ldap.py" test and thought it would work.
Matthias Dieter Wallnöfer [Fri, 14 May 2010 12:13:20 +0000 (14:13 +0200)]
s4:dsdb_cache LDB module - fix a typo
Matthias Dieter Wallnöfer [Tue, 11 May 2010 15:25:24 +0000 (17:25 +0200)]
s4:samldb LDB module - remove unused variables
Andrew Bartlett [Wed, 12 May 2010 21:59:41 +0000 (07:59 +1000)]
s4:gensec expose gensec_set_target_principal for use outside GENSEC
This allows for the rare case where the caller knows the target
principal. The check for lp_client_use_spnego_principal() is moved to
the spengo code to make this work.
Andrew Bartlett
Andrew Bartlett [Fri, 14 May 2010 07:31:33 +0000 (17:31 +1000)]
s4:winbindd Rework some winbind structures to make s3compat easier
By making the winbindd_request and winbindd_response structures
pointers, we can more easily integrate with the winbindd from
source3/winbindd
Andrew Bartlett
Andrew Bartlett [Fri, 14 May 2010 11:51:48 +0000 (21:51 +1000)]
s4:process_model Fix process_standard and process_onefork not to use
multiple event contexts
It is NEVER valid to free an event context that anybody else may have
a reference to, and never normally valid to have two 'live' at once.
We must instead call tevent_re_initialise() to wipe clean an existing
pointer.
Andrew Bartlett
Andrew Bartlett [Mon, 10 May 2010 03:47:42 +0000 (13:47 +1000)]
s4:process_modals Add another process modal - 'onefork'
This will fork off exactly one child to handle some task, ensuring
that if it dies or changes global state, that this does not change
everything.
Andrew Bartlett
Andrew Bartlett [Wed, 12 May 2010 02:34:15 +0000 (12:34 +1000)]
s4:credentials Allow setting of an empty Kerberos CCACHE
This allows us to tell the credentials code where we want the
credentials put.
Andrew Bartlett
Andrew Bartlett [Wed, 5 May 2010 02:47:07 +0000 (12:47 +1000)]
s4:ntvfs Prepare for a possible future sharing of notify.idl
I would love for notify.idl to be shared between Samba4 and Samba3
some day, and this seems to be the point at which the structure is
initialised.
Andrew Bartlett
Andrew Bartlett [Wed, 5 May 2010 02:40:20 +0000 (12:40 +1000)]
waf: Make waf handle IDL files from Samba3
For s3compat, we need to handle IDL files not in the current directory
(so the incoming file names have a directory prefix - so we must use
os.path.basename()).
We also need to be able to disable the addition of some IDL files into
the tables.c/tables.h - some of the Samba3 IDL files are in conflict
with Samba4.
Andrew Bartlett
Andrew Tridgell [Sun, 25 Apr 2010 11:25:01 +0000 (21:25 +1000)]
s3compat: use right variable for STATEDIR
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 25 Apr 2010 08:08:00 +0000 (18:08 +1000)]
s4-dynconfig: make dynconfig more compatible with s3
Andrew Bartlett [Fri, 30 Apr 2010 08:20:54 +0000 (18:20 +1000)]
Revert "s4: remove unused references to swat"
This reverts most of commit
1765732f82719a4bc925f21ef4999bd19a8d1f6c.
The s3compat build needs the SWAT location to be compatible with
Samba3.
Stefan Metzmacher [Fri, 14 May 2010 13:18:46 +0000 (15:18 +0200)]
Revert "wafsamba: use -D_XOPEN_SOURCE=700 for the build"
This reverts commit
3408c942ab09387c399dad03e22233e33fe1e2fc.
This seems to cause more problems than it tries to solve.
And Mac OS 10.4 doesn't need it anymore
(after commit
bd6d76d77621c1dc92262c48204b65455a214b62).
metze
Günther Deschner [Fri, 14 May 2010 12:51:44 +0000 (14:51 +0200)]
s4-libndr: fix ndr_pull_string_array() for non utf16 arrays in s4 as well.
Guenther
Günther Deschner [Fri, 14 May 2010 12:39:40 +0000 (14:39 +0200)]
s3-printing: explicitly include "printing/pcap.h" as there is /usr/include/pcap.h.
Thanks metze for pointing this out. Simo, please check.
Guenther
Stefan Metzmacher [Fri, 14 May 2010 11:58:37 +0000 (13:58 +0200)]
lib/util: fix waf configure tests for xattr functions on Mac OS 10.
metze
Simo Sorce [Thu, 13 May 2010 20:24:35 +0000 (16:24 -0400)]
Make pcap headers private
Signed-off-by: Günther Deschner <gd@samba.org>
Simo Sorce [Thu, 13 May 2010 18:23:23 +0000 (14:23 -0400)]
Move standard printcap parsing to print_standard.c
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 11 May 2010 22:26:24 +0000 (00:26 +0200)]
ntprinting: add ntprinting.idl.
This generates convenient unmarshalling routines for pulling out spoolss related
information out of ntprinters.tdb, ntforms.tdb and ntdrivers.tdb.
Guenther
Stefan Metzmacher [Fri, 14 May 2010 11:21:30 +0000 (13:21 +0200)]
wafsamba: use -D_XOPEN_SOURCE=700 for the build
Some systems set this automaticly via -D_GNU_SOURCE=1,
but on others we need to set it ourself (e.g. Mac OS 10.4)
metze
Günther Deschner [Wed, 12 May 2010 19:41:52 +0000 (21:41 +0200)]
s3-libsmb: fix typo in remote_password_change().
Guenther
Günther Deschner [Thu, 13 May 2010 00:27:29 +0000 (02:27 +0200)]
s3-libndr: make sure ndr_pull_string_array() only inspects string termination flags.
Otherwise the NOTERM case is not reachable for ascii strings (only utf16).
With this patch we now can have:
[flag(STR_ASCII|STR_NOTERM|NDR_REMAINING)] string_array array_name;
Guenther
Stefan Metzmacher [Fri, 14 May 2010 08:35:46 +0000 (10:35 +0200)]
s4:heimdal_build: move #undef __APPLE__ to the end of roken.h
Some system includes need __APPLE__ defined.
metze
Jeremy Allison [Fri, 14 May 2010 04:27:24 +0000 (21:27 -0700)]
Now we behave as Windows does, remove a Samba3 specific test return.
Jeremy.
Jeremy Allison [Thu, 13 May 2010 22:59:09 +0000 (15:59 -0700)]
Fix bug 7399 - SMB2: QUERY_DIRECTORY is returning invalid values.
The end_data argument to smbd_dirptr_lanman2_entry() must include
the safety margin, as internally it's actually used to allow detection
of string name pushes that were truncated. Ensure space_remaining can
never go negative due to padding.
Jeremy.
Matthias Dieter Wallnöfer [Thu, 13 May 2010 20:35:06 +0000 (22:35 +0200)]
s4:domainlevel - handle exceptions more precisely
LDB_ERR_UNWILLING_TO_PERFORM should be the right error code when the
"msDS-Behavior-Version" was already raised by the first change as it is on
Windows Server.
When s4 itself does implement this trigger then we don't need to do the
second write operation anymore (they're kept in sync).
Jeremy Allison [Thu, 13 May 2010 18:33:02 +0000 (11:33 -0700)]
Be more forgiving on client oplock break failure (as Windows does). Remove a global.
Jeremy.
Jeremy Allison [Thu, 13 May 2010 17:54:15 +0000 (10:54 -0700)]
Treat an open of stream ::$DATA as an open of the base file.
This fixes a class of SMB_ASSERT failures when doing stream tests.
Jeremy.
Stefan Metzmacher [Thu, 13 May 2010 17:30:46 +0000 (19:30 +0200)]
s3:build: build smbtorture4 when the merged build is selected
metze
Thomas Nagy [Thu, 13 May 2010 17:23:37 +0000 (19:23 +0200)]
buildtools/wafsamba: fix build group ordering
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 9 May 2010 21:45:01 +0000 (01:45 +0400)]
s4: Do not display by default the message Failed to send DsReplicaSync is other host is just unreachable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 12 May 2010 15:34:02 +0000 (17:34 +0200)]
s4:dsdb: fix samdb_result_logon_hours() and don't hardcode units_per_week
metze
Matthias Dieter Wallnöfer [Tue, 11 May 2010 20:52:55 +0000 (22:52 +0200)]
ldb:ldb_msg.c - use result constant
Matthias Dieter Wallnöfer [Thu, 13 May 2010 13:29:20 +0000 (15:29 +0200)]
s4:domainlevel.py - update the script to handle both domain level occourrences on s4
The second "modify" is located under a try-catch block to ignore the change
failure against Windows Server (there only the first change is required).
Matthias Dieter Wallnöfer [Thu, 13 May 2010 13:11:29 +0000 (15:11 +0200)]
s4:domain functional level - it is also specified in the domain object under partitions
Discovered by the "ldapcmp" tool
Matthias Dieter Wallnöfer [Thu, 13 May 2010 13:06:35 +0000 (15:06 +0200)]
s4:provision_configuration.ldif - add more extended rights objects
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:51:10 +0000 (14:51 +0200)]
s4:provision_users.ldif - fix up and reorder the well-known security principals
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:43:10 +0000 (14:43 +0200)]
s4:provision_configuration.ldif - add more Windows 2008 forest operations
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:33:40 +0000 (14:33 +0200)]
s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10
Compared against my Windows Server 2008 and Zahari's output.
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:24:02 +0000 (14:24 +0200)]
s4:provision_configuration.ldif - "CN=
94fdebc6-8eeb-4640-80de-
ec52b9ca17fa" operation is of version 3
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:22:14 +0000 (14:22 +0200)]
s4:provision*.ldif - always set the "msDS-NcType" attribute correctly
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:18:20 +0000 (14:18 +0200)]
s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:14:31 +0000 (14:14 +0200)]
s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical
Matthias Dieter Wallnöfer [Thu, 13 May 2010 12:08:55 +0000 (14:08 +0200)]
s4:provision_configuration.ldif - "sites" object
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
Matthias Dieter Wallnöfer [Thu, 13 May 2010 10:10:54 +0000 (12:10 +0200)]
s4:provision.ldif - add IP security objects as they exist on Windows Server
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:45:43 +0000 (11:45 +0200)]
s4:provision.ldif - add more Windows 2008 domain operations
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:32:36 +0000 (11:32 +0200)]
s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:28:56 +0000 (11:28 +0200)]
s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly"
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:24:20 +0000 (11:24 +0200)]
s4:provision.ldif - fix up "NTDS Quotas" "systemFlags"
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:22:43 +0000 (11:22 +0200)]
s4:provision_users.ldif - fix up Administrator's "userAccountControl"
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:21:39 +0000 (11:21 +0200)]
s4:provision_basedn_modify.ldif - fix up "maxPwdAge"
Matthias Dieter Wallnöfer [Thu, 13 May 2010 09:13:26 +0000 (11:13 +0200)]
s4:provision_users.ldif - Fix typos in user/group objects
Andrew Bartlett [Tue, 11 May 2010 11:37:30 +0000 (21:37 +1000)]
s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat
This function provides a useful entry point for s3compat to set things
up in winbindd.
Andrew Bartlett
Andrew Bartlett [Tue, 11 May 2010 11:31:18 +0000 (21:31 +1000)]
s3:winbindd Split helper functions to allow s3compat to call them
This provides a more useful entry point for s3compat.
Andrew Bartlett
Andrew Bartlett [Tue, 11 May 2010 10:24:42 +0000 (20:24 +1000)]
s3:Winbindd Move winbindd_event_context to a different file
This allows this function to be easily replaced in s3compat
Andrew Bartlett
Andrew Bartlett [Tue, 11 May 2010 10:22:06 +0000 (20:22 +1000)]
s3:winbindd Rename 'children' to 'winbindd_children' and make static
Andrew Bartlett [Tue, 11 May 2010 00:04:30 +0000 (10:04 +1000)]
s3:libsmb/namecache Remove namecache_enable()
No caller honours the return value, and this call only prints a
DEBUG(). Removing this reduces the number of initialisation
boilerplate calls s3compat has to make.
Andrew Bartlett
Andrew Bartlett [Tue, 11 May 2010 00:02:52 +0000 (10:02 +1000)]
s3:smbd Remove calls to namecache_enable()
This only prints a DEBUG()
Andrew Bartlett
Andrew Bartlett [Mon, 10 May 2010 23:59:48 +0000 (09:59 +1000)]
s3:winbindd Remove call to namecache_enable().
This call only prints a DEBUG()
Andrew Bartlett
Andrew Bartlett [Mon, 14 Dec 2009 08:43:59 +0000 (19:43 +1100)]
s3:auth Make get_ntlm_challenge more like Samba4
This helps with the upcoming NTLMSSP merge, and allows errors to be returned.
Andrew Bartlett
Jeremy Allison [Wed, 12 May 2010 22:19:45 +0000 (15:19 -0700)]
Pass more SMB2 oplock tests. Only oplock stream tests left to fix.
Jeremy.
Julien Kerihuel [Wed, 12 May 2010 10:55:56 +0000 (12:55 +0200)]
Choose between local tevent_status.h header file and installed one
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Julien Kerihuel [Wed, 12 May 2010 10:34:54 +0000 (12:34 +0200)]
Install util/tevent_* public headers. Required by OpenChange for compiling IDL
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 12 May 2010 17:18:36 +0000 (19:18 +0200)]
s4:librpc: remove explicit ../librpc/gen_ndr/ndr_drsblobs.o from python_drsblobs
It already comes via RPC_NDR_DRSBLOBS.
metze
Karolin Seeger [Wed, 12 May 2010 14:21:56 +0000 (16:21 +0200)]
s3-docs: Unify capitalization.
Karolin
Karolin Seeger [Wed, 12 May 2010 14:17:33 +0000 (16:17 +0200)]
s3-docs: Add documentation of the net g_lock subcommand.
Karolin
Karolin Seeger [Wed, 12 May 2010 09:24:57 +0000 (11:24 +0200)]
s3-docs: Move -D option to the right paragraph in man winbindd.
Fix bug #7260 (Command line option documentation in wrong place in winbindd man
page.). Thanks to Ged Haywood <samba@jubileegroup.co.uk> for reporting!
Karolin
Stefan Metzmacher [Wed, 12 May 2010 07:42:44 +0000 (09:42 +0200)]
s4:heimdal_build: undefine __APPLE__ as we don't need that magic
This hopefully fixes the build on Mac OS 10.
metze
Stefan Metzmacher [Wed, 12 May 2010 07:08:32 +0000 (09:08 +0200)]
s4:heimdal_build: remove heimdal/lib/hcrypto/evp-cc.c from autoconf build
metze
Olaf Flebbe [Tue, 11 May 2010 09:30:04 +0000 (11:30 +0200)]
work around AIX6.1 name space pollution rename mod_name to module_name
Günther Deschner [Tue, 11 May 2010 10:16:52 +0000 (12:16 +0200)]
s3-rap: fix cli_oem_change_password() and give room for the convert reply word.
Any servers I could find so far return it.
Guenther
Günther Deschner [Fri, 7 May 2010 17:20:09 +0000 (19:20 +0200)]
s3-lanman: use samr for api_SamOEMChangePassword().
Guenther
Günther Deschner [Tue, 11 May 2010 22:18:42 +0000 (00:18 +0200)]
s4-smbtorture: create/delete testusers via SAMR in RAP-SAM.
Unless we spent time researching the RAP useradd calls (and implement them in
s3) it is far more easy to use existing SAMR calls to create and delete test
users that are used for RAP change password operations.
Guenther
Günther Deschner [Fri, 7 May 2010 20:58:42 +0000 (22:58 +0200)]
s4-smbtorture: add test_oemchangepassword to RAP-SAM.
Guenther
Günther Deschner [Mon, 10 May 2010 10:14:58 +0000 (12:14 +0200)]
s4-selftest: skip RAP-SAM tests against Samba 4.
Guenther
Günther Deschner [Fri, 7 May 2010 20:18:30 +0000 (22:18 +0200)]
s3-selftest: enable RAP-SAM against Samba 3.
Guenther
Günther Deschner [Fri, 7 May 2010 13:45:23 +0000 (15:45 +0200)]
s4-smbtorture: add RAP-SAM testsuite with a rap_NetUserPasswordSet2 test.
Guenther
Günther Deschner [Sat, 8 May 2010 23:08:11 +0000 (01:08 +0200)]
s4-smbtorture: getting serious about checking rap status return codes.
Guenther
Günther Deschner [Tue, 11 May 2010 21:55:53 +0000 (23:55 +0200)]
s4-smbtorture: add torture_create_testuser_max_pwlen() that allows to set maxpwlen.
required for upcoming rap pwd tests.
Guenther
Günther Deschner [Tue, 11 May 2010 15:46:18 +0000 (17:46 +0200)]
s4-smbtorture: autolookup domain in torture_create_testuser() if none was given.
Guenther
Jeremy Allison [Tue, 11 May 2010 21:00:38 +0000 (14:00 -0700)]
Fix more SMB2-OPLOCK bugs. Only 3 more issues to address then we're good to go on this test.
Jeremy.
Andrew Bartlett [Thu, 6 May 2010 02:45:14 +0000 (12:45 +1000)]
s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 11 May 2010 11:39:37 +0000 (13:39 +0200)]
s4-smbtorture: test netservergetinfo level 1 also against s3.
Guenther
Björn Jacke [Tue, 11 May 2010 18:46:19 +0000 (20:46 +0200)]
not all versions of env like more than one argument...
Björn Jacke [Tue, 11 May 2010 17:11:38 +0000 (19:11 +0200)]
pidl: fix build on systems that don't have perl in /usr/bin/