Andrew Bartlett [Thu, 26 Aug 2010 08:38:59 +0000 (18:38 +1000)]
s4-privs Add a lookup by index of privilages
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 08:38:16 +0000 (18:38 +1000)]
privs Add my Copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:04:53 +0000 (16:04 +1000)]
security.idl clarify which privilages are LUID and bitmap values
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:03:41 +0000 (16:03 +1000)]
s3-privs Remove comment already moved to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:02:12 +0000 (16:02 +1000)]
s3-privs Use constants from security.idl
The values in security.idl have been updated to match these.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 05:56:21 +0000 (15:56 +1000)]
s4-privs Remove link between enum sec_privilege and the privilege bitmap
This allows us to set the enum sec_privilege constants to the LUID
values that are seen from windows, which we need to match, in order
to preserve the support for the NT Print Migrator tool after a merge
with the source3/ privileges code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 04:37:00 +0000 (14:37 +1000)]
s3-privs Further changes to remove SE_PRIV
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 27 Aug 2010 02:44:35 +0000 (12:44 +1000)]
privs Move privilege bitmasks to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 00:35:45 +0000 (10:35 +1000)]
s3:privs Change to new host endian neutral privilages tdb format
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.
The previous endian-dependent format was introduced in
46e5effea948931509283cb84b27007d34b521c8
replacing a 32 bit number which was used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 25 Aug 2010 22:49:28 +0000 (08:49 +1000)]
s3:Change SE_PRIV to uint64_t
This removes the SE_PRIV typedef
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 24 Aug 2010 04:47:26 +0000 (14:47 +1000)]
s3:privileges Change SE_PRIV to be just a uint64_t
We don't need 128 possible privileges here, as we only use 12.
This reverts some of
46e5effea948931509283cb84b27007d34b521c8
by Jerry back in 2005, where he introduced the SE_PRIV structure
to replace the uint32_t used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 06:42:10 +0000 (08:42 +0200)]
lib/replace:wscript - don't check twice for type "bool"
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 06:22:09 +0000 (08:22 +0200)]
lib/replace:wscript - attempt to fix the features detection on Tru64
Hopefully now we detect the built-in "socklen_t"
https://bugs.internet2.edu/jira/browse/SSPCPP-114
http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN5/0001____.HTM
Jeremy Allison [Sat, 11 Sep 2010 06:33:18 +0000 (23:33 -0700)]
Add check missing from previous patch after talloc_strdup().
Jeremy.
Jeremy Allison [Sat, 11 Sep 2010 06:28:15 +0000 (23:28 -0700)]
Factor out the recent changes into a function - check_parent_exists().
Fix this to ensure that if "start" is manipulated, then "dirpath"
is changed also.
Ensures that when the path:
/a/long/file/name/path.txt
is processed, we first stat:
/a/long/file/name/path.txt
and if this fails, we try to stat:
/a/long/file/name
if this path exists (the normal case when creating a new
entry in a directory) then we no longer do the individual
path name walk, but only do case insensitive lookup on the
last component. If the stat fails we do the full pathname
walk as normal in 3.5.x and below. Metze, examine this
change for your back-port.
Jeremy.
Volker Lendecke [Fri, 10 Sep 2010 13:07:28 +0000 (15:07 +0200)]
s3: Simplify the logic in generate_krb5_ccache
gd, jra, others, please check!
Björn Jacke [Fri, 10 Sep 2010 19:36:20 +0000 (21:36 +0200)]
s3/winbind: use mono time for startup timeout check
Björn Jacke [Fri, 10 Sep 2010 19:03:17 +0000 (21:03 +0200)]
libreplace: clock_gettime sets errno
Björn Jacke [Fri, 10 Sep 2010 18:46:10 +0000 (20:46 +0200)]
s4/pvfs: use monotonic time for this timeout
Björn Jacke [Fri, 10 Sep 2010 18:39:20 +0000 (20:39 +0200)]
s4/ldap: use time_mono for reconnect timeout
Björn Jacke [Fri, 10 Sep 2010 18:28:41 +0000 (20:28 +0200)]
s4/torture: use time_mono for timeouts
Björn Jacke [Fri, 10 Sep 2010 18:25:19 +0000 (20:25 +0200)]
s4/torture: use time_mono for delta time
Günther Deschner [Fri, 10 Sep 2010 21:06:46 +0000 (23:06 +0200)]
s3-selftest: add print_test_extended (as called from RPC-PRINTER) to knownfail list.
Guenther
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:39:39 +0000 (22:39 +0200)]
s4:client/client.c - fix wrong return codes in "do_connect"
Detected by the Solaris cc compiler.
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:26:24 +0000 (22:26 +0200)]
s4:lib/policy/gp_filesys.c - remove dead code
Found out by Solaris cc
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:35:10 +0000 (22:35 +0200)]
s4:torture/locktest.c - add a cast in order to quiet a warning on Solaris cc
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s4:libcli/wrepl/winsrepl.c - add more "char *" casts in order to suppress Solaris warnings
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s4:torture/ntp/ntp_signd.c - add more "char *" casts in order to suppress Solaris warnings
Günther Deschner [Fri, 10 Sep 2010 20:40:46 +0000 (22:40 +0200)]
s3-printing: fix non-ads build after prototype changes.
Guenther
Volker Lendecke [Fri, 10 Sep 2010 12:34:19 +0000 (14:34 +0200)]
s3: Simplify generate_krb5_ccache slightly
strequal deals with a NULL string input just fine
Jeremy Allison [Fri, 10 Sep 2010 18:56:26 +0000 (11:56 -0700)]
Check all SMB_MALLOC returns correctly. Found by Andreas Moroder <andreas.moroder@gmx.net>.
Jeremy
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 17:28:07 +0000 (19:28 +0200)]
s4:torture/rpc/winreg.c - hopefully this attempt fixes Solaris "cc" on the buildfarm
The Solaris "cc" incompatiblity on this codepart seems to be harder to fix than
it looks like.
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 17:17:25 +0000 (19:17 +0200)]
s4:getncchanges_change_master - also in this call "i" needs to be unsigned
Volker Lendecke [Fri, 10 Sep 2010 10:49:32 +0000 (12:49 +0200)]
s3: auth.krb5ccname and auth.unix_username are both fstrings
There's no point in checking for != NULL
Stefan Metzmacher [Wed, 8 Sep 2010 15:56:33 +0000 (17:56 +0200)]
selftest/s3-selftest.sh: knownfailure filtering for non-build-farm make test
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:54:29 +0000 (17:54 +0200)]
s3:torture: fix printf output, lines can't start with lower case "test"
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:55:12 +0000 (17:55 +0200)]
s3:torture: fix run_uid_regression_test
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:53:47 +0000 (17:53 +0200)]
s3-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:53:47 +0000 (17:53 +0200)]
s4-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED
metze
Stefan Metzmacher [Fri, 10 Sep 2010 04:36:02 +0000 (06:36 +0200)]
s4:provision: remember the setup directory if it wasn't the default
This fixes make test without a make install.
metze
Günther Deschner [Fri, 10 Sep 2010 14:55:23 +0000 (16:55 +0200)]
s3-spoolss: Fix _spoolss_GetPrinter().
In the error case, we need to TALLOC_FREE(r->out.info), don't ask :-)
Guenther
Andreas Schneider [Fri, 10 Sep 2010 14:06:24 +0000 (16:06 +0200)]
s3-spoolss: Don't leak memory on the session counter list.
Thanks Günther, please check.
Simo Sorce [Thu, 1 Jul 2010 23:39:57 +0000 (19:39 -0400)]
s3-spoolss: Allow multiple client backchannels.
When we run spoolssd we need to support multiple clients connecting.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 22:35:29 +0000 (18:35 -0400)]
s3-spoolss: Split function to send notification.
More digestible this way.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 18:19:43 +0000 (14:19 -0400)]
s3-spoolss: Use a single structure for all the back channel data.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 19:32:15 +0000 (15:32 -0400)]
s3-spoolss: Rename Printer_entry to struct printer_handle.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 19:11:41 +0000 (15:11 -0400)]
s3-spoolss: Move Printer_entry to srv_spoolss_nt.c
It is used only there, and it is a good idea to make this one private and
opaque to the rest of the code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 16:19:41 +0000 (12:19 -0400)]
s3-spoolss: Allocate printer entries on the pipe struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 16:07:44 +0000 (12:07 -0400)]
s3-spoolss: Rename session counter structure and use talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 3 Dec 2008 09:40:04 +0000 (10:40 +0100)]
s3-dsgetdcname: cleanup receive_getdc_response a little.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:51:32 +0000 (11:51 +0200)]
s3-build: use proper RPC_X_OBJ target names.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:49:49 +0000 (11:49 +0200)]
s3-waf: use proper RPC_X_SRC names.
This allows to build using waf without --enable-developer and should also fix
support for rpc server modules.
Guenther
Anatoliy Atanasov [Fri, 10 Sep 2010 10:44:20 +0000 (13:44 +0300)]
s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
Anatoliy Atanasov [Fri, 10 Sep 2010 06:00:56 +0000 (09:00 +0300)]
s4/fsmo: Fix callback declaration
Kamen Mazdrashki [Thu, 9 Sep 2010 23:05:27 +0000 (02:05 +0300)]
s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret
in case we are handling extended operation.
It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS
and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit
more picky on this.
Kamen Mazdrashki [Thu, 9 Sep 2010 23:02:56 +0000 (02:02 +0300)]
s4-drs: Hanlde extended operations only once
Most of extended operations I know of work like:
1. do extended operation
2. collect a set of objects to return and start replication cycle
3. continue returning object as we have no more to give
This way we ensure we are doing 1. only once
Kamen Mazdrashki [Thu, 9 Sep 2010 22:59:21 +0000 (01:59 +0300)]
s4-dreplsrv: fix 'dn' for partition object being created
Kamen Mazdrashki [Thu, 9 Sep 2010 22:58:07 +0000 (01:58 +0300)]
s4-drs-fsmo: try to dispatch ops in queue as soon as possible
In most cases this will transfer of schema master role to
look like a synchronous operation.
Anatoliy Atanasov [Wed, 8 Sep 2010 07:25:54 +0000 (10:25 +0300)]
s4/fsmo: Added python tests for schema master transfer op
Andrew Tridgell [Thu, 9 Sep 2010 06:16:05 +0000 (16:16 +1000)]
s4-fsmo: update FSMO changes for recent IRPC work
the IRPC API has changed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Anatoliy Atanasov [Thu, 26 Aug 2010 08:19:24 +0000 (11:19 +0300)]
s4/drs: update repsFrom only when we are not in getncchanges extended op
Nadezhda Ivanova [Thu, 26 Aug 2010 08:09:58 +0000 (11:09 +0300)]
s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSE
GetNCChanges with the corresponding extended operation is initiated and added to
the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster,
becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in
rootDSE.
Nadezhda Ivanova [Thu, 26 Aug 2010 07:59:02 +0000 (10:59 +0300)]
s4-rpc: Added handling of fsmo role transfer to GetNCChanges
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE
and DRSUAPI_EXOP_FSMO_REQ_PDC.
Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Nadezhda Ivanova [Tue, 24 Aug 2010 21:26:28 +0000 (00:26 +0300)]
s4-irpc: Added internal rpc call DREPL_TAKEFSMOROLE
It schedules a getncchanges with extended op 6, to be used when a modify request on
becomeROLEMaster atteibute on rootDSE is received.
Nadezhda Ivanova [Tue, 24 Aug 2010 21:22:16 +0000 (00:22 +0300)]
s4-drs: Implementation of GetNCChanges extended op 6 - fsmo role transfer
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to
become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute
in its database with the new owner, and replicates the change to the candidate, who then becomes the
owner.
The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who
kindly helped to debug it.
Nadezhda Ivanova [Tue, 24 Aug 2010 20:01:43 +0000 (23:01 +0300)]
s4-drs: Refactored drepl_service and send_ridalloc_request so that the structures can be used for other extended ops
Björn Jacke [Fri, 10 Sep 2010 09:51:15 +0000 (11:51 +0200)]
s4/torture: use time_mono for deltas in lock test
Günther Deschner [Fri, 10 Sep 2010 09:28:54 +0000 (11:28 +0200)]
s3-build: only link LIBNDR_XATTR_OBJ where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:28:38 +0000 (11:28 +0200)]
s3-waf: only link LIBNDR_XATTR_SRC where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:27:52 +0000 (11:27 +0200)]
s3-build: link ndr_notify only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:26:35 +0000 (11:26 +0200)]
s3-waf: link ndr_notify only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:24:28 +0000 (11:24 +0200)]
s3-build: link ndr_named_pipe_auth only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:23:59 +0000 (11:23 +0200)]
s3-waf: link ndr_named_pipe_auth only where needed.
Guenther
Günther Deschner [Thu, 2 Sep 2010 11:19:02 +0000 (13:19 +0200)]
s3-spoolss: allow a short printername w/o servername.
Verified with RPC-SPOOLSS-PRINTSERVER-enumprinters_old test.
Guenther
Jeremy Allison [Thu, 9 Sep 2010 22:29:03 +0000 (15:29 -0700)]
Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder@gmx.net>".
Jeremy.
Jeremy Allison [Thu, 9 Sep 2010 22:28:43 +0000 (15:28 -0700)]
More paranoia to ensure SD's can't be set on read-only shares.
Jeremy.
Günther Deschner [Thu, 2 Sep 2010 11:39:12 +0000 (13:39 +0200)]
s3-selftest: rename printer "print4" to "lp".
This should trigger a false error condition in our code.
Guenther
Günther Deschner [Thu, 9 Sep 2010 22:16:30 +0000 (00:16 +0200)]
s4-smbtorture: add spoolss_OpenPrinter with unc and printername in RPC-SPOOLSS-PRINTSERVER.
Guenther
Volker Lendecke [Thu, 9 Sep 2010 14:57:01 +0000 (16:57 +0200)]
s3: Fix messsssages
Volker Lendecke [Thu, 9 Sep 2010 14:25:09 +0000 (16:25 +0200)]
s3: Ensure NULL termination for "workstation" in auth_crap
Günther Deschner [Thu, 9 Sep 2010 21:13:33 +0000 (23:13 +0200)]
s3-nmbd: use NETLOGON_NT_VERSION_1 in LOGON_PRIMARY_RESPONSE.
Guenther
Volker Lendecke [Thu, 9 Sep 2010 14:02:38 +0000 (16:02 +0200)]
s3: These assignments are overwritten immediately
Dump them
Günther Deschner [Wed, 8 Sep 2010 16:55:27 +0000 (18:55 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_SAM_LOGON_REQUEST.
Guenther
Günther Deschner [Thu, 9 Sep 2010 11:16:21 +0000 (13:16 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_PRIMARY_QUERY.
Couldn't find any reproducer for a short request, so removing it for now.
Guenther
Günther Deschner [Thu, 9 Sep 2010 20:39:05 +0000 (22:39 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_REQUEST.
Guenther
Günther Deschner [Thu, 9 Sep 2010 20:38:37 +0000 (22:38 +0200)]
s3-nmbd: handle source_name in one location in nmbd_process_logon().
Guenther
Günther Deschner [Tue, 7 Sep 2010 09:41:05 +0000 (11:41 +0200)]
s3-nmbd: use nbt_netlogon_packet in process_logon_packet().
Guenther
Günther Deschner [Wed, 8 Sep 2010 09:58:04 +0000 (11:58 +0200)]
libcli/netlogon: add LOGON_REQUEST handling to pull_nbt_netlogon_response().
Guenther
Günther Deschner [Wed, 8 Sep 2010 16:59:19 +0000 (18:59 +0200)]
libcli/netlogon: add LOGON_RESPONSE2 to pull_nbt_netlogon_response().
Guenther
Günther Deschner [Tue, 7 Sep 2010 20:41:44 +0000 (22:41 +0200)]
libcli/netlogon: add NETLOGON_RESPONSE2 to push_nbt_netlogon_response().
Guenther
Matthias Dieter Wallnöfer [Thu, 9 Sep 2010 19:29:21 +0000 (21:29 +0200)]
s4:client/cifsdd.c - restore Solaris cc compatibility
"static const struct"s need to be global in order to work with Solaris cc.
Matthias Dieter Wallnöfer [Thu, 9 Sep 2010 19:26:43 +0000 (21:26 +0200)]
s4:torture/rpc/winreg.c - restore Solaris cc compatibility
"static const struct"s need to be global in order to work with Solaris cc.
Matthias Dieter Wallnöfer [Thu, 9 Sep 2010 18:31:38 +0000 (20:31 +0200)]
s4:libcli/security/*.c - fix some wrong typed counters
According to "librpc/gen_ndr/security.h" they need to be "uint32_t".
Kamen Mazdrashki [Wed, 8 Sep 2010 22:43:01 +0000 (01:43 +0300)]
s4-dreplsrv: Do allocations on long-living context so that callback gets called
Kamen Mazdrashki [Wed, 8 Sep 2010 21:55:51 +0000 (00:55 +0300)]
s4-drs-test: Add 'reset' and 'replace' tests for drsuapi_DsReplicaUpdateRefs
At first I got the impression we are not handling those cases,
but after those tests surprisingly passed I saw that
we have correct behavior implemented in a helper function.
So I decided to commit those tests in case someone change the
strange-looking check for DRSUAPI_DRS_ADD_REF flag in
a function that handles delete operation :)
Kamen Mazdrashki [Tue, 7 Sep 2010 22:07:44 +0000 (01:07 +0300)]
s4-dreplsrv: Call dreplsrv_out_operation::callback in case we fail to even run the operation
Operation was scheduled already, so we need to call
the callback function for it to be able to do its job.
For instance, if we are blocking an rpc call until an
operation is completed and there is no memory, then
client will be blocked without knowing what is going on
with the server.
Kamen Mazdrashki [Tue, 7 Sep 2010 19:24:24 +0000 (22:24 +0300)]
s4-dsdb/repl/drepl_out_pull.c: Remove unused code
Kamen Mazdrashki [Tue, 7 Sep 2010 19:18:53 +0000 (22:18 +0300)]
s4-drepl_service.c: Update (C)
and remove few trailing white spaces
Kamen Mazdrashki [Tue, 7 Sep 2010 18:22:47 +0000 (21:22 +0300)]
s4-drepsrv: Dump more info when drepl_replica_sync() fails
There are many spots where this function may fail
and I find it very useful to know where exactly function
fails and what are the input parameters during testing.
REPLICA_SYNC_FAIL() macro now dumps an error message
so we may remove extra DEBUG() dump in implementation.