13 years agotevent:mksyms: allow characters after closing functions parenthesis.
Michael Adam [Fri, 11 Sep 2009 12:54:30 +0000 (14:54 +0200)]
tevent:mksyms: allow characters after closing functions parenthesis.


13 years agotevent:mksyms: allow double pointer return value of functions.
Michael Adam [Fri, 11 Sep 2009 12:54:02 +0000 (14:54 +0200)]
tevent:mksyms: allow double pointer return value of functions.


13 years agotevent: add abi_checks to "make test"
Michael Adam [Fri, 11 Sep 2009 12:00:25 +0000 (14:00 +0200)]
tevent: add abi_checks to "make test"


13 years agotevent: remove filese generated by "make abi_checks" in "make clean".
Michael Adam [Fri, 11 Sep 2009 11:39:44 +0000 (13:39 +0200)]
tevent: remove filese generated by "make abi_checks" in "make clean".


13 years agotevent: add a make target "make abi_checks"
Michael Adam [Fri, 11 Sep 2009 11:39:15 +0000 (13:39 +0200)]
tevent: add a make target "make abi_checks"


13 years agotevent: move the original abi_checks script to script/
Michael Adam [Fri, 28 Aug 2009 14:04:47 +0000 (16:04 +0200)]
tevent: move the original abi_checks script to script/


13 years agotevent: add script/ check for abi changes without gcc magic.
Michael Adam [Fri, 28 Aug 2009 13:53:12 +0000 (15:53 +0200)]
tevent: add script/ check for abi changes without gcc magic.

USAGE: LIBRARY_NAME header1 [header2 ...]

This creates symbol signature lists using the mksyms and mksigs scripts
and compares them with the checked in lists.


13 years agotevent: add script to extract signatures from header files.
Michael Adam [Fri, 28 Aug 2009 13:08:19 +0000 (15:08 +0200)]
tevent: add script to extract signatures from header files.

This produces output like the output gcc produces when
invoked with the -aux-info switch.

Run like this: cat include/tevent.h | ./script/

This simple parser is probably too coarse to handle all
possible header files, but it treats tevent.h correctly...


13 years agotevent: add scripts to extract library symbols (exports file) from headers
Michael Adam [Fri, 28 Aug 2009 13:01:17 +0000 (15:01 +0200)]
tevent: add scripts to extract library symbols (exports file) from headers


13 years agos4-vampire: cope with no invocationID when vampiring the schema
Andrew Tridgell [Fri, 11 Sep 2009 13:26:39 +0000 (23:26 +1000)]
s4-vampire: cope with no invocationID when vampiring the schema

13 years agos4-drs: fixed the ldap SPN in AddEntry
Andrew Tridgell [Fri, 11 Sep 2009 13:14:07 +0000 (23:14 +1000)]
s4-drs: fixed the ldap SPN in AddEntry

13 years agos4-provision: revert _gc_tcp priority
Andrew Tridgell [Fri, 11 Sep 2009 13:13:39 +0000 (23:13 +1000)]
s4-provision: revert _gc_tcp priority

thanks to id10ts for spotting this. I was a victim of emacs zone mode,
which increaed it with each edit.

13 years agos4-repl: refresh the partitions on each cycle
Andrew Tridgell [Fri, 11 Sep 2009 12:47:11 +0000 (22:47 +1000)]
s4-repl: refresh the partitions on each cycle

The KCC might have changed repsFrom, which is stored in the partitions

13 years agos4-smbtorture: fix remaining lsa lookup call unknowns. sorry...
Günther Deschner [Fri, 11 Sep 2009 12:33:30 +0000 (14:33 +0200)]
s4-smbtorture: fix remaining lsa lookup call unknowns. sorry...


13 years agos4-kcc: add a very simple KCC
Andrew Tridgell [Fri, 11 Sep 2009 11:46:58 +0000 (21:46 +1000)]
s4-kcc: add a very simple KCC

A KCC is a 'Knowledge Consistency Checker', a fancy name for a daemon
that works out who will replicate with who in a AD domain. This
implements an extremely simple KCC task that just wants to replicate
with everyone :-)

13 years agos4-repl: don't update replPropertyMetaData for non-replicated attributes
Andrew Tridgell [Fri, 11 Sep 2009 11:45:35 +0000 (21:45 +1000)]
s4-repl: don't update replPropertyMetaData for non-replicated attributes

thanks to Metze for spotting this

13 years agos4-idl: added the IDL for the DsReplica* calls
Andrew Tridgell [Fri, 11 Sep 2009 10:14:11 +0000 (20:14 +1000)]
s4-idl: added the IDL for the DsReplica* calls

13 years agos3-rpcclient: add lookupsids3 command.
Günther Deschner [Fri, 11 Sep 2009 11:58:52 +0000 (13:58 +0200)]
s3-rpcclient: add lookupsids3 command.


13 years agolsa: fill in more unknowns in lsa_LookupSid calls.
Günther Deschner [Fri, 11 Sep 2009 11:55:44 +0000 (13:55 +0200)]
lsa: fill in more unknowns in lsa_LookupSid calls.


13 years agos4:ldb_map_outbound - fix memory leak
Matthias Dieter Wallnöfer [Fri, 11 Sep 2009 11:35:55 +0000 (13:35 +0200)]
s4:ldb_map_outbound - fix memory leak

Patch from Andrew Kroeger wasn't fully correct - we need a "talloc_free" after
the "if (ac->r_current == NULL)" statement.

13 years agonetlogon.idl: indent correctly
Matthias Dieter Wallnöfer [Fri, 11 Sep 2009 11:25:53 +0000 (13:25 +0200)]
netlogon.idl: indent correctly

13 years agolsa: use lsa_LookupNamesLevel in lsa_LookupSids{2,3}.
Günther Deschner [Fri, 11 Sep 2009 10:16:35 +0000 (12:16 +0200)]
lsa: use lsa_LookupNamesLevel in lsa_LookupSids{2,3}.


13 years agos4-repl: on every ldb modify we need to update replPropertyMetaData
Andrew Tridgell [Fri, 11 Sep 2009 09:07:38 +0000 (19:07 +1000)]
s4-repl: on every ldb modify we need to update replPropertyMetaData

Every time we change a ldb object with the repl_meta_data module
loaded we need to update the replPropertyMetaData attribute to fix the
timestamps and USNs of the attributes being changed.

13 years agos4-repl: don't add the RDN if it is already there
Andrew Tridgell [Fri, 11 Sep 2009 08:01:27 +0000 (18:01 +1000)]
s4-repl: don't add the RDN if it is already there

13 years agos4-ldb: don't remove a message element beyond the end of the array
Andrew Tridgell [Fri, 11 Sep 2009 08:00:42 +0000 (18:00 +1000)]
s4-ldb: don't remove a message element beyond the end of the array

13 years agos3-rpcclient: make netlogon credential setup also work for interdomain trusts.
Günther Deschner [Thu, 10 Sep 2009 22:20:59 +0000 (00:20 +0200)]
s3-rpcclient: make netlogon credential setup also work for interdomain trusts.


13 years agos3-rpcclient: avoid using lp_workgroup() unconditionally for crypto.
Günther Deschner [Thu, 10 Sep 2009 20:56:05 +0000 (22:56 +0200)]
s3-rpcclient: avoid using lp_workgroup() unconditionally for crypto.


13 years agos3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().
Günther Deschner [Thu, 10 Sep 2009 20:32:34 +0000 (22:32 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().


13 years agos3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc...
Günther Deschner [Thu, 10 Sep 2009 20:23:21 +0000 (22:23 +0200)]
s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp and cli_rpc_pipe_open_ntlmssp.


13 years agos3-rpcclient: use cli_rpc_pipe_open_noauth_transport in rpcclient.
Günther Deschner [Thu, 10 Sep 2009 20:22:24 +0000 (22:22 +0200)]
s3-rpcclient: use cli_rpc_pipe_open_noauth_transport in rpcclient.


13 years agos3-rpc_client: add cli_rpc_pipe_open_noauth_transport.
Günther Deschner [Tue, 4 Nov 2008 17:40:24 +0000 (18:40 +0100)]
s3-rpc_client: add cli_rpc_pipe_open_noauth_transport.


13 years agos4-provision: use DNS name, not domain name
Andrew Tridgell [Fri, 11 Sep 2009 07:14:01 +0000 (17:14 +1000)]
s4-provision: use DNS name, not domain name

The SPNs end in the DNS domain name

13 years agos4-drs: actually call the new drsuapi_add_SPNs() code
Andrew Tridgell [Fri, 11 Sep 2009 07:13:28 +0000 (17:13 +1000)]
s4-drs: actually call the new drsuapi_add_SPNs() code

An early return here didn't do any good :-)

13 years agos4-drs: add the magic DRS SPNs on AddEntry
Andrew Tridgell [Fri, 11 Sep 2009 05:15:39 +0000 (15:15 +1000)]
s4-drs: add the magic DRS SPNs on AddEntry

When a DsAddEntry is used to create a nTDSDSA object we need to also
create the SPNs for the NTDS GUID in the servers machine account.

13 years agos4/provision: add the nTDSDSA GUID based DNS entries and SPNs
Andrew Tridgell [Fri, 11 Sep 2009 03:39:31 +0000 (13:39 +1000)]
s4/provision: add the nTDSDSA GUID based DNS entries and SPNs

The DNS entries and SPNs are needed for samba<->samba DRS
replication. This patch adds them for a standalone DC configure. A
separate patch will add them for the vampire configure

13 years agos4/drs: parentGUID needs to be specififcally asked for
Andrew Tridgell [Thu, 10 Sep 2009 13:03:07 +0000 (23:03 +1000)]
s4/drs: parentGUID needs to be specififcally asked for

Right now parentGUID is a normal attribute in s4, but it should be
generated, which means we need to ask for it in a search if we want to
use it.

13 years agos4/libcli: when we get a DNS lookup failure show the name
Andrew Tridgell [Thu, 10 Sep 2009 13:01:49 +0000 (23:01 +1000)]
s4/libcli: when we get a DNS lookup failure show the name

When tracking down complex connection problems its useful knowing what
name lookups failed.

13 years agos4/tort: RPC-DRSUAPI test case refactored to match torture architecture
Kamen Mazdrashki [Thu, 10 Sep 2009 22:39:19 +0000 (01:39 +0300)]
s4/tort: RPC-DRSUAPI test case refactored to match torture architecture

13 years agos4/tort: code clean up using torture_drsuapi_assert_call() macro
Kamen Mazdrashki [Thu, 10 Sep 2009 22:17:57 +0000 (01:17 +0300)]
s4/tort: code clean up using torture_drsuapi_assert_call() macro

After this change, when a test fails, it gives
reasonable failure message.

13 years agos4/tort: assert macro for drsuapi dcerpc call
Kamen Mazdrashki [Thu, 10 Sep 2009 20:44:00 +0000 (23:44 +0300)]
s4/tort: assert macro for drsuapi dcerpc call

The macro actually wraps common code pattern used in
almost every test for DRSUAPI interface

13 years agos4/tort: Propagate torture_context and use torture_comment
Kamen Mazdrashki [Thu, 10 Sep 2009 20:43:32 +0000 (23:43 +0300)]
s4/tort: Propagate torture_context and use torture_comment

NOTE: Not every place where printf is used is replaced by
torture_comment. Future work shall "missed" printfs also.

13 years agos3-schannel: remove last schannel hand-marshalling function.
Günther Deschner [Fri, 11 Sep 2009 00:56:00 +0000 (02:56 +0200)]
s3-schannel: remove last schannel hand-marshalling function.


13 years agos3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server).
Günther Deschner [Fri, 11 Sep 2009 00:52:25 +0000 (02:52 +0200)]
s3-schannel: use NL_AUTH_SIGNATURE for schannel sign & seal (client & server).


13 years agos3-errors: add NT_STATUS_RPC_NT_PROCNUM_OUT_OF_RANGE.
Günther Deschner [Fri, 11 Sep 2009 00:49:30 +0000 (02:49 +0200)]


13 years agos3-schannel: remove unused code.
Günther Deschner [Fri, 11 Sep 2009 00:21:33 +0000 (02:21 +0200)]
s3-schannel: remove unused code.


13 years agos3-schannel: use NL_AUTH_MESSAGE for schannel bind reply.
Günther Deschner [Fri, 11 Sep 2009 00:20:59 +0000 (02:20 +0200)]
s3-schannel: use NL_AUTH_MESSAGE for schannel bind reply.


13 years agoschannel: more work on reponse NL_AUTH_MESSAGES.
Günther Deschner [Fri, 11 Sep 2009 00:18:59 +0000 (02:18 +0200)]
schannel: more work on reponse NL_AUTH_MESSAGES.


13 years agos3-nterr: add NT_STATUS_RPC_NT_PROTOCOL_ERROR to nt_errstr().
Günther Deschner [Fri, 11 Sep 2009 00:17:51 +0000 (02:17 +0200)]
s3-nterr: add NT_STATUS_RPC_NT_PROTOCOL_ERROR to nt_errstr().


13 years agos3-util: add get/set_cmdline_auth_info_domain to user_auth_info struct.
Günther Deschner [Thu, 10 Sep 2009 20:53:44 +0000 (22:53 +0200)]
s3-util: add get/set_cmdline_auth_info_domain to user_auth_info struct.


13 years agos3-rpcclient: add lookupnames4 command.
Günther Deschner [Thu, 10 Sep 2009 21:33:37 +0000 (23:33 +0200)]
s3-rpcclient: add lookupnames4 command.


13 years agos3-rpcclient: add ncacn transport handling for rpcclient.
Günther Deschner [Thu, 10 Sep 2009 19:14:29 +0000 (21:14 +0200)]
s3-rpcclient: add ncacn transport handling for rpcclient.


13 years agos3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct.
Günther Deschner [Thu, 10 Sep 2009 17:59:37 +0000 (19:59 +0200)]
s3-rpc_client: add enum dcerpc_transport_t to rpc_cli_transport struct.


13 years agos4:setup Updated Display Specifiers from Microsoft (with #s)
Andrew Bartlett [Thu, 10 Sep 2009 21:25:11 +0000 (07:25 +1000)]
s4:setup Updated Display Specifiers from Microsoft (with #s)

This fixes the issue with the original files that they didn't have a
leading # in front of the comments, which caused our parsing scripts
much pain.  The files are now exactly as delivered.

Andrew Bartlett

13 years agos4: Pass WINBINDD_SOCKET_DIR var in order to overide the location of the Winbind...
Matthieu Patou [Thu, 10 Sep 2009 19:33:16 +0000 (23:33 +0400)]
s4: Pass WINBINDD_SOCKET_DIR var in order to overide the location of the Winbind socket

13 years agos4:ldb_map: Don't free ares too early.
Andrew Kroeger [Thu, 10 Sep 2009 15:04:47 +0000 (10:04 -0500)]
s4:ldb_map: Don't free ares too early.

As found when running "make test" with the MALLOC_CHECK_ and MALLOC_PERTURB_
environment variables set.

13 years agos4/tort: CRACKNAMES tests to use private structure for testing.
Kamen Mazdrashki [Thu, 10 Sep 2009 10:47:14 +0000 (13:47 +0300)]
s4/tort: CRACKNAMES tests to use private structure for testing.

DsCrackNamesPrivate structure basically inherits DsPrivate
structure while adding few test-specific members.

13 years agos4/tort: Make common setup/teardown drsuapi test funcs really common
Kamen Mazdrashki [Thu, 10 Sep 2009 10:45:10 +0000 (13:45 +0300)]
s4/tort: Make common setup/teardown drsuapi test funcs really common

13 years agos4/tort: CrackNames test update to work against W2K3.
Kamen Mazdrashki [Wed, 9 Sep 2009 14:07:27 +0000 (17:07 +0300)]
s4/tort: CrackNames test update to work against W2K3.

DRSUAPI_DS_NAME_FORMAT_UKNOWN added to 'known-to-fail'
responses as this actually means to ask AD to resolve
a name from FQDN format to Unknown format.

13 years agoutil_strlist: Add some more "const"s - small correction
Matthias Dieter Wallnöfer [Thu, 10 Sep 2009 20:05:49 +0000 (22:05 +0200)]
util_strlist: Add some more "const"s - small correction

13 years agoutil_strlist: Add some more "const"s
Matthias Dieter Wallnöfer [Thu, 10 Sep 2009 05:17:40 +0000 (07:17 +0200)]
util_strlist: Add some more "const"s

13 years agoFix bug 6707 - 3.4.1 segfault in parsing configs.
Marc Aurele La France [Thu, 10 Sep 2009 16:52:11 +0000 (09:52 -0700)]
Fix bug 6707 - 3.4.1 segfault in parsing configs.
Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing.

13 years agos4:srvsvc: Fix logic on error checking.
Andrew Kroeger [Mon, 7 Sep 2009 12:52:37 +0000 (07:52 -0500)]
s4:srvsvc: Fix logic on error checking.

13 years agos4:pwsettings: Added blackbox tests.
Andrew Kroeger [Tue, 8 Sep 2009 11:01:18 +0000 (06:01 -0500)]
s4:pwsettings: Added blackbox tests.

The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.

13 years Add function for expected failures.
Andrew Kroeger [Tue, 8 Sep 2009 21:01:26 +0000 (16:01 -0500)] Add function for expected failures.

The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.

13 years agos4:pwsettings: Show default values in help messages.
Andrew Kroeger [Tue, 8 Sep 2009 07:34:56 +0000 (02:34 -0500)]
s4:pwsettings: Show default values in help messages.

13 years agos4:pwsettings: Add 'default' option for password complexity.
Andrew Kroeger [Tue, 8 Sep 2009 07:34:30 +0000 (02:34 -0500)]
s4:pwsettings: Add 'default' option for password complexity.

13 years agos4:pwsettings: Added validation.
Andrew Kroeger [Mon, 7 Sep 2009 08:38:33 +0000 (03:38 -0500)]
s4:pwsettings: Added validation.

Validate that each field is within its allowed range.  Also validate that the
maximum password age is greater than the minimum password length (if the maximum
password age is set).

I could not find these values documented anywhere in the WSPP docs.  I used the
values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs
the validation of values.

13 years agos4:pwsettings: Don't assume a value for pwdProperties.
Andrew Kroeger [Mon, 7 Sep 2009 07:04:55 +0000 (02:04 -0500)]
s4:pwsettings: Don't assume a value for pwdProperties.

If we cannot retrieve the value, do not assume a particular value.  The fact
that we could not retrieve the value indicates a larger problem that we don't
want to make worse bypossibly clearing bit fields in the pwdProperties

13 years agos4:pwsettings: Run all updates as a single modify() operation.
Andrew Kroeger [Mon, 7 Sep 2009 06:47:35 +0000 (01:47 -0500)]
s4:pwsettings: Run all updates as a single modify() operation.

This ensures that all changes are made, or none are made.  It also makes it
possible to do validation as we go and abort in case of an error, while always
leaving things in a consistent state.

13 years agos4:pwsettings: Added --quiet option.
Andrew Kroeger [Mon, 7 Sep 2009 06:05:11 +0000 (01:05 -0500)]
s4:pwsettings: Added --quiet option.

Also changed all non-error status output to use the message() function, which
respects the --quiet option.

13 years agos4:netlogon - Put the "supported encryption types" more back in the "LogonGetDomainIn...
Matthias Dieter Wallnöfer [Wed, 9 Sep 2009 22:59:50 +0000 (00:59 +0200)]
s4:netlogon - Put the "supported encryption types" more back in the "LogonGetDomainInfo" call

They're needed only at the end.

13 years agoRevert "s4: Let the "setpassword" script finally use the "samdb_set_password" routine"
Matthias Dieter Wallnöfer [Wed, 9 Sep 2009 22:46:51 +0000 (00:46 +0200)]
Revert "s4: Let the "setpassword" script finally use the "samdb_set_password" routine"

This reverts commit fdd62e9699b181a140292689fcd88a559bc26211.

abartlet and I agreed that this isn't the right way to enforce the password
policies. Sooner or later we've to control them anyway on the directory level.

13 years agos4/torture: fixed lots of crash bugs in the DRS tests
Andrew Tridgell [Thu, 10 Sep 2009 12:58:11 +0000 (22:58 +1000)]
s4/torture: fixed lots of crash bugs in the DRS tests

13 years agos4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP
Andrew Bartlett [Thu, 10 Sep 2009 09:45:53 +0000 (19:45 +1000)]
s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP

We need to be more careful to do the cleanup functions for the right
backend.  In future, these perhaps should be provided by the
ProvisionBackend class.

Andrew Bartlett

13 years agos4/drs: enable attribute encryption
Andrew Tridgell [Thu, 10 Sep 2009 07:46:30 +0000 (17:46 +1000)]
s4/drs: enable attribute encryption

This means we now get passwords vampired correctly for s4<->s4

13 years agos4: kludge_acl needs to be above repl_meta_data
Andrew Tridgell [Thu, 10 Sep 2009 07:45:25 +0000 (17:45 +1000)]
s4: kludge_acl needs to be above repl_meta_data

We have to bypass kludge_acl in replication as otherwise we aren't
allowed access to the password entries

13 years agos4/repl: give a useful error message if we can't decode an object
Andrew Tridgell [Thu, 10 Sep 2009 07:42:36 +0000 (17:42 +1000)]
s4/repl: give a useful error message if we can't decode an object

13 years agolibcli: added a drsuapi attribute encryption function
Andrew Tridgell [Thu, 10 Sep 2009 07:42:13 +0000 (17:42 +1000)]
libcli: added a drsuapi attribute encryption function

13 years agolibcli:drsuapi Add function to encrypt data for transport over DRSUAPI
Andrew Bartlett [Thu, 10 Sep 2009 05:50:32 +0000 (15:50 +1000)]
libcli:drsuapi Add function to encrypt data for transport over DRSUAPI

This is for the server side of the GetNCChanges call.

Andrew Bartlett

13 years agos4/drs: changed the UpdateRefs server to use the dn instead of the GUID
Andrew Tridgell [Thu, 10 Sep 2009 04:27:47 +0000 (14:27 +1000)]
s4/drs: changed the UpdateRefs server to use the dn instead of the GUID

Our vampire code sends a zero GUID in the updaterefs calls. Windows
seems to ignore the GUID and use the DN in the naming context instead,
so I have changed our UpdateRefs server implementation to do the same.

With this change we can now vampire from s4<->s4 successfully! Now to
see if all the attributes came across correctly.

13 years agoOPC oota edits
John H Terpstra [Thu, 10 Sep 2009 04:12:27 +0000 (23:12 -0500)]
OPC oota edits

13 years agos4/drs: correctly fill in the GUID of DRS objects
Andrew Tridgell [Thu, 10 Sep 2009 03:51:08 +0000 (13:51 +1000)]
s4/drs: correctly fill in the GUID of DRS objects

13 years agos4: fix spelling
Andrew Tridgell [Thu, 10 Sep 2009 03:50:46 +0000 (13:50 +1000)]
s4: fix spelling

13 years agos4/provision: another fix for breakage from b1dabb1133
Andrew Tridgell [Thu, 10 Sep 2009 02:42:57 +0000 (12:42 +1000)]
s4/provision: another fix for breakage from b1dabb1133

13 years agos4:provision Don't reference provision_backend when using LDB
Andrew Bartlett [Thu, 10 Sep 2009 02:25:25 +0000 (12:25 +1000)]
s4:provision Don't reference provision_backend when using LDB

This broke in Endi's patch for Fedora DS support

Andrew Bartlett

13 years agos4/torture: don't mix declarations and code
Andrew Tridgell [Thu, 10 Sep 2009 02:14:53 +0000 (12:14 +1000)]
s4/torture: don't mix declarations and code

13 years agos4: regenerate drsuapi IDL
Andrew Tridgell [Thu, 10 Sep 2009 02:09:01 +0000 (12:09 +1000)]
s4: regenerate drsuapi IDL

13 years agos4/schema: teach the schema_syntax code how to encode/decode more attributes
Andrew Tridgell [Thu, 10 Sep 2009 02:08:15 +0000 (12:08 +1000)]
s4/schema: teach the schema_syntax code how to encode/decode more attributes

We were trying to encode strings like 'top' as integers, without first
looking them up in our schema. We need special handling for all the
attributes that contain attributeID_id or governsID_id fields that
should be translated first before encoding.

13 years agos4/schema: don't crash if we don't have subClassOf
Andrew Tridgell [Thu, 10 Sep 2009 02:06:20 +0000 (12:06 +1000)]
s4/schema: don't crash if we don't have subClassOf

13 years agos4/drsuapi: tech the IDL about some more key attribute names
Andrew Tridgell [Thu, 10 Sep 2009 02:05:50 +0000 (12:05 +1000)]
s4/drsuapi: tech the IDL about some more key attribute names

13 years agos4: Use SASL authentication against Fedora DS.
Endi Sukma Dewata [Wed, 9 Sep 2009 16:45:24 +0000 (12:45 -0400)]
s4: Use SASL authentication against Fedora DS.

1. During instance creation the provisioning script will import the SASL
   mapping for samba-admin. It's done here due to missing config schema
   preventing adding the mapping via ldapi.

2. After that it will use ldif2db to import the cn=samba-admin user as
   the target of SASL mapping.

3. Then it will start FDS and continue to do provisioning using the
   Directory Manager with simple bind.

4. The SASL credentials will be stored in secrets.ldb, so when Samba
   server runs later it will use the SASL credentials.

5. After the provisioning is done (just before stopping the slapd)
   it will use the DM over direct ldapi to delete the default SASL
   mappings included automatically by FDS, leaving just the new
   samba-admin mapping.

6. Also before stopping slapd it will use the DM over direct ldapi to
   set the ACL on the root entries of the user, configuration, and
   schema partitions. The ACL will give samba-admin the full access
   to these partitions.

Signed-off-by: Andrew Bartlett <>
13 years agos3:docs: Add info about how to obtain cifs module in cifs mount helper manpage
Volker Lendecke [Wed, 9 Sep 2009 21:08:28 +0000 (23:08 +0200)]
s3:docs: Add info about how to obtain cifs module in cifs mount helper manpage

13 years agoFix compile in a usually non-selected define.
Jeremy Allison [Wed, 9 Sep 2009 20:54:47 +0000 (13:54 -0700)]
Fix compile in a usually non-selected define.

13 years agos3:smbd: Add a "hidden" parameter "share:fake_fscaps"
Volker Lendecke [Wed, 9 Sep 2009 19:58:47 +0000 (21:58 +0200)]
s3:smbd: Add a "hidden" parameter "share:fake_fscaps"

This is needed to support some special app I've just come across where I had to
set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There
might be others to fake. This is definitely a "Don't touch if you don't know
what you're doing" thing, so I decided to make this an undocumented parametric

I know this sucks, so feel free to beat me up on this. But I don't think it
will hurt.

13 years agos3:examples:ldap: allow substing search on more attributes in nds schema file
Björn Jacke [Wed, 9 Sep 2009 18:07:19 +0000 (20:07 +0200)]
s3:examples:ldap: allow substing search on more attributes in nds schema file

13 years agos4/torture: add new SMB oplock tests
Aravind Srinivasan [Tue, 8 Sep 2009 20:19:44 +0000 (13:19 -0700)]
s4/torture: add new SMB oplock tests

* test if oplocks are granted when requesting delete-on-close
* test how oplocks are broken by byte-range-lock requests

13 years agos4/torture: convert printf to torture_comment()
Aravind Srinivasan [Tue, 8 Sep 2009 20:12:26 +0000 (13:12 -0700)]
s4/torture: convert printf to torture_comment()

Allows "make test" and other harnesses to print cleaner output.

13 years agos3:examples:ldap: fix some OIDs in various schema files
Björn Jacke [Wed, 9 Sep 2009 17:13:32 +0000 (19:13 +0200)]
s3:examples:ldap: fix some OIDs in various schema files

13 years agos4/drs: when we don't find an attribute use zero values
Andrew Tridgell [Wed, 9 Sep 2009 15:27:12 +0000 (01:27 +1000)]
s4/drs: when we don't find an attribute use zero values

thanks to metze for pointing this out

13 years agos4/vampire: fixed i/j index mixup in vampire code
Andrew Tridgell [Wed, 9 Sep 2009 15:26:34 +0000 (01:26 +1000)]
s4/vampire: fixed i/j index mixup in vampire code