13 years agoRevert "Work around ndr_unpack failing on structures with relative pointers."
Stefan Metzmacher [Fri, 20 Nov 2009 11:19:35 +0000 (12:19 +0100)]
Revert "Work around ndr_unpack failing on structures with relative pointers."

This reverts commit c2cdb4ad5c9398ef0d3310613107999f8d33c7ce.

It's not needed anymore.


13 years agopidl:NDR/ update ndr_pull->relative_highest_offset after handling relative...
Stefan Metzmacher [Fri, 20 Nov 2009 11:11:41 +0000 (12:11 +0100)]
pidl:NDR/ update ndr_pull->relative_highest_offset after handling relative pointers


13 years agolibrpc/ndr: remember the highest offset we parsed with relative pointer buffers
Stefan Metzmacher [Fri, 20 Nov 2009 10:34:53 +0000 (11:34 +0100)]
librpc/ndr: remember the highest offset we parsed with relative pointer buffers

ndr_*_pull_blob_all() will now work if relative pointers are used.


13 years agos3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_init
Michael Adam [Fri, 20 Nov 2009 11:44:43 +0000 (12:44 +0100)]
s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_init

When idmap backend is specified as
idmap backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.


13 years agos3:idmap_ldap: trim the " chars from the location string in idmap_ldap_alloc_init
Michael Adam [Fri, 20 Nov 2009 11:38:44 +0000 (12:38 +0100)]
s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_alloc_init

When idmap alloc backend is specified as
idmap alloc backend = ldap:"ldap://server1 ldap://server2"
then currently "ldap://server1 ldap://server2" was passed to
ldap_initialize including the quotes, leading to an ldap error.


13 years agoImplementation of LDAP_SERVER_SD_FLAGS_OID on modify requests.
Nadezhda Ivanova [Fri, 20 Nov 2009 11:25:13 +0000 (13:25 +0200)]
Implementation of LDAP_SERVER_SD_FLAGS_OID on modify requests.

13 years agoSome changes to allow processing of ldap controls on modify requests.
Nadezhda Ivanova [Fri, 20 Nov 2009 11:22:38 +0000 (13:22 +0200)]
Some changes to allow processing of ldap controls on modify requests.

ldap_backend used to filter out ldap controls on modify. Also, modified
python binding for ldap_modify to allow writing tests for such controls.

13 years agos4:ntvfs/posix/pvfs_acl - Remove unused variable "token"
Matthias Dieter Wallnöfer [Fri, 20 Nov 2009 11:03:06 +0000 (12:03 +0100)]
s4:ntvfs/posix/pvfs_acl - Remove unused variable "token"

13 years agotdb: change version to 1.2.0 after adding TDB_*ALLOW_NESTING tdb-1.2.0
Stefan Metzmacher [Thu, 19 Nov 2009 08:49:03 +0000 (09:49 +0100)]
tdb: change version to 1.2.0 after adding TDB_*ALLOW_NESTING


13 years agotdb: add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior
Stefan Metzmacher [Thu, 19 Nov 2009 08:34:05 +0000 (09:34 +0100)]
tdb: add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior

We need to keep TDB_ALLOW_NESTING as default behavior,
so that existing code continues to work.

However we may change the default together with a major version
number change in future.


13 years agoNew attempt at TDB transaction nesting allow/disallow.
Ronnie Sahlberg [Mon, 25 May 2009 07:04:42 +0000 (17:04 +1000)]
New attempt at TDB transaction nesting allow/disallow.

Make the default be that transaction is not allowed and any attempt to create a nested transaction will fail with TDB_ERR_NESTING.

If an application can cope with transaction nesting and the implicit
semantics of tdb_transaction_commit(), it can enable transaction nesting
by using the TDB_ALLOW_NESTING flag.
(cherry picked from ctdb commit 3e49e41c21eb8c53084aa8cc7fd3557bdd8eb7b6)

Signed-off-by: Stefan Metzmacher <>
13 years agotdb: always set tdb->tracefd to -1 to be safe on goto fail
Stefan Metzmacher [Thu, 19 Nov 2009 08:38:48 +0000 (09:38 +0100)]
tdb: always set tdb->tracefd to -1 to be safe on goto fail


13 years agos4-dsdb: some more attribuutes that we should only give if asked for
Andrew Tridgell [Fri, 20 Nov 2009 04:19:35 +0000 (15:19 +1100)]
s4-dsdb: some more attribuutes that we should only give if asked for

13 years agos4-drs: we need to specifically ask for ntSecurityDescriptor
Andrew Tridgell [Fri, 20 Nov 2009 03:57:04 +0000 (14:57 +1100)]
s4-drs: we need to specifically ask for ntSecurityDescriptor

ntSecurityDescriptor is no longer included by default

13 years agos4-ldb: added a warning about ldb_msg_add_dn
Andrew Tridgell [Thu, 19 Nov 2009 18:03:59 +0000 (16:03 -0200)]
s4-ldb: added a warning about ldb_msg_add_dn

ldb_msg_add_dn does not copy the dn linearized string

13 years agoadded new function "ldb_msg_add_dn"
Crístian Deives [Thu, 19 Nov 2009 18:03:59 +0000 (16:03 -0200)]
added new function "ldb_msg_add_dn"

a helper function to a DN element to an ldb_msg using ldb_msg_add_string.

Signed-off-by: Andrew Tridgell <>
13 years agos4-dsdb: removed attributes that should not be displayed by default
Andrew Tridgell [Fri, 20 Nov 2009 03:19:18 +0000 (14:19 +1100)]
s4-dsdb: removed attributes that should not be displayed by default

Some attributes (like ntSecurityDescriptor) are stored in our db, but
should only be displayed if asked for. This also applied to parentGUID
from old installs, which is now generated.

13 years agos4-drs: Removes stored parentGUID's creation and renaming
Fernando J V da Silva [Thu, 19 Nov 2009 18:35:38 +0000 (15:35 -0300)]
s4-drs: Removes stored parentGUID's creation and renaming

parentGUID is now created on demand in operational.c

Signed-off-by: Andrew Tridgell <>
13 years agos4-drs: Synchronous Implementation of generated parentGUID
Fernando J V da Silva [Thu, 19 Nov 2009 18:37:45 +0000 (15:37 -0300)]
s4-drs: Synchronous Implementation of generated parentGUID

This generated parentGUID on demand, rather than getting it from the

Signed-off-by: Andrew Tridgell <>
13 years agos4-drs: Utility functions to deal with GUID
Fernando J V da Silva [Thu, 19 Nov 2009 18:28:37 +0000 (15:28 -0300)]
s4-drs: Utility functions to deal with GUID

dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN
dsdb_msg_add_guid() adds a GUID value to a given message (either
objectGUID or parentGUID).

Signed-off-by: Andrew Tridgell <>
13 years agoldb:ldb_tdb backend/indexes - Outside API
Matthias Dieter Wallnöfer [Wed, 18 Nov 2009 09:44:56 +0000 (10:44 +0100)]
ldb:ldb_tdb backend/indexes - Outside API

- The outside API contains "DN" string arguments: Bad. Since in this way we
  fully rely on the outside calls regarding the right DN format. Solution: Use
  always a "struct ldb_dn" entry. Since this one is interchangeable and we can
  handle it in our preferred way.

13 years agoldb:ldb_tdb backend/indexes - DN comparison
Matthias Dieter Wallnöfer [Wed, 18 Nov 2009 09:44:56 +0000 (10:44 +0100)]
ldb:ldb_tdb backend/indexes - DN comparison

- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
  to be more powerful (added a second length check and do both before the string

13 years agos4-dsdb: make sure mod_usn list is zeroed on each transaction
Andrew Tridgell [Fri, 20 Nov 2009 01:09:24 +0000 (12:09 +1100)]
s4-dsdb: make sure mod_usn list is zeroed on each transaction

13 years agos4-ldb: added a double-rename test
Andrew Tridgell [Fri, 20 Nov 2009 00:47:54 +0000 (11:47 +1100)]
s4-ldb: added a double-rename test

This tests the fix for double rename/add and indexing

13 years agos4-ldb: when -v is specified, show progress of ldbadd/ldbmodify
Andrew Tridgell [Fri, 20 Nov 2009 00:34:24 +0000 (11:34 +1100)]
s4-ldb: when -v is specified, show progress of ldbadd/ldbmodify

This is useful for speed tests with large numbers of records.

13 years agos4-ldb: make ldb tools line buffered
Andrew Tridgell [Fri, 20 Nov 2009 00:33:43 +0000 (11:33 +1100)]
s4-ldb: make ldb tools line buffered

this prevents output being buffered when redirected to a file. Useful
for larger ldb command line operations

13 years agos4-ldb: fixed an issue in rename/modify indexing
Andrew Tridgell [Wed, 18 Nov 2009 10:56:24 +0000 (21:56 +1100)]
s4-ldb: fixed an issue in rename/modify indexing

When we rename or modify a record, we need to update the indexes at
the same time. It is important that we use the DN of the actual
message that is stored in the database to do this, not the DN that was
passed in by the user. If the two differ in case then the index
records needs to use the 'real' record DN, as index handling is
currently case sensitive.

13 years agos4-ldb: allow test suite to run directly against a file
Andrew Tridgell [Wed, 18 Nov 2009 02:27:50 +0000 (13:27 +1100)]
s4-ldb: allow test suite to run directly against a file

This makes it much easier to debug (as you can break in the ldb
modules by running gdb on /usr/bin/python)

13 years agoPC Oota Edits.
John H Terpstra [Thu, 19 Nov 2009 21:41:59 +0000 (15:41 -0600)]
PC Oota Edits.

13 years agos3: Avoid races to change the machine password in winbind
Volker Lendecke [Thu, 19 Nov 2009 16:22:27 +0000 (17:22 +0100)]
s3: Avoid races to change the machine password in winbind

The machine password handler has code to deal with every node in the cluster
trying to change the machine password at the same time. However, it is not very
nice to the DC if everyone tries this simultaneously. This adds a random 0-255
second offset to our timed event. When this fires a bit later than strictly
calculated, someone else might have stepped in and have already changed it. The
timed event handler will handle this gracefully, it won't even try to do it

13 years agos3: Protect against flooding the DC with pwchange requests
Volker Lendecke [Thu, 19 Nov 2009 16:20:47 +0000 (17:20 +0100)]
s3: Protect against flooding the DC with pwchange requests

When there is a temporary problem changing passwords we flooded the DC with
pwchange requests. This gives the DC a 60-second break to recover.

13 years agos3: Re-check the timeout in machine_password_change_handler()
Volker Lendecke [Thu, 19 Nov 2009 16:14:40 +0000 (17:14 +0100)]
s3: Re-check the timeout in machine_password_change_handler()

Someone else might have come in between and changed the password since we
created that timed request

13 years agos3: Add some debugs to the winbind machine pwchange machinery
Volker Lendecke [Thu, 19 Nov 2009 16:11:32 +0000 (17:11 +0100)]
s3: Add some debugs to the winbind machine pwchange machinery

13 years agos3: Factor timeval_string out of current_timestring()
Volker Lendecke [Thu, 19 Nov 2009 10:50:13 +0000 (11:50 +0100)]
s3: Factor timeval_string out of current_timestring()

13 years agos3: Do not kill the whole smb session if a machine pwchange failed
Volker Lendecke [Thu, 19 Nov 2009 16:56:46 +0000 (17:56 +0100)]
s3: Do not kill the whole smb session if a machine pwchange failed

13 years agos3:pdb_ldap: fix a comment typo
Michael Adam [Mon, 16 Nov 2009 10:01:53 +0000 (11:01 +0100)]
s3:pdb_ldap: fix a comment typo


13 years agos3: shortcut uid_to_sid when "ldapsam:trusted = yes"
Michael Adam [Mon, 16 Nov 2009 10:37:18 +0000 (11:37 +0100)]
s3: shortcut uid_to_sid when "ldapsam:trusted = yes"

The normal uid_to_sid behaviour is to call sys_getpwuid()
to get the name for the given uid and then call the
getsampwnam passdb method for the resulting name.

In the ldapsam:trusted case we can reduce the uid_to_sid
operation to one simple search for the uidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.


13 years agos3-build: really fix build of winbind_krb5_locator.
Günther Deschner [Thu, 19 Nov 2009 12:44:33 +0000 (13:44 +0100)]
s3-build: really fix build of winbind_krb5_locator.


13 years agos3-build: make sure to remove libds and client object files on make clean.
Günther Deschner [Thu, 19 Nov 2009 12:39:24 +0000 (13:39 +0100)]
s3-build: make sure to remove libds and client object files on make clean.


13 years agos4:ldbcli - Added encoder/decoder for relax control.
Endi S. Dewata [Wed, 18 Nov 2009 22:47:07 +0000 (16:47 -0600)]
s4:ldbcli - Added encoder/decoder for relax control.

13 years agos3: Replace some create_synthetic_smb_fname() calls
Volker Lendecke [Sun, 15 Nov 2009 09:46:23 +0000 (10:46 +0100)]
s3: Replace some create_synthetic_smb_fname() calls

In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.

13 years agos3: Do not talloc in readdir
Volker Lendecke [Mon, 16 Nov 2009 08:49:23 +0000 (09:49 +0100)]
s3: Do not talloc in readdir

This is a hot codepath (called from the stat cache)

13 years agos3:load_interfaces(): use function gfree_interfaces() that we have.
Michael Adam [Wed, 18 Nov 2009 14:19:09 +0000 (15:19 +0100)]
s3:load_interfaces(): use function gfree_interfaces() that we have.

To reduce code duplication.


13 years agoAdded control copying for message types other than ldb_search.
Nadezhda Ivanova [Wed, 18 Nov 2009 16:47:29 +0000 (18:47 +0200)]
Added control copying for message types other than ldb_search.

When ildap created a new message to forward, it only copied controls for ldb_search
requests. This caused controls for add and modify to be lost in transition
and tests for them could not be implemented.

13 years agos3/docs: Add "max protocol = smb2" to man smb.conf.
Karolin Seeger [Wed, 18 Nov 2009 12:05:24 +0000 (13:05 +0100)]
s3/docs: Add "max protocol = smb2" to man smb.conf.


13 years agoREADME.coding: Update rules about code blocks and braces.
Kai Blin [Wed, 18 Nov 2009 10:43:01 +0000 (11:43 +0100)]
README.coding: Update rules about code blocks and braces.

13 years agoselftest: Subunit/ only allow expected failures without errors
Stefan Metzmacher [Tue, 17 Nov 2009 14:27:29 +0000 (15:27 +0100)]
selftest: Subunit/ only allow expected failures without errors


13 years agos4:selftest: mark samba4.smb2.lock.*.VALID-REQUEST as known failure
Stefan Metzmacher [Wed, 18 Nov 2009 07:20:29 +0000 (08:20 +0100)]
s4:selftest: mark samba4.smb2.lock.*.VALID-REQUEST as known failure


13 years agoSMB2-LOCK: make use of torture_assert_*()
Stefan Metzmacher [Wed, 18 Nov 2009 07:12:48 +0000 (08:12 +0100)]
SMB2-LOCK: make use of torture_assert_*()

This is needed in order to mark tests as known failures.


13 years agos4:ntvfs_generic: check for valid SMB2_LOCK flags
Stefan Metzmacher [Wed, 18 Nov 2009 07:11:46 +0000 (08:11 +0100)]
s4:ntvfs_generic: check for valid SMB2_LOCK flags


13 years agos4:selftest: fix logic for --option=torture:progress=no
Stefan Metzmacher [Tue, 17 Nov 2009 15:58:11 +0000 (16:58 +0100)]
s4:selftest: fix logic for --option=torture:progress=no


13 years agos4:torture/ make use of the PREFIX argument
Stefan Metzmacher [Tue, 17 Nov 2009 14:23:39 +0000 (15:23 +0100)]
s4:torture/ make use of the PREFIX argument

We should not use hardcode pathes!


13 years agoselftest: ignore empty lines in knownfailures
Stefan Metzmacher [Tue, 17 Nov 2009 15:59:20 +0000 (16:59 +0100)]
selftest: ignore empty lines in knownfailures


13 years agoselftest/output/ report the testuite name on error
Stefan Metzmacher [Tue, 17 Nov 2009 16:30:14 +0000 (17:30 +0100)]
selftest/output/ report the testuite name on error


13 years agos4:selftest: for now skip the BASE-DELAY-WRITE test completely
Stefan Metzmacher [Tue, 17 Nov 2009 11:03:54 +0000 (12:03 +0100)]
s4:selftest: for now skip the BASE-DELAY-WRITE test completely

This test randomly fails depending on the timing
(the tests are too strict with the values introduced in
commit 0fca2b078ceb314e429e24e3318b50451ccf423b)
and local filesystem features (timestamp resolution).


13 years agos4:selftest: avoid running the slow BASE-DELAY-WRITE test on the cifs proxy share
Stefan Metzmacher [Tue, 17 Nov 2009 10:59:21 +0000 (11:59 +0100)]
s4:selftest: avoid running the slow BASE-DELAY-WRITE test on the cifs proxy share

It's enough to run it on the posix share.


13 years agos4:selftest: add "rpc.netlogon.*.GetDomainInfo"
Stefan Metzmacher [Mon, 16 Nov 2009 15:54:53 +0000 (16:54 +0100)]
s4:selftest: add "rpc.netlogon.*.GetDomainInfo"

We need to expand the test to work against w2k8 and w2k8r2...


13 years agofixed the build
Andrew Tridgell [Wed, 18 Nov 2009 01:46:45 +0000 (12:46 +1100)]
fixed the build

whoever pushed 15d93a5d8e21893e1cca5c989dbf97010aae1622, please check
that what you push compiles and passes tests. In this case it didn't

13 years agos4/torture: Port SMBv1 Change Notify tests to SMBv2
Aravind Srinivasan [Tue, 17 Nov 2009 23:30:11 +0000 (15:30 -0800)]
s4/torture: Port SMBv1 Change Notify tests to SMBv2

* Ported all tests from raw/notify.c to smb2/notify.c
* Parameterized the max_buffer_size so it can be set on a
  per-target basis.
* Fixed CHECK macros to use torture_result
* Created a SMB2-NOTIFY test suite

13 years agos4/libcli: add a FILE_NOTIFY_CHANGE_ALL macro
Aravind Srinivasan [Tue, 17 Nov 2009 23:24:40 +0000 (15:24 -0800)]
s4/libcli: add a FILE_NOTIFY_CHANGE_ALL macro

This macro encompasses all possible file notifications that can
be raised.

13 years agos4/torture: add a new ulong parameteric torture option
Aravind Srinivasan [Tue, 17 Nov 2009 23:23:23 +0000 (15:23 -0800)]
s4/torture: add a new ulong parameteric torture option

13 years agotorture/smb2: make SMB2 BRL tests pass against W2K8R2
Steven Danneman [Fri, 13 Nov 2009 23:13:19 +0000 (15:13 -0800)]
torture/smb2: make SMB2 BRL tests pass against W2K8R2

The BRL tests previously based their results off several bugs in the
W2K8 byte range lock code.  I've fixed up the tests to pass against
Win7 which has fixed these bugs, and assume that the Win7 behavior
is the default.

I have inverted the test behavior for >63-bit lock requests.  The
tests previously expected NT_STATUS_OK as their default in this
case.  I've changed that default to expect STATUS_INVALID_LOCK_RANGE.
This may requires some changing of make test to compensate.

I've also removed a few test scenarios from VALID-REQUEST in preparation
of replacing them with separate tests ported from RAW-LOCK.

13 years agoStart removing SMB_STRUCT_STAT variables except for
Jeremy Allison [Wed, 18 Nov 2009 00:06:08 +0000 (16:06 -0800)]
Start removing SMB_STRUCT_STAT variables except for
the directory enumeration code (which needs it).

13 years agoRemove "store create time" code, cause create time to be stored
Jeremy Allison [Tue, 17 Nov 2009 22:55:02 +0000 (14:55 -0800)]
Remove "store create time" code, cause create time to be stored
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.

13 years agos4:WINREG RPC server - remove a "talloc_free"
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:56:14 +0000 (19:56 +0100)]
s4:WINREG RPC server - remove a "talloc_free"

I assume that this "talloc_free" isn't necessary since the DCERPC server frees
the handle itself (we got always warnings about this).

13 years agos4:provision_users.ldif - Descriptions generally begin with a majuscle
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:46:59 +0000 (19:46 +0100)]
s4:provision_users.ldif - Descriptions generally begin with a majuscle

13 years agos4:SAMLDB DSDB module - Add "\n"s on debug messages
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:22:00 +0000 (19:22 +0100)]
s4:SAMLDB DSDB module - Add "\n"s on debug messages

13 years agos4:SAMLDB DSDB module - Remove "\n" in LDB error messages
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 17:45:17 +0000 (18:45 +0100)]
s4:SAMLDB DSDB module - Remove "\n" in LDB error messages

abartlet suggested me to not use anymore "\n"s in those kind of outputs.
Plus, enhance a search filter to consider also "builtinDomain" objects which
are basically domain objects too.

13 years agoFixed incorrect SID for RAS Servers.
Nadezhda Ivanova [Tue, 17 Nov 2009 15:10:23 +0000 (17:10 +0200)]
Fixed incorrect SID for RAS Servers.

13 years agos3: Fix the build on Solaris
Volker Lendecke [Tue, 17 Nov 2009 14:15:35 +0000 (15:15 +0100)]
s3: Fix the build on Solaris

13 years agos4:dsdb/schema: let schema_supclasses() return the correct pointer
Stefan Metzmacher [Mon, 16 Nov 2009 18:41:46 +0000 (19:41 +0100)]
s4:dsdb/schema: let schema_supclasses() return the correct pointer

str_list_unique() changes the pointer via talloc_realloc().


13 years agolibrpc: rerun "make idl"
Stefan Metzmacher [Mon, 16 Nov 2009 18:41:05 +0000 (19:41 +0100)]
librpc: rerun "make idl"


13 years agonetlogon.idl: fix ndr_pull_netr_DatabaseRedo()
Stefan Metzmacher [Mon, 16 Nov 2009 18:38:32 +0000 (19:38 +0100)]
netlogon.idl: fix ndr_pull_netr_DatabaseRedo()

We can't use subcontext_size() here, as
change_log_entry_size is encoded after the subcontext.


13 years agos4:selftest: use "dc:local" instead of a hardcoded config file
Stefan Metzmacher [Mon, 16 Nov 2009 17:00:42 +0000 (18:00 +0100)]
s4:selftest: use "dc:local" instead of a hardcoded config file

If a tests needs access to the dc's config, it should run
as "dc:local", then it can also access unix named pipes...

If we pass a hardcoded config file the test fails if you use
a selftest_prefix.


13 years agos4:selftest: allways start with $(ST_RM)
Stefan Metzmacher [Mon, 16 Nov 2009 15:53:51 +0000 (16:53 +0100)]
s4:selftest: allways start with $(ST_RM)


13 years agos4:selftest: place summary file into selftest-prefix
Stefan Metzmacher [Mon, 16 Nov 2009 15:48:18 +0000 (16:48 +0100)]
s4:selftest: place summary file into selftest-prefix


13 years agoselftest: make sure we don't buffer any output
Stefan Metzmacher [Mon, 16 Nov 2009 15:34:13 +0000 (16:34 +0100)]
selftest: make sure we don't buffer any output


13 years agoselftest: Fix unexpected failure handline in Subunit/
Stefan Metzmacher [Mon, 16 Nov 2009 15:27:39 +0000 (16:27 +0100)]
selftest: Fix unexpected failure handline in Subunit/

We should only mark the testsuite as expected failure,
if there were more than 1 expected failure, but 0 unexpected

Before we ignored unexpected failures if there was an expected failure
within a testsuite.


13 years agos4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be...
Andrew Bartlett [Tue, 17 Nov 2009 04:36:48 +0000 (15:36 +1100)]
s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be644c6ccc2832)

This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal

Andrew Bartlett

13 years agos4/drs(tort): Convert DSSYNC test to a test case fixture
Kamen Mazdrashki [Mon, 16 Nov 2009 01:28:01 +0000 (03:28 +0200)]
s4/drs(tort): Convert DSSYNC test to a test case fixture

Now it should be much more clear why and where a test
in DSSYNC test case has failed.

Signed-off-by: Andrew Bartlett <>
13 years agos4/drs(tort): replace DEBUG with torture_asert/comment/fail
Kamen Mazdrashki [Mon, 16 Nov 2009 09:36:20 +0000 (11:36 +0200)]
s4/drs(tort): replace DEBUG with torture_asert/comment/fail

I left dumping of decrypted attributes values 'as is'
(using DEBUG and DEBUGADD) as it uses dump_data() function.
dump_data() uses DEBUGADD internally, so I have no way
to redirect its output to torture_context at this point.

Signed-off-by: Andrew Bartlett <>
13 years agos4/drs(tort): use torture_drsuapi_assert_call() macro for error checking
Kamen Mazdrashki [Sat, 14 Nov 2009 13:51:53 +0000 (15:51 +0200)]
s4/drs(tort): use torture_drsuapi_assert_call() macro for error checking

Signed-off-by: Andrew Bartlett <>
13 years agos4/drs(tort): replace 'printf' with 'torture_...' calls
Kamen Mazdrashki [Thu, 12 Nov 2009 01:11:58 +0000 (03:11 +0200)]
s4/drs(tort): replace 'printf' with 'torture_...' calls

Signed-off-by: Andrew Bartlett <>
13 years agos4/drs(tort): 'DsSyncBindInfo.pipe' renamed - 'pipe' is a system call
Kamen Mazdrashki [Tue, 10 Nov 2009 16:12:40 +0000 (18:12 +0200)]
s4/drs(tort): 'DsSyncBindInfo.pipe' renamed - 'pipe' is a system call

Signed-off-by: Andrew Bartlett <>
13 years agos4/drs(tort): 'DsPrivate.pipe' renamed - 'pipe' is a system call
Kamen Mazdrashki [Sat, 14 Nov 2009 01:56:21 +0000 (03:56 +0200)]
s4/drs(tort): 'DsPrivate.pipe' renamed - 'pipe' is a system call

Signed-off-by: Andrew Bartlett <>
13 years agos4:dsdb With these workarounds, we now pass the RPC-DSSYNC test
Andrew Bartlett [Mon, 16 Nov 2009 23:37:04 +0000 (10:37 +1100)]
s4:dsdb With these workarounds, we now pass the RPC-DSSYNC test

13 years agos4:provision Split up reference creation, load schema earlier in the stack
Andrew Bartlett [Mon, 16 Nov 2009 07:51:17 +0000 (18:51 +1100)]
s4:provision Split up reference creation, load schema earlier in the stack

The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.

The reference split is to ensure we create references after the
objects they reference exist.

Andrew Bartlett

13 years agos4:schema Add the GUID to each defaultObjectCategory when loading from LDIF
Andrew Bartlett [Mon, 16 Nov 2009 07:48:46 +0000 (18:48 +1100)]
s4:schema Add the GUID to each defaultObjectCategory when loading from LDIF

This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects

Andrew Bartlett

13 years agos4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory
Andrew Bartlett [Mon, 16 Nov 2009 07:46:28 +0000 (18:46 +1100)]
s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory

It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.

The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.

Andrew Bartlett

13 years agos4:provision Generate a random objectGUID for each schema record
Andrew Bartlett [Mon, 16 Nov 2009 07:45:21 +0000 (18:45 +1100)]
s4:provision Generate a random objectGUID for each schema record

This is needed to then create extended DNs with GUID attributes in
them, when importing from the LDIF

Andrew Bartlett

13 years agos4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema
Andrew Bartlett [Mon, 16 Nov 2009 07:40:24 +0000 (18:40 +1100)]
s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema

The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.

The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for

Also adapt callers to API changes needed for common parsing code

Andrew Bartlett

13 years agos4:dsdb Use the new flags to dsdb_module_search in schema_load
Andrew Bartlett [Mon, 16 Nov 2009 07:37:51 +0000 (18:37 +1100)]
s4:dsdb Use the new flags to dsdb_module_search in schema_load

This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.

Previously we would not store the extended DN components for

Andrew Bartlett

13 years agos4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction
Andrew Bartlett [Mon, 16 Nov 2009 07:35:08 +0000 (18:35 +1100)]
s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction

This should make it easier to call this function from the DRS schema
load code, rather than duplicate it.

(we may do the same with other functions in future).

Andrew Bartlett

13 years agos4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features
Andrew Bartlett [Mon, 16 Nov 2009 07:32:17 +0000 (18:32 +1100)]
s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features

These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.

Andrew Bartlett

13 years agoDon't overwrite a dynamic pointer with the address of a stack
Jeremy Allison [Mon, 16 Nov 2009 22:55:21 +0000 (14:55 -0800)]
Don't overwrite a dynamic pointer with the address of a stack

13 years agos4:SAMLDB module
Matthias Dieter Wallnöfer [Mon, 16 Nov 2009 16:57:50 +0000 (17:57 +0100)]
s4:SAMLDB module

- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list

13 years agoRevert "s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayNam...
Matthias Dieter Wallnöfer [Mon, 16 Nov 2009 16:01:43 +0000 (17:01 +0100)]
Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator"

This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.

abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.

13 years agoREADME.Coding: add section about usage of helper variables
Stefan Metzmacher [Mon, 16 Nov 2009 09:52:27 +0000 (10:52 +0100)]
README.Coding: add section about usage of helper variables


13 years agoREADME.Coding: fix error in "good example"
Stefan Metzmacher [Mon, 16 Nov 2009 09:51:31 +0000 (10:51 +0100)]
README.Coding: fix error in "good example"


13 years agos3:libsmb: avoid passing a function call as function parameter
Stefan Metzmacher [Mon, 16 Nov 2009 08:59:58 +0000 (09:59 +0100)]
s3:libsmb: avoid passing a function call as function parameter

Using a helper variable makes it easier to "step" into the desired function
within gdb.