ira/wip.git
9 years agoland: Move more functionality onto builder.
Jelmer Vernooij [Fri, 1 Oct 2010 17:03:18 +0000 (19:03 +0200)]
land: Move more functionality onto builder.

9 years agoland: Avoid more uses of chdir().
Jelmer Vernooij [Fri, 1 Oct 2010 16:52:10 +0000 (18:52 +0200)]
land: Avoid more uses of chdir().

9 years agoSplit land.py back out of autobuild.py, so I can change it without
Jelmer Vernooij [Fri, 1 Oct 2010 19:28:32 +0000 (21:28 +0200)]
Split land.py back out of autobuild.py, so I can change it without
risking to break the autobuild system.

9 years agos3: Attempt to fix bug 7665
Volker Lendecke [Sat, 2 Oct 2010 09:50:26 +0000 (11:50 +0200)]
s3: Attempt to fix bug 7665

Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.

9 years agos3: Fix a 64-bit BUG
Volker Lendecke [Sat, 2 Oct 2010 09:13:34 +0000 (11:13 +0200)]
s3: Fix a 64-bit BUG

Quick explanation why this is a problem:

It is not safe to pass a pointer to a uint32_t into a routine that expects
a size_t *. The routine that this pointer is passed to has no chance to find
out that in reality it was passed a pointer to a uint32_t. On platforms where
sizeof(size_t)==8, we get a nice overwrite of a stack area that should not
be overwritten.

As this happens over an over again: Does someone know a means to make gcc
stop with an error in this case?

Volker

9 years agobisect: more bisection options
Andrew Tridgell [Sat, 2 Oct 2010 05:07:04 +0000 (22:07 -0700)]
bisect: more bisection options

and fixes for the old ones

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Oct  2 06:14:46 UTC 2010 on sn-devel-104

9 years agoscript: added bisect-test.py git bisect script
Andrew Tridgell [Sat, 2 Oct 2010 04:10:39 +0000 (21:10 -0700)]
script: added bisect-test.py git bisect script

this can be used to work out what commit broke a set of tests

9 years agoautobuild: show top commit in emails
Andrew Tridgell [Sat, 2 Oct 2010 02:53:34 +0000 (19:53 -0700)]
autobuild: show top commit in emails

9 years agoautobuild: include autobuild.log in logs.tar.gz
Andrew Tridgell [Sat, 2 Oct 2010 02:53:13 +0000 (19:53 -0700)]
autobuild: include autobuild.log in logs.tar.gz

9 years agos4-repl: use the GC principal name for DRS replication connection
Andrew Tridgell [Sat, 2 Oct 2010 02:07:01 +0000 (19:07 -0700)]
s4-repl: use the GC principal name for DRS replication connection

this is required when talking to RODCs (for notify calls), and is good
practice for all DCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-rpc: added target_principal binding handle option
Andrew Tridgell [Sat, 2 Oct 2010 02:05:30 +0000 (19:05 -0700)]
s4-rpc: added target_principal binding handle option

this allows you to specify a target SPN for a connection

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-dsdb: added dsdb_search_by_dn_guid()
Andrew Tridgell [Sat, 2 Oct 2010 02:04:44 +0000 (19:04 -0700)]
s4-dsdb: added dsdb_search_by_dn_guid()

this is more efficient than first searching for the DN, then doing a
search. We should look at using this in lots of existing code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() directly
Stefan Metzmacher [Fri, 1 Oct 2010 07:53:05 +0000 (09:53 +0200)]
s4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() directly

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct  2 03:11:38 UTC 2010 on sn-devel-104

9 years agonetlogon.idl: add missing flags to DSGETDC_VALID_FLAGS
Stefan Metzmacher [Wed, 29 Sep 2010 22:26:33 +0000 (00:26 +0200)]
netlogon.idl: add missing flags to DSGETDC_VALID_FLAGS

metze

9 years agos4-gensec Always honour the set server principal
Andrew Bartlett [Sat, 2 Oct 2010 00:58:46 +0000 (10:58 +1000)]
s4-gensec Always honour the set server principal

The spengo code won't set this unless it is allowed to by this
same option, but other callers may need it.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct  2 02:27:39 UTC 2010 on sn-devel-104

9 years agos4-drs: fixed comparison login in replicated renames
Andrew Tridgell [Fri, 1 Oct 2010 23:19:28 +0000 (16:19 -0700)]
s4-drs: fixed comparison login in replicated renames

we need to ensure we only ever compare USNs from the same originating
invocation ID.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Oct  2 01:45:19 UTC 2010 on sn-devel-104

9 years agos4-kcc: remove stale repsTo entries in the KCC
Andrew Tridgell [Fri, 1 Oct 2010 21:20:57 +0000 (14:20 -0700)]
s4-kcc: remove stale repsTo entries in the KCC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoautobuild: fixed tuple count for retry
Andrew Tridgell [Sat, 2 Oct 2010 00:58:47 +0000 (17:58 -0700)]
autobuild: fixed tuple count for retry

9 years agos4-kerberos Don't regenerate key values for each alias in keytab
Andrew Bartlett [Fri, 1 Oct 2010 21:12:48 +0000 (07:12 +1000)]
s4-kerberos Don't regenerate key values for each alias in keytab

Instead, store the same key value under the multiple alias names.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct  2 00:16:52 UTC 2010 on sn-devel-104

9 years agos4-kdc Rework 'allowed encryption types' handling in the KDC
Andrew Bartlett [Fri, 1 Oct 2010 19:25:26 +0000 (05:25 +1000)]
s4-kdc Rework 'allowed encryption types' handling in the KDC

All DCs and all krbtgt servers are forced to use AES, regardless
of the msDS-SecondaryKrbTgtNumber value.

Andrew Bartlett

9 years agos4-auth Add make_server_info_pac() to include 'resource domain' groups
Andrew Bartlett [Fri, 1 Oct 2010 19:09:42 +0000 (05:09 +1000)]
s4-auth Add make_server_info_pac() to include 'resource domain' groups

Previously, our PAC code didn't include these groups into the
server_info from which we would eventually calculate the full
list of tokenGroups.

Andrew Bartlett

9 years agos4-auth Allocate domain SIDs under the sids array, not server_info
Andrew Bartlett [Fri, 1 Oct 2010 18:52:50 +0000 (04:52 +1000)]
s4-auth Allocate domain SIDs under the sids array, not server_info

Andrew Bartlett

9 years agoheimdal use returned server entry from HDB to compare realms
Andrew Bartlett [Fri, 1 Oct 2010 03:58:36 +0000 (13:58 +1000)]
heimdal use returned server entry from HDB to compare realms

Some hdb modules (samba4) may change the case of the realm in
a returned result.  Use that to determine if it matches the krbtgt
realm also returned from the DB (the DB will return it in the 'right' case)

Andrew Bartlett

9 years agos3-spoolss: Strip off ", DrvConvert" and ",LocalOnly" in OpenPrinterEx as seen from...
Günther Deschner [Fri, 1 Oct 2010 20:52:33 +0000 (22:52 +0200)]
s3-spoolss: Strip off ", DrvConvert" and ",LocalOnly" in OpenPrinterEx as seen from Win7 clients.

These suffixes and their meaning are not documented (yet).

Guenther

9 years agos3-spoolss: Fixed print job access.
Andreas Schneider [Fri, 1 Oct 2010 19:18:13 +0000 (21:18 +0200)]
s3-spoolss: Fixed print job access.

9 years agos3-spoolss: Fixed print_access_check server_info.
Andreas Schneider [Fri, 1 Oct 2010 19:03:15 +0000 (21:03 +0200)]
s3-spoolss: Fixed print_access_check server_info.

9 years agos3:smbd: Increase unsupported IOCTL debug message to 2
Steven Danneman [Fri, 1 Oct 2010 19:01:16 +0000 (12:01 -0700)]
s3:smbd: Increase unsupported IOCTL debug message to 2

Even printing once per connection, level 0 was too spammy with
Windows clients frequently sending FSCTL_GET_OBJECT_ID which
is unsupported.

9 years agos3:events: Call all ready fd event handlers on each iteration of the main loop
Steven Danneman [Tue, 14 Sep 2010 02:15:23 +0000 (19:15 -0700)]
s3:events: Call all ready fd event handlers on each iteration of the main loop

Previously, only one fd handler was being called per main message loop
in all smbd child processes.

In the case where multiple fds are available for reading the fd
corresponding to the event closest to the beginning of the event list
would be run.  Obviously this is arbitrary and could cause unfairness.

Usually, the first event fd is the network socket, meaning heavy load
of client requests can starve out other fd events such as oplock
or notify upcalls from the kernel.

In this patch, I have changed the behavior of run_events() to unset
any fd that it has already called a handler function, as well
as decrement the number of fds that were returned from select().
This allows the caller of run_events() to iterate it, until all
available fds have been handled.

I then changed the main loop in smbd child processes to iterate
run_events().  This way, all available fds are handled on each wake
of select, while still checking for timed or signalled events between
each handler function call.  I also added an explicit check for
EINTR from select(), which previously was masked by the fact that
run_events() would handle any signal event before the return code
was checked.

This required a signature change to run_events() but all other callers
should have no change in their behavior.  I also fixed a bug in
run_events() where it could be called with a selrtn value of -1,
doing unecessary looping through the fd_event list when no fds were
available.

Also, remove the temporary echo handler hack, as all fds should be
treated fairly now.

9 years agotestprogs: print architecture used in win32 spoolss testsuite.
Günther Deschner [Fri, 1 Oct 2010 18:37:45 +0000 (20:37 +0200)]
testprogs: print architecture used in win32 spoolss testsuite.

Guenther

9 years agos3-dcerpc: no point for printing NDR twice for internal pipes in log level 10.
Günther Deschner [Fri, 1 Oct 2010 17:48:11 +0000 (19:48 +0200)]
s3-dcerpc: no point for printing NDR twice for internal pipes in log level 10.

Guenther

9 years agosamba: share readline wrappers among all buildsystems.
Günther Deschner [Fri, 1 Oct 2010 08:34:14 +0000 (10:34 +0200)]
samba: share readline wrappers among all buildsystems.

Guenther

9 years agos3-readline: move cmd_history to smbclient, the only user.
Günther Deschner [Fri, 1 Oct 2010 08:33:32 +0000 (10:33 +0200)]
s3-readline: move cmd_history to smbclient, the only user.

Guenther

9 years agosamba: share select wrappers.
Günther Deschner [Fri, 1 Oct 2010 08:08:15 +0000 (10:08 +0200)]
samba: share select wrappers.

Guenther

9 years agos4-auth: fixed a vagrind error when creating keytabs
Andrew Tridgell [Fri, 1 Oct 2010 20:07:42 +0000 (13:07 -0700)]
s4-auth: fixed a vagrind error when creating keytabs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoautobuild: revert a bit more of the subunit changes
Andrew Tridgell [Fri, 1 Oct 2010 20:07:04 +0000 (13:07 -0700)]
autobuild: revert a bit more of the subunit changes

still not quite right - we can enable this again once its fully tested

9 years agoautobuild: disable the subuit changes for now - they break error checking
Andrew Tridgell [Fri, 1 Oct 2010 18:31:28 +0000 (11:31 -0700)]
autobuild: disable the subuit changes for now - they break error checking

9 years agoautobuild: fixed the tuples in the retry_task
Andrew Tridgell [Fri, 1 Oct 2010 18:17:04 +0000 (11:17 -0700)]
autobuild: fixed the tuples in the retry_task

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct  1 18:22:22 UTC 2010 on sn-devel-104

9 years agoautobuild: cwd is needed on all command types
Andrew Tridgell [Fri, 1 Oct 2010 18:12:24 +0000 (11:12 -0700)]
autobuild: cwd is needed on all command types

9 years agos4-rpmd: fixed a use after realloc bug
Andrew Tridgell [Fri, 1 Oct 2010 17:26:49 +0000 (10:26 -0700)]
s4-rpmd: fixed a use after realloc bug

we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-dsdb: fail the transaction instead of asserting on error
Andrew Tridgell [Fri, 1 Oct 2010 17:24:46 +0000 (10:24 -0700)]
s4-dsdb: fail the transaction instead of asserting on error

It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoautobuild: Avoid unnecessary chdir() calls.
Jelmer Vernooij [Fri, 1 Oct 2010 15:45:47 +0000 (17:45 +0200)]
autobuild: Avoid unnecessary chdir() calls.

9 years agoautobuild: Output test results in subunit.
Jelmer Vernooij [Fri, 1 Oct 2010 12:25:55 +0000 (14:25 +0200)]
autobuild: Output test results in subunit.

9 years agos3-selftest: fix prefix in subunit output.
Jelmer Vernooij [Fri, 1 Oct 2010 11:39:28 +0000 (13:39 +0200)]
s3-selftest: fix prefix in subunit output.

9 years agos3: Add subunit-test target.
Jelmer Vernooij [Fri, 1 Oct 2010 11:30:01 +0000 (13:30 +0200)]
s3: Add subunit-test target.

9 years agos3-configure: Require at least version 1.2.6 of external TDB, which has
Jelmer Vernooij [Fri, 1 Oct 2010 11:17:58 +0000 (13:17 +0200)]
s3-configure: Require at least version 1.2.6 of external TDB, which has
TDB_INCOMPATIBLE_HASH.

9 years agos4: Add 'subunit-test' make target.
Jelmer Vernooij [Fri, 1 Oct 2010 10:59:40 +0000 (12:59 +0200)]
s4: Add 'subunit-test' make target.

9 years agoautobuild: Provide more information about build sequence, stage name and output mime...
Jelmer Vernooij [Fri, 1 Oct 2010 10:19:56 +0000 (12:19 +0200)]
autobuild: Provide more information about build sequence, stage name and output mime type (all plain text for now).

9 years agoautobuild: Add --always-email option.
Jelmer Vernooij [Fri, 1 Oct 2010 09:28:48 +0000 (11:28 +0200)]
autobuild: Add --always-email option.

9 years agoautobuild-remote: Support autobuild.py rather than land.py.
Jelmer Vernooij [Fri, 1 Oct 2010 02:42:59 +0000 (04:42 +0200)]
autobuild-remote: Support autobuild.py rather than land.py.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Oct  1 09:46:37 UTC 2010 on sn-devel-104

9 years agoRemove land.py - it's been obsoleted by autobuild.py.
Jelmer Vernooij [Fri, 1 Oct 2010 02:11:21 +0000 (04:11 +0200)]
Remove land.py - it's been obsoleted by autobuild.py.

9 years agoautobuild: Add --daemon option.
Jelmer Vernooij [Fri, 1 Oct 2010 00:53:38 +0000 (02:53 +0200)]
autobuild: Add --daemon option.

9 years agoautobuild: Remove autogen step for projects that have checked in configure.
Jelmer Vernooij [Wed, 29 Sep 2010 00:52:36 +0000 (00:52 +0000)]
autobuild: Remove autogen step for projects that have checked in configure.

9 years agoautobuild: Simplify find_git_root.
Jelmer Vernooij [Wed, 29 Sep 2010 00:38:18 +0000 (02:38 +0200)]
autobuild: Simplify find_git_root.

9 years agopidl: Fix handling of typedefs of typedefs.
Jelmer Vernooij [Wed, 29 Sep 2010 00:29:02 +0000 (02:29 +0200)]
pidl: Fix handling of typedefs of typedefs.

9 years agos3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
Günther Deschner [Fri, 1 Oct 2010 04:42:58 +0000 (06:42 +0200)]
s3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
days we moved away from fstrings.

Guenther

9 years agos3-net: better handle obscure 0x80070002 error reply when trying to update an
Günther Deschner [Fri, 1 Oct 2010 04:08:47 +0000 (06:08 +0200)]
s3-net: better handle obscure 0x80070002 error reply when trying to update an
not yet published printer.

Guenther

9 years agos3-net: make sure we dont crash when publishing a single printer.
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.

Guenther

9 years agos3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from...
Günther Deschner [Fri, 1 Oct 2010 04:07:25 +0000 (06:07 +0200)]
s3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from win7.

Guenther

9 years agos3-spoolss: dont overwrite location change notify.
Günther Deschner [Fri, 1 Oct 2010 04:05:38 +0000 (06:05 +0200)]
s3-spoolss: dont overwrite location change notify.

Guenther

9 years agos3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
Andrew Tridgell [Fri, 1 Oct 2010 03:56:20 +0000 (20:56 -0700)]
s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail

this fails intermittently on sn-devel. Guenther suggested adding it to
knownfail

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct  1 04:37:36 UTC 2010 on sn-devel-104

9 years agoheimdal: added verbose logging of hemimdal crypto errors
Andrew Bartlett [Fri, 1 Oct 2010 03:13:34 +0000 (20:13 -0700)]
heimdal: added verbose logging of hemimdal crypto errors

9 years agoautobuild: fixed the --tail option for new log locations
Andrew Tridgell [Fri, 1 Oct 2010 02:41:50 +0000 (19:41 -0700)]
autobuild: fixed the --tail option for new log locations

9 years agos4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
Andrew Tridgell [Thu, 30 Sep 2010 22:24:58 +0000 (15:24 -0700)]
s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET

otherwise we don't get the secrets!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-spn: don't try and send an empty SPN list
Andrew Tridgell [Thu, 30 Sep 2010 22:02:50 +0000 (15:02 -0700)]
s4-spn: don't try and send an empty SPN list

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agoselftest: Let selftest provide the tempdir, rather than creating it as sideeffect...
Jelmer Vernooij [Fri, 1 Oct 2010 01:31:06 +0000 (01:31 +0000)]
selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.

9 years agoselftest: fixed a selftest error on sn
Andrew Tridgell [Fri, 1 Oct 2010 00:24:50 +0000 (17:24 -0700)]
selftest: fixed a selftest error on sn

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

9 years agodelete_object: Remove unnecessary pass calls.
Jelmer Vernooij [Thu, 30 Sep 2010 23:41:58 +0000 (01:41 +0200)]
delete_object: Remove unnecessary pass calls.

9 years agos4-selftest: Remove unnecessary PYTHONPATH overrides.
Jelmer Vernooij [Thu, 30 Sep 2010 23:05:12 +0000 (01:05 +0200)]
s4-selftest: Remove unnecessary PYTHONPATH overrides.

9 years agos4-selftest: Normalize paths.
Jelmer Vernooij [Thu, 30 Sep 2010 16:29:58 +0000 (18:29 +0200)]
s4-selftest: Normalize paths.

9 years agos4-selftest: Finish conversion of selftest.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 16:23:20 +0000 (18:23 +0200)]
s4-selftest: Finish conversion of selftest.sh to Python.

9 years agos4-selftest: Convert tests.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 12:55:04 +0000 (14:55 +0200)]
s4-selftest: Convert tests.sh to Python.

9 years agoautobuild: push of ref/notes/commits isn't allowed in master
Andrew Tridgell [Thu, 30 Sep 2010 21:42:02 +0000 (14:42 -0700)]
autobuild: push of ref/notes/commits isn't allowed in master

metze may enable this later

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 30 22:25:02 UTC 2010 on sn-devel-104

9 years agos4-provision: wipe the old keytabs when provisioning
Andrew Tridgell [Thu, 30 Sep 2010 19:45:00 +0000 (12:45 -0700)]
s4-provision: wipe the old keytabs when provisioning

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
Andrew Tridgell [Thu, 30 Sep 2010 19:44:39 +0000 (12:44 -0700)]
s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab

we need to fetch the msDS-keyVersionNumber from the writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-drs: put the GCSPN flag into the repsTo if requested
Andrew Tridgell [Thu, 30 Sep 2010 19:43:45 +0000 (12:43 -0700)]
s4-drs: put the GCSPN flag into the repsTo if requested

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-libnet: wipe the old keytab when exporting
Andrew Tridgell [Thu, 30 Sep 2010 19:43:14 +0000 (12:43 -0700)]
s4-libnet: wipe the old keytab when exporting

this prevents confusion with old keytab entries

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-dsdb: silence the domainFunctionality not setup warning
Andrew Tridgell [Thu, 30 Sep 2010 19:42:35 +0000 (12:42 -0700)]
s4-dsdb: silence the domainFunctionality not setup warning

9 years agoautobuild: added much better email reporting
Andrew Tridgell [Thu, 30 Sep 2010 17:41:36 +0000 (10:41 -0700)]
autobuild: added much better email reporting

logs are now accessible via http://git.samba.org

9 years agoautobuild: fixed exit status
Andrew Tridgell [Thu, 30 Sep 2010 16:37:42 +0000 (09:37 -0700)]
autobuild: fixed exit status

this should fix the case where we don't send logs on failure

9 years agos4-drs: added support for level 10 of getncchanges
Andrew Tridgell [Thu, 30 Sep 2010 06:30:18 +0000 (23:30 -0700)]
s4-drs: added support for level 10 of getncchanges

added a simple mapping from req8

9 years agoLDAPCmp feature to compare nTSecurityDescriptors
Zahari Zahariev [Thu, 30 Sep 2010 01:13:02 +0000 (04:13 +0300)]
LDAPCmp feature to compare nTSecurityDescriptors

New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
9 years agos3: Add "smbcontrol winbindd ip-dropped <local-ip>"
Volker Lendecke [Wed, 29 Sep 2010 10:17:05 +0000 (12:17 +0200)]
s3: Add "smbcontrol winbindd ip-dropped <local-ip>"

This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.

9 years agos3: Re-introduce a procid_self()
Volker Lendecke [Thu, 30 Sep 2010 14:27:42 +0000 (16:27 +0200)]
s3: Re-introduce a procid_self()

Giving the parent pid to reinit_after_fork is not a good idea....
None of the other callers do this, checked it.

9 years agos3: Fix a typo in dump-domain-list smbcontrol usage msg
Volker Lendecke [Thu, 30 Sep 2010 13:17:09 +0000 (15:17 +0200)]
s3: Fix a typo in dump-domain-list smbcontrol usage msg

9 years agos4-selftest: Add some more comments to skip file.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:38 +0000 (10:31 +0200)]
s4-selftest: Add some more comments to skip file.

9 years agoselftest: Eliminate some unnecessary spaces.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:29 +0000 (10:31 +0200)]
selftest: Eliminate some unnecessary spaces.

9 years agoselftest: Avoid accessing deprecated BaseException.message.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:03 +0000 (10:31 +0200)]
selftest: Avoid accessing deprecated BaseException.message.

Thanks to Andreas for pointing this out.

9 years agosubunit: Import new upstream snapshot (adds subunit_progress())
Jelmer Vernooij [Thu, 30 Sep 2010 07:29:42 +0000 (09:29 +0200)]
subunit: Import new upstream snapshot (adds subunit_progress())

9 years agotesttools: Import new upstream snapshot.
Jelmer Vernooij [Thu, 30 Sep 2010 07:18:01 +0000 (09:18 +0200)]
testtools: Import new upstream snapshot.

9 years agos4-drepl: don't call UpdateRefs on a RODC
Andrew Tridgell [Thu, 30 Sep 2010 05:08:48 +0000 (22:08 -0700)]
s4-drepl: don't call UpdateRefs on a RODC

we use the ADD_REF bit in getncchanges instead

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

9 years agos4-drepl: fixed the checking of replica_flags in the drepl server
Andrew Tridgell [Thu, 30 Sep 2010 05:04:21 +0000 (22:04 -0700)]
s4-drepl: fixed the checking of replica_flags in the drepl server

we were incorrectly avoiding a getncchanges when WRIT_REP was not set

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

9 years agos4-kcc: fixed the replica_flags in repsFrom in the kcc
Andrew Tridgell [Thu, 30 Sep 2010 05:03:35 +0000 (22:03 -0700)]
s4-kcc: fixed the replica_flags in repsFrom in the kcc

if our calculated replica_flags doesn't match the ones in our repsFrom
then update it

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

9 years agoidl-drsuapi: fixed another replica_flags that should use the bitmap
Andrew Tridgell [Thu, 30 Sep 2010 05:02:54 +0000 (22:02 -0700)]
idl-drsuapi: fixed another replica_flags that should use the bitmap

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

9 years agos4-dns: send A record updates via TKEY
Andrew Tridgell [Thu, 30 Sep 2010 00:33:49 +0000 (17:33 -0700)]
s4-dns: send A record updates via TKEY

9 years agos3-spoolss: make sure to exit early and with the appropriate error code in
Günther Deschner [Thu, 30 Sep 2010 00:28:41 +0000 (02:28 +0200)]
s3-spoolss: make sure to exit early and with the appropriate error code in
_spoolss_GetPrinterDriver2.

Guenther

9 years agospoolss: use the correct flags for spoolss_PrinterInfo1 struct.
Günther Deschner [Thu, 30 Sep 2010 00:05:36 +0000 (02:05 +0200)]
spoolss: use the correct flags for spoolss_PrinterInfo1 struct.

Guenther

9 years agos3-spoolss: Fix servername/printername handling which turns out to be very important...
Günther Deschner [Wed, 29 Sep 2010 02:51:56 +0000 (04:51 +0200)]
s3-spoolss: Fix servername/printername handling which turns out to be very important to get right.

Guenther

9 years agos4-smbtorture: add new EnumPrinters test to test printername/servername
Günther Deschner [Wed, 29 Sep 2010 02:49:57 +0000 (04:49 +0200)]
s4-smbtorture: add new EnumPrinters test to test printername/servername
behaviour in EnumPrinter and GetPrinter calls.

Guenther

9 years agos4-samldb: also set a password on the krbtgt_NNNN account
Andrew Tridgell [Wed, 29 Sep 2010 23:35:52 +0000 (16:35 -0700)]
s4-samldb: also set a password on the krbtgt_NNNN account

when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-devel: added new options to getncchanges script
Andrew Tridgell [Wed, 29 Sep 2010 22:50:04 +0000 (15:50 -0700)]
s4-devel: added new options to getncchanges script

added --pas, --dest-dsa and --replica-flags options

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>