13 years agos4:ldb Add hooks to get/set the flags on a ldb_message_element
Andrew Bartlett [Wed, 26 Aug 2009 05:01:12 +0000 (15:01 +1000)]
s4:ldb Add hooks to get/set the flags on a ldb_message_element

Also add tests to prove that we got this correct, and correct the
existing tests which used the wrong constants.

Andrew Bartlett

13 years agos4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc
Andrew Bartlett [Wed, 26 Aug 2009 03:44:50 +0000 (13:44 +1000)]
s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc

This changes dsdb_write_prefixes_from_schema_to_ldb() to use an
internal talloc hirarchy, so we can safely give it a NULL context from
the python.

It also fixes manual construction of the ldb_message - we now use the
right helper functions.

Andrew Bartlett

13 years agos4:provison Add prefixes to ldb using same code a later modify will use
Andrew Bartlett [Wed, 26 Aug 2009 03:43:33 +0000 (13:43 +1000)]
s4:provison Add prefixes to ldb using same code a later modify will use

This allows us to test out the code that will do the modify of the
prefixMap, and to provide the bindings that may assist a future
upgrade script.

Andrew Bartlett

13 years agos4:provision Only create references to our server DN after the self join
Andrew Bartlett [Wed, 26 Aug 2009 02:39:44 +0000 (12:39 +1000)]
s4:provision Only create references to our server DN after the self join

This will ensure that the GUID can be filled in correctly, and assist
us to validate DN targets in the future.

Andrew Bartlett

13 years agos4:scheam quiet a 'const' warning
Andrew Bartlett [Wed, 26 Aug 2009 02:32:47 +0000 (12:32 +1000)]
s4:scheam quiet a 'const' warning

13 years agos4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema
Andrew Bartlett [Wed, 26 Aug 2009 02:29:45 +0000 (12:29 +1000)]
s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema

The aim is to create a function that is more easily wrapped for
python, so that we can write the updated prefixMap in an upgrade

Andrew Bartlett

13 years agos4:dsdb Use helper function to add 'show deleted' control
Andrew Bartlett [Wed, 26 Aug 2009 01:01:27 +0000 (11:01 +1000)]
s4:dsdb Use helper function to add 'show deleted' control

This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4
to use ldb_request_add_control() instead of a manual construction.

Andrew Bartlett

13 years agos3-netlogon: fix default case when _netr_LogonSamLogon is called from other opcodes.
Günther Deschner [Tue, 25 Aug 2009 23:03:47 +0000 (01:03 +0200)]
s3-netlogon: fix default case when _netr_LogonSamLogon is called from other opcodes.


13 years agoRevert "s3: Fix uninitialized const char *"
Günther Deschner [Tue, 25 Aug 2009 23:01:43 +0000 (01:01 +0200)]
Revert "s3: Fix uninitialized const char *"

Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the
debug messages completely. Followup fix to come immediately.

This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578.

13 years agos3-netlogon: get rid of init_net_r_req_chal().
Günther Deschner [Tue, 25 Aug 2009 16:47:15 +0000 (18:47 +0200)]
s3-netlogon: get rid of init_net_r_req_chal().


13 years agos3-netlogon: let get_md4pw() return a struct samr_Password.
Günther Deschner [Tue, 25 Aug 2009 16:44:24 +0000 (18:44 +0200)]
s3-netlogon: let get_md4pw() return a struct samr_Password.

(in preparation of credential merge).


13 years agos3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3.
Günther Deschner [Tue, 25 Aug 2009 16:36:28 +0000 (18:36 +0200)]
s3-netlogon: make _netr_ServerAuthenticate a callback to _netr_ServerAuthenticate3.


13 years agoAllow for name array strings that don't end in a slash
Zach Loafman [Tue, 25 Aug 2009 17:46:37 +0000 (10:46 -0700)]
Allow for name array strings that don't end in a slash

Fix set_namearray to allow for strings that don't end in a slash. Also
remove unnecessary strdup()s.

Signed-off-by: Tim Prouty <>
13 years agoAdd some const to dsgetdcname
Volker Lendecke [Tue, 25 Aug 2009 15:03:26 +0000 (17:03 +0200)]
Add some const to dsgetdcname

13 years agoDo an early TALLOC_FREE
Volker Lendecke [Tue, 25 Aug 2009 15:02:53 +0000 (17:02 +0200)]
Do an early TALLOC_FREE

13 years agonetlogon: give netlogon w7/w2k8r2 AES negotiate flag proper name (see bug #6099 for...
Günther Deschner [Tue, 25 Aug 2009 09:10:53 +0000 (11:10 +0200)]
netlogon: give netlogon w7/w2k8r2 AES negotiate flag proper name (see bug #6099 for details).


13 years agofixed DRS rename of deleted objects
Andrew Tridgell [Tue, 25 Aug 2009 07:00:27 +0000 (17:00 +1000)]
fixed DRS rename of deleted objects

The objectclass module checks that the target parent exists, and
refuses renames if it doesn't exist. For this to work for deleted
objects we have to do the search in the objectclass module with the
"show deleted" control enabled.

13 years agofixed a double free bug on error in net export
Andrew Tridgell [Tue, 25 Aug 2009 06:59:25 +0000 (16:59 +1000)]
fixed a double free bug on error in net export

13 years agos4:python Fix the reprovision test by deleting 'deleted' objects too.
Andrew Bartlett [Tue, 25 Aug 2009 06:27:20 +0000 (16:27 +1000)]
s4:python Fix the reprovision test by deleting 'deleted' objects too.

We were failing because CN=Deleted Objects, which is marked as
'deleted' itself, could not be re-added in a reprovision.

Andrew Bartlett

13 years agos4:dsdb Rework show_deleted module not to liniearise the LDAP filter
Andrew Bartlett [Tue, 25 Aug 2009 06:25:55 +0000 (16:25 +1000)]
s4:dsdb Rework show_deleted module not to liniearise the LDAP filter

Instead, use the fact that the ldb_parse_tree structure is public to
construct the 'and not deleted' clause as a structure, and apply each
filter tree to that template.

Andrew Bartlett

13 years agoHelp debug for bug 6651 - smbd SIGSEGV when breaking oplocks.
Jeremy Allison [Tue, 25 Aug 2009 04:14:52 +0000 (21:14 -0700)]
Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks.
Should help track if we get invoked with an invalid fd from
the signal handler.

13 years agoSecond attempt at fix for bug 6529 - Offline files conflict with Vista and Office...
Jeremy Allison [Tue, 25 Aug 2009 03:57:37 +0000 (20:57 -0700)]
Second attempt at fix for bug 6529 - Offline files conflict with Vista and Office 2003.
Confirmation from reporter that this fixes the issue in master on ext3/ext4.
Back-ports to follow.

13 years agoAllow systems with timestamp granularity of 1sec to work with
Jeremy Allison [Tue, 25 Aug 2009 01:21:23 +0000 (18:21 -0700)]
Allow systems with timestamp granularity of 1sec to work with
this test.

13 years agoUse existing time_t rounding function, don't invent my own.
Jeremy Allison [Mon, 24 Aug 2009 22:09:29 +0000 (15:09 -0700)]
Use existing time_t rounding function, don't invent my own.

13 years agonetlogon: add (yet) undocumented netlogon negotiate bit to bitmap.
Günther Deschner [Mon, 24 Aug 2009 21:02:20 +0000 (23:02 +0200)]
netlogon: add (yet) undocumented netlogon negotiate bit to bitmap.

This bit is set by the Win7 client while joining.


13 years agos3-netlogon: Only hand out rid when netlogon credential chain has been setup sucessfully.
Günther Deschner [Mon, 24 Aug 2009 21:00:47 +0000 (23:00 +0200)]
s3-netlogon: Only hand out rid when netlogon credential chain has been setup sucessfully.


13 years agoSecond part of fix for 6529 - Offline files conflict with Vista and Office 2003.
Jeremy Allison [Mon, 24 Aug 2009 19:30:05 +0000 (12:30 -0700)]
Second part of fix for 6529 - Offline files conflict with Vista and Office 2003.
ext4 may be able to store ns timestamps, but the only API to *set* timestamps
takes usec, not nsec. Round to usec on set requests.

13 years agoFix make test.
Jeremy Allison [Mon, 24 Aug 2009 18:24:10 +0000 (11:24 -0700)]
Fix make test.

13 years agomake smbcontrol smbd ping work proper checking for arguments handle short pid_t correctly
Olaf Flebbe [Mon, 17 Aug 2009 15:31:01 +0000 (17:31 +0200)]
make smbcontrol smbd ping work proper checking for arguments handle short pid_t correctly

13 years agolibndr: add missing protoypes for double type.
Günther Deschner [Mon, 24 Aug 2009 12:28:04 +0000 (14:28 +0200)]
libndr: add missing protoypes for double type.


13 years agotevent: avoid using reserved c++ word.
Günther Deschner [Mon, 24 Aug 2009 12:27:13 +0000 (14:27 +0200)]
tevent: avoid using reserved c++ word.


13 years agos4:dsdb Use talloc_strndup() to ensure OIDs are null terminated
Andrew Bartlett [Mon, 24 Aug 2009 10:22:18 +0000 (20:22 +1000)]
s4:dsdb Use talloc_strndup() to ensure OIDs are null terminated

The OIDs are not NULL terminated by the python caller, in line with
the LDB API, but we need them to be here, as we were casting them to a

Andrew Bartlett

13 years agos4:ldb Add python binding and test for ldb_msg_diff()
Andrew Bartlett [Mon, 24 Aug 2009 10:11:43 +0000 (20:11 +1000)]
s4:ldb Add python binding and test for ldb_msg_diff()

13 years agos4:dsdb Add const
Andrew Bartlett [Mon, 24 Aug 2009 03:15:31 +0000 (13:15 +1000)]
s4:dsdb Add const

13 years agos4:dsdb remove unused variable
Andrew Bartlett [Mon, 24 Aug 2009 03:15:17 +0000 (13:15 +1000)]
s4:dsdb remove unused variable

13 years agos4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end
Andrew Bartlett [Mon, 24 Aug 2009 03:09:10 +0000 (13:09 +1000)]
s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end

The problem is that samdb_result_string() and
ldb_msg_find_attr_as_string() both simply cast the string, rather than
ensuring the return value is NULL terminated.  This may be best
regarded as a flaw in LDB, but fixing it there is going to be more

Andrew Bartlett

13 years agonote the semantic change in talloc_free from 2.0
Andrew Tridgell [Mon, 24 Aug 2009 06:33:00 +0000 (16:33 +1000)]
note the semantic change in talloc_free from 2.0

13 years agofixed typo in talloc doc XML
Andrew Tridgell [Mon, 24 Aug 2009 06:27:05 +0000 (16:27 +1000)]
fixed typo in talloc doc XML

13 years agoLIBREPLACEOBJ now contains the full path
Andrew Tridgell [Mon, 24 Aug 2009 06:21:58 +0000 (16:21 +1000)]
LIBREPLACEOBJ now contains the full path

13 years agoupdated XML source for talloc man page
Andrew Tridgell [Mon, 24 Aug 2009 06:01:18 +0000 (16:01 +1000)]
updated XML source for talloc man page

13 years agoadded talloc_set_log_* documentation
Andrew Tridgell [Mon, 24 Aug 2009 06:01:05 +0000 (16:01 +1000)]
added talloc_set_log_* documentation

13 years agoupdated talloc guide for recent API changes
Andrew Tridgell [Mon, 24 Aug 2009 02:34:53 +0000 (12:34 +1000)]
updated talloc guide for recent API changes

13 years agomake lib/replace more usable in standalone builds
Andrew Tridgell [Mon, 27 Jul 2009 07:12:27 +0000 (17:12 +1000)]
make lib/replace more usable in standalone builds

This makes the lib/replace m4 work in lib/talloc as a standalone build

13 years agofixed getpass m4
Andrew Tridgell [Mon, 27 Jul 2009 07:12:56 +0000 (17:12 +1000)]
fixed getpass m4

This allows the getpass.m4 code to work in standalone talloc builds

13 years agos3:lib: setup talloc log and abort functions
Stefan Metzmacher [Mon, 3 Aug 2009 09:30:44 +0000 (11:30 +0200)]
s3:lib: setup talloc log and abort functions


13 years agos3:configure: require talloc >= 2.0.0
Stefan Metzmacher [Fri, 21 Aug 2009 08:01:15 +0000 (10:01 +0200)]
s3:configure: require talloc >= 2.0.0


13 years agos4:cmdline: setup talloc log and abort functions
Stefan Metzmacher [Thu, 30 Jul 2009 06:37:01 +0000 (08:37 +0200)]
s4:cmdline: setup talloc log and abort functions


13 years agos4:build: require talloc >= 2.0.0
Stefan Metzmacher [Fri, 21 Aug 2009 08:00:51 +0000 (10:00 +0200)]
s4:build: require talloc >= 2.0.0


13 years agotalloc: add --enable-talloc-compat1 to build a compat library for talloc 1.x.x
Stefan Metzmacher [Fri, 21 Aug 2009 07:25:57 +0000 (09:25 +0200)]
talloc: add --enable-talloc-compat1 to build a compat library for talloc 1.x.x


13 years agotalloc: update talloc.exports and talloc.signatures
Stefan Metzmacher [Fri, 21 Aug 2009 07:53:51 +0000 (09:53 +0200)]
talloc: update talloc.exports and talloc.signatures


13 years agotalloc: add defines and functions for TALLOC_MAJOR/MINOR_VERSION
Stefan Metzmacher [Thu, 20 Aug 2009 11:43:42 +0000 (13:43 +0200)]
talloc: add defines and functions for TALLOC_MAJOR/MINOR_VERSION

We also use the major and minor versions in the TALLOC_MAGIC,
so that we can detect if two conflicting versions of talloc
are loaded in one process. In this case we use talloc_log() to
output a very useful debug message before we call


13 years agotalloc: change version to 2.0.0
Stefan Metzmacher [Thu, 20 Aug 2009 11:43:18 +0000 (13:43 +0200)]
talloc: change version to 2.0.0


13 years agotalloc: remove ABI compat functions
Stefan Metzmacher [Thu, 20 Aug 2009 11:36:33 +0000 (13:36 +0200)]
talloc: remove ABI compat functions


13 years agotalloc: remove unused build dependecies to samba
Stefan Metzmacher [Mon, 3 Aug 2009 09:33:06 +0000 (11:33 +0200)]
talloc: remove unused build dependecies to samba


13 years agotalloc/testsuite: use talloc_set_log_fn() and log to stdout
Stefan Metzmacher [Wed, 29 Jul 2009 20:00:05 +0000 (22:00 +0200)]
talloc/testsuite: use talloc_set_log_fn() and log to stdout


13 years agotalloc: add talloc_set_log_fn() and talloc_set_log_stderr()
Stefan Metzmacher [Wed, 29 Jul 2009 19:54:28 +0000 (21:54 +0200)]
talloc: add talloc_set_log_fn() and talloc_set_log_stderr()

So that the application can setup a log function to get ERROR
and WARNING messages.


13 years agotalloc: let talloc_steal() only generate a warning if it's used with references
Stefan Metzmacher [Wed, 29 Jul 2009 19:41:34 +0000 (21:41 +0200)]
talloc: let talloc_steal() only generate a warning if it's used with references

We have to many callers, which rely on that talloc_steal() never fails.


13 years agotalloc/testsuite: report __location__ of testsuite failures
Stefan Metzmacher [Mon, 13 Jul 2009 18:34:10 +0000 (20:34 +0200)]
talloc/testsuite: report __location__ of testsuite failures


13 years agotalloc/testsuite: add infrastructure to test aborts
Stefan Metzmacher [Tue, 14 Jul 2009 09:58:16 +0000 (11:58 +0200)]
talloc/testsuite: add infrastructure to test aborts


13 years agotalloc/testsuite: reset the globals after each subtest
Stefan Metzmacher [Mon, 13 Jul 2009 16:52:44 +0000 (18:52 +0200)]
talloc/testsuite: reset the globals after each subtest


13 years agotalloc: call return after abort, because an overloaded abort function might not exit
Stefan Metzmacher [Tue, 14 Jul 2009 09:56:33 +0000 (11:56 +0200)]
talloc: call return after abort, because an overloaded abort function might not exit

This will be useful in the testsuite,
where we could check if an abort would happen.


13 years agotalloc: report the size of reference handles as 0
Stefan Metzmacher [Mon, 13 Jul 2009 18:32:50 +0000 (20:32 +0200)]
talloc: report the size of reference handles as 0


13 years agotalloc: let talloc_total_blocks() and talloc_get_size() operate on the null_context
Stefan Metzmacher [Mon, 13 Jul 2009 16:51:24 +0000 (18:51 +0200)]
talloc: let talloc_total_blocks() and talloc_get_size() operate on the null_context


13 years agos3:winbind: Fallback to the forest root for lookupname
Volker Lendecke [Sat, 22 Aug 2009 13:29:03 +0000 (15:29 +0200)]
s3:winbind: Fallback to the forest root for lookupname

Thanks to Steven Danneman for watching me closely :-)

13 years agos3:winbind: Even on a domain controller, "our" domain is internal
Volker Lendecke [Sat, 22 Aug 2009 15:10:16 +0000 (17:10 +0200)]
s3:winbind: Even on a domain controller, "our" domain is internal

It happens to be what we also share out via NETLOGON/SAMR, but winbind has
direct access to it via the passdb domain methods

13 years agos3:winbind: Do not drop the first user in sam_query_user_list
Volker Lendecke [Sat, 22 Aug 2009 15:12:28 +0000 (17:12 +0200)]
s3:winbind: Do not drop the first user in sam_query_user_list

13 years agos3:winbind: For internal domains it is pointless to connect to a DC
Volker Lendecke [Sat, 22 Aug 2009 15:13:09 +0000 (17:13 +0200)]
s3:winbind: For internal domains it is pointless to connect to a DC

13 years agos3:winbind: winbindd_dual_ndrcmd should output what it's doing
Volker Lendecke [Sat, 22 Aug 2009 15:14:32 +0000 (17:14 +0200)]
s3:winbind: winbindd_dual_ndrcmd should output what it's doing

13 years agos3:winbind: Fix the talloc hierarchy in wb_queryuser_done
Volker Lendecke [Sat, 22 Aug 2009 16:35:52 +0000 (18:35 +0200)]
s3:winbind: Fix the talloc hierarchy in wb_queryuser_done

We need to return state->userinfo beyond the end of wb_queryuser_recv, so the
unmarshalled strings are children of that, not the state that is lost sooner.

Metze, this scheme works fine as long as we only have a single malloc'ed
entity that is returned. I think we need a different scheme in the future
when we might have more than one independent object to be returned.

13 years agoImplement Metze's suggestion of trying getpwuid(0) then getpwnam(root).
Jeremy Allison [Sat, 22 Aug 2009 16:40:58 +0000 (09:40 -0700)]
Implement Metze's suggestion of trying getpwuid(0) then getpwnam(root).

13 years agoLog debug message when hires timestamps are available on the
Jeremy Allison [Sat, 22 Aug 2009 04:53:37 +0000 (21:53 -0700)]
Log debug message when hires timestamps are available on the

13 years agoFix bug 6529 - Offline files conflict with Vista and Office 2003
Jeremy Allison [Sat, 22 Aug 2009 04:44:21 +0000 (21:44 -0700)]
Fix bug 6529 - Offline files conflict with Vista and Office 2003
On filesystems that can't store less than one second timestamps,
round the incoming timestamp set requests so the client can't discover
that a time set request has been truncated by the filesystem.
Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0.

13 years agoTry and fix the buildfarm by using getpwnam(root) instead
Jeremy Allison [Sat, 22 Aug 2009 04:08:02 +0000 (21:08 -0700)]
Try and fix the buildfarm by using getpwnam(root) instead
of getpwuid(0) if DEVELOPER is defined. I'm hoping the
build farm defines DEVELOPER...

13 years agos4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpd
Andrew Bartlett [Sat, 22 Aug 2009 01:09:30 +0000 (11:09 +1000)]
s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpd

The change to protocol version 1 was not intentional, and broke the
protocol established with the project.

Andrew Bartlett

13 years agoFix coverity CID: 932 - forward null.
Jeremy Allison [Fri, 21 Aug 2009 23:17:17 +0000 (16:17 -0700)]
Fix coverity CID: 932 - forward null.

13 years agoFix for bug 6651 - smbd SIGSEGV when breaking oplocks.
Jeremy Allison [Fri, 21 Aug 2009 22:07:25 +0000 (15:07 -0700)]
Fix for bug 6651 - smbd SIGSEGV when breaking oplocks.
Based on a patch submitted by Petr Vandrovec <>.
Multiple pending signals with siginfo_t's weren't being handled correctly
leading to smbd abort with kernel oplock signals.

13 years agos3: fix bug #6650, authentication at member servers when winbindd is not running
Michael Adam [Fri, 21 Aug 2009 11:59:16 +0000 (13:59 +0200)]
s3: fix bug #6650, authentication at member servers when winbindd is not running

Authentication of domain users on the member server fails when winbindd
is not running. This is because the is_trusted_domain() check  behaves
differently when winbindd is running and when it isn't:
Since wb_is_trusted_domain() calls wbcDomainInfo(), and this will also
give a result for our own domain, this succeeds for the member
server's own domain when winbindd is running. When winbindd is not
running, is_trusted_domain() checks (and possibly updates) the trustdom
cache, and this does the lsa_EnumTrustDom() rpc call to the DC which
does not return its own domain.

In case of winbindd not running, before 3.4, the domain part was _silently_
mapped to the workgroup in auth_util.c:make_user_info_map(),
which effectively did nothing in the member case.

But then the parameter "map untrusted to domain" was introduced
and the mapping was made to the workstation name instead of
the workgroup name by default unless "map untrusted to domain = yes".
 5cd4b7b7c03df6e896186d985b6858a06aa40b3f, and
This was ok as long as winbindd was running, but with winbindd not running,
these changes actually uncovered the above logic bug in the check.

So the correct check is to treat the workgroup as trusted / or known
in the member case. This is most easily achieved by not comparing the
domain name against get_global_sam_name() which is the host name unless
for a DC but against my_sam_name() which is the workgroup for a DC and for
a member, too. (These names are not very intuitive...)

I admit that this is a very long commit message for a one-liner, but this has
needed some tracking down, and I think the change deserves some justification.


13 years agos4:client
Sam Liddicott [Fri, 21 Aug 2009 14:54:49 +0000 (16:54 +0200)]

Put was assuming that the remote name was always absolute, and not relative to
the current remote directory.

Signed-off-by: Sam Liddicott <>
13 years agoAdd missing CreateFile flags to smb.h
Steve French [Fri, 21 Aug 2009 12:56:32 +0000 (14:56 +0200)]
Add missing CreateFile flags to smb.h

13 years agos4:ldb Python requires that a 'compare' handler return -1, 0 or 1
Andrew Bartlett [Fri, 21 Aug 2009 07:50:04 +0000 (17:50 +1000)]
s4:ldb Python requires that a 'compare' handler return -1, 0 or 1

13 years agos4:ldb Use length-limited printf to avoid walking off end of strings
Andrew Bartlett [Wed, 19 Aug 2009 03:26:34 +0000 (13:26 +1000)]
s4:ldb Use length-limited printf to avoid walking off end of strings

This should ensure the debug messages do not have random characters at
their ends.

Andrew Bartlett

13 years agos4:kerberos Use MIT compatible names for these enc types
Andrew Bartlett [Tue, 18 Aug 2009 02:08:37 +0000 (12:08 +1000)]
s4:kerberos Use MIT compatible names for these enc types

This is a small start on (ie, the only trivial part of) the work shown in:
(a table of all Kerberos symbols used in Samba4, and notes on where
they differ from those provided with MIT Kerberos)

Andrew Bartlett

13 years agoFix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLs
Jeremy Allison [Thu, 20 Aug 2009 18:08:21 +0000 (11:08 -0700)]
Fix bug 6638 - ADS Domain Member: Computer Mgr can not set share ACLs
Add good error message for share modification denial.

13 years agos3-idmap: fix two uninitialized variable warnings in idmap_tdb2.
Günther Deschner [Thu, 20 Aug 2009 13:28:19 +0000 (15:28 +0200)]
s3-idmap: fix two uninitialized variable warnings in idmap_tdb2.


13 years agos3:dsgetdcname: Fix a crash in dsgetdcname
Volker Lendecke [Wed, 19 Aug 2009 12:22:09 +0000 (14:22 +0200)]
s3:dsgetdcname: Fix a crash in dsgetdcname

When returning NT_STATUS_OK we can't leave *info == NULL, this crashes
in is_closest_site called from dsgetdcname().

Signed-off-by: Günther Deschner <>
13 years agos3:dsgetdcname: Inline dsgetdcname_cache_refresh
Volker Lendecke [Wed, 19 Aug 2009 12:19:22 +0000 (14:19 +0200)]
s3:dsgetdcname: Inline dsgetdcname_cache_refresh

Signed-off-by: Günther Deschner <>
13 years agos4-spoolss: add stubs for new idl opcodes in spoolss server.
Günther Deschner [Mon, 10 Aug 2009 15:09:41 +0000 (17:09 +0200)]
s4-spoolss: add stubs for new idl opcodes in spoolss server.


13 years agos3-spoolss: add stubs for new idl opcodes in spoolss server.
Günther Deschner [Mon, 10 Aug 2009 14:45:47 +0000 (16:45 +0200)]
s3-spoolss: add stubs for new idl opcodes in spoolss server.


13 years agos3: re-run make samba3-idl.
Günther Deschner [Mon, 10 Aug 2009 14:45:13 +0000 (16:45 +0200)]
s3: re-run make samba3-idl.


13 years agospoolss: add more spoolss calls to IDL
Günther Deschner [Mon, 10 Aug 2009 14:44:19 +0000 (16:44 +0200)]
spoolss: add more spoolss calls to IDL
(spoolss_GetPrinterDriverPackagePath and spoolss_GetCorePrinterDrivers).


13 years agoFix bug #6647 - get_root_nt_token: getpwnam("root") failed!
Jeremy Allison [Wed, 19 Aug 2009 23:55:26 +0000 (16:55 -0700)]
Fix bug #6647 - get_root_nt_token: getpwnam("root") failed!
Not all systems may have a "root" user, but all must have a passwd
entry for a uid of zero.

13 years agoFix Red Hat bugzilla bug :
Jeremy Allison [Wed, 19 Aug 2009 22:33:08 +0000 (15:33 -0700)]
Fix Red Hat bugzilla bug :
nautilus fails to copy files from an SMB share. This is a show-stopper
for 3.4.1 (I'll open a bug). Although gnome-vfs is doing
*incredibly* stupid things by asking for a read size of 65535 - this
translates on the wire to a 65534 byte read followed by a 1 byte
read. Please send this back to the gnome developers that they
will ge horrid on the wire performance for this.

13 years agos3:smbd: implement SMB2 Find (Query Directory)
Stefan Metzmacher [Thu, 6 Aug 2009 10:16:30 +0000 (12:16 +0200)]
s3:smbd: implement SMB2 Find (Query Directory)


13 years agos3:smbd: store a dirptr on the files_struct for SMB2 Query Directory
Stefan Metzmacher [Thu, 6 Aug 2009 10:53:05 +0000 (12:53 +0200)]
s3:smbd: store a dirptr on the files_struct for SMB2 Query Directory


13 years agos3:smbd: add a generic smbd_dirptr_lanman2_entry() function
Stefan Metzmacher [Fri, 14 Aug 2009 11:23:19 +0000 (13:23 +0200)]
s3:smbd: add a generic smbd_dirptr_lanman2_entry() function

This can we used by SMB2, the key difference between
SMB1 and SMB2 is that with SMB2 entries are aligned
to 8 bytes and there's no padding at the end of the last entry.


13 years agos3:smbd: implement all SMB2 Create contexts except "ExtA"
Stefan Metzmacher [Sat, 15 Aug 2009 09:52:37 +0000 (11:52 +0200)]
s3:smbd: implement all SMB2 Create contexts except "ExtA"


13 years agos3:smbd: make smbd_check_open_rights() function non-static for use in SMB2
Stefan Metzmacher [Wed, 19 Aug 2009 16:03:43 +0000 (18:03 +0200)]
s3:smbd: make smbd_check_open_rights() function non-static for use in SMB2


13 years agos3 merged build: Don't build wbinfo twice.
Kai Blin [Wed, 19 Aug 2009 10:38:58 +0000 (12:38 +0200)]
s3 merged build: Don't build wbinfo twice.

Many, many thanks to Metze for telling me which chicken to sacrifice.

13 years agotevent: fix a comment
Michael Adam [Tue, 18 Aug 2009 09:53:42 +0000 (11:53 +0200)]
tevent: fix a comment


13 years agoMake refusal of SEC_DESC_DACL_PROTECTED configurable
Volker Lendecke [Thu, 13 Aug 2009 04:33:16 +0000 (06:33 +0200)]
Make refusal of SEC_DESC_DACL_PROTECTED configurable

This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false.

GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this
parameter we give customers an option to either ignore this bit or refuse
setting an ACL with it.