Günther Deschner [Mon, 11 Jan 2010 11:38:22 +0000 (12:38 +0100)]
testprogs: fix driver levels in spoolss test.
Guenther
Günther Deschner [Mon, 11 Jan 2010 11:37:45 +0000 (12:37 +0100)]
testprogs: test each printer, do not abort after first failure.
Guenther
Günther Deschner [Mon, 11 Jan 2010 11:34:56 +0000 (12:34 +0100)]
testprogs: fix EnumPrintProcessorDatatypes spoolss test.
Guenther
Günther Deschner [Mon, 11 Jan 2010 11:33:22 +0000 (12:33 +0100)]
testprogs: add more error codes to spoolss test.
Guenther
Volker Lendecke [Mon, 11 Jan 2010 11:10:47 +0000 (12:10 +0100)]
s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
Andreas Schneider [Mon, 21 Dec 2009 11:44:00 +0000 (12:44 +0100)]
tsocket: Added doxygen config file.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 16 Dec 2009 12:26:48 +0000 (13:26 +0100)]
tsocket: Added complete doxygen documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 11 Jan 2010 06:10:32 +0000 (17:10 +1100)]
Merge remote branch 'origin/master' into alpha11release
Andrew Bartlett [Mon, 11 Jan 2010 06:05:06 +0000 (17:05 +1100)]
and we move on towards Samba4 alpha12!
Andrew Bartlett [Mon, 11 Jan 2010 05:35:28 +0000 (16:35 +1100)]
more WHATSNEW4
Andrew Bartlett [Mon, 11 Jan 2010 03:57:55 +0000 (14:57 +1100)]
This is Samba4 alpha11!
Andrew Bartlett [Mon, 11 Jan 2010 01:00:34 +0000 (12:00 +1100)]
release notes for Samba4 alpha11 (to be released this week)
Steven Danneman [Mon, 11 Jan 2010 00:06:57 +0000 (16:06 -0800)]
s4/torture: Parameterize output in LOCK tests based off server support
Two new torture parameters:
* smbexit_pdu_support: if the Server supports the Exit command
* range_not_locked_on_file_close: whether the server returns the
NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
pending lock request. Windows returns this error, though per the
spec, this error should only be returned to an unlock request.
Andrew Tridgell [Sun, 10 Jan 2010 23:08:30 +0000 (10:08 +1100)]
Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
This reverts commit
5c174c68ccba7506147feab1d09ad676792139b3.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
Andrew Tridgell [Sun, 10 Jan 2010 23:07:53 +0000 (10:07 +1100)]
Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
This reverts commit
61dfd3dc1dce2c0dd6693de80930af312ad3e39f.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
Andrew Tridgell [Sun, 10 Jan 2010 23:06:58 +0000 (10:06 +1100)]
Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
This reverts commit
9ee895fcf6327b1c2f5ee09fa565bd62974e9c58.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
Andrew Tridgell [Sun, 10 Jan 2010 23:05:50 +0000 (10:05 +1100)]
Revert "s4:provision_users.ldif - Add objects for IIS"
This reverts commit
91e210028790397996659116446e6add452707f6.
This series of commits broke 'make test'.
Matthias, please make sure you run a _full_ make test before every
push.
Andrew Tridgell [Sun, 10 Jan 2010 22:36:48 +0000 (09:36 +1100)]
s4-selftest: when a command fails show both normal and expanded command
It is sometimes hard to tell which varient of something like
$SMB_CONF_PATH or $USERNAME is being used in a test. By giving both
the expanded command ($command with environment variables expanded)
and non-expanded command it is easier to reproduce bugs outside the
test environment.
Andrew Tridgell [Sun, 10 Jan 2010 22:29:29 +0000 (09:29 +1100)]
s4-test: fixed make test without having done make install
client.conf didn't specify "setup directory"
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 20:34:05 +0000 (21:34 +0100)]
s4:upgradeprovision - fix up the script regarding linked attributes
We have to try to add new objects until between two iterations we didn't make
any progress. Either we are then done (no objects remaining) or we are
incapable to do this fully automatically.
The latter can happen if important system objects (builtin groups, users...)
moved (e.g. consider one of my recent comments). Then the new object can't be
added if it contains the same "sAMAccountName" attribute as the old one. We
have to let the user delete the old one (also to give him a chance to backup
personal changes - if needed) and only then the script is capable to add the
new one onto the right place. Make this clear with an exhaustive error output.
I personally don't see a good way how to do this better for now so I would leave
this as a manual step.
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 19:08:50 +0000 (20:08 +0100)]
s4:upgradeprovision - Reformat comments
Make them break at line 80 (better readability).
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 18:49:40 +0000 (19:49 +0100)]
s4:repl_meta_data - Transform a "1" into a "true" on a boolean variable
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 13:20:09 +0000 (14:20 +0100)]
s4:provision_users.ldif - Add objects for IIS
Some WSPP locations point out that they're defacto-standards for Windows Server deployments starting with 2008. So we should add them to s4 too.
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 14:43:07 +0000 (15:43 +0100)]
s4:provision_self_join_modify.ldif - Point out that account "dns" is s4 specific
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 14:38:55 +0000 (15:38 +0100)]
s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group
Volker Lendecke [Sun, 10 Jan 2010 21:42:02 +0000 (22:42 +0100)]
s3: Remove some unused variables
Volker Lendecke [Sat, 9 Jan 2010 19:26:46 +0000 (20:26 +0100)]
s3: Fix some nonempty blank lines
Volker Lendecke [Sun, 10 Jan 2010 16:58:12 +0000 (17:58 +0100)]
s3: Use sid_check_is_domain instead of a direct sid_equal
Volker Lendecke [Sun, 10 Jan 2010 16:57:00 +0000 (17:57 +0100)]
s3: Use sid_check_is_in_our_domain instead of a direct sid_peek_check_rid
Volker Lendecke [Sun, 10 Jan 2010 16:39:27 +0000 (17:39 +0100)]
s3: Replace most calls to sid_append_rid() by sid_compose()
Volker Lendecke [Sun, 10 Jan 2010 16:30:54 +0000 (17:30 +0100)]
s3: Remove unused samr_make_sam_obj_sd
Volker Lendecke [Sun, 10 Jan 2010 13:24:22 +0000 (14:24 +0100)]
s3: Remove the typedef for "auth_serversupplied_info"
Volker Lendecke [Sun, 10 Jan 2010 13:16:04 +0000 (14:16 +0100)]
s3: Remove the typedef for "auth_usersupplied_info"
Volker Lendecke [Sun, 10 Jan 2010 12:35:37 +0000 (13:35 +0100)]
s3: Trim libnss_wins.so
Volker Lendecke [Sun, 3 Jan 2010 21:28:33 +0000 (22:28 +0100)]
s3: Trim down some utilities a bit
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 10:07:16 +0000 (11:07 +0100)]
s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now
This belongs to the AD IIS stuff where I don't know yet if we should import it.
Matthias Dieter Wallnöfer [Sun, 10 Jan 2010 09:47:30 +0000 (10:47 +0100)]
s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode
Additionally I had to fix some bugs (especially wrong "groupTypes") and
reordered the objects using the SID (this is easier when enhancing the file).
Andrew Tridgell [Sun, 10 Jan 2010 01:53:07 +0000 (12:53 +1100)]
s4-ldb: display security descriptors with correct SDL for known SIDs
This makes it much easier to compare SDs
Andrew Tridgell [Sun, 10 Jan 2010 01:52:22 +0000 (12:52 +1100)]
s4-dsdb: added samdb_domain_sid_cache_only()
Volker Lendecke [Sat, 9 Jan 2010 17:43:38 +0000 (18:43 +0100)]
s3: Remove a pointless "else" branch from add_ccache_to_list()
Volker Lendecke [Sat, 9 Jan 2010 18:01:35 +0000 (19:01 +0100)]
s3: Slightly simplify winbindd_store_creds
Volker Lendecke [Sat, 9 Jan 2010 19:22:00 +0000 (20:22 +0100)]
s3: Fix a segfault in winbindd_dual_ccache_ntlm_auth()
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means
with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob
after the ntlmssp_end().
Andrew Tridgell [Sat, 9 Jan 2010 11:08:25 +0000 (22:08 +1100)]
s4-drs: instanceType is always sent, regardless of UDV values
Andrew Tridgell [Sat, 9 Jan 2010 10:43:16 +0000 (21:43 +1100)]
s4-debug: lower the verbosity of a couple of common log messages
Andrew Tridgell [Sat, 9 Jan 2010 09:58:07 +0000 (20:58 +1100)]
s4-samldb: fixed primaryGroupID when promoting a machine to a DC
The machine gets a primaryGroupID of DOMAIN_RID_DCS. This is done
without changing the member attributes of its groups.
Andrew Tridgell [Sat, 9 Jan 2010 09:54:16 +0000 (20:54 +1100)]
s4-schema: fixed the SDDL for the schema root security descriptor
This was preventing a DCPROMO client from allowing outgoing
replication
Andrew Tridgell [Sat, 9 Jan 2010 09:53:27 +0000 (20:53 +1100)]
s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
This allows us to filter correctly for a NC that we have created but
not pulled from anyone.
Andrew Tridgell [Sat, 9 Jan 2010 09:42:23 +0000 (20:42 +1100)]
s4-drs: give DN of failed replication partition
Andrew Tridgell [Sat, 9 Jan 2010 07:50:30 +0000 (18:50 +1100)]
s4-drs: base is_nc_prefix on instanceType
for extended operations comparing to the ncRoot_dn is not correct
Andrew Tridgell [Sat, 9 Jan 2010 07:10:38 +0000 (18:10 +1100)]
s4-drs: having no SPNs to change is not an error
Andrew Tridgell [Sat, 9 Jan 2010 06:42:59 +0000 (17:42 +1100)]
s4-drs: fixed writespn to ignore add/delete errors
When a SPN is added and already exists, it is ignored. Similarly, when
a SPN is deleted and doesn't exist, it is ignored.
Andrew Tridgell [Sat, 9 Jan 2010 06:42:05 +0000 (17:42 +1100)]
s4-dsdb: added samdb_ldb_val_case_cmp()
Andrew Tridgell [Sat, 9 Jan 2010 06:11:01 +0000 (17:11 +1100)]
s4-drs: moved the DsWriteAccountSpn call to its own file
Andrew Tridgell [Sat, 9 Jan 2010 04:57:52 +0000 (15:57 +1100)]
s4-libnet: dsdb_wellknown_dn() in vampire code
Andrew Tridgell [Sat, 9 Jan 2010 04:12:18 +0000 (15:12 +1100)]
s4-drs: need to set the getncchanges extended_ret on success too
Andrew Tridgell [Sat, 9 Jan 2010 03:29:39 +0000 (14:29 +1100)]
s4-drs: calculate and send a uptodateness_vector with replication requests
This stops us getting objects changes twice if they came via an
indirect path.
Andrew Tridgell [Sat, 9 Jan 2010 03:28:00 +0000 (14:28 +1100)]
s4-drs: be less verbose when we filter objects by UDV
Andrew Tridgell [Sat, 9 Jan 2010 02:11:27 +0000 (13:11 +1100)]
s4-drs: added filtering by udv in getncchanges
When a client supplied an uptodateness_vector, we can use it to filter
what objects we return. This greatly reduces the amount of replication
traffic between DCs.
Andrew Tridgell [Sat, 9 Jan 2010 02:10:28 +0000 (13:10 +1100)]
s4-idl: give a enum for attribute cn and a 'NONE' attribute
The 'NONE' attribute has value 0xFFFFFFFF. Adding this ensures the
compiler will complain if it is set to use 16 bit enums. We rely on
being able to store 32 bits in an attid enum.
Andrew Tridgell [Fri, 8 Jan 2010 23:12:54 +0000 (10:12 +1100)]
s4-drs: fixed the NC in the getncchanges RID alloc reply
the search happens on a different DN to the NC of the request, but the
reply is with the original NC
Andrew Tridgell [Fri, 8 Jan 2010 22:05:56 +0000 (09:05 +1100)]
s4-debug: removed debug_ctx(). It didn't catch on :-)
There was only one user, which isn't worth it for the overhead.
Andrew Tridgell [Fri, 8 Jan 2010 22:05:29 +0000 (09:05 +1100)]
s4-messaging: remove only usage of debug_ctx()
Andrew Tridgell [Fri, 8 Jan 2010 22:04:18 +0000 (09:04 +1100)]
s4-messaging: fixed a memory leak in messaging_path()
It is a bit convoluted to fix, as cluster_id_string() may return a
const string.
Andrew Tridgell [Fri, 8 Jan 2010 22:03:45 +0000 (09:03 +1100)]
s4-drs: fixed usage of ldb_dn_new()
Andrew Tridgell [Fri, 8 Jan 2010 22:03:08 +0000 (09:03 +1100)]
s4-ldb: validate the type of the ldb argument to ldb_dn_new()
It has been a common bug to get the first two arguments the wrong way
around
Simo Sorce [Fri, 8 Jan 2010 21:53:30 +0000 (16:53 -0500)]
Fix comment
Jeremy Allison [Fri, 8 Jan 2010 18:17:46 +0000 (10:17 -0800)]
Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
Matthias Dieter Wallnöfer [Fri, 8 Jan 2010 17:18:21 +0000 (18:18 +0100)]
s4:provision_self_join.ldif - Adapt comment after implementation of distributed RIDs
Andreas Schneider [Thu, 7 Jan 2010 11:23:33 +0000 (12:23 +0100)]
s4-kdc: Migrate tcp connections to tsocket.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 4 Nov 2009 18:27:20 +0000 (19:27 +0100)]
s4:kdc: use LIBSAMBA_TSOCKET
metze
Stefan Metzmacher [Fri, 8 Jan 2010 10:45:59 +0000 (11:45 +0100)]
s4:kdc: the ->process function returns "bool"
metze
Stefan Metzmacher [Thu, 5 Nov 2009 08:55:12 +0000 (09:55 +0100)]
libcli/util: add tstream_read_pdu_blob_send/recv
This will take the some full_request callback function
as the Samba4 packet code.
metze
Günther Deschner [Fri, 8 Jan 2010 10:03:31 +0000 (11:03 +0100)]
s3-time: fix build warnings after we moved to shared time functions.
Bjoern, please check.
Guenther
Günther Deschner [Fri, 8 Jan 2010 09:38:46 +0000 (10:38 +0100)]
s3-docs: mention -K option in pdbedit manpage.
Guenther
Andrew Tridgell [Fri, 8 Jan 2010 07:03:09 +0000 (18:03 +1100)]
s4-drs: added two more SPNs in addentry
w2k8r2 wants these after a DCPROMO
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 06:58:26 +0000 (17:58 +1100)]
s4-schema: fixes for W2K8-R2 schema
The schema from WSPP had a number of typos that prevented it from
working. These changes allow it to work with Samba, and allow w2k8r2
to run DCPROMO against Samba successfully
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 06:01:32 +0000 (17:01 +1100)]
s4-schema: added msDS-NcType to schema container
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 06:00:54 +0000 (17:00 +1100)]
s4-schema: fixed attributes of aggregate schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 06:00:28 +0000 (17:00 +1100)]
s4-schema: switch to W2K8-R2 schema
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 05:59:27 +0000 (16:59 +1100)]
s4-schema: added adminDisplayName and adminDescription
These are missing from the WSPP schemas
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 05:57:56 +0000 (16:57 +1100)]
s4-schema: added some debug for bad attributes
Andrew Tridgell [Fri, 8 Jan 2010 05:56:01 +0000 (16:56 +1100)]
s4-provision: added W2K8-R2 schema as provided by WSPP
Andrew Tridgell [Fri, 8 Jan 2010 01:55:21 +0000 (12:55 +1100)]
s4-samba3samtest: we need to force netbios name as well
needed for when run in CLIENT context
Andrew Tridgell [Fri, 8 Jan 2010 01:54:42 +0000 (12:54 +1100)]
s4-samba3sid: fixed error returns when res->count != 1 and oom
Andrew Tridgell [Fri, 8 Jan 2010 01:45:49 +0000 (12:45 +1100)]
s4-samba3samtest: force workgroup so the domain is right
the samba3sid backend looks at lp_sam_name() which is based on the
workgroup
Andrew Tridgell [Fri, 8 Jan 2010 01:45:29 +0000 (12:45 +1100)]
s4-samba3sid: the sambaNextRid attribute is actually the previous RID
Not well named .... though same mistake that MS made with rIDNextRid
Andrew Tridgell [Fri, 8 Jan 2010 01:15:01 +0000 (12:15 +1100)]
s4-samba3sam: use samba3sid module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 8 Jan 2010 01:14:39 +0000 (12:14 +1100)]
s4-dsdb: added a samba3sid module
This module allocates SIDs using the Samba3 algorithm, for use with
the samba3sam module.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 7 Jan 2010 23:03:51 +0000 (10:03 +1100)]
s4-acl: fixed acl.py test to use correct ldif
same problem as sec_descriptor.py
Andrew Tridgell [Thu, 7 Jan 2010 23:00:35 +0000 (10:00 +1100)]
s4-secdesc: fixed the sec_descriptor.py test
The test was using a "changetype: add" to try and add a member to a
group, where it should use a "changetype: modify" with a "add: member"
Also fixed the recovery when the test fails part way through (delete
the test users at the start as well as the end)
Nadya, please check!
Andrew Tridgell [Thu, 7 Jan 2010 22:31:23 +0000 (09:31 +1100)]
s4-samba3samtest: use system credentials for creating users
Andrew Tridgell [Thu, 7 Jan 2010 22:30:59 +0000 (09:30 +1100)]
s4-dsdb: fixed const misuse in acl module
Andrew Tridgell [Thu, 7 Jan 2010 22:30:31 +0000 (09:30 +1100)]
s4-dsdb: use dsdb_module_am_system() in acl module
Andrew Tridgell [Thu, 7 Jan 2010 22:29:32 +0000 (09:29 +1100)]
s4-dsdb: allow specification of a SID if we are system
needed for samba3sam test
Andrew Tridgell [Thu, 7 Jan 2010 22:29:01 +0000 (09:29 +1100)]
s4-dsdb: added dsdb_module_am_system()
better than each module inventing their own
Andrew Tridgell [Thu, 7 Jan 2010 22:28:38 +0000 (09:28 +1100)]
s4-dsdb: squash some unknown structure warnings
Andrew Tridgell [Thu, 7 Jan 2010 22:00:15 +0000 (09:00 +1100)]
s4-partition: fixed selection of partitions on exact match
When a search is on the root of a partition on the global catalog,
don't search partitions above that one.
Andrew Tridgell [Thu, 7 Jan 2010 10:28:03 +0000 (21:28 +1100)]
s4-scripting: we need to use a base search for the NTDS GUID
now we have nTDSConnections structures we can get more than 1 reply
Stefan Metzmacher [Wed, 30 Dec 2009 16:11:51 +0000 (17:11 +0100)]
s4:dsdb/repl: convert dreplsrv_op_pull_source_send/recv to tevent_req
metze
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Thu, 7 Jan 2010 08:12:45 +0000 (19:12 +1100)]
s4-smbd: setup the default event contexts for other process models