13 years agoutil_strlist: Add some more "const"s - small correction
Matthias Dieter Wallnöfer [Thu, 10 Sep 2009 20:05:49 +0000 (22:05 +0200)]
util_strlist: Add some more "const"s - small correction

13 years agoutil_strlist: Add some more "const"s
Matthias Dieter Wallnöfer [Thu, 10 Sep 2009 05:17:40 +0000 (07:17 +0200)]
util_strlist: Add some more "const"s

13 years agoFix bug 6707 - 3.4.1 segfault in parsing configs.
Marc Aurele La France [Thu, 10 Sep 2009 16:52:11 +0000 (09:52 -0700)]
Fix bug 6707 - 3.4.1 segfault in parsing configs.
Fixes an occasional segfault caused by an out-of-bounds reference in config file parsing.

13 years agos4:srvsvc: Fix logic on error checking.
Andrew Kroeger [Mon, 7 Sep 2009 12:52:37 +0000 (07:52 -0500)]
s4:srvsvc: Fix logic on error checking.

13 years agos4:pwsettings: Added blackbox tests.
Andrew Kroeger [Tue, 8 Sep 2009 11:01:18 +0000 (06:01 -0500)]
s4:pwsettings: Added blackbox tests.

The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.

13 years Add function for expected failures.
Andrew Kroeger [Tue, 8 Sep 2009 21:01:26 +0000 (16:01 -0500)] Add function for expected failures.

The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.

13 years agos4:pwsettings: Show default values in help messages.
Andrew Kroeger [Tue, 8 Sep 2009 07:34:56 +0000 (02:34 -0500)]
s4:pwsettings: Show default values in help messages.

13 years agos4:pwsettings: Add 'default' option for password complexity.
Andrew Kroeger [Tue, 8 Sep 2009 07:34:30 +0000 (02:34 -0500)]
s4:pwsettings: Add 'default' option for password complexity.

13 years agos4:pwsettings: Added validation.
Andrew Kroeger [Mon, 7 Sep 2009 08:38:33 +0000 (03:38 -0500)]
s4:pwsettings: Added validation.

Validate that each field is within its allowed range.  Also validate that the
maximum password age is greater than the minimum password length (if the maximum
password age is set).

I could not find these values documented anywhere in the WSPP docs.  I used the
values shown in the W2K8 GPMC, as it appears that the GPMC actuaally performs
the validation of values.

13 years agos4:pwsettings: Don't assume a value for pwdProperties.
Andrew Kroeger [Mon, 7 Sep 2009 07:04:55 +0000 (02:04 -0500)]
s4:pwsettings: Don't assume a value for pwdProperties.

If we cannot retrieve the value, do not assume a particular value.  The fact
that we could not retrieve the value indicates a larger problem that we don't
want to make worse bypossibly clearing bit fields in the pwdProperties

13 years agos4:pwsettings: Run all updates as a single modify() operation.
Andrew Kroeger [Mon, 7 Sep 2009 06:47:35 +0000 (01:47 -0500)]
s4:pwsettings: Run all updates as a single modify() operation.

This ensures that all changes are made, or none are made.  It also makes it
possible to do validation as we go and abort in case of an error, while always
leaving things in a consistent state.

13 years agos4:pwsettings: Added --quiet option.
Andrew Kroeger [Mon, 7 Sep 2009 06:05:11 +0000 (01:05 -0500)]
s4:pwsettings: Added --quiet option.

Also changed all non-error status output to use the message() function, which
respects the --quiet option.

13 years agos4:netlogon - Put the "supported encryption types" more back in the "LogonGetDomainIn...
Matthias Dieter Wallnöfer [Wed, 9 Sep 2009 22:59:50 +0000 (00:59 +0200)]
s4:netlogon - Put the "supported encryption types" more back in the "LogonGetDomainInfo" call

They're needed only at the end.

13 years agoRevert "s4: Let the "setpassword" script finally use the "samdb_set_password" routine"
Matthias Dieter Wallnöfer [Wed, 9 Sep 2009 22:46:51 +0000 (00:46 +0200)]
Revert "s4: Let the "setpassword" script finally use the "samdb_set_password" routine"

This reverts commit fdd62e9699b181a140292689fcd88a559bc26211.

abartlet and I agreed that this isn't the right way to enforce the password
policies. Sooner or later we've to control them anyway on the directory level.

13 years agos4/torture: fixed lots of crash bugs in the DRS tests
Andrew Tridgell [Thu, 10 Sep 2009 12:58:11 +0000 (22:58 +1000)]
s4/torture: fixed lots of crash bugs in the DRS tests

13 years agos4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP
Andrew Bartlett [Thu, 10 Sep 2009 09:45:53 +0000 (19:45 +1000)]
s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP

We need to be more careful to do the cleanup functions for the right
backend.  In future, these perhaps should be provided by the
ProvisionBackend class.

Andrew Bartlett

13 years agos4/drs: enable attribute encryption
Andrew Tridgell [Thu, 10 Sep 2009 07:46:30 +0000 (17:46 +1000)]
s4/drs: enable attribute encryption

This means we now get passwords vampired correctly for s4<->s4

13 years agos4: kludge_acl needs to be above repl_meta_data
Andrew Tridgell [Thu, 10 Sep 2009 07:45:25 +0000 (17:45 +1000)]
s4: kludge_acl needs to be above repl_meta_data

We have to bypass kludge_acl in replication as otherwise we aren't
allowed access to the password entries

13 years agos4/repl: give a useful error message if we can't decode an object
Andrew Tridgell [Thu, 10 Sep 2009 07:42:36 +0000 (17:42 +1000)]
s4/repl: give a useful error message if we can't decode an object

13 years agolibcli: added a drsuapi attribute encryption function
Andrew Tridgell [Thu, 10 Sep 2009 07:42:13 +0000 (17:42 +1000)]
libcli: added a drsuapi attribute encryption function

13 years agolibcli:drsuapi Add function to encrypt data for transport over DRSUAPI
Andrew Bartlett [Thu, 10 Sep 2009 05:50:32 +0000 (15:50 +1000)]
libcli:drsuapi Add function to encrypt data for transport over DRSUAPI

This is for the server side of the GetNCChanges call.

Andrew Bartlett

13 years agos4/drs: changed the UpdateRefs server to use the dn instead of the GUID
Andrew Tridgell [Thu, 10 Sep 2009 04:27:47 +0000 (14:27 +1000)]
s4/drs: changed the UpdateRefs server to use the dn instead of the GUID

Our vampire code sends a zero GUID in the updaterefs calls. Windows
seems to ignore the GUID and use the DN in the naming context instead,
so I have changed our UpdateRefs server implementation to do the same.

With this change we can now vampire from s4<->s4 successfully! Now to
see if all the attributes came across correctly.

13 years agoOPC oota edits
John H Terpstra [Thu, 10 Sep 2009 04:12:27 +0000 (23:12 -0500)]
OPC oota edits

13 years agos4/drs: correctly fill in the GUID of DRS objects
Andrew Tridgell [Thu, 10 Sep 2009 03:51:08 +0000 (13:51 +1000)]
s4/drs: correctly fill in the GUID of DRS objects

13 years agos4: fix spelling
Andrew Tridgell [Thu, 10 Sep 2009 03:50:46 +0000 (13:50 +1000)]
s4: fix spelling

13 years agos4/provision: another fix for breakage from b1dabb1133
Andrew Tridgell [Thu, 10 Sep 2009 02:42:57 +0000 (12:42 +1000)]
s4/provision: another fix for breakage from b1dabb1133

13 years agos4:provision Don't reference provision_backend when using LDB
Andrew Bartlett [Thu, 10 Sep 2009 02:25:25 +0000 (12:25 +1000)]
s4:provision Don't reference provision_backend when using LDB

This broke in Endi's patch for Fedora DS support

Andrew Bartlett

13 years agos4/torture: don't mix declarations and code
Andrew Tridgell [Thu, 10 Sep 2009 02:14:53 +0000 (12:14 +1000)]
s4/torture: don't mix declarations and code

13 years agos4: regenerate drsuapi IDL
Andrew Tridgell [Thu, 10 Sep 2009 02:09:01 +0000 (12:09 +1000)]
s4: regenerate drsuapi IDL

13 years agos4/schema: teach the schema_syntax code how to encode/decode more attributes
Andrew Tridgell [Thu, 10 Sep 2009 02:08:15 +0000 (12:08 +1000)]
s4/schema: teach the schema_syntax code how to encode/decode more attributes

We were trying to encode strings like 'top' as integers, without first
looking them up in our schema. We need special handling for all the
attributes that contain attributeID_id or governsID_id fields that
should be translated first before encoding.

13 years agos4/schema: don't crash if we don't have subClassOf
Andrew Tridgell [Thu, 10 Sep 2009 02:06:20 +0000 (12:06 +1000)]
s4/schema: don't crash if we don't have subClassOf

13 years agos4/drsuapi: tech the IDL about some more key attribute names
Andrew Tridgell [Thu, 10 Sep 2009 02:05:50 +0000 (12:05 +1000)]
s4/drsuapi: tech the IDL about some more key attribute names

13 years agos4: Use SASL authentication against Fedora DS.
Endi Sukma Dewata [Wed, 9 Sep 2009 16:45:24 +0000 (12:45 -0400)]
s4: Use SASL authentication against Fedora DS.

1. During instance creation the provisioning script will import the SASL
   mapping for samba-admin. It's done here due to missing config schema
   preventing adding the mapping via ldapi.

2. After that it will use ldif2db to import the cn=samba-admin user as
   the target of SASL mapping.

3. Then it will start FDS and continue to do provisioning using the
   Directory Manager with simple bind.

4. The SASL credentials will be stored in secrets.ldb, so when Samba
   server runs later it will use the SASL credentials.

5. After the provisioning is done (just before stopping the slapd)
   it will use the DM over direct ldapi to delete the default SASL
   mappings included automatically by FDS, leaving just the new
   samba-admin mapping.

6. Also before stopping slapd it will use the DM over direct ldapi to
   set the ACL on the root entries of the user, configuration, and
   schema partitions. The ACL will give samba-admin the full access
   to these partitions.

Signed-off-by: Andrew Bartlett <>
13 years agos3:docs: Add info about how to obtain cifs module in cifs mount helper manpage
Volker Lendecke [Wed, 9 Sep 2009 21:08:28 +0000 (23:08 +0200)]
s3:docs: Add info about how to obtain cifs module in cifs mount helper manpage

13 years agoFix compile in a usually non-selected define.
Jeremy Allison [Wed, 9 Sep 2009 20:54:47 +0000 (13:54 -0700)]
Fix compile in a usually non-selected define.

13 years agos3:smbd: Add a "hidden" parameter "share:fake_fscaps"
Volker Lendecke [Wed, 9 Sep 2009 19:58:47 +0000 (21:58 +0200)]
s3:smbd: Add a "hidden" parameter "share:fake_fscaps"

This is needed to support some special app I've just come across where I had to
set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There
might be others to fake. This is definitely a "Don't touch if you don't know
what you're doing" thing, so I decided to make this an undocumented parametric

I know this sucks, so feel free to beat me up on this. But I don't think it
will hurt.

13 years agos3:examples:ldap: allow substing search on more attributes in nds schema file
Björn Jacke [Wed, 9 Sep 2009 18:07:19 +0000 (20:07 +0200)]
s3:examples:ldap: allow substing search on more attributes in nds schema file

13 years agos4/torture: add new SMB oplock tests
Aravind Srinivasan [Tue, 8 Sep 2009 20:19:44 +0000 (13:19 -0700)]
s4/torture: add new SMB oplock tests

* test if oplocks are granted when requesting delete-on-close
* test how oplocks are broken by byte-range-lock requests

13 years agos4/torture: convert printf to torture_comment()
Aravind Srinivasan [Tue, 8 Sep 2009 20:12:26 +0000 (13:12 -0700)]
s4/torture: convert printf to torture_comment()

Allows "make test" and other harnesses to print cleaner output.

13 years agos3:examples:ldap: fix some OIDs in various schema files
Björn Jacke [Wed, 9 Sep 2009 17:13:32 +0000 (19:13 +0200)]
s3:examples:ldap: fix some OIDs in various schema files

13 years agos4/drs: when we don't find an attribute use zero values
Andrew Tridgell [Wed, 9 Sep 2009 15:27:12 +0000 (01:27 +1000)]
s4/drs: when we don't find an attribute use zero values

thanks to metze for pointing this out

13 years agos4/vampire: fixed i/j index mixup in vampire code
Andrew Tridgell [Wed, 9 Sep 2009 15:26:34 +0000 (01:26 +1000)]
s4/vampire: fixed i/j index mixup in vampire code

13 years agos4:drs match the meta_data and attributes array
Andrew Tridgell [Wed, 9 Sep 2009 13:38:51 +0000 (23:38 +1000)]
s4:drs match the meta_data and attributes array

These two arrays need to be in sync, as they are walked in sync by the

13 years agos4/drs: broke out the core of the getncchanges code
Andrew Tridgell [Wed, 9 Sep 2009 11:26:17 +0000 (21:26 +1000)]
s4/drs: broke out the core of the getncchanges code

It is easier to understand without the heavy nesting

13 years agos4:drs level_out is a pointer
Andrew Tridgell [Wed, 9 Sep 2009 11:00:48 +0000 (21:00 +1000)]
s4:drs level_out is a pointer

DsAddEntry now seems to work for simple tests

13 years agos4:drs split addentry and getncchanges into separate files
Andrew Tridgell [Wed, 9 Sep 2009 11:00:01 +0000 (21:00 +1000)]
s4:drs split addentry and getncchanges into separate files

These will get quite complex eventually, I think we are better
separating them so the code is a bit easier to follow

13 years agoAdded "admin_session" method.
Nadezhda Ivanova [Thu, 3 Sep 2009 11:39:40 +0000 (14:39 +0300)]
Added "admin_session" method.

The purpose of admin_session is to be able to execute parts of provisioning
as the user Administrator in order to have the correct group and owner in the
security descriptors. To be used for provisioning and tests only.

13 years agos4/repl: implement DsReplicaSync
Andrew Tridgell [Wed, 9 Sep 2009 08:04:07 +0000 (18:04 +1000)]
s4/repl: implement DsReplicaSync

This patch implements DsReplicaSync by passing the call via irpc to
the repl server task. The repl server then triggers an immediate
replication of the specified partition.

This means we no longer need to set a small value for
dreplsrv:periodic_interval to force frequent DRS replication. We can
now wait for the DC to send us a ReplicaSync msg for any partition
that changes, and we immediately sync that partition.

13 years agos4/repl: added refresh of repsTo
Andrew Tridgell [Wed, 9 Sep 2009 07:04:16 +0000 (17:04 +1000)]
s4/repl: added refresh of repsTo

I've found that w2k3 deletes the repsTo records we carefully created
in the vampire join if we don't refresh them frequently. After about
30mins all 3 repsTo records are gone.

This patch adds automatic refresh of the repsTo by calling
DSReplicaUpdateRefs every time we do a sync cycle with the server

13 years agos4: fixed format of repsTo in samdb
Andrew Tridgell [Wed, 9 Sep 2009 02:29:01 +0000 (12:29 +1000)]
s4: fixed format of repsTo in samdb

Metze pointed out what the windows tool ldp.exe will examine repsTo
attributes on remote DCs, so we do in fact need to use the same format
that windows uses. This patch changes the server side implementation
of UpdateRefs to use the windows format

13 years agos4: allow repl:RODC=true/false to set ourselves as a RODC
Andrew Tridgell [Wed, 9 Sep 2009 01:26:50 +0000 (11:26 +1000)]
s4: allow repl:RODC=true/false to set ourselves as a RODC

I think this is what windows DCs use to see that we are read-only, but
I am not sure. Needs more testing.

13 years agos3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal.
Günther Deschner [Wed, 9 Sep 2009 00:29:58 +0000 (02:29 +0200)]
s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server principal.

Patch from Robert LeBlanc <>.



13 years agontlmssp: avoid duplicate inclusion of helper headers.
Günther Deschner [Tue, 8 Sep 2009 23:03:19 +0000 (01:03 +0200)]
ntlmssp: avoid duplicate inclusion of helper headers.


13 years agoMark test_security_descriptor_add_neg as known failing (for now).
Jelmer Vernooij [Tue, 8 Sep 2009 21:30:21 +0000 (23:30 +0200)]
Mark test_security_descriptor_add_neg as known failing (for now).

13 years agoBasic tests for nTSceurityDescriptor both SDDL and BASE64 format
Zahari Zahariev [Tue, 8 Sep 2009 13:00:24 +0000 (16:00 +0300)]
Basic tests for nTSceurityDescriptor both SDDL and BASE64 format

These are updated second eddition unittests using ldb.add_ldif()
and ldb.modify_ldif(). Unittests are found to work when using
the right local domain SID. Negative test separated.

Signed-off-by: Jelmer Vernooij <>
13 years agos3-nterr: add NT_STATUS_RPC_NT_CALL_FAILED.
Günther Deschner [Tue, 8 Sep 2009 21:19:08 +0000 (23:19 +0200)]


13 years agos4/torture/smb2: removed SMB2-FIND test
Steven Danneman [Tue, 8 Sep 2009 19:39:39 +0000 (12:39 -0700)]
s4/torture/smb2: removed SMB2-FIND test

This test has been wholly replaced by the SMB2-DIR-ONE test found
in dir.c.

13 years agos4/torture/smb2: Fix several small bugs and style issues in SMB2 dir tests
Steven Danneman [Tue, 8 Sep 2009 19:12:01 +0000 (12:12 -0700)]
s4/torture/smb2: Fix several small bugs and style issues in SMB2 dir tests

* removed all uses of printf, replaced with torture_comment
* replaced custom CHECK macros with new torture_assert_*_todo() helpers
* switched string dir name generation to generate_unique_strs() helper,
  to avoid non-deterministic test behavior where generate_rand_str()
  would cause file colissions in the same directory.

13 years agos4/torture: add new torture_assert_*_todo() macros
Steven Danneman [Tue, 8 Sep 2009 19:10:51 +0000 (12:10 -0700)]
s4/torture: add new torture_assert_*_todo() macros

These allow torture tests to perform cleanup after a failure, by
jumping to a goto label.

13 years agolib/util: add unique string generator helper function
Steven Danneman [Tue, 8 Sep 2009 19:09:39 +0000 (12:09 -0700)]
lib/util: add unique string generator helper function

13 years agontlmssp: add some void decode calls (useful for ndrdump).
Günther Deschner [Thu, 3 Sep 2009 00:06:34 +0000 (02:06 +0200)]
ntlmssp: add some void decode calls (useful for ndrdump).


13 years agosocket_wrapper: swrap_read() should use SWRAP_RECV* for swrap_dump_packet()
Stefan Metzmacher [Tue, 8 Sep 2009 20:07:30 +0000 (22:07 +0200)]
socket_wrapper: swrap_read() should use SWRAP_RECV* for swrap_dump_packet()

This is the same as swrap_recv().


13 years agos4:repl_meta_data: remove unused code
Stefan Metzmacher [Tue, 8 Sep 2009 10:01:46 +0000 (12:01 +0200)]
s4:repl_meta_data: remove unused code


13 years agos3:drsuapi: add a simple DsRemoveDSServer() implementation
Stefan Metzmacher [Thu, 2 Oct 2008 09:28:13 +0000 (11:28 +0200)]
s3:drsuapi: add a simple DsRemoveDSServer() implementation


13 years agos4:drsuapi: add an incomplete DsAddEntry implementation
Stefan Metzmacher [Wed, 1 Oct 2008 04:28:32 +0000 (06:28 +0200)]
s4:drsuapi: add an incomplete DsAddEntry implementation


13 years agos3:smbd: Fix bug 6690, wrong error check
Andrew Klosterman [Tue, 8 Sep 2009 15:38:37 +0000 (17:38 +0200)]
s3:smbd: Fix bug 6690, wrong error check

13 years agoschannel: add missing prototype for ndr_print_nbt_string() in schannel helper.
Günther Deschner [Tue, 8 Sep 2009 15:02:54 +0000 (17:02 +0200)]
schannel: add missing prototype for ndr_print_nbt_string() in schannel helper.

Hopefully fixes samba4 build.


13 years agos3: remove unused RPC_AUTH_SCHANNEL_NEG struct and parsing functions.
Günther Deschner [Tue, 8 Sep 2009 13:32:24 +0000 (15:32 +0200)]
s3: remove unused RPC_AUTH_SCHANNEL_NEG struct and parsing functions.


13 years agos3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().
Günther Deschner [Tue, 8 Sep 2009 13:31:01 +0000 (15:31 +0200)]
s3-rpc_server: use NL_AUTH_MESSAGE in pipe_schannel_auth_bind().


13 years agos3-rpc_client: use NL_AUTH_MESSAGE in create_schannel_auth_rpc_bind_req().
Günther Deschner [Tue, 8 Sep 2009 13:30:22 +0000 (15:30 +0200)]
s3-rpc_client: use NL_AUTH_MESSAGE in create_schannel_auth_rpc_bind_req().


13 years agos3/docs: Raise version number.
Karolin Seeger [Tue, 8 Sep 2009 13:39:57 +0000 (15:39 +0200)]
s3/docs: Raise version number.


13 years agoschannel: add NL_AUTH_MESSAGE and both NL_AUTH_SIGNATURE structs.
Günther Deschner [Tue, 8 Sep 2009 12:51:42 +0000 (14:51 +0200)]
schannel: add NL_AUTH_MESSAGE and both NL_AUTH_SIGNATURE structs.

These actually belong netlogon but we for now want to keep netlogon as a security
providor separate.


13 years agos4:idl Add generated code for netlogon.idl changes
Andrew Bartlett [Tue, 8 Sep 2009 10:21:38 +0000 (20:21 +1000)]
s4:idl Add generated code for netlogon.idl changes

13 years agoReturn a correct value for Supported Encryption Type
Matthieu Patou [Tue, 8 Sep 2009 08:21:09 +0000 (12:21 +0400)]
Return a correct value for Supported Encryption Type

Vista and upper version use this value to check wether they should ask the DC
 to change the msDS-SupportedEncryptionTypes attribute or not.
 Declare the different value as a bitmap in Netlogon idl

13 years agotort: RPC-CRACKNAMES test case refactored
Kamen Mazdrashki [Fri, 28 Aug 2009 15:35:31 +0000 (18:35 +0300)]
tort: RPC-CRACKNAMES test case refactored

13 years agotort: DsCrackNames - propagate torture context to all tests.
Kamen Mazdrashki [Fri, 28 Aug 2009 15:34:40 +0000 (18:34 +0300)]
tort: DsCrackNames - propagate torture context to all tests.

13 years agotort: Helper function to get DC info for testing
Kamen Mazdrashki [Fri, 28 Aug 2009 15:19:54 +0000 (18:19 +0300)]
tort: Helper function to get DC info for testing

13 years agotort: Implement 'setup' and 'teardown' for DRSUAPI test cases.
Kamen Mazdrashki [Fri, 28 Aug 2009 12:42:48 +0000 (15:42 +0300)]
tort: Implement 'setup' and 'teardown' for DRSUAPI test cases.

13 years agos4/ldb: support NDR printing for 2 more replication types
Andrew Tridgell [Tue, 8 Sep 2009 12:15:59 +0000 (22:15 +1000)]
s4/ldb: support NDR printing for 2 more replication types

print replUpToDateVector and replPropertyMetaData using NDR format if
--show-binary is given.

13 years agos4/ldb: allow prefixMap to be shown as NDR
Andrew Tridgell [Tue, 8 Sep 2009 12:02:59 +0000 (22:02 +1000)]
s4/ldb: allow prefixMap to be shown as NDR

13 years agos4/ldb: allow printing ntSecurityDescriptor in full
Andrew Tridgell [Tue, 8 Sep 2009 11:55:56 +0000 (21:55 +1000)]
s4/ldb: allow printing ntSecurityDescriptor in full

print security descriptors in NDR format if --show-binary is
given. This is easier to read than sddl format.

13 years agos4/ldb: added ldif handler for repsFrom/repsTo
Andrew Tridgell [Tue, 8 Sep 2009 11:45:08 +0000 (21:45 +1000)]
s4/ldb: added ldif handler for repsFrom/repsTo

In normal usage this makes no difference, but if you add --show-binary
then you can see the NDR printed out in the usual ndr_print_*() format

13 years agos4/ldb: expose the ldb flags with ldb_get_flags()
Andrew Tridgell [Tue, 8 Sep 2009 11:39:33 +0000 (21:39 +1000)]
s4/ldb: expose the ldb flags with ldb_get_flags()

13 years agos4/ldb: don't line wrap ldif when --show-binary is used
Andrew Tridgell [Tue, 8 Sep 2009 11:39:09 +0000 (21:39 +1000)]
s4/ldb: don't line wrap ldif when --show-binary is used

13 years agos4/ldb: added --show-binary command line option
Andrew Tridgell [Tue, 8 Sep 2009 10:57:31 +0000 (20:57 +1000)]
s4/ldb: added --show-binary command line option

This add --show-binary to ldbsearch. When this flag is set, binary
blobs will be shown as-is, instead of base64 encoded. This is useful
for some XML encoded attributes, and will also be used as part of some
NDR print formatting for attributes like repsTo.

13 years agos3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
Günther Deschner [Tue, 8 Sep 2009 09:57:52 +0000 (11:57 +0200)]
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.

The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.


13 years agos4:setpassword script - Passwords set by this script are set by the administrator...
Matthias Dieter Wallnöfer [Tue, 8 Sep 2009 10:02:22 +0000 (12:02 +0200)]
s4:setpassword script - Passwords set by this script are set by the administrator not the user

13 years agos4:provision - Cosmetic: Indent the parameters better
Matthias Dieter Wallnöfer [Tue, 8 Sep 2009 09:55:40 +0000 (11:55 +0200)]
s4:provision - Cosmetic: Indent the parameters better

13 years agos4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")
Matthias Dieter Wallnöfer [Mon, 7 Sep 2009 12:30:11 +0000 (14:30 +0200)]
s4:templates - Remove the latest relics (in "dcesrv_lsa_CreateSecret")

13 years agos4:wmic - Output enhancements
Dmitry Karasik [Mon, 7 Sep 2009 12:08:16 +0000 (14:08 +0200)]
s4:wmic - Output enhancements

Outputs shouldn't clash with metadata characters (|,()), special characters
should be escaped, "NULL" values should be reported as "(null)" string.

For the full explaination look at bug #6076.

13 years agoAdd read() to socketwrapper. Metze please check.
Jeremy Allison [Tue, 8 Sep 2009 03:31:01 +0000 (20:31 -0700)]
Add read() to socketwrapper. Metze please check.

13 years agos4: commit generated DRS changes
Andrew Tridgell [Tue, 8 Sep 2009 01:51:27 +0000 (11:51 +1000)]
s4: commit generated DRS changes

13 years agos4: added the structure for repsTo
Andrew Tridgell [Tue, 8 Sep 2009 01:51:01 +0000 (11:51 +1000)]
s4: added the structure for repsTo

This structure is stored in NDR format in the repsTo attribute of each
partition. It is updated by the DSUpdateRefs DSRUAPI call

13 years agos4: fixed updaterefs options bitmap
Andrew Tridgell [Tue, 8 Sep 2009 01:50:14 +0000 (11:50 +1000)]
s4: fixed updaterefs options bitmap

13 years agos4: implemented server side of DSUpdateRefs call
Andrew Tridgell [Tue, 8 Sep 2009 01:49:28 +0000 (11:49 +1000)]
s4: implemented server side of DSUpdateRefs call

This call is made by DCs to tell us we should notify them of directory

13 years agos4/ldb: fixed spelling
Andrew Tridgell [Tue, 8 Sep 2009 01:47:36 +0000 (11:47 +1000)]
s4/ldb: fixed spelling

13 years agos4: 'index' is a libc function
Andrew Tridgell [Tue, 8 Sep 2009 01:47:11 +0000 (11:47 +1000)]
s4: 'index' is a libc function

13 years agos4: fixed a unsigned printf warnings
Andrew Tridgell [Tue, 8 Sep 2009 01:46:49 +0000 (11:46 +1000)]
s4: fixed a unsigned printf warnings

13 years agos4: removed an unused variable
Andrew Tridgell [Tue, 8 Sep 2009 01:46:27 +0000 (11:46 +1000)]
s4: removed an unused variable

13 years agos4: fixed some shadowed variable warnings
Andrew Tridgell [Tue, 8 Sep 2009 01:46:08 +0000 (11:46 +1000)]
s4: fixed some shadowed variable warnings