12 years agos4-drs: Utility functions to deal with GUID
Fernando J V da Silva [Thu, 19 Nov 2009 18:28:37 +0000 (15:28 -0300)]
s4-drs: Utility functions to deal with GUID

dsdb_find_parentguid_by_dn() returns the parentGUID for a given DN
dsdb_msg_add_guid() adds a GUID value to a given message (either
objectGUID or parentGUID).

Signed-off-by: Andrew Tridgell <>
12 years agoldb:ldb_tdb backend/indexes - Outside API
Matthias Dieter Wallnöfer [Wed, 18 Nov 2009 09:44:56 +0000 (10:44 +0100)]
ldb:ldb_tdb backend/indexes - Outside API

- The outside API contains "DN" string arguments: Bad. Since in this way we
  fully rely on the outside calls regarding the right DN format. Solution: Use
  always a "struct ldb_dn" entry. Since this one is interchangeable and we can
  handle it in our preferred way.

12 years agoldb:ldb_tdb backend/indexes - DN comparison
Matthias Dieter Wallnöfer [Wed, 18 Nov 2009 09:44:56 +0000 (10:44 +0100)]
ldb:ldb_tdb backend/indexes - DN comparison

- DN comparison: The function doesn't seem that efficient. I "upgraded" it a bit
  to be more powerful (added a second length check and do both before the string

12 years agos4-dsdb: make sure mod_usn list is zeroed on each transaction
Andrew Tridgell [Fri, 20 Nov 2009 01:09:24 +0000 (12:09 +1100)]
s4-dsdb: make sure mod_usn list is zeroed on each transaction

12 years agos4-ldb: added a double-rename test
Andrew Tridgell [Fri, 20 Nov 2009 00:47:54 +0000 (11:47 +1100)]
s4-ldb: added a double-rename test

This tests the fix for double rename/add and indexing

12 years agos4-ldb: when -v is specified, show progress of ldbadd/ldbmodify
Andrew Tridgell [Fri, 20 Nov 2009 00:34:24 +0000 (11:34 +1100)]
s4-ldb: when -v is specified, show progress of ldbadd/ldbmodify

This is useful for speed tests with large numbers of records.

12 years agos4-ldb: make ldb tools line buffered
Andrew Tridgell [Fri, 20 Nov 2009 00:33:43 +0000 (11:33 +1100)]
s4-ldb: make ldb tools line buffered

this prevents output being buffered when redirected to a file. Useful
for larger ldb command line operations

12 years agos4-ldb: fixed an issue in rename/modify indexing
Andrew Tridgell [Wed, 18 Nov 2009 10:56:24 +0000 (21:56 +1100)]
s4-ldb: fixed an issue in rename/modify indexing

When we rename or modify a record, we need to update the indexes at
the same time. It is important that we use the DN of the actual
message that is stored in the database to do this, not the DN that was
passed in by the user. If the two differ in case then the index
records needs to use the 'real' record DN, as index handling is
currently case sensitive.

12 years agos4-ldb: allow test suite to run directly against a file
Andrew Tridgell [Wed, 18 Nov 2009 02:27:50 +0000 (13:27 +1100)]
s4-ldb: allow test suite to run directly against a file

This makes it much easier to debug (as you can break in the ldb
modules by running gdb on /usr/bin/python)

12 years agoPC Oota Edits.
John H Terpstra [Thu, 19 Nov 2009 21:41:59 +0000 (15:41 -0600)]
PC Oota Edits.

12 years agos3: Avoid races to change the machine password in winbind
Volker Lendecke [Thu, 19 Nov 2009 16:22:27 +0000 (17:22 +0100)]
s3: Avoid races to change the machine password in winbind

The machine password handler has code to deal with every node in the cluster
trying to change the machine password at the same time. However, it is not very
nice to the DC if everyone tries this simultaneously. This adds a random 0-255
second offset to our timed event. When this fires a bit later than strictly
calculated, someone else might have stepped in and have already changed it. The
timed event handler will handle this gracefully, it won't even try to do it

12 years agos3: Protect against flooding the DC with pwchange requests
Volker Lendecke [Thu, 19 Nov 2009 16:20:47 +0000 (17:20 +0100)]
s3: Protect against flooding the DC with pwchange requests

When there is a temporary problem changing passwords we flooded the DC with
pwchange requests. This gives the DC a 60-second break to recover.

12 years agos3: Re-check the timeout in machine_password_change_handler()
Volker Lendecke [Thu, 19 Nov 2009 16:14:40 +0000 (17:14 +0100)]
s3: Re-check the timeout in machine_password_change_handler()

Someone else might have come in between and changed the password since we
created that timed request

12 years agos3: Add some debugs to the winbind machine pwchange machinery
Volker Lendecke [Thu, 19 Nov 2009 16:11:32 +0000 (17:11 +0100)]
s3: Add some debugs to the winbind machine pwchange machinery

12 years agos3: Factor timeval_string out of current_timestring()
Volker Lendecke [Thu, 19 Nov 2009 10:50:13 +0000 (11:50 +0100)]
s3: Factor timeval_string out of current_timestring()

12 years agos3: Do not kill the whole smb session if a machine pwchange failed
Volker Lendecke [Thu, 19 Nov 2009 16:56:46 +0000 (17:56 +0100)]
s3: Do not kill the whole smb session if a machine pwchange failed

12 years agos3:pdb_ldap: fix a comment typo
Michael Adam [Mon, 16 Nov 2009 10:01:53 +0000 (11:01 +0100)]
s3:pdb_ldap: fix a comment typo


12 years agos3: shortcut uid_to_sid when "ldapsam:trusted = yes"
Michael Adam [Mon, 16 Nov 2009 10:37:18 +0000 (11:37 +0100)]
s3: shortcut uid_to_sid when "ldapsam:trusted = yes"

The normal uid_to_sid behaviour is to call sys_getpwuid()
to get the name for the given uid and then call the
getsampwnam passdb method for the resulting name.

In the ldapsam:trusted case we can reduce the uid_to_sid
operation to one simple search for the uidNumber attribute
and only get the sambaSID attribute from the correspoinding
LDAP object. This reduces the number of ldap roundtrips
for this operation.


12 years agos3-build: really fix build of winbind_krb5_locator.
Günther Deschner [Thu, 19 Nov 2009 12:44:33 +0000 (13:44 +0100)]
s3-build: really fix build of winbind_krb5_locator.


12 years agos3-build: make sure to remove libds and client object files on make clean.
Günther Deschner [Thu, 19 Nov 2009 12:39:24 +0000 (13:39 +0100)]
s3-build: make sure to remove libds and client object files on make clean.


12 years agos4:ldbcli - Added encoder/decoder for relax control.
Endi S. Dewata [Wed, 18 Nov 2009 22:47:07 +0000 (16:47 -0600)]
s4:ldbcli - Added encoder/decoder for relax control.

12 years agos3: Replace some create_synthetic_smb_fname() calls
Volker Lendecke [Sun, 15 Nov 2009 09:46:23 +0000 (10:46 +0100)]
s3: Replace some create_synthetic_smb_fname() calls

In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.

12 years agos3: Do not talloc in readdir
Volker Lendecke [Mon, 16 Nov 2009 08:49:23 +0000 (09:49 +0100)]
s3: Do not talloc in readdir

This is a hot codepath (called from the stat cache)

12 years agos3:load_interfaces(): use function gfree_interfaces() that we have.
Michael Adam [Wed, 18 Nov 2009 14:19:09 +0000 (15:19 +0100)]
s3:load_interfaces(): use function gfree_interfaces() that we have.

To reduce code duplication.


12 years agoAdded control copying for message types other than ldb_search.
Nadezhda Ivanova [Wed, 18 Nov 2009 16:47:29 +0000 (18:47 +0200)]
Added control copying for message types other than ldb_search.

When ildap created a new message to forward, it only copied controls for ldb_search
requests. This caused controls for add and modify to be lost in transition
and tests for them could not be implemented.

12 years agos3/docs: Add "max protocol = smb2" to man smb.conf.
Karolin Seeger [Wed, 18 Nov 2009 12:05:24 +0000 (13:05 +0100)]
s3/docs: Add "max protocol = smb2" to man smb.conf.


12 years agoREADME.coding: Update rules about code blocks and braces.
Kai Blin [Wed, 18 Nov 2009 10:43:01 +0000 (11:43 +0100)]
README.coding: Update rules about code blocks and braces.

12 years agoselftest: Subunit/ only allow expected failures without errors
Stefan Metzmacher [Tue, 17 Nov 2009 14:27:29 +0000 (15:27 +0100)]
selftest: Subunit/ only allow expected failures without errors


12 years agos4:selftest: mark samba4.smb2.lock.*.VALID-REQUEST as known failure
Stefan Metzmacher [Wed, 18 Nov 2009 07:20:29 +0000 (08:20 +0100)]
s4:selftest: mark samba4.smb2.lock.*.VALID-REQUEST as known failure


12 years agoSMB2-LOCK: make use of torture_assert_*()
Stefan Metzmacher [Wed, 18 Nov 2009 07:12:48 +0000 (08:12 +0100)]
SMB2-LOCK: make use of torture_assert_*()

This is needed in order to mark tests as known failures.


12 years agos4:ntvfs_generic: check for valid SMB2_LOCK flags
Stefan Metzmacher [Wed, 18 Nov 2009 07:11:46 +0000 (08:11 +0100)]
s4:ntvfs_generic: check for valid SMB2_LOCK flags


12 years agos4:selftest: fix logic for --option=torture:progress=no
Stefan Metzmacher [Tue, 17 Nov 2009 15:58:11 +0000 (16:58 +0100)]
s4:selftest: fix logic for --option=torture:progress=no


12 years agos4:torture/ make use of the PREFIX argument
Stefan Metzmacher [Tue, 17 Nov 2009 14:23:39 +0000 (15:23 +0100)]
s4:torture/ make use of the PREFIX argument

We should not use hardcode pathes!


12 years agoselftest: ignore empty lines in knownfailures
Stefan Metzmacher [Tue, 17 Nov 2009 15:59:20 +0000 (16:59 +0100)]
selftest: ignore empty lines in knownfailures


12 years agoselftest/output/ report the testuite name on error
Stefan Metzmacher [Tue, 17 Nov 2009 16:30:14 +0000 (17:30 +0100)]
selftest/output/ report the testuite name on error


12 years agos4:selftest: for now skip the BASE-DELAY-WRITE test completely
Stefan Metzmacher [Tue, 17 Nov 2009 11:03:54 +0000 (12:03 +0100)]
s4:selftest: for now skip the BASE-DELAY-WRITE test completely

This test randomly fails depending on the timing
(the tests are too strict with the values introduced in
commit 0fca2b078ceb314e429e24e3318b50451ccf423b)
and local filesystem features (timestamp resolution).


12 years agos4:selftest: avoid running the slow BASE-DELAY-WRITE test on the cifs proxy share
Stefan Metzmacher [Tue, 17 Nov 2009 10:59:21 +0000 (11:59 +0100)]
s4:selftest: avoid running the slow BASE-DELAY-WRITE test on the cifs proxy share

It's enough to run it on the posix share.


12 years agos4:selftest: add "rpc.netlogon.*.GetDomainInfo"
Stefan Metzmacher [Mon, 16 Nov 2009 15:54:53 +0000 (16:54 +0100)]
s4:selftest: add "rpc.netlogon.*.GetDomainInfo"

We need to expand the test to work against w2k8 and w2k8r2...


12 years agofixed the build
Andrew Tridgell [Wed, 18 Nov 2009 01:46:45 +0000 (12:46 +1100)]
fixed the build

whoever pushed 15d93a5d8e21893e1cca5c989dbf97010aae1622, please check
that what you push compiles and passes tests. In this case it didn't

12 years agos4/torture: Port SMBv1 Change Notify tests to SMBv2
Aravind Srinivasan [Tue, 17 Nov 2009 23:30:11 +0000 (15:30 -0800)]
s4/torture: Port SMBv1 Change Notify tests to SMBv2

* Ported all tests from raw/notify.c to smb2/notify.c
* Parameterized the max_buffer_size so it can be set on a
  per-target basis.
* Fixed CHECK macros to use torture_result
* Created a SMB2-NOTIFY test suite

12 years agos4/libcli: add a FILE_NOTIFY_CHANGE_ALL macro
Aravind Srinivasan [Tue, 17 Nov 2009 23:24:40 +0000 (15:24 -0800)]
s4/libcli: add a FILE_NOTIFY_CHANGE_ALL macro

This macro encompasses all possible file notifications that can
be raised.

12 years agos4/torture: add a new ulong parameteric torture option
Aravind Srinivasan [Tue, 17 Nov 2009 23:23:23 +0000 (15:23 -0800)]
s4/torture: add a new ulong parameteric torture option

12 years agotorture/smb2: make SMB2 BRL tests pass against W2K8R2
Steven Danneman [Fri, 13 Nov 2009 23:13:19 +0000 (15:13 -0800)]
torture/smb2: make SMB2 BRL tests pass against W2K8R2

The BRL tests previously based their results off several bugs in the
W2K8 byte range lock code.  I've fixed up the tests to pass against
Win7 which has fixed these bugs, and assume that the Win7 behavior
is the default.

I have inverted the test behavior for >63-bit lock requests.  The
tests previously expected NT_STATUS_OK as their default in this
case.  I've changed that default to expect STATUS_INVALID_LOCK_RANGE.
This may requires some changing of make test to compensate.

I've also removed a few test scenarios from VALID-REQUEST in preparation
of replacing them with separate tests ported from RAW-LOCK.

12 years agoStart removing SMB_STRUCT_STAT variables except for
Jeremy Allison [Wed, 18 Nov 2009 00:06:08 +0000 (16:06 -0800)]
Start removing SMB_STRUCT_STAT variables except for
the directory enumeration code (which needs it).

12 years agoRemove "store create time" code, cause create time to be stored
Jeremy Allison [Tue, 17 Nov 2009 22:55:02 +0000 (14:55 -0800)]
Remove "store create time" code, cause create time to be stored
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.

12 years agos4:WINREG RPC server - remove a "talloc_free"
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:56:14 +0000 (19:56 +0100)]
s4:WINREG RPC server - remove a "talloc_free"

I assume that this "talloc_free" isn't necessary since the DCERPC server frees
the handle itself (we got always warnings about this).

12 years agos4:provision_users.ldif - Descriptions generally begin with a majuscle
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:46:59 +0000 (19:46 +0100)]
s4:provision_users.ldif - Descriptions generally begin with a majuscle

12 years agos4:SAMLDB DSDB module - Add "\n"s on debug messages
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 18:22:00 +0000 (19:22 +0100)]
s4:SAMLDB DSDB module - Add "\n"s on debug messages

12 years agos4:SAMLDB DSDB module - Remove "\n" in LDB error messages
Matthias Dieter Wallnöfer [Tue, 17 Nov 2009 17:45:17 +0000 (18:45 +0100)]
s4:SAMLDB DSDB module - Remove "\n" in LDB error messages

abartlet suggested me to not use anymore "\n"s in those kind of outputs.
Plus, enhance a search filter to consider also "builtinDomain" objects which
are basically domain objects too.

12 years agoFixed incorrect SID for RAS Servers.
Nadezhda Ivanova [Tue, 17 Nov 2009 15:10:23 +0000 (17:10 +0200)]
Fixed incorrect SID for RAS Servers.

12 years agos3: Fix the build on Solaris
Volker Lendecke [Tue, 17 Nov 2009 14:15:35 +0000 (15:15 +0100)]
s3: Fix the build on Solaris

12 years agos4:dsdb/schema: let schema_supclasses() return the correct pointer
Stefan Metzmacher [Mon, 16 Nov 2009 18:41:46 +0000 (19:41 +0100)]
s4:dsdb/schema: let schema_supclasses() return the correct pointer

str_list_unique() changes the pointer via talloc_realloc().


12 years agolibrpc: rerun "make idl"
Stefan Metzmacher [Mon, 16 Nov 2009 18:41:05 +0000 (19:41 +0100)]
librpc: rerun "make idl"


12 years agonetlogon.idl: fix ndr_pull_netr_DatabaseRedo()
Stefan Metzmacher [Mon, 16 Nov 2009 18:38:32 +0000 (19:38 +0100)]
netlogon.idl: fix ndr_pull_netr_DatabaseRedo()

We can't use subcontext_size() here, as
change_log_entry_size is encoded after the subcontext.


12 years agos4:selftest: use "dc:local" instead of a hardcoded config file
Stefan Metzmacher [Mon, 16 Nov 2009 17:00:42 +0000 (18:00 +0100)]
s4:selftest: use "dc:local" instead of a hardcoded config file

If a tests needs access to the dc's config, it should run
as "dc:local", then it can also access unix named pipes...

If we pass a hardcoded config file the test fails if you use
a selftest_prefix.


12 years agos4:selftest: allways start with $(ST_RM)
Stefan Metzmacher [Mon, 16 Nov 2009 15:53:51 +0000 (16:53 +0100)]
s4:selftest: allways start with $(ST_RM)


12 years agos4:selftest: place summary file into selftest-prefix
Stefan Metzmacher [Mon, 16 Nov 2009 15:48:18 +0000 (16:48 +0100)]
s4:selftest: place summary file into selftest-prefix


12 years agoselftest: make sure we don't buffer any output
Stefan Metzmacher [Mon, 16 Nov 2009 15:34:13 +0000 (16:34 +0100)]
selftest: make sure we don't buffer any output


12 years agoselftest: Fix unexpected failure handline in Subunit/
Stefan Metzmacher [Mon, 16 Nov 2009 15:27:39 +0000 (16:27 +0100)]
selftest: Fix unexpected failure handline in Subunit/

We should only mark the testsuite as expected failure,
if there were more than 1 expected failure, but 0 unexpected

Before we ignored unexpected failures if there was an expected failure
within a testsuite.


12 years agos4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be...
Andrew Bartlett [Tue, 17 Nov 2009 04:36:48 +0000 (15:36 +1100)]
s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be644c6ccc2832)

This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal

Andrew Bartlett

12 years agos4/drs(tort): Convert DSSYNC test to a test case fixture
Kamen Mazdrashki [Mon, 16 Nov 2009 01:28:01 +0000 (03:28 +0200)]
s4/drs(tort): Convert DSSYNC test to a test case fixture

Now it should be much more clear why and where a test
in DSSYNC test case has failed.

Signed-off-by: Andrew Bartlett <>
12 years agos4/drs(tort): replace DEBUG with torture_asert/comment/fail
Kamen Mazdrashki [Mon, 16 Nov 2009 09:36:20 +0000 (11:36 +0200)]
s4/drs(tort): replace DEBUG with torture_asert/comment/fail

I left dumping of decrypted attributes values 'as is'
(using DEBUG and DEBUGADD) as it uses dump_data() function.
dump_data() uses DEBUGADD internally, so I have no way
to redirect its output to torture_context at this point.

Signed-off-by: Andrew Bartlett <>
12 years agos4/drs(tort): use torture_drsuapi_assert_call() macro for error checking
Kamen Mazdrashki [Sat, 14 Nov 2009 13:51:53 +0000 (15:51 +0200)]
s4/drs(tort): use torture_drsuapi_assert_call() macro for error checking

Signed-off-by: Andrew Bartlett <>
12 years agos4/drs(tort): replace 'printf' with 'torture_...' calls
Kamen Mazdrashki [Thu, 12 Nov 2009 01:11:58 +0000 (03:11 +0200)]
s4/drs(tort): replace 'printf' with 'torture_...' calls

Signed-off-by: Andrew Bartlett <>
12 years agos4/drs(tort): 'DsSyncBindInfo.pipe' renamed - 'pipe' is a system call
Kamen Mazdrashki [Tue, 10 Nov 2009 16:12:40 +0000 (18:12 +0200)]
s4/drs(tort): 'DsSyncBindInfo.pipe' renamed - 'pipe' is a system call

Signed-off-by: Andrew Bartlett <>
12 years agos4/drs(tort): 'DsPrivate.pipe' renamed - 'pipe' is a system call
Kamen Mazdrashki [Sat, 14 Nov 2009 01:56:21 +0000 (03:56 +0200)]
s4/drs(tort): 'DsPrivate.pipe' renamed - 'pipe' is a system call

Signed-off-by: Andrew Bartlett <>
12 years agos4:dsdb With these workarounds, we now pass the RPC-DSSYNC test
Andrew Bartlett [Mon, 16 Nov 2009 23:37:04 +0000 (10:37 +1100)]
s4:dsdb With these workarounds, we now pass the RPC-DSSYNC test

12 years agos4:provision Split up reference creation, load schema earlier in the stack
Andrew Bartlett [Mon, 16 Nov 2009 07:51:17 +0000 (18:51 +1100)]
s4:provision Split up reference creation, load schema earlier in the stack

The schema needs to be loaded above the extended_dn_out modules as
otherwise we don't get an extended DN in the search results.

The reference split is to ensure we create references after the
objects they reference exist.

Andrew Bartlett

12 years agos4:schema Add the GUID to each defaultObjectCategory when loading from LDIF
Andrew Bartlett [Mon, 16 Nov 2009 07:48:46 +0000 (18:48 +1100)]
s4:schema Add the GUID to each defaultObjectCategory when loading from LDIF

This makes these full extended DNs, so we set the right values into
the database, even before we actually set the schema objects

Andrew Bartlett

12 years agos4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory
Andrew Bartlett [Mon, 16 Nov 2009 07:46:28 +0000 (18:46 +1100)]
s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory

It is important to always ensure that this attribute has an extended
DN if the rest of the database stores things that way.

The knowlege of what format the DN is stored on disk with is passed
around in an LDB opaque.

Andrew Bartlett

12 years agos4:provision Generate a random objectGUID for each schema record
Andrew Bartlett [Mon, 16 Nov 2009 07:45:21 +0000 (18:45 +1100)]
s4:provision Generate a random objectGUID for each schema record

This is needed to then create extended DNs with GUID attributes in
them, when importing from the LDIF

Andrew Bartlett

12 years agos4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema
Andrew Bartlett [Mon, 16 Nov 2009 07:40:24 +0000 (18:40 +1100)]
s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema

The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.

The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for

Also adapt callers to API changes needed for common parsing code

Andrew Bartlett

12 years agos4:dsdb Use the new flags to dsdb_module_search in schema_load
Andrew Bartlett [Mon, 16 Nov 2009 07:37:51 +0000 (18:37 +1100)]
s4:dsdb Use the new flags to dsdb_module_search in schema_load

This loads the defaultObjectCategory DN as an extended DN, so we can
apply it, with the associated GUID, when setting this on records in
the objectClass module.

Previously we would not store the extended DN components for

Andrew Bartlett

12 years agos4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction
Andrew Bartlett [Mon, 16 Nov 2009 07:35:08 +0000 (18:35 +1100)]
s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction

This should make it easier to call this function from the DRS schema
load code, rather than duplicate it.

(we may do the same with other functions in future).

Andrew Bartlett

12 years agos4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features
Andrew Bartlett [Mon, 16 Nov 2009 07:32:17 +0000 (18:32 +1100)]
s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features

These flags, also on dsdb_module_search_dn() allow us to add commonly
set controls to this pre-packaged blocking search, without rebuilding
the whole function in each caller.

Andrew Bartlett

12 years agoDon't overwrite a dynamic pointer with the address of a stack
Jeremy Allison [Mon, 16 Nov 2009 22:55:21 +0000 (14:55 -0800)]
Don't overwrite a dynamic pointer with the address of a stack

12 years agos4:SAMLDB module
Matthias Dieter Wallnöfer [Mon, 16 Nov 2009 16:57:50 +0000 (17:57 +0100)]
s4:SAMLDB module

- Add more "\n" to make sure that error messages are displayed immediately
- Add a "NULL" in a attribute list

12 years agoRevert "s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayNam...
Matthias Dieter Wallnöfer [Mon, 16 Nov 2009 16:01:43 +0000 (17:01 +0100)]
Revert "s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator"

This reverts commit df95d5c29292968b465bff24c3cf78800677a4d4.

abartlet pointed out in a post on the samba-technical list that this isn't
necessary at all (lDAPDisplayName normalisation algorithm). Rather it breaks
functionality of the replication.

12 years agoREADME.Coding: add section about usage of helper variables
Stefan Metzmacher [Mon, 16 Nov 2009 09:52:27 +0000 (10:52 +0100)]
README.Coding: add section about usage of helper variables


12 years agoREADME.Coding: fix error in "good example"
Stefan Metzmacher [Mon, 16 Nov 2009 09:51:31 +0000 (10:51 +0100)]
README.Coding: fix error in "good example"


12 years agos3:libsmb: avoid passing a function call as function parameter
Stefan Metzmacher [Mon, 16 Nov 2009 08:59:58 +0000 (09:59 +0100)]
s3:libsmb: avoid passing a function call as function parameter

Using a helper variable makes it easier to "step" into the desired function
within gdb.


12 years agos4:dsdb LDB attribute lists must always be a static const char **.
Andrew Bartlett [Sun, 15 Nov 2009 23:19:42 +0000 (10:19 +1100)]
s4:dsdb LDB attribute lists must always be a static const char **.

(If they are not, then due to the async code, they will cause a segfault as they reference a reclaimed portion of the stack).

Andrew Bartlett

12 years agos4:provision - Removed dependency on full Samba 3 schema from FDS
Endi S. Dewata [Fri, 13 Nov 2009 15:58:20 +0000 (09:58 -0600)]
s4:provision - Removed dependency on full Samba 3 schema from FDS

12 years agoFixed some major bugs in inheritance and access checks.
Nadezhda Ivanova [Sun, 15 Nov 2009 20:31:44 +0000 (22:31 +0200)]
Fixed some major bugs in inheritance and access checks.

Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python

12 years agos3: Remove two more DFSG-nonfree text documents at release time. (Debian bug
Jelmer Vernooij [Sun, 15 Nov 2009 19:52:11 +0000 (20:52 +0100)]
s3: Remove two more DFSG-nonfree text documents at release time. (Debian bug

12 years agoFix writing corrupt registries because of hardcoded version string in IDL.
Wilco Baan Hofman [Thu, 15 Oct 2009 11:18:52 +0000 (13:18 +0200)]
Fix writing corrupt registries because of hardcoded version string in IDL.

Signed-off-by: Jelmer Vernooij <>
12 years agoFix NULL pointer dereference in libgpo when listing Local Policy which has no securit...
Wilco Baan Hofman [Sat, 10 Oct 2009 22:12:28 +0000 (00:12 +0200)]
Fix NULL pointer dereference in libgpo when listing Local Policy which has no security descriptor.

Signed-off-by: Jelmer Vernooij <>
12 years agoFix writing corrupt REG_SZ to the registry.
Wilco Baan Hofman [Sat, 10 Oct 2009 19:42:27 +0000 (21:42 +0200)]
Fix writing corrupt REG_SZ to the registry.

Signed-off-by: Jelmer Vernooij <>
12 years agoFix trailing garbage in the hbin block.
Wilco Baan Hofman [Thu, 8 Oct 2009 10:36:30 +0000 (12:36 +0200)]
Fix trailing garbage in the hbin block.

This specifically fixes a problem showing extra bytes of garbage in list and
print in regshell, even though the vk.data_length has the correct size.

Signed-off-by: Jelmer Vernooij <>
12 years agoAdded tests for descriptor inheritance on ldap modify.
Zahari Zahariev [Sun, 15 Nov 2009 17:26:02 +0000 (19:26 +0200)]
Added tests for descriptor inheritance on ldap modify.

Fixed some expected owners and groups.

Signed-off-by: Nadezhda Ivanova <>
12 years agoldb:python bindings - add a context on "py_ldb_delete"
Matthias Dieter Wallnöfer [Sun, 15 Nov 2009 13:23:32 +0000 (14:23 +0100)]
ldb:python bindings - add a context on "py_ldb_delete"

So the converted DN will be freed after usage.

12 years - enhance schema addition test
Matthias Dieter Wallnöfer [Fri, 13 Nov 2009 21:31:53 +0000 (22:31 +0100)] - enhance schema addition test

Don't add only a new objectclass but also a new attribute. Plus let now the
server itself calculate the "lDAPDisplayName" attribute and compare the result.

12 years agos4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator
Matthias Dieter Wallnöfer [Sat, 14 Nov 2009 19:14:45 +0000 (20:14 +0100)]
s4:dsdb/repl/replicated_objects - Applicate also here the new "lDAPDisplayName" generator

Also here we've to be sure to generate the attribute correctly if it doesn't
exist yet.

12 years agos4:SAMLDB module - Add support for required and generated schema attributes
Andrew Bartlett [Thu, 24 Sep 2009 04:14:37 +0000 (21:14 -0700)]
s4:SAMLDB module - Add support for required and generated schema attributes

This missing support found by Microsoft test suite at AD interop event.

Patch by Andrew Bartlett
Enhancements by Matthias Dieter Wallnöfer

12 years agos4:samdb util - add a call for generating a correct "lDAPDisplayName"
Matthias Dieter Wallnöfer [Sat, 14 Nov 2009 19:12:42 +0000 (20:12 +0100)]
s4:samdb util - add a call for generating a correct "lDAPDisplayName"

This is needed for the SAMLDB module enhancement regarding schema objects.
The algorithm in pseudo code is located in MS-ADTS

12 years agos3: Fix a memleak in sys_popen
Volker Lendecke [Sat, 14 Nov 2009 16:23:08 +0000 (17:23 +0100)]
s3: Fix a memleak in sys_popen

Found with "dfree command" set

12 years - Deactivates some at the moment pointless test parts
Matthias Dieter Wallnöfer [Sat, 14 Nov 2009 20:56:59 +0000 (21:56 +0100)] - Deactivates some at the moment pointless test parts

I think those parts should be deactivated since they're result set checks for
lookups which are commented out already.

12 years agoMention typedef struct in README.Coding
Volker Lendecke [Sat, 14 Nov 2009 11:55:41 +0000 (12:55 +0100)]
Mention typedef struct in README.Coding

12 years agos3: Add min_setup, min_param and min_data to cli_trans_recv
Volker Lendecke [Sat, 14 Nov 2009 10:12:50 +0000 (11:12 +0100)]
s3: Add min_setup, min_param and min_data to cli_trans_recv

Every caller that expects to receive something needs to check if enough was
sent. Make this check mandatory for everyone.

Yes, this makes the parameter list for cli_trans a bit silly, but that's just
the way it is: A silly protocol request :-)

While there, convert some _done functions to tevent_req_simple_finish_ntstatus.

12 years agoAttempt to fix the s4 build -- we can not use map_nt_error_from_unix in lib/
Volker Lendecke [Sat, 14 Nov 2009 10:32:00 +0000 (11:32 +0100)]
Attempt to fix the s4 build -- we can not use map_nt_error_from_unix in lib/