Holger Hetterich [Thu, 18 Feb 2010 14:13:59 +0000 (15:13 +0100)]
s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure list
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
Volker Lendecke [Sat, 27 Feb 2010 10:17:27 +0000 (11:17 +0100)]
s3: Copy the mapping.c license header to mapping.h
We need some license header there. If this does incorrect copyright
attributions, please correct this.
Roel van Meer [Fri, 26 Feb 2010 22:54:22 +0000 (14:54 -0800)]
Fix one of the valgrind warnings from bug #6814 - Fixes for problems reported by valgrind
The timeval passed to event_add_to_select_args() must be initialized
as event_add_to_select_args() uses a timeval_min() on this and next_event.
Stefan Metzmacher [Fri, 26 Feb 2010 09:53:06 +0000 (10:53 +0100)]
s4:ldb_dn: fix an uninitialized variable (found by make valgrindtest)
metze
Stefan Metzmacher [Fri, 26 Feb 2010 14:48:02 +0000 (15:48 +0100)]
s4:ldb_dn: remove dn->ext_linearized when ext_components is modified.
metze
Stefan Metzmacher [Thu, 25 Feb 2010 22:19:53 +0000 (23:19 +0100)]
s4:ldb_dn: reset dn->ext_comp_num in ldb_dn_explode()
metze
Stefan Metzmacher [Fri, 26 Feb 2010 15:48:09 +0000 (16:48 +0100)]
s4:dsdb/schema: fix validation of DNs
ldb_dn_extended_filter() removes all but the listed components,
I didn't noticed that when writting the code.
Doing a ldb_dn_remove_extended_components(dn2) is wrong.
This was hidden by some bugs in the ldb_dn code.
metze
Matthias Dieter Wallnöfer [Fri, 26 Feb 2010 20:00:10 +0000 (21:00 +0100)]
s4:provision.zone - fix port of "_ldap._tcp.gc._msdcs"
Matthias Dieter Wallnöfer [Fri, 26 Feb 2010 19:41:38 +0000 (20:41 +0100)]
s4:script/installmisc.sh - install "dns_update_list" to target setup folder
Matthias Dieter Wallnöfer [Fri, 26 Feb 2010 18:15:01 +0000 (19:15 +0100)]
.gitignore - ignore display of "mit_samba.so"
Günther Deschner [Fri, 26 Feb 2010 13:45:07 +0000 (14:45 +0100)]
spoolss: fix build and version in spoolss_PrinterInfo0 (aka PRINTER_INFO_STRESS).
Guenther
Günther Deschner [Fri, 26 Feb 2010 13:44:22 +0000 (14:44 +0100)]
spoolss: add spoolss_Build to IDL.
Guenther
Andreas Schneider [Fri, 26 Feb 2010 09:21:10 +0000 (10:21 +0100)]
s4-winbind: Fixed the memory context of tstream_bsd_existing()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 26 Feb 2010 09:19:55 +0000 (10:19 +0100)]
s4-ntp: Fixed the memory context of tstream_bsd_existing()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 26 Feb 2010 09:35:01 +0000 (10:35 +0100)]
s4-kdc: Fixed the memory context of tstream_bsd_existing()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Fri, 26 Feb 2010 10:53:49 +0000 (11:53 +0100)]
s4:dcesrv_samr.c - Remove unused variable
Matthieu Patou [Thu, 25 Feb 2010 17:41:57 +0000 (20:41 +0300)]
s4: Winbind allow to behave more correctly when we have more than a few users
Andrew Bartlett [Thu, 25 Feb 2010 09:22:52 +0000 (20:22 +1100)]
s4:python Add bindings to set GENSEC flags on credentials in python
This should allow these to be manipulated by python scripts that need
encrypted connections.
Andrew Bartlett
Günther Deschner [Fri, 26 Feb 2010 01:51:21 +0000 (02:51 +0100)]
s3: remove unused schannel_auth_struct.
Guenther
Günther Deschner [Fri, 26 Feb 2010 01:50:28 +0000 (02:50 +0100)]
testprogs: print the directory paths as well in spoolss test.
Guenther
Stefan Metzmacher [Fri, 26 Feb 2010 09:09:36 +0000 (10:09 +0100)]
libcli/auth: print the error in the debug message
metze
Andreas Schneider [Thu, 4 Feb 2010 16:03:04 +0000 (17:03 +0100)]
s4-smb: Migrate named_pipe_server to tsocket.
This is an improved version of commit
69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0,
which was reverted by commit
71c20f703b0c603d6aada63ed5634070a26df052.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 25 Feb 2010 13:32:39 +0000 (14:32 +0100)]
tsocket: Improve the tsocket_address_bsd_sockaddr documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 24 Feb 2010 14:09:15 +0000 (15:09 +0100)]
s4:provision: use generate_random_password()
metze
Stefan Metzmacher [Wed, 24 Feb 2010 13:44:22 +0000 (14:44 +0100)]
s4:pyglue: add generate_random_password()
metze
Stefan Metzmacher [Wed, 24 Feb 2010 14:12:17 +0000 (15:12 +0100)]
s4:torture/rpc: use generate_random_password()
metze
Stefan Metzmacher [Wed, 24 Feb 2010 14:09:50 +0000 (15:09 +0100)]
s4:libnet: use generate_random_password()
metze
Stefan Metzmacher [Thu, 25 Feb 2010 14:58:38 +0000 (15:58 +0100)]
lib/util: add generate_random_password()
metze
Andrew Tridgell [Fri, 26 Feb 2010 07:19:23 +0000 (18:19 +1100)]
devel: get the ownership of the directories right in tmpfs.sh
Andrew Tridgell [Fri, 26 Feb 2010 06:49:01 +0000 (17:49 +1100)]
s4-provision: fixed use of rndc command from python
rndc command is now a list
Andrew Tridgell [Fri, 26 Feb 2010 06:22:44 +0000 (17:22 +1100)]
s4-provision: also create the dns_update_list when running net vampire
We need the list when joining a windows domain, so we can
automatically maintain the right DNS entries on the Windows DNS server
Andrew Tridgell [Fri, 26 Feb 2010 06:09:51 +0000 (17:09 +1100)]
s4-dns: fixed CNAME automatic DNS updates
Andrew Tridgell [Fri, 26 Feb 2010 06:09:35 +0000 (17:09 +1100)]
s4-dns: use a loadparm list for samba_runcmd() commands
This allows commands with multiple arguments and quoting to be used,
while still avoiding running a shell (and this having shell expansion
problems)
Andrew Tridgell [Fri, 26 Feb 2010 03:27:28 +0000 (14:27 +1100)]
s4-provision: added dns_update_list
This contains the list of DNS names we should have as a DC
Andrew Tridgell [Fri, 26 Feb 2010 03:25:07 +0000 (14:25 +1100)]
s4-provision: setup the dns_update_list at provision time
This file is substituted at runtime by samba_dnsupdate
Andrew Tridgell [Fri, 26 Feb 2010 03:24:38 +0000 (14:24 +1100)]
s4-provision: if we aren't doing variable substitution then don't check for vars
Andrew Tridgell [Fri, 26 Feb 2010 02:58:32 +0000 (13:58 +1100)]
dns: auto-delete incorrect SRV entries for our hostname
Andrew Tridgell [Fri, 26 Feb 2010 02:30:44 +0000 (13:30 +1100)]
s4-dns: add automatic dynamic DNS updating script
This script checks a list of DNS names that we should have, and does
dynamic DNS updates using our machine account credentials to add any
missing DNS entries.
This allows us to correctly add all the DNS entries we need when we
join an existing domain as a DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 26 Feb 2010 02:27:26 +0000 (13:27 +1100)]
s4-provision: fixed port number for gc ldap DNS SRV entry
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 26 Feb 2010 02:25:42 +0000 (13:25 +1100)]
s4-param: added 'nsupdate command' option, default to /usr/bin/nsupdate -g
Andrew Tridgell [Thu, 25 Feb 2010 23:15:43 +0000 (10:15 +1100)]
samdb: added get_ntds_GUID() method
Andrew Tridgell [Thu, 25 Feb 2010 07:35:14 +0000 (18:35 +1100)]
py-samdb: added server_site_name method
Andrew Tridgell [Thu, 25 Feb 2010 07:35:01 +0000 (18:35 +1100)]
pyglue: added py_samdb_server_site_name()
Andrew Tridgell [Thu, 25 Feb 2010 07:15:47 +0000 (18:15 +1100)]
py-samdb: added get_invocation_id() method
Andrew Tridgell [Thu, 25 Feb 2010 07:15:19 +0000 (18:15 +1100)]
pyglue: added py_samdb_ntds_invocation_id()
Andrew Tridgell [Thu, 25 Feb 2010 05:29:47 +0000 (16:29 +1100)]
pyglue: don't return 127.0.0.0/8 IPs in interface_ips()
We don't generally want loopback addresses in the python code
Andrew Tridgell [Thu, 25 Feb 2010 05:16:33 +0000 (16:16 +1100)]
s4-krb5: propogate errors from a lot more kerberos functions
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 25 Feb 2010 04:13:45 +0000 (15:13 +1100)]
dns: install samba_dnsupdate
Andrew Tridgell [Thu, 25 Feb 2010 04:12:53 +0000 (15:12 +1100)]
dns: dummy samba_dnsupdate script
The merge from metze of my dns tree means we now depend on this. This
is a placeholder until Andrew and I have finished the full script.
Andrew Tridgell [Fri, 26 Feb 2010 01:36:17 +0000 (12:36 +1100)]
s4-dsdb: fixed the fetch of the server site name
when the ntds objects were moved by a recent change it broke the
calculation of the server site
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Fri, 26 Feb 2010 01:31:57 +0000 (12:31 +1100)]
Revert "s4:AD content - adequate some revision levels to match Windows Server 2008"
This reverts commit
973ea198677c581064fad62cdac30baac7103ef8.
This change breaks DRS dcpromo.
Stefan Metzmacher [Thu, 25 Feb 2010 17:10:56 +0000 (18:10 +0100)]
s4:RPC-DSSYNC: pass the ip address to the cldap code instead of a name
metze
Stefan Metzmacher [Thu, 25 Feb 2010 11:47:38 +0000 (12:47 +0100)]
s4:torture: use a connected CLDAP socket.
This is needed because we don't (want) to specify an explicit
local address. And the socket family (ipv4 vs. ipv6) needs to
be autodetected based on the remote address before the
socket() syscall.
Otherwise we would try to connect to a ipv4 address through an
ipv6only socket.
metze
Stefan Metzmacher [Thu, 25 Feb 2010 11:47:38 +0000 (12:47 +0100)]
s4:libnet: use a connected CLDAP socket.
This is needed because we don't (want) to specify an explicit
local address. And the socket family (ipv4 vs. ipv6) needs to
be autodetected based on the remote address before the
socket() syscall.
Otherwise we would try to connect to a ipv4 address through an
ipv6only socket.
metze
Jeremy Allison [Thu, 25 Feb 2010 19:57:54 +0000 (11:57 -0800)]
Fix up debug info on smb2_rename code.
Jeremy.
Jeremy Allison [Thu, 25 Feb 2010 19:15:16 +0000 (11:15 -0800)]
Implement rename/move in SMB2 from Windows7.
Jeremy.
Günther Deschner [Thu, 25 Feb 2010 18:31:06 +0000 (19:31 +0100)]
s3-nltest: fix uninitialized query level.
Guenther
Günther Deschner [Thu, 25 Feb 2010 18:06:39 +0000 (19:06 +0100)]
s4-smbtorture: define environment in one place in RPC-SPOOLSS test.
Guenther
Simo Sorce [Sun, 31 Jan 2010 18:29:57 +0000 (13:29 -0500)]
s4:kdc add mit plugin code
Simo Sorce [Sat, 13 Feb 2010 23:30:36 +0000 (18:30 -0500)]
s4:kdc make function static
Günther Deschner [Thu, 25 Feb 2010 12:12:38 +0000 (13:12 +0100)]
s3-spoolss: Save entire devicemode.
found by RPC-SPOOLSS-PRINTER torture test.
Guenther
Günther Deschner [Thu, 25 Feb 2010 12:11:47 +0000 (13:11 +0100)]
s4-smbtorture: try to set every single devicemode component in RPC-SPOOLSS-PRINTER.
Guenther
Günther Deschner [Wed, 24 Feb 2010 11:00:36 +0000 (12:00 +0100)]
s4-smbtorture: move ChangeID test to the list of tests we run against created printers.
Guenther
Jeremy Allison [Thu, 25 Feb 2010 02:11:07 +0000 (18:11 -0800)]
Make conn_close_all() safe to call from SMB2 sessions (fix crash bug).
Ensure we don't call close_cnum() with SMB2, also talloc_move the
compat_conn pointer from the NULL context onto the tcon context
in SMB2 as it's conceptually owned by that pointer.
Jeremy.
Andrew Bartlett [Thu, 25 Feb 2010 00:46:41 +0000 (11:46 +1100)]
s4:ldb Fix segfault in ldbsearch store_referral callback
sctx->refs_store was not initialised, and that made talloc_realloc
grumpy once we started actually returning referrals regularly from
Samba4's partitions module (
0be57c747825737fa9d64411223e693b055b5f8f
by mdw).
We now just use talloc_zero() and forget about this manual
initialisation work. Tracking down use of uninitialised variables
with valgrind was the grand idea when this started, but in practice we
just get segfaults in unusual places.
Andrew Bartlett
Jeremy Allison [Thu, 25 Feb 2010 00:16:30 +0000 (16:16 -0800)]
Change the credential handling so that we start with maxmux creds,
and then return to the client the number of credits per operation
that they asked for. This is a more sensible algorithm than just
blindly returning "20" on every reply, although we will probably
still need more changes to this going forward.
Jeremy.
Simo Sorce [Wed, 24 Feb 2010 22:55:25 +0000 (17:55 -0500)]
idl:lsa change string type
comapring win<-> traces it looks like this is an lsa_StringLarge
Simo Sorce [Wed, 24 Feb 2010 22:10:59 +0000 (17:10 -0500)]
s4:lsa use the correct way to store a domain sid
Converting the sid to a string and then storing a string does not save the sid
in the right format. Causing following retrievals to fail to read back a sid
with samdb_result_dom_sid().
Simo Sorce [Wed, 24 Feb 2010 22:07:26 +0000 (17:07 -0500)]
s4:lsa avoid confusing ourselves over sam_ldb
Do not use policy_state->sam_ldb and trusted_domain_state->policy->sam_ldb
interchangeably all over the place. Just use sam_ldb everywhere and make the
code slightly more readable.
Simo Sorce [Wed, 24 Feb 2010 21:54:16 +0000 (16:54 -0500)]
s4:lsa cleanup trailing spaces and tabs
Simo Sorce [Wed, 24 Feb 2010 21:35:35 +0000 (16:35 -0500)]
Revert "s4-smb: Migrate named_pipe_server to tsocket."
This reverts commit
69d5cea2e59162f19460e7ce4b6382fc5fdd6ca0.
This commit causes issues with the RPC server, revert it until we find the
exact issue and possibly have a torture test to avoid it happening again.
Found playing with w2k8r2 and forest trusts.
Andrew Bartlett [Wed, 24 Feb 2010 08:19:41 +0000 (19:19 +1100)]
s4:install Fix bug #7149 reported by JHT.
We need to install named.conf.update for provision to succeed from the
installed setup file.
Andrew Bartlett
Andrew Bartlett [Mon, 18 Jan 2010 06:24:45 +0000 (19:24 +1300)]
s4:scripting/devel Allow tmpfs script to be re-run
By doing the unmount, we can avoid double-mounting st and bin
Matthias Dieter Wallnöfer [Thu, 11 Feb 2010 10:49:26 +0000 (11:49 +0100)]
s4:DNS update - change "i" to be unsigned
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 7 Nov 2009 20:21:26 +0000 (21:21 +0100)]
s4:ldap_server - make it "signed-safe"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 7 Nov 2009 20:20:12 +0000 (21:20 +0100)]
s4:auth - make some parts "signed-safe"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sat, 7 Nov 2009 20:20:56 +0000 (21:20 +0100)]
s4:cldap_server - make it "signed-safe"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sun, 21 Feb 2010 19:36:34 +0000 (20:36 +0100)]
s4:torture/ldap/basic.c - add a basic test for referral return
I implemented this referral test in C since the LDB python API isn't capable
to extract referrals from search result sets (there the result sets are simple
lists which contain only the matching entries).
First I enhanced the RootDSE test to return all partition base DNs in a new
null-terminated list "partitions". Then I used this in my referrals test which
I've implemented in the LDB api since I needed some certain DN functions.
Matthias Dieter Wallnöfer [Sat, 20 Feb 2010 21:07:12 +0000 (22:07 +0100)]
s4:partition DSDB module - Generate basic referrals
This is a first, very basic implementation of the referrals (more informations
at MS-ADTS 3.1.1.4.6 and 3.1.1.3.4.1.12).
To have the full referral support (and to always point to the right host) the
full implementation using DNS will be needed (at the moment we always point to
the main DC which is referenceable through the DNS domainname).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Mon, 22 Feb 2010 10:19:10 +0000 (11:19 +0100)]
s4:partition DSDB module - change the search and domain scope control handling
The domain scope control is always removed, from the search one only the two
interesting flags (which are handled) and it is marked as non-critical.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Sun, 21 Feb 2010 10:56:12 +0000 (11:56 +0100)]
s4:LDAP server - Enable support for returning referrals through it
This is needed for my work regarding the referrals when the domain scope control
isn't specified.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Matthias Dieter Wallnöfer [Tue, 23 Feb 2010 16:59:55 +0000 (17:59 +0100)]
s4:SAMLDB module - ignore referrals
They don't cause any harm to our functionality - so ignore them were not needed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Simo Sorce [Wed, 24 Feb 2010 16:02:18 +0000 (11:02 -0500)]
s4:netlogon remove wrong ZERO_STRUCT of output
This was causing marshalling faults when we returned errors.
Volker Lendecke [Wed, 24 Feb 2010 14:38:06 +0000 (15:38 +0100)]
s3: Make connections_fetch_record() static
Matthieu Patou [Fri, 19 Feb 2010 20:09:57 +0000 (23:09 +0300)]
python: ntacls, fix a leftover that is not in the try/except branch
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Matthieu Patou [Tue, 23 Feb 2010 13:03:16 +0000 (16:03 +0300)]
dsdb: Add a more explicit error message for constructed attributes
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Kamen Mazdrashki [Wed, 17 Feb 2010 19:32:50 +0000 (21:32 +0200)]
s4/drs_util: 'net drs showrepl' command implementation
Kamen Mazdrashki [Sun, 14 Feb 2010 00:50:13 +0000 (02:50 +0200)]
s4/idl: Regenerate IDL for DRSUAPI interface
Kamen Mazdrashki [Sun, 14 Feb 2010 00:49:40 +0000 (02:49 +0200)]
s4/drs: Propagate drsuapi_DsReplicaGetInfoRequest2 changes in source code
Kamen Mazdrashki [Sun, 14 Feb 2010 00:49:02 +0000 (02:49 +0200)]
s4/idl: drsuapi_DsReplicaGetInfoRequest2 - 'string2' to 'value_dn_str'
Kamen Mazdrashki [Sun, 14 Feb 2010 00:47:57 +0000 (02:47 +0200)]
s4/idl: drsuapi_DsReplicaGetInfoRequest2 - 'string1' to 'attribute_name'
Kamen Mazdrashki [Sun, 14 Feb 2010 00:40:07 +0000 (02:40 +0200)]
s4/drs: Propagate drsuapi_DsReplicaGetInfoRequest... changes into source code
Kamen Mazdrashki [Sun, 14 Feb 2010 00:38:11 +0000 (02:38 +0200)]
s4/idl: rename 'guid1' to 'source_dsa_guid' in drsuapi_DsReplicaGetInfoRequest description
Kamen Mazdrashki [Sat, 13 Feb 2010 01:27:27 +0000 (03:27 +0200)]
s4/drs_util: 'net drs replicate' command implementation
Kamen Mazdrashki [Fri, 12 Feb 2010 04:13:22 +0000 (06:13 +0200)]
s4/drs_util: Add public function for binding to a DC
Kamen Mazdrashki [Fri, 12 Feb 2010 04:02:05 +0000 (06:02 +0200)]
s4/drs_util: Refactor code to use net_drs_connection object for DRSUAPI connecitons
Kamen Mazdrashki [Fri, 12 Feb 2010 04:01:06 +0000 (06:01 +0200)]
s4/drs_util: Move DRSUAPI connection data into separate object
We need this so we can create independent DRS connections to
different DCs.
Kamen Mazdrashki [Thu, 11 Feb 2010 23:47:55 +0000 (01:47 +0200)]
s4/net_drs: Utility macros for conditions checking
Kamen Mazdrashki [Sat, 13 Feb 2010 02:57:28 +0000 (04:57 +0200)]
s4/drs: Propagate drsuapi_DsReplicaSync changes in source base
Kamen Mazdrashki [Thu, 11 Feb 2010 22:20:52 +0000 (00:20 +0200)]
s4/drs: Propagate drsuapi_DsReplicaSyncRequest1 changes in source base