10 years agos3-selftest: fix return code for -a.
Günther Deschner [Thu, 18 Feb 2010 10:20:49 +0000 (11:20 +0100)]
s3-selftest: fix return code for -a.

Background is: the SetPrinter level 2 calls "addprinter command" an fails if a
share already existed (and the addprinter command returned a non-0 return code).
Removing the non-0 return code is fine, as in AddPrinter{Ex}, we have checks to
see if a share already exists before calling out the addprinter command.

Maybe one day, we need to have a "changeprinter command"...


10 years agotsocket/bsd: fix comment in tdgram_bsd_recvfrom_handler()
Stefan Metzmacher [Wed, 17 Feb 2010 18:11:11 +0000 (19:11 +0100)]
tsocket/bsd: fix comment in tdgram_bsd_recvfrom_handler()


10 years agoRevert "Got back to 16-byte padding on auth RPC. S3 clients and servers now cope...
Jeremy Allison [Thu, 18 Feb 2010 03:42:49 +0000 (19:42 -0800)]
Revert "Got back to 16-byte padding on auth RPC. S3 clients and servers now cope with this. Jeremy"

This reverts commit 38c50c7027d2a2a9a3df060b74b2a2efce4d9e6f.

As tridge requested, we need this to work with older S3
servers, not just for smbtorture4.


10 years agos3-selftest: finally enable RPC-SPOOLSS-PRINTER against Samba 3.
Günther Deschner [Thu, 18 Feb 2010 01:17:01 +0000 (02:17 +0100)]
s3-selftest: finally enable RPC-SPOOLSS-PRINTER against Samba 3.


10 years agos3-selftest: include addprinter/deleteprinter command.
Günther Deschner [Wed, 17 Feb 2010 23:48:58 +0000 (00:48 +0100)]
s3-selftest: include addprinter/deleteprinter command.


10 years agos3-spoolss: fix return code of spoolss_DeletePrinter.
Günther Deschner [Thu, 18 Feb 2010 01:14:26 +0000 (02:14 +0100)]
s3-spoolss: fix return code of spoolss_DeletePrinter.

When the printer has been removed by the "deleteprinter command", we need to
check if it is still there and then fail, not fail if we successfully removed
it (found by RPC-SPOOLSS-PRINTER).


10 years agos3-spoolss: in spoolss_EnumPrinters r->in.server is a *unique* pointer!
Günther Deschner [Thu, 18 Feb 2010 01:03:53 +0000 (02:03 +0100)]
s3-spoolss: in spoolss_EnumPrinters r->in.server is a *unique* pointer!


10 years agos3-spoolss: more AddPrinter{Ex} checks.
Günther Deschner [Thu, 18 Feb 2010 00:58:56 +0000 (01:58 +0100)]
s3-spoolss: more AddPrinter{Ex} checks.

Windows will allow to add a non-shared printer that is returned by EnumPrinters.
Samba has no notion of non-shared local printers yet, so just make sure to
behave like we do elsewhere: a printer autoloaded by samba or added to samba is


10 years agos3-spoolss: add some printer info validation for AddPrinter calls.
Günther Deschner [Tue, 14 Jul 2009 12:34:30 +0000 (14:34 +0200)]
s3-spoolss: add some printer info validation for AddPrinter calls.


10 years agotestprogs: print SDDL string of printer security descriptors
Günther Deschner [Tue, 16 Feb 2010 15:21:02 +0000 (16:21 +0100)]
testprogs: print SDDL string of printer security descriptors

10 years agos3-modules: fix get_acl_blob in the acl_tdb VFS module.
Günther Deschner [Thu, 18 Feb 2010 01:13:07 +0000 (02:13 +0100)]
s3-modules: fix get_acl_blob in the acl_tdb VFS module.

Shuttle-reviewed by jra :)


10 years agos4-smbtorture: skip printer info cross tests against samba 3 for now.
Günther Deschner [Thu, 18 Feb 2010 00:45:06 +0000 (01:45 +0100)]
s4-smbtorture: skip printer info cross tests against samba 3 for now.

Not even w2k8r2 passes them atm.


10 years agos4-smbtorture: try more combinations to find printers in test_EnumPrinters_findname().
Günther Deschner [Thu, 18 Feb 2010 00:43:08 +0000 (01:43 +0100)]
s4-smbtorture: try more combinations to find printers in test_EnumPrinters_findname().

Also take a note of servers returning full UNC printer paths although we did not
set the servername.


10 years agos4-smbtorture: simplify test_PrinterInfo_DevMode a bit.
Günther Deschner [Thu, 18 Feb 2010 00:41:46 +0000 (01:41 +0100)]
s4-smbtorture: simplify test_PrinterInfo_DevMode a bit.


10 years agos4-smbtorture: avoid potential loop while adding a new printer in RPC-SPOOLSS-PRINTER.
Günther Deschner [Wed, 17 Feb 2010 19:45:26 +0000 (20:45 +0100)]
s4-smbtorture: avoid potential loop while adding a new printer in RPC-SPOOLSS-PRINTER.


10 years agos3-rpcclient: fix uninitialized variable in wkssvc_enumerateusers.
Günther Deschner [Wed, 17 Feb 2010 14:15:47 +0000 (15:15 +0100)]
s3-rpcclient: fix uninitialized variable in wkssvc_enumerateusers.


10 years agoGot back to 16-byte padding on auth RPC. S3 clients and servers now cope with this...
Jeremy Allison [Thu, 18 Feb 2010 00:40:28 +0000 (16:40 -0800)]
Got back to 16-byte padding on auth RPC. S3 clients and servers now cope with this. Jeremy

10 years agos4:param Modify secrets_get_domain_sid to give more useful errors
Andrew Bartlett [Wed, 17 Feb 2010 23:54:53 +0000 (10:54 +1100)]
s4:param Modify secrets_get_domain_sid to give more useful errors

This also moves the calls to secrets_get_domain_sid back into
winbind_task_init(), so that we can terminate with a much more
detailed error message.  (The previous message was simply

Andrew Bartlett

10 years agoFix bug #7146 - Samba miss-parses authenticated RPC packets.
Jeremy Allison [Wed, 17 Feb 2010 23:27:59 +0000 (15:27 -0800)]
Fix bug #7146 - Samba miss-parses authenticated RPC packets.

Parts of the Samba RPC client and server code misinterpret authenticated

DCE authenticated packets actually look like this :

|header                    |
| ... frag_len (packet len)|
| ... auth_len             |
|                          |
| Data payload             |
...                     ....
|                          |
|                          |
| auth_pad_len bytes       |
|                          |
| Auth footer              |
| auth_pad_len value       |
|                          |
| Auth payload             |
| (auth_len bytes long)    |

That's right. The pad bytes come *before* the footer specifying how many pad
bytes there are. In order to read this you must seek to the end of the packet
and subtract the auth_len (in the packet header) and the auth footer length (a
known value).

The client and server code gets this right (mostly) in 3.0.x -> 3.4.x so long
as the pad alignment is on an 8 byte boundary (there are some special cases in
the code for this).

Tridge discovered there are some (DRS replication) cases where on 64-bit
machines where the pad alignment is on a 16-byte boundary. This breaks the
existing S3 hand-optimized rpc code.

This patch removes all the special cases in client and server code, and allows
the pad alignment for generated packets to be specified by changing a constant
in include/local.h (this doesn't affect received packets, the new code always
handles them correctly whatever pad alignment is used).

This patch also works correctly with rpcclient using sign+seal from
the 3.4.x and 3.3.x builds (testing with 3.0.x and 3.2.x to follow)
so even as a server it should still work with older libsmbclient and
winbindd code.


10 years agoFix bug #6557 - Do not work VFS full_audit
Jeremy Allison [Wed, 17 Feb 2010 19:13:35 +0000 (11:13 -0800)]
Fix bug #6557 - Do not work VFS full_audit

Re-arrange the operations order so SMB_VFS_CONNECT is done
first as root (to allow modules to correctly initialize themselves).

Reviewed modules to check if they needed CONNECT invoked as
a user (which we previously did) and it turns out any of them
that cared needed root permissions anyway.


10 years agos3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OK
Lars Müller [Wed, 17 Feb 2010 18:00:01 +0000 (19:00 +0100)]
s3: go straight to winbindd_dual_pam_auth() in case of !NT_STATUS_OK

At the formerly used process_result statement we have alone one
NT_STATUS_IS_OK() which never could be hit in our case as we only go here
if NT_STATUS_EQUAL is not ok.

10 years agos3: let the pam_winbind po files reference the correct location
Lars Müller [Fri, 5 Feb 2010 21:47:39 +0000 (22:47 +0100)]
s3: let the pam_winbind po files reference the correct location

10 years agoFix commit d07cd37b993d3c9beded20323174633b806196b5
Jeremy Allison [Wed, 17 Feb 2010 17:24:34 +0000 (09:24 -0800)]
Fix commit d07cd37b993d3c9beded20323174633b806196b5

Which was:

    tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD

Metze, this has to have been wrong - you are throwing away the talloc_realloc
pointer returned. Also no error checking. Please review.

Thank goodness for gcc warnings :-).


10 years agos4/rodc: change the libnet_become_dc code to do RODC join
Anatoliy Atanasov [Wed, 17 Feb 2010 16:01:31 +0000 (18:01 +0200)]
s4/rodc: change the libnet_become_dc code to do RODC join

10 years agos4/drs: add DRSUAPI_ATTRIBUTE_options attribute
Anatoliy Atanasov [Wed, 17 Feb 2010 16:00:41 +0000 (18:00 +0200)]
s4/drs: add DRSUAPI_ATTRIBUTE_options attribute

10 years agos4/drs:kccdrs_replica_get_info_obj_metadata implementation
Anatoliy Atanasov [Tue, 16 Feb 2010 23:21:28 +0000 (01:21 +0200)]
s4/drs:kccdrs_replica_get_info_obj_metadata implementation

Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl
The get_info_obj_metadata implementation is ported from implementation
i developed and tested at the samba io lab 2009

10 years agos4/ldap: Refactor the fix for ldap nested searches
Kamen Mazdrashki [Fri, 29 Jan 2010 17:05:51 +0000 (19:05 +0200)]
s4/ldap: Refactor the fix for ldap nested searches

Current implementation synchronizes processing for
all types of LDAP request, not only LDAP_Search ones.

Synchronization for ldap replies processing is done
locally in ldb_ildap module as this concerns only
ildb_callback() function.

Signed-off-by: Anatoliy Atanasov <>
10 years agotsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD
Stefan Metzmacher [Wed, 17 Feb 2010 12:53:02 +0000 (13:53 +0100)]
tsocket/bsd: fix bug #7115 FreeBSD includes the UDP header in FIONREAD


10 years agotsocket/bsd: set IPV6_V6ONLY on AF_INET6 sockets
Stefan Metzmacher [Wed, 17 Feb 2010 08:33:18 +0000 (09:33 +0100)]
tsocket/bsd: set IPV6_V6ONLY on AF_INET6 sockets

Some system already have this as default. It's easier
to behave the same way on all systems and handle ipv6
and ipv4 sockets separate.


10 years agotsocket/bsd: fix bug #7140 autodetect ipv4 and ipv6 based on the remote address if...
Stefan Metzmacher [Wed, 17 Feb 2010 07:49:28 +0000 (08:49 +0100)]
tsocket/bsd: fix bug #7140 autodetect ipv4 and ipv6 based on the remote address if the local address is any


10 years agotsocket/bsd: fix bug #7140 use calculated sa_socklen for bind() in tstream_bsd_connec...
Stefan Metzmacher [Wed, 17 Feb 2010 07:45:58 +0000 (08:45 +0100)]
tsocket/bsd: fix bug #7140 use calculated sa_socklen for bind() in tstream_bsd_connect_send()

This is needed because, we can't use sizeof(sockaddr_storage) for AF_UNIX
sockets. Also some platforms require exact values for AF_INET and AF_INET6.


10 years agotsocket/bsd: fix do_bind logic for AF_INET
Stefan Metzmacher [Wed, 17 Feb 2010 07:42:22 +0000 (08:42 +0100)]
tsocket/bsd: fix do_bind logic for AF_INET

We want the explicit bind() when we don't use the any address.


10 years agosocket_wrapper: also ignore AF_INET6 in swrap_setsockopt()
Stefan Metzmacher [Wed, 17 Feb 2010 08:43:00 +0000 (09:43 +0100)]
socket_wrapper: also ignore AF_INET6 in swrap_setsockopt()


10 years agocifs.upcall: allocate a talloc context for smb_krb5_unparse_name
Jeff Layton [Tue, 16 Feb 2010 14:16:42 +0000 (09:16 -0500)]
cifs.upcall: allocate a talloc context for smb_krb5_unparse_name

cifs.upcall calls smb_krb5_unparse_name with a NULL talloc context.
Older versions of this function though will conditionally use
SMB_REALLOC instead of TALLOC_REALLOC when a NULL context is passed
in. To make it more consistent, just spawn a talloc context that
we can pass into this function.


Reported-by: Ludek Finstrle <>
Signed-off-by: Jeff Layton <>
Signed-off-by: Günther Deschner <>
10 years agos3: Fix bug 7139
Volker Lendecke [Tue, 16 Feb 2010 22:29:48 +0000 (23:29 +0100)]
s3: Fix bug 7139

To provide the user with the same SID when doing Kerberos logins, attempt to do
a make_server_info_sam instead of a make_server_info_pw.

10 years agos4-smbtorture: unify test list to run against single created printers in RPC-SPOOLSS...
Günther Deschner [Wed, 17 Feb 2010 10:21:56 +0000 (11:21 +0100)]
s4-smbtorture: unify test list to run against single created printers in RPC-SPOOLSS-PRINTER.

This is to make sure we run the same tests for printers created via AddPrinter
and via AddPrinterEx.


10 years agos4-smbtorture: also test level 2 sets for devicemodes and see if they persist.
Günther Deschner [Tue, 16 Feb 2010 16:42:58 +0000 (17:42 +0100)]
s4-smbtorture: also test level 2 sets for devicemodes and see if they persist.


10 years agos4-smbtorture: refactor setprinter devicemode calls in RPC-SPOOLSS-PRINTER.
Günther Deschner [Tue, 16 Feb 2010 16:42:19 +0000 (17:42 +0100)]
s4-smbtorture: refactor setprinter devicemode calls in RPC-SPOOLSS-PRINTER.


10 years agos4-provision: freeze the DNS zone before creating the zone file
Andrew Tridgell [Wed, 17 Feb 2010 08:43:26 +0000 (19:43 +1100)]
s4-provision: freeze the DNS zone before creating the zone file

This prevents bind from getting confused if it has a journal for the

10 years agos4-dnsupdate: use samba_runcmd() in the dns update task
Andrew Tridgell [Wed, 17 Feb 2010 08:29:37 +0000 (19:29 +1100)]
s4-dnsupdate: use samba_runcmd() in the dns update task

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-param: added "rndc command" smb.conf option
Andrew Tridgell [Wed, 17 Feb 2010 07:18:28 +0000 (18:18 +1100)]
s4-param: added "rndc command" smb.conf option

10 years agoutil: added samba_runcmd()
Andrew Tridgell [Wed, 17 Feb 2010 07:18:05 +0000 (18:18 +1100)]
util: added samba_runcmd()

This allows us to run a child command in an async fashion, with
control over logging of stdout and stderr (which appears in the Samba
log file). This is useful for ensuring we don't miss important
messages from rndc commands (for example).

Pair-Programmed-With: Andrew Bartlett <>

10 years agoexamples: add bind9 patches for TSIG-GSS support
Andrew Tridgell [Wed, 17 Feb 2010 05:34:33 +0000 (16:34 +1100)]
examples: add bind9 patches for TSIG-GSS support

We will point at these from the Samba4 HOWTO

10 years agos4-provision: fix permissions on generated DNS zone file
Andrew Tridgell [Wed, 17 Feb 2010 05:29:17 +0000 (16:29 +1100)]
s4-provision: fix permissions on generated DNS zone file

The zone file needs to be writeable by bind to allow for it to flush
its journal on dynamic updates

Pair-Programmed-With: Andrew Bartlett <>

10 years agos3:rpc streamline memory handling
Simo Sorce [Sun, 14 Feb 2010 08:33:15 +0000 (03:33 -0500)]
s3:rpc streamline memory handling

10 years agos4-rpc: paranoid check for auth_length
Andrew Tridgell [Tue, 16 Feb 2010 23:23:14 +0000 (10:23 +1100)]
s4-rpc: paranoid check for auth_length

This is not strictly needed as the ndr_pull_advance() checks it a few
lines further down, but I want to save Jeremy getting more grey hairs :-)

10 years agotestprogs: add rather simple device mode tests to spoolss test.
Günther Deschner [Tue, 16 Feb 2010 15:12:52 +0000 (16:12 +0100)]
testprogs: add rather simple device mode tests to spoolss test.


10 years agos3: Fix timeout calculation if g_lock_lock is given a timeout < 60s
Volker Lendecke [Tue, 16 Feb 2010 14:21:25 +0000 (15:21 +0100)]
s3: Fix timeout calculation if g_lock_lock is given a timeout < 60s

Detected while showing this code to obnox :-)

10 years agos3: Slightly increase parallelism in g_lock
Volker Lendecke [Tue, 16 Feb 2010 11:31:58 +0000 (12:31 +0100)]
s3: Slightly increase parallelism in g_lock

There's no need to still hold the g_lock tdb-level lock while telling the
waiters to retry

10 years agos3: Avoid starving locks when many processes die at the same time
Volker Lendecke [Tue, 16 Feb 2010 11:28:53 +0000 (12:28 +0100)]
s3: Avoid starving locks when many processes die at the same time

In g_lock_unlock we have a little race between the process_exists and
messaging_send call: We only send to 5 waiters now, they all might have died
between us checking their existence and sending the message. This change makes
g_lock_lock retry at least once every minute.

10 years agos3: Avoid a thundering herd in g_lock_unlock
Volker Lendecke [Tue, 16 Feb 2010 11:22:08 +0000 (12:22 +0100)]
s3: Avoid a thundering herd in g_lock_unlock

Only notify the first 5 pending lock waiters. This avoids a thundering herd
problem that is really nasty in a cluster. It also makes acquiring a lock a bit
more FIFO, lock waiters are added to the end of the array.

10 years agos3: Optimize g_lock_lock for a heavily contended case
Volker Lendecke [Mon, 15 Feb 2010 15:57:16 +0000 (16:57 +0100)]
s3: Optimize g_lock_lock for a heavily contended case

Only check the existence of the lock owner in g_lock_parse, check the rest of
the records only when we got the lock successfully. This reduces the load on
process_exists which can involve a network roundtrip in the clustered case.

10 years agos3: Fix handling of processes that died in g_lock
Volker Lendecke [Mon, 15 Feb 2010 15:49:46 +0000 (16:49 +0100)]
s3: Fix handling of processes that died in g_lock

g_lock_parse might have thrown away entries from the locks array because the
processes were not around anymore. Don't store the orphaned entries.

10 years agos4-kcc: remove a qsort() that snuck into the new topology code
Andrew Tridgell [Tue, 16 Feb 2010 11:41:45 +0000 (22:41 +1100)]
s4-kcc: remove a qsort() that snuck into the new topology code

10 years agos4-rpc: don't use auth padding in rpc bind requests as it breaks s3
Andrew Tridgell [Tue, 16 Feb 2010 11:18:16 +0000 (22:18 +1100)]
s4-rpc: don't use auth padding in rpc bind requests as it breaks s3

The s3 RPC server returns a bind_nak if it gets a rpc bind with auth
padding. This change forces a padding length of zero to maximimise
compatibility with s3 servers.

I've left the padding code in as a #if 0 to make it easier for us to
test/fix the s3 server code, which should be changed to correctly
handle arbitrary auth padding in all rpc requests with auth trailers.

10 years agos4-dcerpc: fixed auth padding to be relative to the stub, not packet
Andrew Tridgell [Tue, 16 Feb 2010 09:21:29 +0000 (20:21 +1100)]
s4-dcerpc: fixed auth padding to be relative to the stub, not packet

The recent dcerpc padding changes made our padding relative to the
packet header, instead of the start of the stub. Surprisingly, this
broke w2k8r2 doing a dcpromo join to a s4 server. It seems that w2k8r2
is very fussy about the padding it gets in some circumstances.

10 years agos4-dsdb: return LDB_ERR_CONSTRAINT_VIOLATION on num_recs != 1
Andrew Tridgell [Tue, 16 Feb 2010 05:39:49 +0000 (16:39 +1100)]
s4-dsdb: return LDB_ERR_CONSTRAINT_VIOLATION on num_recs != 1

In a single record search, LDB_ERR_CONSTRAINT_VIOLATION is more useful

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-samdb: use dsdb_search() in cracknames
Andrew Tridgell [Tue, 16 Feb 2010 05:09:07 +0000 (16:09 +1100)]
s4-samdb: use dsdb_search() in cracknames

greatly simplifies some of the cracknames code

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-kcc: remove search_onelevel_with_deleted() in kcc
Andrew Tridgell [Tue, 16 Feb 2010 04:54:01 +0000 (15:54 +1100)]
s4-kcc: remove search_onelevel_with_deleted() in kcc

Use dsdb_search() instead

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-dsdb: removed gendb_search_single_extended_dn()
Andrew Tridgell [Tue, 16 Feb 2010 04:49:29 +0000 (15:49 +1100)]
s4-dsdb: removed gendb_search_single_extended_dn()

Use dsdb_search_one() instead, which allows for arbitrary controls

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()
Andrew Tridgell [Tue, 16 Feb 2010 04:40:44 +0000 (15:40 +1100)]
s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()

dsdb_find_dn_by_guid() now takes a struct GUID instead of a
guid_string. All the callers in fact wanted a struct GUID, so we now
avoid the extra conversion.

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-dsdb: replace dsdb_find_dn_by_guid() with a dsdb_search() call
Andrew Tridgell [Tue, 16 Feb 2010 04:15:35 +0000 (15:15 +1100)]
s4-dsdb: replace dsdb_find_dn_by_guid() with a dsdb_search() call

much simpler code by using dsdb_flags

Pair-Programmed-With: Andrew Bartlett <>

10 years agos4-dsdb: change dsdb_search_dn_with_deleted() to dsdb_search_dn() with dsdb_flags
Andrew Tridgell [Tue, 16 Feb 2010 03:55:19 +0000 (14:55 +1100)]
s4-dsdb: change dsdb_search_dn_with_deleted() to dsdb_search_dn() with dsdb_flags

Allows for arbitrary controls

10 years agos4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
Andrew Tridgell [Tue, 16 Feb 2010 03:45:16 +0000 (14:45 +1100)]
s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags

This allows for controls to be added easily where they are needed.

10 years agos4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flags
Andrew Tridgell [Tue, 16 Feb 2010 03:29:07 +0000 (14:29 +1100)]
s4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flags

10 years agos4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.c
Andrew Tridgell [Tue, 16 Feb 2010 03:23:21 +0000 (14:23 +1100)]
s4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.c

This will be used to allow the flag based ldb functions to work on
both a ldb or a module, thus saving a lot of specialist functions.

10 years agos3-docs: Document 'smbclient -C'.
Volker Lendecke [Tue, 16 Feb 2010 10:00:08 +0000 (11:00 +0100)]
s3-docs: Document 'smbclient -C'.

10 years agos4-smbtorture: fix spoolss SD test against w2k8r2.
Günther Deschner [Tue, 16 Feb 2010 09:45:29 +0000 (10:45 +0100)]
s4-smbtorture: fix spoolss SD test against w2k8r2.


10 years agos4-smbtorture: more work on test_PrinterInfo_DevMode RPC-SPOOLSS-PRINTER.
Günther Deschner [Tue, 16 Feb 2010 02:28:43 +0000 (03:28 +0100)]
s4-smbtorture: more work on test_PrinterInfo_DevMode RPC-SPOOLSS-PRINTER.


10 years agos4-smbtorture: allow to call OpenPrinterEx with devicemode.
Günther Deschner [Tue, 16 Feb 2010 02:26:10 +0000 (03:26 +0100)]
s4-smbtorture: allow to call OpenPrinterEx with devicemode.


10 years agotestprogs: add "samba3" and "architecture=" options to spoolss tester.
Günther Deschner [Mon, 15 Feb 2010 22:03:48 +0000 (23:03 +0100)]
testprogs: add "samba3" and "architecture=" options to spoolss tester.


10 years agos4-drs: DsGetReplInfo() refactoring
Erick Nogueira do Nascimento [Thu, 11 Feb 2010 21:04:00 +0000 (19:04 -0200)]
s4-drs: DsGetReplInfo() refactoring

10 years agos4-drs: DsReplGetInfo() for DS_REPL_INFO_REPSTO infoType
Erick Nogueira do Nascimento [Fri, 29 Jan 2010 22:07:47 +0000 (20:07 -0200)]
s4-drs: DsReplGetInfo() for DS_REPL_INFO_REPSTO infoType

Implements the DS_REPL_INFO_REPSTO infoType of DsReplGetInfo().

10 years agos4-smbtorture: more work on SD tests for RPC-SPOOLSS.
Günther Deschner [Mon, 15 Feb 2010 21:06:42 +0000 (22:06 +0100)]
s4-smbtorture: more work on SD tests for RPC-SPOOLSS.


10 years agos4-smbtorture: add rather simple spoolss device mode test.
Günther Deschner [Mon, 15 Feb 2010 21:16:25 +0000 (22:16 +0100)]
s4-smbtorture: add rather simple spoolss device mode test.


10 years agos4-smbtorture: use test_SetPrinter call in spoolss security descriptor tests.
Günther Deschner [Mon, 15 Feb 2010 20:55:06 +0000 (21:55 +0100)]
s4-smbtorture: use test_SetPrinter call in spoolss security descriptor tests.


10 years agos4-smbtorture: w2k8r2 allows to add printers w/o defining printprocessor.
Günther Deschner [Mon, 15 Feb 2010 18:23:35 +0000 (19:23 +0100)]
s4-smbtorture: w2k8r2 allows to add printers w/o defining printprocessor.


10 years agotestprogs: fix EnumJobs debug output in spoolss test.
Günther Deschner [Mon, 15 Feb 2010 20:45:59 +0000 (21:45 +0100)]
testprogs: fix EnumJobs debug output in spoolss test.

Found by Kai, thanks!


10 years agos3: Fix a typo
Volker Lendecke [Mon, 15 Feb 2010 15:35:06 +0000 (16:35 +0100)]
s3: Fix a typo

10 years agos4-rootdse: we don't need DSDB_FLAG_OWN_MODULE here
Andrew Tridgell [Mon, 15 Feb 2010 12:49:26 +0000 (23:49 +1100)]
s4-rootdse: we don't need DSDB_FLAG_OWN_MODULE here

10 years agos4-drs: enable the recyclebin optional feature
Eduardo Lima [Fri, 12 Feb 2010 16:18:27 +0000 (14:18 -0200)]
s4-drs: enable the recyclebin optional feature

Signed-off-by: Andrew Tridgell <>
10 years agos4-kcc: remove C++ comment
Andrew Tridgell [Mon, 15 Feb 2010 12:05:33 +0000 (23:05 +1100)]
s4-kcc: remove C++ comment

10 years agos4-kcc: initial code for the topology algorithm
Crístian Deives [Wed, 10 Feb 2010 05:42:28 +0000 (03:42 -0200)]
s4-kcc: initial code for the topology algorithm

this patch contains the data structures declarations and the functions to
setup the graph.

Signed-off-by: Andrew Tridgell <>
10 years agos4-dsdb: don't change replPropertyMetaData if the value hasn't changed
Andrew Tridgell [Mon, 15 Feb 2010 11:49:35 +0000 (22:49 +1100)]
s4-dsdb: don't change replPropertyMetaData if the value hasn't changed

When updating replPropertyMetaData, check if the value being stored is
the same as the current value, and skip the update if it is.

This is based on a patch by Fernando J V da Silva <>

10 years agos4-heimdal: Fix typos in comment.
Karolin Seeger [Mon, 15 Feb 2010 11:23:11 +0000 (12:23 +0100)]
s4-heimdal: Fix typos in comment.


10 years agos4-test: use local ldb for urgent_replication test
Andrew Tridgell [Mon, 15 Feb 2010 10:21:55 +0000 (21:21 +1100)]
s4-test: use local ldb for urgent_replication test

This test only currently works on a local ldb, as it needs system

10 years agos4-ldb: fixed permissions on
Andrew Tridgell [Mon, 15 Feb 2010 10:18:13 +0000 (21:18 +1100)]
s4-ldb: fixed permissions on

10 years agos4-test: minor fixes to
Andrew Tridgell [Mon, 15 Feb 2010 10:14:42 +0000 (21:14 +1100)]
s4-test: minor fixes to

- fix usage name
- remove unnecessary python functions
- remote unused gc ldb

10 years agos4-drs: Test situations for Urgent Replication
Fernando J V da Silva [Thu, 4 Feb 2010 19:03:41 +0000 (17:03 -0200)]
s4-drs: Test situations for Urgent Replication

Checks if the partition's uSNUrgent is updated or not, depending
on the class of the object which is created, modified or deleted.

Signed-off-by: Andrew Tridgell <>
10 years agos4-drs: Function for accessing dsdb_load_partition_usn from Python
Fernando J V da Silva [Thu, 4 Feb 2010 18:58:31 +0000 (16:58 -0200)]
s4-drs: Function for accessing dsdb_load_partition_usn from Python

Returns both uSNHighest and uSNUrgent as a dict object in Python
from a given partition dn.

Signed-off-by: Andrew Tridgell <>
10 years agos4-drs: Fixes bugs regarding Urgent Replication on wrong situations
Fernando J V da Silva [Thu, 4 Feb 2010 18:46:52 +0000 (16:46 -0200)]
s4-drs: Fixes bugs regarding Urgent Replication on wrong situations

It fixes the bug which causes an urgent replication to be enabled
incorrectly when an object is modified, but it should happen only
when it was created. This patch also fixes the bug that enable an
urgent replication when an object is deleted, but it should happen
only when it was modified and fixes the bug that does not enable
an urgent replication when an object is deleted and it should happen
only when it is deleted (not when it is modified).

Signed-off-by: Andrew Tridgell <>
10 years agospoolss: disable GetPrinterDriver level 101 (as called by XP).
Günther Deschner [Thu, 11 Feb 2010 11:54:57 +0000 (12:54 +0100)]
spoolss: disable GetPrinterDriver level 101 (as called by XP).

We still dont get the marshalling right, disable and XP will just fall back to
level 6.


10 years agos4-smbtorture: add some security descriptor tests to RPC-SPOOLSS and RPC-SPOOLSS...
Günther Deschner [Sat, 13 Feb 2010 01:11:31 +0000 (02:11 +0100)]
s4-smbtorture: add some security descriptor tests to RPC-SPOOLSS and RPC-SPOOLSS-PRINTER.


10 years agos4:provision.c - "provsion_store_self_join" - don't set the realm if it's NULL
Matthias Dieter Wallnöfer [Mon, 15 Feb 2010 09:29:47 +0000 (10:29 +0100)]
s4:provision.c - "provsion_store_self_join" - don't set the realm if it's NULL

The realm can be NULL when this function is called by "libnet_Join_primary_domain".
This seems to be a valid value since "libnet_JoinDomain" is allowed to return an
empty realm if we are not in a ADS domain.

10 years agos4-drs: replace manual checks with dsdb_modify_permissive()
Andrew Tridgell [Mon, 15 Feb 2010 06:39:20 +0000 (17:39 +1100)]
s4-drs: replace manual checks with dsdb_modify_permissive()

Much simpler to use the permissive control instead of manually munging
the SPN list.

10 years agos4-drs: use a permissive modify in addentry
Andrew Tridgell [Mon, 15 Feb 2010 06:38:47 +0000 (17:38 +1100)]
s4-drs: use a permissive modify in addentry

It is not an error if entries already exist.

10 years agos4-dsdb: added dsdb_modify_permissive()
Andrew Tridgell [Mon, 15 Feb 2010 06:38:16 +0000 (17:38 +1100)]
s4-dsdb: added dsdb_modify_permissive()

This will be used in the drsuapi server

10 years agos3: eventlogadm.c: add -s option to use alternative config file.
Holger Hetterich [Sun, 14 Feb 2010 18:05:00 +0000 (19:05 +0100)]
s3: eventlogadm.c: add -s option to use alternative config file.

Update the manpage accordingly.

10 years agos3: Fix initgroups return check
Peter Watkins [Sun, 14 Feb 2010 11:43:13 +0000 (12:43 +0100)]
s3: Fix initgroups return check

A return code of 1 from initgroups() is OK since apparently it means
the gid has already been set. The man page doesn't mention this.

10 years agos4:dcesrv_lsa.c - remove a superfluous empty line
Matthias Dieter Wallnöfer [Sun, 14 Feb 2010 09:48:13 +0000 (10:48 +0100)]
s4:dcesrv_lsa.c - remove a superfluous empty line

One empty line is enough for code part divisions.