ira/wip.git
7 years agoparam: use lp_is_security_and_server_role_valid()
Andrew Bartlett [Thu, 10 Nov 2011 08:34:36 +0000 (19:34 +1100)]
param: use lp_is_security_and_server_role_valid()

This also permits a few more valid combinations, due to the layer at which this is
being used.

Andrew Bartlett

7 years agoparam: Check if server role and security parameters are conflicting
Amitay Isaacs [Thu, 10 Nov 2011 06:45:28 +0000 (17:45 +1100)]
param: Check if server role and security parameters are conflicting

7 years agolib/param: Add tests for security= behaviour now it operates with server role
Andrew Bartlett [Thu, 10 Nov 2011 06:11:56 +0000 (17:11 +1100)]
lib/param: Add tests for security= behaviour now it operates with server role

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoparam: Connect lp_security to the lib/param code to allow tests
Andrew Bartlett [Thu, 10 Nov 2011 06:11:18 +0000 (17:11 +1100)]
param: Connect lp_security to the lib/param code to allow tests

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agos4-provision permit server role to be the ROLE_ strings from s3
Andrew Bartlett [Thu, 10 Nov 2011 05:26:57 +0000 (16:26 +1100)]
s4-provision permit server role to be the ROLE_ strings from s3

Also convert between the aliases in one single place.

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoparam: Add tests for automatic server role guessing
Andrew Bartlett [Thu, 10 Nov 2011 05:07:52 +0000 (16:07 +1100)]
param: Add tests for automatic server role guessing

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agopy-param: Add python interface to get server_role
Amitay Isaacs [Thu, 10 Nov 2011 04:42:44 +0000 (15:42 +1100)]
py-param: Add python interface to get server_role

7 years agoparam: Move enum values into a common (included) .c file
Andrew Bartlett [Thu, 10 Nov 2011 04:19:33 +0000 (15:19 +1100)]
param: Move enum values into a common (included) .c file

This #include hack is required as it is not possible to declare a
compile-time sized array in a header file.

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoparam: move server role helpers into loadparm.h
Andrew Bartlett [Thu, 10 Nov 2011 04:22:37 +0000 (15:22 +1100)]
param: move server role helpers into loadparm.h

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agos4-s3-upgrade Add test of net getlocalsid after the upgrade
Andrew Bartlett [Tue, 1 Nov 2011 01:59:38 +0000 (12:59 +1100)]
s4-s3-upgrade Add test of net getlocalsid after the upgrade

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoparam: calculate server role from security, and security from server role
Andrew Bartlett [Thu, 10 Nov 2011 01:45:54 +0000 (12:45 +1100)]
param: calculate server role from security, and security from server role

This allows smb.conf files from either the samba3 or samba4 tradition
to come to the same value of server role, using the information in the
smb.conf file.

This is important so that tools like 'net getlocalsid' work against a
Samba4 AD installation (yes, users have tried this).

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agos3-param remove lp_domain_logons(), always use IS_DC
Andrew Bartlett [Thu, 10 Nov 2011 02:37:54 +0000 (13:37 +1100)]
s3-param remove lp_domain_logons(), always use IS_DC

This makes the code internally consistant.

Andrew Bartlett

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoparam: make server role list common and include auto (for the new default)
Andrew Bartlett [Thu, 10 Nov 2011 01:50:09 +0000 (12:50 +1100)]
param: make server role list common and include auto (for the new default)

Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>

7 years agoroles: Add ROLE_AUTO to indicate that the server role is calculated
Amitay Isaacs [Tue, 8 Nov 2011 02:22:37 +0000 (13:22 +1100)]
roles: Add ROLE_AUTO to indicate that the server role is calculated

7 years agos3-param: Add "server role" as global parameter
Amitay Isaacs [Tue, 8 Nov 2011 01:12:06 +0000 (12:12 +1100)]
s3-param: Add "server role" as global parameter

This will help extracting server role processing code in common
library.

7 years agoparam: Add "domain logons" and "domain master" parameters
Amitay Isaacs [Tue, 8 Nov 2011 00:36:00 +0000 (11:36 +1100)]
param: Add "domain logons" and "domain master" parameters

This makes parsing of config files with s3 loadparm code and s4 loadparm
code consistent.

7 years agos3-libsmb/passchange.c: remove some cli_nt_error() calls
Björn Baumbach [Wed, 16 Nov 2011 15:57:25 +0000 (16:57 +0100)]
s3-libsmb/passchange.c: remove some cli_nt_error() calls

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 16 20:36:11 CET 2011 on sn-devel-104

7 years agos3-winbindd/winbindd_cm.c: remove cli_nt_error()
Björn Baumbach [Wed, 16 Nov 2011 15:52:38 +0000 (16:52 +0100)]
s3-winbindd/winbindd_cm.c: remove cli_nt_error()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-libsmb/clidfs.c: remove cli_nt_error()
Björn Baumbach [Wed, 16 Nov 2011 15:37:24 +0000 (16:37 +0100)]
s3-libsmb/clidfs.c: remove cli_nt_error()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3:winbindd_cm: remove unused ads_status
Stefan Metzmacher [Wed, 16 Nov 2011 15:48:37 +0000 (16:48 +0100)]
s3:winbindd_cm: remove unused ads_status

metze

7 years agos3-torture: remove all cli_nt_error() calls in torture
Björn Baumbach [Wed, 16 Nov 2011 15:21:13 +0000 (16:21 +0100)]
s3-torture: remove all cli_nt_error() calls in torture

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-torture: replace cli_errstr() with nt_errstr()
Björn Baumbach [Wed, 16 Nov 2011 14:03:49 +0000 (15:03 +0100)]
s3-torture: replace cli_errstr() with nt_errstr()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-libsmb: introduce option to disable dos error mapping
Björn Baumbach [Wed, 16 Nov 2011 13:45:01 +0000 (14:45 +0100)]
s3-libsmb: introduce option to disable dos error mapping

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3:smbd: calculate the negprot signing flags from the signing_state
Stefan Metzmacher [Wed, 16 Nov 2011 14:06:30 +0000 (15:06 +0100)]
s3:smbd: calculate the negprot signing flags from the signing_state

We should map from lp_server_signing() just once in srv_init_signing().

metze

Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104

7 years agos3: Fix wbinfo socket dir path.
Andreas Schneider [Wed, 16 Nov 2011 13:54:11 +0000 (14:54 +0100)]
s3: Fix wbinfo socket dir path.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Nov 16 17:19:56 CET 2011 on sn-devel-104

7 years agoRevert "Fix bug #8453 - smbclient segfaults when dialect option -m is used for legacy...
Stefan Metzmacher [Thu, 22 Sep 2011 19:23:02 +0000 (21:23 +0200)]
Revert "Fix bug #8453 - smbclient segfaults when dialect option -m is used for legacy dialects"

This reverts commit f261ac1932ecdae925b27301aa3e907757845a85.

We now handle that in cli_state_create().

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 16 15:44:05 CET 2011 on sn-devel-104

7 years agos3:libsmb: always init cli->{server_os,server_domain,server_type}
Stefan Metzmacher [Tue, 20 Sep 2011 03:23:53 +0000 (05:23 +0200)]
s3:libsmb: always init cli->{server_os,server_domain,server_type}

We should do that at creation time of cli_state.

metze

7 years agos3-waf: create a smbldap.so library.
Günther Deschner [Mon, 17 Oct 2011 15:19:27 +0000 (17:19 +0200)]
s3-waf: create a smbldap.so library.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 14:03:05 CET 2011 on sn-devel-104

7 years agos3-smbldap: remove dependency to secrets subsystem.
Günther Deschner [Tue, 15 Nov 2011 22:57:58 +0000 (23:57 +0100)]
s3-smbldap: remove dependency to secrets subsystem.

Guenther

7 years agos3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.
Günther Deschner [Tue, 15 Nov 2011 22:56:38 +0000 (23:56 +0100)]
s3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.

Guenther

7 years agos3-smbldap: remove duplicate prototype of smbldap_init().
Günther Deschner [Tue, 15 Nov 2011 18:01:45 +0000 (19:01 +0100)]
s3-smbldap: remove duplicate prototype of smbldap_init().

Guenther

7 years agos3-net: use better state variable name for smbldap_state.
Günther Deschner [Tue, 15 Nov 2011 16:53:25 +0000 (17:53 +0100)]
s3-net: use better state variable name for smbldap_state.

Guenther

7 years agos3-passdb: split out passdb/pdb_ldap_schema.c
Günther Deschner [Mon, 17 Oct 2011 16:03:31 +0000 (18:03 +0200)]
s3-passdb: split out passdb/pdb_ldap_schema.c

Guenther

7 years agos3: move smbldap_util to pdb_ldap_util.
Günther Deschner [Mon, 17 Oct 2011 16:00:01 +0000 (18:00 +0200)]
s3: move smbldap_util to pdb_ldap_util.

Guenther

7 years agos3-smbldap: use include/smb_ldap.h in smbldap.h
Günther Deschner [Mon, 17 Oct 2011 15:17:18 +0000 (17:17 +0200)]
s3-smbldap: use include/smb_ldap.h in smbldap.h

Guenther

7 years agolib/util/debug: with log level = 10 we should be more verbose
Stefan Metzmacher [Tue, 15 Nov 2011 20:50:54 +0000 (21:50 +0100)]
lib/util/debug: with log level = 10 we should be more verbose

log level = 10 already impacts performance, so we can turn on
more details and print the pid, [e][u|g]id and class information.

So it implies "debug pid = yes", "debug uid = yes" and "debug class = yes".

This generates a lot more useful log files.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 16 12:25:02 CET 2011 on sn-devel-104

7 years agoprovision: Set the security descriptor while creating partitions
Amitay Isaacs [Wed, 16 Nov 2011 00:18:18 +0000 (11:18 +1100)]
provision: Set the security descriptor while creating partitions

With Matthieu's patch, the setting of security descriptor on
partition dn at create time works correctly.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104

7 years agos4-dsdb: rework the NC detection for the descriptor calculation
Matthieu Patou [Tue, 15 Nov 2011 23:56:28 +0000 (00:56 +0100)]
s4-dsdb: rework the NC detection for the descriptor calculation

This checks if instanceType attribute is available, and if
INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then
the DN is NC root and security descriptor is not inherited
from parent SD.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
7 years agos3-s4-upgrade: do not add description if it is empty string or none
Amitay Isaacs [Tue, 15 Nov 2011 23:17:50 +0000 (10:17 +1100)]
s3-s4-upgrade: do not add description if it is empty string or none

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Nov 16 05:53:41 CET 2011 on sn-devel-104

7 years agoFinal part of patchset to fix bug #8556 - ACL permissions ignored when SMBsetatr...
Jeremy Allison [Wed, 16 Nov 2011 01:29:59 +0000 (17:29 -0800)]
Final part of patchset to fix bug #8556 - ACL permissions ignored when SMBsetatr is requested.

This now plumbs access checks through all setattr calls.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104

7 years agoRemove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
Jeremy Allison [Wed, 16 Nov 2011 01:41:48 +0000 (17:41 -0800)]
Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.

7 years agoAlways set the attribute first, before the time.
Jeremy Allison [Wed, 16 Nov 2011 00:49:42 +0000 (16:49 -0800)]
Always set the attribute first, before the time.

7 years agoMove handle-based access check into handle codepath.
Jeremy Allison [Wed, 16 Nov 2011 00:22:09 +0000 (16:22 -0800)]
Move handle-based access check into handle codepath.

7 years agoWe've already checked fsp must be non-null here.
Jeremy Allison [Wed, 16 Nov 2011 00:20:44 +0000 (16:20 -0800)]
We've already checked fsp must be non-null here.

7 years agoRemove unneeded access check. This is done inside smb_set_file_time().
Jeremy Allison [Wed, 16 Nov 2011 00:16:54 +0000 (16:16 -0800)]
Remove unneeded access check. This is done inside smb_set_file_time().

7 years agoRemove unneeded access check. This is done inside smb_set_file_size().
Jeremy Allison [Wed, 16 Nov 2011 00:14:47 +0000 (16:14 -0800)]
Remove unneeded access check. This is done inside smb_set_file_size().

7 years agoMove handle based access check into handle code path.
Jeremy Allison [Wed, 16 Nov 2011 00:14:16 +0000 (16:14 -0800)]
Move handle based access check into handle code path.

7 years agoHEIMDAL:lib/krb5: add utf8 support to build_logon_name() for the PAC
Stefan Metzmacher [Tue, 15 Nov 2011 13:32:35 +0000 (14:32 +0100)]
HEIMDAL:lib/krb5: add utf8 support to build_logon_name() for the PAC

Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 16 02:00:12 CET 2011 on sn-devel-104

7 years agoHEIMDAL:lib/wind: export wind_ucs2write()
Stefan Metzmacher [Tue, 15 Nov 2011 13:38:38 +0000 (14:38 +0100)]
HEIMDAL:lib/wind: export wind_ucs2write()

Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

7 years agoHEIMDAL:lib/winbd: fix wind_ucs2write with WIND_RW_LE
Stefan Metzmacher [Tue, 15 Nov 2011 14:57:40 +0000 (15:57 +0100)]
HEIMDAL:lib/winbd: fix wind_ucs2write with WIND_RW_LE

Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

7 years agoHEIMDAL:lib/wind: fix wind_ucs4utf8() and wind_ucs2utf8()
Stefan Metzmacher [Tue, 15 Nov 2011 14:57:10 +0000 (15:57 +0100)]
HEIMDAL:lib/wind: fix wind_ucs4utf8() and wind_ucs2utf8()

Pair-Programmed-With: Arvid Requate <requate@univention.de>

metze

7 years agoFix bug #8561 - Password change settings not fully observed.
Jeremy Allison [Tue, 15 Nov 2011 21:27:14 +0000 (13:27 -0800)]
Fix bug #8561 - Password change settings not fully observed.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 00:22:41 CET 2011 on sn-devel-104

7 years agoEnsure we correctly calculate reply credits over all returned
Jeremy Allison [Tue, 15 Nov 2011 19:27:56 +0000 (11:27 -0800)]
Ensure we correctly calculate reply credits over all returned
SMB2 replies, and do as Windows does and return the total in the
last SMB2 reply. Fixes an issue found by Christian M Ambach <christian.ambach@de.ibm.com>
(and thanks to Christian for the initial patch this was based on).

7 years agoRemove unneeded NULL check.
Jeremy Allison [Tue, 15 Nov 2011 19:27:42 +0000 (11:27 -0800)]
Remove unneeded NULL check.

7 years agos4:partition LDB module - fix handling regarding special DNs on searches
Matthias Dieter Wallnöfer [Thu, 20 Oct 2011 20:00:15 +0000 (22:00 +0200)]
s4:partition LDB module - fix handling regarding special DNs on searches

Normally they should always be passed to the main backend unless
something different has been specified.

Reviewed-by: abartlet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Nov 15 22:43:06 CET 2011 on sn-devel-104

7 years agos4:torture/rpc/samr.c - use "NULL" instead of "0" when initialising pointers
Matthias Dieter Wallnöfer [Sun, 13 Nov 2011 20:33:09 +0000 (21:33 +0100)]
s4:torture/rpc/samr.c - use "NULL" instead of "0" when initialising pointers

7 years agos4:join.py - fix typo
Matthias Dieter Wallnöfer [Sun, 13 Nov 2011 20:13:59 +0000 (21:13 +0100)]
s4:join.py - fix typo

7 years agos3: allow to set TCP_NODELAYACK socket option on AIX
Björn Jacke [Tue, 15 Nov 2011 18:12:02 +0000 (19:12 +0100)]
s3: allow to set TCP_NODELAYACK socket option on AIX

this is the AIX way to disable delayed ACKs, the same like TCP_QUICKACK on
Linux

Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Nov 15 21:00:07 CET 2011 on sn-devel-104

7 years agos3:smbd/aio: handle_aio_completed() should do nothing if aio_ex->fsp is NULL
Stefan Metzmacher [Mon, 14 Nov 2011 08:54:05 +0000 (09:54 +0100)]
s3:smbd/aio: handle_aio_completed() should do nothing if aio_ex->fsp is NULL

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 18:47:55 CET 2011 on sn-devel-104

7 years agos3:smbd/aio: pass ECANCELED to the smb2 aio handlers
Stefan Metzmacher [Mon, 14 Nov 2011 08:53:25 +0000 (09:53 +0100)]
s3:smbd/aio: pass ECANCELED to the smb2 aio handlers

metze

7 years agos3:smb2_read: make it possible to cancel aio reads
Stefan Metzmacher [Mon, 14 Nov 2011 08:33:22 +0000 (09:33 +0100)]
s3:smb2_read: make it possible to cancel aio reads

metze

7 years agos3:smb2_write: make it possible to cancel aio writes
Stefan Metzmacher [Mon, 14 Nov 2011 08:33:22 +0000 (09:33 +0100)]
s3:smb2_write: make it possible to cancel aio writes

metze

7 years agos3:smbd/aio: add cancel_smb2_aio()
Stefan Metzmacher [Mon, 14 Nov 2011 08:52:47 +0000 (09:52 +0100)]
s3:smbd/aio: add cancel_smb2_aio()

metze

7 years agos3:smb2_ioctl: STATUS_PENDING is defered by 1 millisecond for SMB2_IOCTL
Stefan Metzmacher [Mon, 14 Nov 2011 14:29:37 +0000 (15:29 +0100)]
s3:smb2_ioctl: STATUS_PENDING is defered by 1 millisecond for SMB2_IOCTL

metze

7 years agos3:smb2_create: defer STATUS_PENDING for 2 seconds as before
Stefan Metzmacher [Mon, 14 Nov 2011 14:50:47 +0000 (15:50 +0100)]
s3:smb2_create: defer STATUS_PENDING for 2 seconds as before

metze

7 years agos3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue()
Stefan Metzmacher [Mon, 14 Nov 2011 14:42:55 +0000 (15:42 +0100)]
s3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue()

metze

7 years agos3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 milliseconds
Stefan Metzmacher [Wed, 9 Nov 2011 10:47:33 +0000 (11:47 +0100)]
s3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 milliseconds

In future we'll pass the delay from the caller.

metze

7 years agos3-winbind: Don't fail on users without a uid.
Andreas Schneider [Mon, 14 Nov 2011 09:01:31 +0000 (10:01 +0100)]
s3-winbind: Don't fail on users without a uid.

This fixes bug #8608.

If you join samba with idmap_ad backend to an AD. When you try to
enumerate users with 'getent passwd' and the user doesn't have a uid
set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't
map a user we should not stop but continue enumerating users.

This normally happens with the default user 'krbtgt' with idmap_ad but
could also happen with other backends.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104

7 years agos3-winbind: Make sure the map is clean.
Andreas Schneider [Wed, 9 Nov 2011 19:48:23 +0000 (20:48 +0100)]
s3-winbind: Make sure the map is clean.

7 years agos3-winbind: Increase the negative cache entry timout.
Andreas Schneider [Mon, 14 Nov 2011 09:01:03 +0000 (10:01 +0100)]
s3-winbind: Increase the negative cache entry timout.

The timout for the cache entry of a negative connection should be the
double of a connect timeout (which is 30 seconds).

7 years agos4:dsdb/schema_data: reject schema update unless they're allowed
Stefan Metzmacher [Fri, 11 Nov 2011 15:55:37 +0000 (16:55 +0100)]
s4:dsdb/schema_data: reject schema update unless they're allowed

"dsdb:schema update allowed = yes" is now needed in smb.conf
to enable schema updates, as schema updates are a currenty a good
way to prevent samba from startup again, because of errors in
the schema definition.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 13:00:07 CET 2011 on sn-devel-104

7 years agoselftest/Samba4: allow schema updates
Stefan Metzmacher [Sat, 12 Nov 2011 10:03:05 +0000 (11:03 +0100)]
selftest/Samba4: allow schema updates

metze

7 years agos4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates
Stefan Metzmacher [Fri, 11 Nov 2011 11:12:17 +0000 (12:12 +0100)]
s4:dsdb/schema: add "dsdb:schema update allowed" option to enable schema updates

By default schema updates are not allowed anymore, as we don't have
complete validation code to prevent database corruption.

metze

7 years agos4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, msDS-IntId
Stefan Metzmacher [Fri, 11 Nov 2011 15:43:18 +0000 (16:43 +0100)]
s4:dsdb/schema_data: reject changes to schemaInfo, msDs-Schema-Extensions, msDS-IntId

As windows we return CONSTRAINT_VIOLATION now.

metze

7 years agos4:dsdb/schema_data: make sure we reject schema changes if we're not the schema master
Stefan Metzmacher [Fri, 11 Nov 2011 14:54:11 +0000 (15:54 +0100)]
s4:dsdb/schema_data: make sure we reject schema changes if we're not the schema master

metze

7 years agos4:dsdb/schema_data: make sure we only allow objects one level below the schema base
Stefan Metzmacher [Fri, 11 Nov 2011 13:51:32 +0000 (14:51 +0100)]
s4:dsdb/schema_data: make sure we only allow objects one level below the schema base

The objectclass module should also check for this, but make sure
we also reject it on things like provision.

metze

7 years agos4:libnet_vampire: setup base_dn on the self_made_schema
Stefan Metzmacher [Mon, 14 Nov 2011 08:16:58 +0000 (09:16 +0100)]
s4:libnet_vampire: setup base_dn on the self_made_schema

metze

7 years agos4:libnet_vampire: use dsdb_modify(..., DSDB_FLAG_AS_SYSTEM) to store prefixMap
Stefan Metzmacher [Mon, 14 Nov 2011 07:54:18 +0000 (08:54 +0100)]
s4:libnet_vampire: use dsdb_modify(..., DSDB_FLAG_AS_SYSTEM) to store prefixMap

metze

7 years agos4:param/provision: pass schema_dn to provision_get_schema()
Stefan Metzmacher [Mon, 14 Nov 2011 07:52:51 +0000 (08:52 +0100)]
s4:param/provision: pass schema_dn to provision_get_schema()

metze

7 years agos4:dsdb/schema: pass and remember the schema_dn in dsdb_set_schema_from_ldif()
Stefan Metzmacher [Fri, 11 Nov 2011 15:35:59 +0000 (16:35 +0100)]
s4:dsdb/schema: pass and remember the schema_dn in dsdb_set_schema_from_ldif()

metze

7 years agos4:dsdb/pydsdb: pass down schema_dn to _dsdb_set_schema_from_ldif()
Stefan Metzmacher [Fri, 11 Nov 2011 15:34:48 +0000 (16:34 +0100)]
s4:dsdb/pydsdb: pass down schema_dn to _dsdb_set_schema_from_ldif()

metze

7 years agos4:python/samba/schema: pass down the schema_dn to set_from_ldif()
Stefan Metzmacher [Fri, 11 Nov 2011 15:32:05 +0000 (16:32 +0100)]
s4:python/samba/schema: pass down the schema_dn to set_from_ldif()

metze

7 years agos4:dsdb/samldb: use DSDB_FLAG_AS_SYSTEM in samldb_schema_info_update()
Stefan Metzmacher [Fri, 11 Nov 2011 14:56:01 +0000 (15:56 +0100)]
s4:dsdb/samldb: use DSDB_FLAG_AS_SYSTEM in samldb_schema_info_update()

We should only be able to update the schemaInfo internaly.

metze

7 years agos4:libnet: initialize forest structure in py_net_replicate_init()
Stefan Metzmacher [Tue, 15 Nov 2011 08:45:46 +0000 (09:45 +0100)]
s4:libnet: initialize forest structure in py_net_replicate_init()

metze

7 years agosamba-tool: Don't set UF_PASSWD_NOTREQD flag on "user disable"
Giampaolo Lauria [Mon, 14 Nov 2011 22:54:29 +0000 (17:54 -0500)]
samba-tool: Don't set UF_PASSWD_NOTREQD flag on "user disable"

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Nov 15 02:51:16 CET 2011 on sn-devel-104

7 years agosamba-tool: Remove "domain machinepassword" command
Giampaolo Lauria [Fri, 11 Nov 2011 15:37:39 +0000 (10:37 -0500)]
samba-tool: Remove "domain machinepassword" command

As per Andrew Bartlett's comment:
"we should remove it.  This was originally a script to support some
interactions between samba3 and samba4, when they were in distinct build
systems.  We now can call between the two systems without difficulty at
runtime, so this command has no value."

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
7 years agos4-smbtorture: add spoolss_OpenPrinterEx ndr test with full devmode.
Günther Deschner [Mon, 14 Nov 2011 17:23:01 +0000 (18:23 +0100)]
s4-smbtorture: add spoolss_OpenPrinterEx ndr test with full devmode.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Nov 14 20:21:48 CET 2011 on sn-devel-104

7 years agos3-modules: remove the last "init_module" traces.
Günther Deschner [Mon, 14 Nov 2011 15:29:57 +0000 (16:29 +0100)]
s3-modules: remove the last "init_module" traces.

Guenther

7 years agoFix default value for subunitrun --list.
Jelmer Vernooij [Mon, 14 Nov 2011 13:55:49 +0000 (14:55 +0100)]
Fix default value for subunitrun --list.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 14 17:27:03 CET 2011 on sn-devel-104

7 years agoselftesthelpers: Revert perl changes, add comment on why the original code was necessary.
Jelmer Vernooij [Mon, 14 Nov 2011 12:47:50 +0000 (13:47 +0100)]
selftesthelpers: Revert perl changes, add comment on why the original code was necessary.

7 years agos4-tests: Use plansmbtorturesuite where possible.
Jelmer Vernooij [Mon, 14 Nov 2011 12:10:11 +0000 (13:10 +0100)]
s4-tests: Use plansmbtorturesuite where possible.

7 years agos4-tests: Remove unnecessary py suffix.
Jelmer Vernooij [Mon, 14 Nov 2011 00:54:43 +0000 (01:54 +0100)]
s4-tests: Remove unnecessary py suffix.

7 years agos4-tests: Allow listing tests run for iconv.
Jelmer Vernooij [Mon, 14 Nov 2011 00:54:26 +0000 (01:54 +0100)]
s4-tests: Allow listing tests run for iconv.

7 years agosubunitrun: Don't load smb.conf when just listing tests.
Jelmer Vernooij [Mon, 14 Nov 2011 00:13:36 +0000 (01:13 +0100)]
subunitrun: Don't load smb.conf when just listing tests.

7 years agoRemove broken code - these lines use undefined symbols.
Jelmer Vernooij [Sun, 13 Nov 2011 21:33:41 +0000 (22:33 +0100)]
Remove broken code - these lines use undefined symbols.

7 years agowaf: Fix uselib_store for system libsubunit.
Jelmer Vernooij [Sun, 13 Nov 2011 21:15:49 +0000 (22:15 +0100)]
waf: Fix uselib_store for system libsubunit.

7 years agoselftesthelpers: Cope with empty binary mappings list, simplify handling of perl.
Jelmer Vernooij [Sun, 13 Nov 2011 20:51:53 +0000 (21:51 +0100)]
selftesthelpers: Cope with empty binary mappings list, simplify handling of perl.

7 years agos4:selftest: samba4.urgent_replication.python needs to run as "dc:local"
Stefan Metzmacher [Mon, 14 Nov 2011 09:51:56 +0000 (10:51 +0100)]
s4:selftest: samba4.urgent_replication.python needs to run as "dc:local"

As it uses local files on the dc.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 14 15:48:33 CET 2011 on sn-devel-104

7 years agoselftest/selftesthelpers.py: construct a fullname with env in plantestsuite_idlist()
Stefan Metzmacher [Mon, 14 Nov 2011 13:10:17 +0000 (14:10 +0100)]
selftest/selftesthelpers.py: construct a fullname with env in plantestsuite_idlist()

Like we already do for plantestsuite_loadlist()

metze

7 years agoselftest: planpythontestsuite() should fill 'name' is it's None
Stefan Metzmacher [Mon, 14 Nov 2011 11:21:38 +0000 (12:21 +0100)]
selftest: planpythontestsuite() should fill 'name' is it's None

Otherwise make test shows tests with name "None".

metze