11 years agos3 file_access: Convert some more functions over to use smb_filneame
Tim Prouty [Fri, 26 Jun 2009 01:19:09 +0000 (18:19 -0700)]
s3 file_access: Convert some more functions over to use smb_filneame

11 years agos3: simplify some redundant logic in is_ntfs_default_stream_smb_fname()
Tim Prouty [Fri, 26 Jun 2009 00:24:19 +0000 (17:24 -0700)]
s3: simplify some redundant logic in is_ntfs_default_stream_smb_fname()

11 years agos3: Remove get_full_smb_filename() from open_directory()
Tim Prouty [Thu, 25 Jun 2009 21:44:23 +0000 (14:44 -0700)]
s3: Remove get_full_smb_filename() from open_directory()

This is possible because open_directory() returns an error if
the fname is a stream, so the base_name can be used.

11 years agos3 onefs: Plumb smb_filename through onefs createfile path
Tim Prouty [Thu, 25 Jun 2009 18:20:36 +0000 (11:20 -0700)]
s3 onefs: Plumb smb_filename through onefs createfile path

11 years agos3: Change set_ea() and its callers to use smb_filename
Tim Prouty [Thu, 25 Jun 2009 21:16:46 +0000 (14:16 -0700)]
s3: Change set_ea() and its callers to use smb_filename

11 years agoFix bug #6506 - SMBD server doesn't set EAs when a file is overwritten in NT_TRANSACT...
Jeremy Allison [Thu, 25 Jun 2009 19:57:15 +0000 (12:57 -0700)]
Fix bug #6506 - SMBD server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE.
Reported and verified by Long Li <>

11 years agos4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers.
Kai Blin [Thu, 25 Jun 2009 19:36:49 +0000 (21:36 +0200)]
s4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers.

Thanks to gd for the catch.

11 years agos4 auth_winbind: Don't allocate the rids for the info3 structure within the loop
Kai Blin [Thu, 25 Jun 2009 17:38:51 +0000 (19:38 +0200)]
s4 auth_winbind: Don't allocate the rids for the info3 structure within the loop

11 years agos4: Add libwbclient backend to auth_winbind
Kai Blin [Thu, 25 Jun 2009 17:16:02 +0000 (19:16 +0200)]
s4: Add libwbclient backend to auth_winbind

11 years agos3-netlogon: remove remaining netlogon init functions.
Günther Deschner [Thu, 25 Jun 2009 14:38:39 +0000 (16:38 +0200)]
s3-netlogon: remove remaining netlogon init functions.


11 years agoAdd a \n to a debug message in smbacl4_nfs42win
Volker Lendecke [Thu, 25 Jun 2009 12:46:17 +0000 (14:46 +0200)]
Add a \n to a debug message in smbacl4_nfs42win

11 years agomount.cifs: add support for sending IPv6 scope ID to kernel
Jeff Layton [Thu, 25 Jun 2009 11:27:25 +0000 (07:27 -0400)]
mount.cifs: add support for sending IPv6 scope ID to kernel

When getaddrinfo returns an IPv6 address with a non-zero scope_id, send
that to the kernel appended to the address with a '%' delimiter. This
allows people to mount servers via their link-local IPv6 addresses
(given a kernel that understands this address format, of course).

Signed-off-by: Jeff Layton <>
11 years agos3-netlogon: remove init_netr_SamInfo functions.
Günther Deschner [Thu, 25 Jun 2009 10:12:05 +0000 (12:12 +0200)]
s3-netlogon: remove init_netr_SamInfo functions.


11 years agos3-netlogon: fix validation level 2 support in netr_SamLogon and friends.
Günther Deschner [Thu, 25 Jun 2009 10:00:20 +0000 (12:00 +0200)]
s3-netlogon: fix validation level 2 support in netr_SamLogon and friends.


11 years agos3-examples: make get_next_oid exectuable.
Günther Deschner [Tue, 23 Jun 2009 22:24:55 +0000 (00:24 +0200)]
s3-examples: make get_next_oid exectuable.


11 years agos3-samr: refactor _samr_SetDomainInfo().
Günther Deschner [Thu, 25 Jun 2009 00:06:21 +0000 (02:06 +0200)]
s3-samr: refactor _samr_SetDomainInfo().


11 years agos3-samr: refactor _samr_QueryDomainInfo().
Günther Deschner [Wed, 24 Jun 2009 23:52:06 +0000 (01:52 +0200)]
s3-samr: refactor _samr_QueryDomainInfo().


11 years agos3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT
Tim Prouty [Mon, 22 Jun 2009 22:26:56 +0000 (15:26 -0700)]
s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT

This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname.  They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient.  As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.

There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode.  This is now fixed.

11 years agos3: Convert is_visible_file to use talloc_asprintf instead of malloc
Tim Prouty [Thu, 18 Jun 2009 18:38:42 +0000 (11:38 -0700)]
s3: Convert is_visible_file to use talloc_asprintf instead of malloc

11 years agos3:smbd: send SMB2 interim responses for async calls
Stefan Metzmacher [Tue, 9 Jun 2009 20:34:14 +0000 (22:34 +0200)]
s3:smbd: send SMB2 interim responses for async calls


11 years agos3:smbd: add support for async interim SMB2 responses and prepare SMB2 cancel
Stefan Metzmacher [Tue, 9 Jun 2009 20:33:32 +0000 (22:33 +0200)]
s3:smbd: add support for async interim SMB2 responses and prepare SMB2 cancel


11 years agos3:smbd: keep a list of outstanding SMB2 requests
Stefan Metzmacher [Tue, 9 Jun 2009 19:29:40 +0000 (21:29 +0200)]
s3:smbd: keep a list of outstanding SMB2 requests


11 years agos3:smbd: add smbd_smb2_send_oplock_break()
Stefan Metzmacher [Tue, 9 Jun 2009 18:44:13 +0000 (20:44 +0200)]
s3:smbd: add smbd_smb2_send_oplock_break()


11 years agos3:smbd: the SMB2-COMPOUND test shows that the related vs. unrelated flags isn't...
Stefan Metzmacher [Tue, 9 Jun 2009 18:02:48 +0000 (20:02 +0200)]
s3:smbd: the SMB2-COMPOUND test shows that the related vs. unrelated flags isn't checked first


11 years agoReenable the LDAPI socket for the merged build
Volker Lendecke [Wed, 24 Jun 2009 10:41:16 +0000 (12:41 +0200)]
Reenable the LDAPI socket for the merged build

It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.

Jelmer, can you fix that properly?



11 years agoOnly set the password if there is one
Volker Lendecke [Wed, 24 Jun 2009 10:39:21 +0000 (12:39 +0200)]
Only set the password if there is one

11 years agos4-smbtorture: more paranoid checks while testing group membership in RPC-SAMR.
Günther Deschner [Tue, 23 Jun 2009 22:27:33 +0000 (00:27 +0200)]
s4-smbtorture: more paranoid checks while testing group membership in RPC-SAMR.


11 years agos3-printing: eliminate another non sec_initial_uid using security check.
Günther Deschner [Tue, 23 Jun 2009 18:27:05 +0000 (20:27 +0200)]
s3-printing: eliminate another non sec_initial_uid using security check.


11 years agos3-spoolss: restructure _spoolss_EndDocPrinter().
Günther Deschner [Tue, 23 Jun 2009 18:26:27 +0000 (20:26 +0200)]
s3-spoolss: restructure _spoolss_EndDocPrinter().


11 years agos3-lsa: Fix error path in _lsa_EnumAccountRights.
Günther Deschner [Tue, 23 Jun 2009 09:16:23 +0000 (11:16 +0200)]
s3-lsa: Fix error path in _lsa_EnumAccountRights.

again as described in MS-LSAD and tested with the


11 years agos3-eventlog: implement _eventlog_ReportEventW().
Günther Deschner [Wed, 8 Apr 2009 17:18:13 +0000 (19:18 +0200)]
s3-eventlog: implement _eventlog_ReportEventW().


11 years agos3: re-run make idl.
Günther Deschner [Tue, 23 Jun 2009 08:58:04 +0000 (10:58 +0200)]
s3: re-run make idl.


11 years agosamr: add samr_UserInfoLevel and samr_DomainInfoClass enums based on MS-SAMR.
Günther Deschner [Tue, 23 Jun 2009 08:55:05 +0000 (10:55 +0200)]
samr: add samr_UserInfoLevel and samr_DomainInfoClass enums based on MS-SAMR.


11 years agos3: forward MSG_DEBUG from smbd parent to all children
Aravind Srinivasan [Tue, 16 Jun 2009 22:11:32 +0000 (15:11 -0700)]
s3: forward MSG_DEBUG from smbd parent to all children

Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in, while the "all" target
would send a message to all processes.

The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful.  This was implemented
in winbindd in 065760ed.  This patch does the same thing for smbd.

Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.

The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.

11 years agos3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads struct.
Günther Deschner [Mon, 22 Jun 2009 20:35:58 +0000 (22:35 +0200)]
s3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads struct.


11 years agoAdd tldap paged searches, together with two helper routines
Volker Lendecke [Sat, 20 Jun 2009 16:43:58 +0000 (18:43 +0200)]
Add tldap paged searches, together with two helper routines

11 years agoReorganize retrieving errors and server-sent controls
Volker Lendecke [Sat, 20 Jun 2009 16:42:18 +0000 (18:42 +0200)]
Reorganize retrieving errors and server-sent controls

This attaches the data to the tldap_message instead of the tevent_req.

It adds tldap_ctx_lastmsg() to retrieve the last message for the users of
the sync wrappers.

11 years agoMove asn1_load_nocopy() to lib/util/asn1.c
Volker Lendecke [Fri, 19 Jun 2009 16:20:20 +0000 (18:20 +0200)]
Move asn1_load_nocopy() to lib/util/asn1.c

11 years agoMove asn1_blob() to lib/util/asn1.c
Volker Lendecke [Fri, 19 Jun 2009 15:39:13 +0000 (17:39 +0200)]
Move asn1_blob() to lib/util/asn1.c

11 years agoAdd tldap_supports_control
Volker Lendecke [Fri, 19 Jun 2009 12:01:10 +0000 (14:01 +0200)]
Add tldap_supports_control

11 years agoAdd tldap_entry_has_attrvalue
Volker Lendecke [Fri, 19 Jun 2009 12:00:31 +0000 (14:00 +0200)]
Add tldap_entry_has_attrvalue

11 years agotldap control support
Volker Lendecke [Sat, 6 Jun 2009 21:21:01 +0000 (23:21 +0200)]
tldap control support

11 years agoPrepare control support
Volker Lendecke [Sat, 6 Jun 2009 19:06:33 +0000 (21:06 +0200)]
Prepare control support

We will have arrays of controls passed to tldap.c. Follow a mantra from the
classic book "Thinking Forth" by Leo Brodie: Favor counts over terminators :-)

This makes the parameter lists to tldap pretty long, but everyone will have
wrapper routines anyway, see for example tldap_search_fmt. And the OpenLDAP
manpages call the non-_ext routines deprecated, probably for a reason.

11 years agoFix setting passwords in pdb_ads
Volker Lendecke [Sat, 20 Jun 2009 09:46:42 +0000 (11:46 +0200)]
Fix setting passwords in pdb_ads

The samba4 password_hash module does not allow changing the password fields via
the "delete oldval" -> "add newval" set of modify operations, it requires a
single "replace with newval" operation.

Andrew, Samba3 by default uses that delete/add pair to detect if between
fetching the old value and storing the new one the old value has changed. This
is lost by using the "replace" operation.

Would it make sense to add this to the password_hash module?


11 years agoFix empty lines
Volker Lendecke [Sat, 20 Jun 2009 09:06:14 +0000 (11:06 +0200)]
Fix empty lines

11 years agotalloc_tos() aborts if it can not get a stackframe
Volker Lendecke [Sat, 20 Jun 2009 08:54:51 +0000 (10:54 +0200)]
talloc_tos() aborts if it can not get a stackframe

11 years agoFix coverity #729. Resource leak in error path.
Jeremy Allison [Sat, 20 Jun 2009 00:26:53 +0000 (17:26 -0700)]
Fix coverity #729. Resource leak in error path.

11 years agoFix coverity #740. Resource leak in error paths. We should
Jeremy Allison [Sat, 20 Jun 2009 00:20:00 +0000 (17:20 -0700)]
Fix coverity #740. Resource leak in error paths. We should
always return queue here as the caller will free.

11 years agoFix coverity #900. Resource leak.
Jeremy Allison [Fri, 19 Jun 2009 23:44:15 +0000 (16:44 -0700)]
Fix coverity #900. Resource leak.

11 years agoFix coverity #920. Possible NULL deref.
Jeremy Allison [Fri, 19 Jun 2009 22:29:35 +0000 (15:29 -0700)]
Fix coverity #920. Possible NULL deref.

11 years agoFix coverity #676. Forward NULL.
Jeremy Allison [Fri, 19 Jun 2009 21:55:00 +0000 (14:55 -0700)]
Fix coverity #676. Forward NULL.

11 years agos3: fix make test with external libtalloc or libtdb.
Michael Adam [Fri, 19 Jun 2009 19:04:06 +0000 (21:04 +0200)]
s3: fix make test with external libtalloc or libtdb.

This skips the talloctort and tdbtorture tests when the
corresponding binaries are not present.
There might be more clever ways of detecting wether samba
has been linked with internal or external libraries, but
as a first approximation, this seems valid.


11 years agos3:build: build talloctort only when using the internal liballoc
Michael Adam [Fri, 19 Jun 2009 18:31:33 +0000 (20:31 +0200)]
s3:build: build talloctort only when using the internal liballoc

Fixes the build with the external libtalloc.
And is the reasonable thing to do anyways.


11 years agos3:build: build the tdb tools only when using the internal libtdb
Michael Adam [Fri, 19 Jun 2009 17:45:58 +0000 (19:45 +0200)]
s3:build: build the tdb tools only when using the internal libtdb

This fixes the build when internal libtdb is used.


11 years agos3:build: remove LIBTDB_OBJ from TDBTORTURE_OBJ collection
Michael Adam [Fri, 19 Jun 2009 17:27:02 +0000 (19:27 +0200)]
s3:build: remove LIBTDB_OBJ from TDBTORTURE_OBJ collection

tdbtorture is linked with LIBTDB_LIBS, which is whatever
configure has determined to be (-ltdb or LIBTDB_OBJ ...).


11 years agos3:build: check for availability of external libtdb and use it if available
Michael Adam [Fri, 19 Jun 2009 17:02:04 +0000 (19:02 +0200)]
s3:build: check for availability of external libtdb and use it if available

Link internal libtalloc statiaclly if extenal libtalloc is not found
or does not have appropriate version.


11 years agos3:build: link libtalloc statically if using internal libtalloc
Michael Adam [Wed, 17 Jun 2009 16:20:30 +0000 (18:20 +0200)]
s3:build: link libtalloc statically if using internal libtalloc


11 years agoDon't require "Modify property" perms to unjoin bug #6481)
Jim McDonough [Fri, 19 Jun 2009 17:46:07 +0000 (13:46 -0400)]
Don't require "Modify property" perms to unjoin bug #6481)
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).

Libnetapi should not delete machine accounts, as this does not
happen on win32.  The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).

However, to keep the functionality in "net ads leave", we
will still try to do the delete.  If this fails, we try
to do the disable.

Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account.  libnet can now do this as well.

11 years agoAdd a missing talloc_move() in tldap_search_recv
Volker Lendecke [Fri, 19 Jun 2009 15:36:38 +0000 (17:36 +0200)]
Add a missing talloc_move() in tldap_search_recv

11 years agoFix Coverity IDs 922 and 933
Volker Lendecke [Fri, 19 Jun 2009 14:00:23 +0000 (16:00 +0200)]
Fix Coverity IDs 922 and 933

In copy_internals(), if the !CAN_WRITE(conn) kicks in, we end up
dereferencing a NULL smb_filename.

This adds a simple protection around it.

Tim, please check!


11 years agos3/docs: Fix typo.
Karolin Seeger [Fri, 19 Jun 2009 13:23:22 +0000 (15:23 +0200)]
s3/docs: Fix typo.

This fixes bug #6412.
Thanks to Carsten Dumke <carsten [at]> for reporting!


11 years agoAdd tiny tldap test
Volker Lendecke [Fri, 19 Jun 2009 11:06:02 +0000 (13:06 +0200)]
Add tiny tldap test

11 years agoAdd tldap_fetch_rootdse
Volker Lendecke [Sat, 13 Jun 2009 09:59:39 +0000 (11:59 +0200)]
Add tldap_fetch_rootdse

11 years agoMake tevent_req_is_ldap_error public
Volker Lendecke [Fri, 19 Jun 2009 10:41:16 +0000 (12:41 +0200)]
Make tevent_req_is_ldap_error public

11 years agoAdd tldap_context_[gs]etattr
Volker Lendecke [Fri, 19 Jun 2009 09:45:01 +0000 (11:45 +0200)]
Add tldap_context_[gs]etattr

This adds the ability to attach extended information to a tldap_context. This
will become useful once we start to do automatic reconnects for example, a
callback function might want attach a pointer to credentials so that it can

The initial user of this will be a cached rootdse, so that things like the
ability to do paged searches can be cached.

11 years agos3:dmapi: prefer dmapi libs from gpfs over system libs
Björn Jacke [Fri, 19 Jun 2009 09:51:22 +0000 (11:51 +0200)]
s3:dmapi: prefer dmapi libs from gpfs over system libs

Patch from William Jojo sent to samba-technical:

This is based on some pain felt when building 32-bit and 64-bit Clustered Samba
on AIX with GPFS support.

Part of the problem lies in AIX only providing 32-bit shared object in
libxdsm.a(shr.o). So without libdmapi.a from gpfs.base, you get no DMAPI
support under 64-bit.

11 years agos4-smbtorture: fix test_GetInfoLevel crash bug in RPC-DFS.
Günther Deschner [Fri, 19 Jun 2009 00:52:53 +0000 (02:52 +0200)]
s4-smbtorture: fix test_GetInfoLevel crash bug in RPC-DFS.


11 years agoMerge branch 'master' of ssh:// into master-devel
Andrew Bartlett [Fri, 19 Jun 2009 05:38:33 +0000 (15:38 +1000)]
Merge branch 'master' of ssh:// into master-devel

11 years agoAllow developers access the the privilaged ldapi socket for the moment
Andrew Bartlett [Fri, 19 Jun 2009 05:29:42 +0000 (15:29 +1000)]
Allow developers access the the privilaged ldapi socket for the moment

This allows us some time to get the EXTERNAL bind working

11 years agoOn our way to alpha9!
Andrew Bartlett [Fri, 19 Jun 2009 04:43:51 +0000 (14:43 +1000)]
On our way to alpha9!

11 years agoMark as release version samba-4.0.0alpha8
Andrew Bartlett [Fri, 19 Jun 2009 04:36:48 +0000 (14:36 +1000)]
Mark as release version

11 years agoPartially revert restriction of socket_wrapper to 1500 byte writes
Andrew Bartlett [Fri, 19 Jun 2009 03:25:28 +0000 (13:25 +1000)]
Partially revert restriction of socket_wrapper to 1500 byte writes

This keeps the restriction for stream sockets (where the caller will
retry), without creating problems on datagram sockets (CLDAP is not
defined, as far as I know, across multiple UDP packets).

The commit adding this restriction was

Andrew Bartlett

11 years agos4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef
Andrew Bartlett [Thu, 18 Jun 2009 04:55:31 +0000 (14:55 +1000)]
s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef

This makes it clear to our users that this particular implementation
isn't final (all parties are agreed that an EXTERNAL bind is the right
way to do this, but it has not been implemented yet).

Andrew Bartlett

11 years agoadded some basic documentation for the idmap script option
Andrew Tridgell [Fri, 19 Jun 2009 03:57:30 +0000 (13:57 +1000)]
added some basic documentation for the idmap script option

11 years agoadded a sample script for the "idmap script" option
Andrew Tridgell [Fri, 19 Jun 2009 03:57:13 +0000 (13:57 +1000)]
added a sample script for the "idmap script" option

11 years agoPartially revert restriction of socket_wrapper to 1500 byte writes
Andrew Bartlett [Fri, 19 Jun 2009 03:25:28 +0000 (13:25 +1000)]
Partially revert restriction of socket_wrapper to 1500 byte writes

This keeps the restriction for stream sockets (where the caller will
retry), without creating problems on datagram sockets (CLDAP is not
defined, as far as I know, across multiple UDP packets).

The commit adding this restriction was

Andrew Bartlett

11 years agos4:ldb Add test for integer normalisation behaviour
Andrew Bartlett [Fri, 19 Jun 2009 01:29:31 +0000 (11:29 +1000)]
s4:ldb Add test for integer normalisation behaviour

This uses groupType as the example, but this actually applies to all
integer types in AD.

Andrew Bartlett

11 years agoA fix in the ACL code used by both SAMBA 3 and 4
Matthias Dieter Wallnöfer [Thu, 18 Jun 2009 09:18:05 +0000 (11:18 +0200)]
A fix in the ACL code used by both SAMBA 3 and 4

This fixes an uninitialised structure. It has been found through valgrind
in the RAW-ACLs test suite (Bug #6397).

11 years agoFixed some uninitialised variables
Matthias Dieter Wallnöfer [Thu, 18 Jun 2009 09:16:16 +0000 (11:16 +0200)]
Fixed some uninitialised variables

I tried hard to not change the program logic. Should fix bug #6439.

11 years agoCorrect handling of 32-bit integer attributes in SAMBA 4
Matthias Dieter Wallnöfer [Thu, 18 Jun 2009 09:05:45 +0000 (11:05 +0200)]
Correct handling of 32-bit integer attributes in SAMBA 4
- LDB handles now all 32-bit integer attributes correctly (also with overflows)
  according to the schema
- LDAP backends handle the attributes "groupType", "userAccountControl" and
  "sAMAccountType" correctly. This handling doesn't yet use the schema but
  the conversion file "" which contains them hardcoded.
  Did also a refactoring of the conversion function there.
- Bug #6136 should be gone

11 years agos3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.
Günther Deschner [Thu, 18 Jun 2009 23:57:16 +0000 (01:57 +0200)]
s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.

Based on patch from Blindauer Emmanuel <>.


11 years agoFix bug 4699: Remove pidfile on clean shutdown
Volker Lendecke [Thu, 18 Jun 2009 09:45:57 +0000 (11:45 +0200)]
Fix bug 4699: Remove pidfile on clean shutdown

11 years agoacl_group_override() doesn't need to call stat. Pass this
Jeremy Allison [Thu, 18 Jun 2009 22:40:14 +0000 (15:40 -0700)]
acl_group_override() doesn't need to call stat. Pass this
down from above (as const).

11 years agoAdd some const to the stat struct in the dosmode calls.
Jeremy Allison [Thu, 18 Jun 2009 22:07:14 +0000 (15:07 -0700)]
Add some const to the stat struct in the dosmode calls.
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.

11 years agoReplace the boilerplate calls to :
Jeremy Allison [Thu, 18 Jun 2009 20:13:38 +0000 (13:13 -0700)]
Replace the boilerplate calls to :
resolve_dfspath() -> unix_convert() -> get_full_smb_filename() -> check_name()
with a new function filename_convert().
This restores the check_name() calls that had gone missing
since the default create_file was changed. All "standard"
pathname processing now goes through filename_convert().
I'll take a look at the non-standard pathname processing
next. As a benefit, fixed a missing resolve_dfspath()
in the trans2 mkdir call.

11 years agolibwbclient: fix returned LogonInfo in wbc_LogonUser().
Günther Deschner [Thu, 18 Jun 2009 14:17:26 +0000 (16:17 +0200)]
libwbclient: fix returned LogonInfo in wbc_LogonUser().

That function could return emtpy blobs for username and ccache for e.g. cached


11 years agowbinfo: use wbcLogonUser for wbinfo -K.
Günther Deschner [Thu, 18 Jun 2009 14:33:46 +0000 (16:33 +0200)]
wbinfo: use wbcLogonUser for wbinfo -K.


11 years agoRevert "For tevent to install tevent_util.h"
Simo Sorce [Thu, 18 Jun 2009 11:56:51 +0000 (07:56 -0400)]
Revert "For tevent to install tevent_util.h"

This reverts commit b112cc5503350b248949bdbcce8072f5523ce877.

tevent_util.h is a private header. Must not be installed.

11 years agos3/docs: Add documentation for 'net sam rights'.
Karolin Seeger [Thu, 18 Jun 2009 07:32:10 +0000 (09:32 +0200)]
s3/docs: Add documentation for 'net sam rights'.

This is part of a fix for bug #6328.


11 years agos3:netlogon Cope with recent rename in netlogon.idl
Andrew Bartlett [Thu, 18 Jun 2009 05:00:28 +0000 (15:00 +1000)]
s3:netlogon Cope with recent rename in netlogon.idl

11 years agoRemove unused variable
Andrew Bartlett [Thu, 18 Jun 2009 04:02:13 +0000 (14:02 +1000)]
Remove unused variable

11 years agoBump the ldb version and the version Samba4 requires.
Andrew Bartlett [Thu, 18 Jun 2009 03:50:36 +0000 (13:50 +1000)]
Bump the ldb version and the version Samba4 requires.

We have made a lot of useful changes to LDB since the last realese,
that Samba4 now relies on.  This ensures that a build against a system
LDB will only succeed against the right version.

Andrew Bartlett

11 years agos4: Add tests and 'must change password' flags in setpassword and newuser
Andrew Bartlett [Thu, 18 Jun 2009 02:38:04 +0000 (12:38 +1000)]
s4: Add tests and 'must change password' flags in setpassword and newuser

In particular, ensure that we can acutally change the password under
these circumstances.

Andrew Bartlett

11 years agos4:testprogs Don't specify a username/password when checking the ccache
Andrew Bartlett [Thu, 18 Jun 2009 02:36:00 +0000 (12:36 +1000)]
s4:testprogs Don't specify a username/password when checking the ccache

The purpose of this test is to ensure that the Kerberos credentials
cache is valid.  If the username and password is specified, this
overrides the very thing we are trying to test.

Andrew Bartlett

11 years agos4:libnet Allow 'net password change' to work on expired passwords
Andrew Bartlett [Thu, 18 Jun 2009 02:33:46 +0000 (12:33 +1000)]
s4:libnet Allow 'net password change' to work on expired passwords

We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.

The anonymous connection can then change the password with SAMR.

Andrew Bartlett

11 years agos4:kdc Allow a password change when the password is expired
Andrew Bartlett [Thu, 18 Jun 2009 01:08:46 +0000 (11:08 +1000)]
s4:kdc Allow a password change when the password is expired

This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue.  (In particular, in
case our requirements become more complex in future).

The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw

Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.

Andrew Bartlett

11 years agos4:setup Add an option to 'setpassword' to force password change at next login
Andrew Bartlett [Tue, 16 Jun 2009 23:14:17 +0000 (09:14 +1000)]
s4:setup Add an option to 'setpassword' to force password change at next login

11 years agos4:gensec Print GSSAPI error message when unable to find PAC
Andrew Bartlett [Tue, 16 Jun 2009 23:13:12 +0000 (09:13 +1000)]
s4:gensec Print GSSAPI error message when unable to find PAC

11 years agoRequire the new tdb 1.1.5 (for performance reasons)
Andrew Bartlett [Tue, 16 Jun 2009 23:08:23 +0000 (09:08 +1000)]
Require the new tdb 1.1.5 (for performance reasons)

While tdb has not changed ABI in a way that requires this, we don't
want Samba4 somehow built against the old version with
performance problems on large, growing databases.

Andrew Bartlett

11 years agoFixes for the "cldap" tests
Matthias Dieter Wallnöfer [Mon, 15 Jun 2009 15:55:43 +0000 (17:55 +0200)]
Fixes for the "cldap" tests

- Insert a check after the "tsocket" library call to make sure that the call
  terminated correctly
- Add a comment to explain why on further calls of "cldap_socket_init" the
  destination address hasn't to be specified