Stefan Metzmacher [Tue, 18 Mar 2008 08:36:29 +0000 (09:36 +0100)]
selftest: use a separate var for printing out sub parts of lines with \r
This restores the bahavior of the $_ variable in the code
that detects expected failures.
metze
Kai Blin [Wed, 5 Mar 2008 23:52:37 +0000 (00:52 +0100)]
idmap: Map SIDs to unixids instead of uids/gids
Kai Blin [Tue, 18 Mar 2008 09:53:25 +0000 (10:53 +0100)]
make: Fix make valgrindtest-env
Stefan Metzmacher [Mon, 17 Mar 2008 11:11:44 +0000 (12:11 +0100)]
RAW-BENCH-OPEN: avoid sync calls before the main loop
On multi cpu machines the server may reply to the
first requests while the test is still in setup mode.
Now we setup the first opens, but send them all together
when entering the main loop.
metze
Stefan Metzmacher [Mon, 17 Mar 2008 08:59:30 +0000 (09:59 +0100)]
RAW-BENCH-OPEN: fix the output and calculate the total operations
metze
Stefan Metzmacher [Mon, 17 Mar 2008 14:17:19 +0000 (15:17 +0100)]
selftest: handle progress output in verbose mode
metze
Stefan Metzmacher [Mon, 17 Mar 2008 13:08:57 +0000 (14:08 +0100)]
socket_wrapper: make pcap code more portable
Now the pcap support works on x86_64.
metze
Andrew Bartlett [Mon, 17 Mar 2008 04:22:52 +0000 (15:22 +1100)]
Don't require users of credentials.h to have krb5.h and gssapi.h
Rather than require users of Samba4's headers to have krb5-devel
installed (presumably in their system paths), don't expose the minor
functions which require this by default.
Andrew Bartlett
Stefan Metzmacher [Sat, 15 Mar 2008 11:36:20 +0000 (12:36 +0100)]
pvfs_open: set h->have_opendb_entry directly after odb_open_file()
Otherwise we may not clean up in the destructor.
metze
Stefan Metzmacher [Sat, 15 Mar 2008 11:35:04 +0000 (12:35 +0100)]
pvfs_open: the pvfs_odb_retry structs need to be children of the request
Otherwise they're not cleaned up when the request is finished.
metze
Stefan Metzmacher [Sat, 15 Mar 2008 11:22:36 +0000 (12:22 +0100)]
pvfs_unlink: disable async retries for wildcard deletes
We would setup multiple retries per client request.
metze
Stefan Metzmacher [Sat, 15 Mar 2008 11:21:06 +0000 (12:21 +0100)]
messaging: fix a valgrind warning on 64bit hosts zero out padding
metze
Andrew Bartlett [Sat, 15 Mar 2008 08:03:04 +0000 (19:03 +1100)]
Rework memberof handling in slapd.conf (used for OpenLDAP backend)
Instead of using an include file, put the generated configurationd
directly into slapd.conf.
Andrew Bartlett
Stefan Metzmacher [Fri, 14 Mar 2008 13:33:18 +0000 (14:33 +0100)]
swig: regenerate _wrap.c files
metze
Stefan Metzmacher [Fri, 14 Mar 2008 13:32:26 +0000 (14:32 +0100)]
swig: make the code more portable and use NT_STATUS_V() and W_ERROR_V()
metze
Michael Adam [Fri, 14 Mar 2008 08:39:58 +0000 (09:39 +0100)]
libreplace: fix samba4 build (by not setting global LIBS).
This corrects the earlier fix of the standalone build, by setting
LIBS to the desired value only in configure.ac but not in getifaddrs.m4.
Not that this changes the standalone build in that it adds these libs
undconditionally and not only if they are needed by the getifaddrs
replacement functions.
Michael
Michael Adam [Fri, 14 Mar 2008 07:52:16 +0000 (08:52 +0100)]
libreplace: add -I$libreplacedir to CPPFLAGS for getifaddrs tests.
This is needed, otherwise $libreplacedir/system/network.h does not
find $libreplacedir/getaddrinfo.h on some systems (solaris, e.g.).
Michael
Michael Adam [Fri, 14 Mar 2008 08:04:00 +0000 (09:04 +0100)]
heimdal_build: fix linkage of asn1_compile and compile_et.
Now inet_aton is available from libreplace.
Michael
Michael Adam [Fri, 14 Mar 2008 07:49:34 +0000 (08:49 +0100)]
libreplace: add an inet_aton() function that calls inet_pton().
inet_aton() is even needed inside libreplace, in the implementation
of rep_getaddrinfo().
Michael
Andrew Bartlett [Fri, 14 Mar 2008 01:32:07 +0000 (12:32 +1100)]
Allow more 'domain' objects when looking for a unqiue SID.
Andrew Bartlett
Andrew Bartlett [Fri, 14 Mar 2008 01:26:03 +0000 (12:26 +1100)]
Rework our SAMR test and SAMR server.
Now that we don't create users/domain groups/aliases in the builtin
domain, we hit some bugs in the server-side implementation of the
enumeration functions.
In essence, it turns out to be: don't treat 0 as a special case.
Also, fix up the PDC name to always be returned. I'm sure nothing
actually uses it, particularly for BUILTIN...
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 23:11:03 +0000 (10:11 +1100)]
Check for Administrator as a Alias (copy&paste bug)
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 22:59:24 +0000 (09:59 +1100)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Stefan Metzmacher [Thu, 13 Mar 2008 15:26:37 +0000 (16:26 +0100)]
build: compile_et also needs inet_aton()
metze
Stefan Metzmacher [Thu, 13 Mar 2008 14:55:56 +0000 (15:55 +0100)]
build: we don't rely on bash yet:-) '==' should be just '='
metze
Michael Adam [Thu, 13 Mar 2008 13:30:23 +0000 (14:30 +0100)]
fix build of asn1_compile when there is no system inet_aton() function.
Michael
Stefan Metzmacher [Thu, 13 Mar 2008 13:27:10 +0000 (14:27 +0100)]
configure: when detecting python we should disable pyconfig.h
This fixes the detection on HP-UX where the pyconfig.h contains
bogus defines.
metze
Andrew Bartlett [Thu, 13 Mar 2008 06:26:01 +0000 (17:26 +1100)]
Rework SAMR functions to avoid gendb_search()
The gendb_*() API does not return error codes, and mixes error returns
with the count of returned entries.
Andrew Bartlett
Andrew Kroeger [Thu, 13 Mar 2008 04:21:14 +0000 (23:21 -0500)]
kdc: Provide extended error information in AS-REP error replies.
This change utilizes the addition of the e_data parameter to the windc_plugin in
the heimdal code to pass extended information back to the client. The extended
information is provided in an e-data block as part of the kerberos error
message, and allows the client to determine which specific error condition
occurred.
Andrew Kroeger [Thu, 13 Mar 2008 04:11:48 +0000 (23:11 -0500)]
heimdal: Add parameter to windc_plugin to allow extended return codes.
These changes add a krb5_data parameter named e_data to the windc_plugin to
allow the samba KDC to return extended error information in addition to the
standard KRB5KDC_ERR_* codes. Windows uses the extended information to provide
detailed information in user dialogs (e.g. account disabled, logon hours
restriction, must change password, etc.).
This particular commit modifies only heimdal code. Hopefully this can be
submitted and accepted into the upstream heimdal codebase.
Andrew Bartlett [Thu, 13 Mar 2008 05:35:53 +0000 (16:35 +1100)]
Don't use 'dn', this attribute does not exist with the LDAP backend,
or in AD.
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 05:35:11 +0000 (16:35 +1100)]
Show why a LookupName fails (help debugging)
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 03:13:31 +0000 (14:13 +1100)]
Report binding in libnet failure message.
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 03:12:50 +0000 (14:12 +1100)]
Bail out, rather than segfault on no domain sid.
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 03:12:18 +0000 (14:12 +1100)]
Correctly normalise records against OpenLDAP.
Fixing this simple typo allows more of the ldap.js test to pass.
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 03:11:06 +0000 (14:11 +1100)]
Don't search the whole tree for the domains's sid
This change removes a dependency on objectclass=domainDNS, and avoids
a subtree search when we really know exactly where this record is.
Andrew Bartlett
Andrew Bartlett [Thu, 13 Mar 2008 00:36:58 +0000 (11:36 +1100)]
Rework to have member server 'domains' be CN=NETBIOSNAME
This reworks quite a few parts of our provision system to use
CN=NETBIOSNAME as the domain for member servers.
This makes it clear that these domains are not in the DNS structure,
while complying with our own schema (found by OpenLDAP's schema
validation).
Andrew Bartlett
Andrew Bartlett [Wed, 12 Mar 2008 23:27:09 +0000 (10:27 +1100)]
Don't segfault on invalid objectClass input.
If the objectClass found does not include a defaultSecurityDescriptor,
then we should not segfault in the SDDL parser.
Andrew Bartlett
Andrew Bartlett [Wed, 12 Mar 2008 23:00:57 +0000 (10:00 +1100)]
Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
Andrew Bartlett [Wed, 12 Mar 2008 22:55:06 +0000 (09:55 +1100)]
Update the provision scripts and selftest for LDAP
This should allow us to provision onto an OpenLDAP backend again.
Also ensure we always have a sysvol and netlogon share in the selftest
environment.
Andrew Bartlett
Andrew Bartlett [Wed, 12 Mar 2008 22:53:32 +0000 (09:53 +1100)]
Don't talloc_free() the UUID before we return.
This error caused us to put a 0x80 byte at the end of GUID, which was
only detected by OpenLDAP's schema checking.
Andrew Bartlett
Andrew Bartlett [Wed, 12 Mar 2008 21:08:05 +0000 (08:08 +1100)]
Upgrade provision-backend to python.
This required a large rework of the provision code, so as to move much
of the 'guess' logic into subprocedures, rather than just inline in
the provision code.
Andrew Bartlett
Stefan Metzmacher [Wed, 12 Mar 2008 13:02:11 +0000 (14:02 +0100)]
pvfs_open: retry pvfs_open() after an EGAIN or EWOULDBLOCK from open()
In case a unix application as an oplock or share mode on
a file we need to retry periodicly as there's no way
to get a notification from the kernel when the oplock
is released.
metze
Stefan Metzmacher [Mon, 10 Mar 2008 11:48:02 +0000 (12:48 +0100)]
pvfs_open: pass O_NONBLOCK to open() so that we'll not block with kernel oplocks
metze
Stefan Metzmacher [Fri, 7 Mar 2008 11:21:11 +0000 (12:21 +0100)]
opendb_tdb: use sys_lease to setup kernel oplocks
metze
Stefan Metzmacher [Fri, 7 Mar 2008 11:19:06 +0000 (12:19 +0100)]
ntvfs/sysdep: implement linux kernel oplocks based F_SETLEASE
metze
Stefan Metzmacher [Fri, 7 Mar 2008 11:19:06 +0000 (12:19 +0100)]
ntvfs/sysdep: add sys_lease abstraction to later support kernel oplocks
metze
Stefan Metzmacher [Sat, 8 Mar 2008 08:20:08 +0000 (09:20 +0100)]
pvfs_open: pass down &f->handle->fd to odb_open_file()
metze
Stefan Metzmacher [Sat, 8 Mar 2008 08:12:09 +0000 (09:12 +0100)]
opendb: pass down a pointer to the fd in odb_open_file()
This prepares kernel oplock support.
metze
Stefan Metzmacher [Wed, 12 Mar 2008 16:34:16 +0000 (17:34 +0100)]
ntvfs/cifs: fix the fnum on RAW_RENAME_NTTRANS
metze
Stefan Metzmacher [Wed, 12 Mar 2008 14:12:26 +0000 (15:12 +0100)]
pvfs_rename: implement RAW_RENAME_NTTRANS as noop as w2k3
metze
Stefan Metzmacher [Wed, 12 Mar 2008 14:10:57 +0000 (15:10 +0100)]
RAW-RENAME: w2k3 just ignores a NTTRANS-RENAME!
metze
Stefan Metzmacher [Wed, 12 Mar 2008 13:21:50 +0000 (14:21 +0100)]
RAW-STREAMS: do a exit on the session after each sub tests
metze
Stefan Metzmacher [Wed, 12 Mar 2008 13:21:21 +0000 (14:21 +0100)]
RAW-STREAMS: do what the comments say
metze
Jeremy Allison [Tue, 11 Mar 2008 22:27:08 +0000 (15:27 -0700)]
Added test_nttransrename() to test Metze's new code.
Jeremy.
Stefan Metzmacher [Tue, 11 Mar 2008 20:58:29 +0000 (21:58 +0100)]
RAW-SEARCH: skip RESUME_KEY tests against samba3
metze
Jeremy Allison [Tue, 11 Mar 2008 20:39:04 +0000 (13:39 -0700)]
Samba3.2 now passes a lot more tests - remove the S3 specific
exemptions.
Jeremy.
Jeremy Allison [Tue, 11 Mar 2008 19:37:20 +0000 (12:37 -0700)]
Samba3 now passes the test_raw_oplock_exclusive3 test.
Jeremy.
Stefan Metzmacher [Tue, 11 Mar 2008 18:29:18 +0000 (19:29 +0100)]
pvfs: return NT_STATUS_NOT_IMPLEMENTED on RAW_RENAME_NTTRANS
metze
Stefan Metzmacher [Tue, 11 Mar 2008 18:28:34 +0000 (19:28 +0100)]
smb_server: pass down RAW_RENAME_NTTRANS to the ntvfs layer
metze
Stefan Metzmacher [Mon, 10 Mar 2008 11:46:17 +0000 (12:46 +0100)]
events_signal: pass down the correct siginfo_t struct to the event handler
metze
Stefan Metzmacher [Tue, 11 Mar 2008 18:11:57 +0000 (19:11 +0100)]
libcli/raw: add RAW_RENAME_NTTRANS support
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Tue, 11 Mar 2008 17:21:09 +0000 (10:21 -0700)]
Test trans2 renames with oplocks. It looks like trans2 renames
ignore share modes and oplock breaks :-(.
Jeremy.
Andrew Bartlett [Tue, 11 Mar 2008 03:41:10 +0000 (14:41 +1100)]
Fix provision script to work without smb.conf location specified.
Andrew Bartlett
Andrew Bartlett [Tue, 11 Mar 2008 03:21:53 +0000 (14:21 +1100)]
Extend testsuite to cover specifying a domain SID.
Andrew Bartlett
Andrew Bartlett [Tue, 11 Mar 2008 03:20:42 +0000 (14:20 +1100)]
Make error handling in ldb more consistant.
This change ensures we give an immidiate error if the DN won't parse.
Also clean up strcmp use to be more standard.
Andrew Bartlett
Stefan Metzmacher [Sat, 8 Mar 2008 07:55:12 +0000 (08:55 +0100)]
opendb_tdb: keep struct opendb_file arround for the lifetime of struct odb_lock
That means we only have to parse the record once
and as the tdb record is locked the in memory copy
is always the same as the one in the tdb.
metze
Stefan Metzmacher [Sat, 8 Mar 2008 07:58:41 +0000 (08:58 +0100)]
opendb_tdb: correctly initialize modified to false
Otherwise this variable would never change its value...
metze
Stefan Metzmacher [Sat, 8 Mar 2008 08:20:55 +0000 (09:20 +0100)]
we now define PACKAGE_BUGREPORT in config.h
metze
Stefan Metzmacher [Fri, 7 Mar 2008 17:28:48 +0000 (18:28 +0100)]
pvfs_open: fix the odb_open_file() callers
metze
Stefan Metzmacher [Fri, 7 Mar 2008 17:23:34 +0000 (18:23 +0100)]
opendb: force odb_can_open() before odb_open_file()
Now there's only odb_can_open() which handles the
share_access rules.
And odb_open_file() only adds the new opendb_entry into the
database and calculates the granted oplock level.
metze
Stefan Metzmacher [Fri, 7 Mar 2008 16:50:17 +0000 (17:50 +0100)]
pvfs_open: always call odb_can_open() before odb_open_file()
odb_open_file() will later change to not redo the logic of
odb_can_open().
metze
Stefan Metzmacher [Fri, 7 Mar 2008 09:33:57 +0000 (10:33 +0100)]
opendb_tdb: pass down struct messaging_context directly to odb_oplock_break_send()
metze
Stefan Metzmacher [Fri, 7 Mar 2008 18:12:14 +0000 (19:12 +0100)]
vfs_cifs: disable level2 oplocks if the frontend client doesn't support them
metze
Jelmer Vernooij [Fri, 7 Mar 2008 17:20:12 +0000 (18:20 +0100)]
Rerun SWIG.
Michael Adam [Fri, 7 Mar 2008 14:00:37 +0000 (15:00 +0100)]
torture: fix escape sequence in test_chkpath().
Michael
Michael Adam [Fri, 7 Mar 2008 13:59:19 +0000 (14:59 +0100)]
configure: Add major version 4 to AC_INIT call.
Michael
Andrew Kroeger [Fri, 7 Mar 2008 11:56:04 +0000 (05:56 -0600)]
Treat maxPwdAge == 0 as passwords never expire.
Andrew Kroeger [Thu, 6 Mar 2008 12:08:32 +0000 (06:08 -0600)]
Enhance mappings of NTSTATUS to KRB5KDC errors.
The enhanced mappings allow the Windows client to determine whether a user's
password needs to be changed (and allows them to change it), or if they cannot
logon at all.
Changes still need to be made to allow additional data to be returned. Windows
uses that additional data to display more detailed dialogs to the user. The
additional information is returned in an e-data struct of type PA-PW-SALT that
contains the more-detailed NTSTATUS error code.
Andrew Kroeger [Thu, 6 Mar 2008 12:07:28 +0000 (06:07 -0600)]
Update account expiration to use new samdb_result_account_expires() function.
Andrew Kroeger [Thu, 6 Mar 2008 12:02:46 +0000 (06:02 -0600)]
Add samdb_result_account_expires() function.
Windows uses 2 different values to indicate an account doesn't expire: 0 and
9223372036854775807 (0x7FFFFFFFFFFFFFFFULL).
This function looks up the value of the accountExpires attribute and if the
value is either value indicating the account doesn't expire,
0x7FFFFFFFFFFFFFFFULL is returned.
This simplifies the tests for account expiration. There is no need to check
elsewhere in the code for both values, therefore a simple greater-than
expression can be used.
Andrew Kroeger [Thu, 6 Mar 2008 11:56:49 +0000 (05:56 -0600)]
accountExpires: Windows default is
9223372036854775807, not -1.
Amin Azez [Fri, 7 Mar 2008 10:55:49 +0000 (10:55 +0000)]
Use 32 bit storage for nttrans counts
Erroneous 16bit storage for nttrans counts meant that nttrans behaved
"strangely" for sizes of over 64K
As 32 bit is used in the SMB message and specified in
http://us4.samba.org/samba/ftp/specs/draft-leach-cifs-v1-spec-02.txt
section 3.13.2
this fix changes storage to match.
Signed-off-by: Amin Azez <azez@ufomechanic.net>
Andrew Bartlett [Fri, 7 Mar 2008 08:20:39 +0000 (19:20 +1100)]
Try to fix up part of the upgrade test.
There are still problems with the upgrade test, but these are not
related to the provision system.
Andrew Bartlett
Andrew Bartlett [Thu, 6 Mar 2008 23:57:52 +0000 (10:57 +1100)]
Rework provision scripts for more testing
This fixes up some issues with testdir (was not honoured) and
increases test coverage.
We now check all the major provision modes. In doing so, to make it
possible to call from the multiple layers of 'sh', I have allowed 'dc'
to alias 'domain controller' and 'member' to alias 'member server'.
Fighting shell quoting in the test system was just too hard...
Also fix upgrade.py
Andrew Bartlett
Andrew Bartlett [Thu, 6 Mar 2008 22:05:24 +0000 (09:05 +1100)]
Fixup the NET-API-USERMOD test.
This test needed to be updated to handle the fact that you cannot
clear the ACB_PW_EXPIRED bit, and to always use the torture comment
functions (not printf directly).
Andrew Bartlett
Andrew Bartlett [Thu, 6 Mar 2008 20:38:44 +0000 (07:38 +1100)]
Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
Andrew Bartlett [Thu, 6 Mar 2008 20:33:14 +0000 (07:33 +1100)]
Start to rework provision for LDAP backends
This is the start of the rework of the provision script to handle an
LDAP backend correctly. For example, we must not set the 'tdb
modules' against an LDAP backend such as OpenLDAP that handles subtree
renames.
Andrew Bartlett
Günther Deschner [Thu, 6 Mar 2008 15:41:24 +0000 (16:41 +0100)]
Ignore Kerberos PAC type 12.
Until we worked out the PAC_TYPE_UNKNOWN_12 format (or received documentation)
ignore it so that the PAC parsing can proceed.
Guenther
(cherry picked from commit
3630ec26c99fdea46c47117d026f9bffb2c4590a)
Günther Deschner [Thu, 6 Mar 2008 13:15:07 +0000 (14:15 +0100)]
Slowly making progress on PAC_UNKNOWN_12.
unknown1 and unknown2 are offset headers for the strings.
Guenther
(cherry picked from commit
7af70e75b9abf92921f33ec4207ad486ee2493d6)
Günther Deschner [Tue, 4 Mar 2008 11:26:05 +0000 (12:26 +0100)]
Add new Windows 2008 Kerberos PAC Type 12 (apparently again undocumented).
We need at least to parse this in order to correctly support kerberized session
setup from w2k8 as well as local pam_winbind logons using kerberos.
Guenther
(cherry picked from commit
4ba62d49d740c43cf17ceef1534cf1c8a7e4a130)
Stefan Metzmacher [Thu, 6 Mar 2008 15:27:13 +0000 (16:27 +0100)]
RAW-OPLOCK: rename _ack_to_levelII() -> ack_to_given()
Also improve the output.
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:56:03 +0000 (15:56 +0100)]
RAW-OPLOCK: add BATCH24 test another case with a connection with no CAP_LEVEL_II_OPLOCKS
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:54:07 +0000 (15:54 +0100)]
RAW-OPLOCK: add BATCH23 and test with a connection with no CAP_LEVEL_II_OPLOCKS
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:49:31 +0000 (15:49 +0100)]
RAW-OPLOCK: remove unused vars
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:48:31 +0000 (15:48 +0100)]
pvfs_open: pass down allow_level_II_oplock to odb_open_file()
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:47:27 +0000 (15:47 +0100)]
opendb: add allow_level_II_oplock parameter to odb_open_file()
Not all clients support a fallback to level II oplocks.
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:34:37 +0000 (15:34 +0100)]
pvfs_open: fix crash/leak in case pvfs_setup_oplock() fails
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:14:08 +0000 (15:14 +0100)]
ntvfs: pass down the client capabilities into the ntvfs layer
Note that we don't use any protocol specific values here.
For now only NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS is defined
others should be defined, when we find out that the ntvfs
layer needs to know about it.
metze
Stefan Metzmacher [Thu, 6 Mar 2008 14:11:16 +0000 (15:11 +0100)]
libcli/raw: make it possible to not send CAP_LEVEL_II_OPLOCKS
But the keep the default to always send it
when the server supports it too.
metze