Andrew Tridgell [Thu, 17 Sep 2009 22:24:20 +0000 (15:24 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Thu, 17 Sep 2009 22:16:21 +0000 (15:16 -0700)]
idl: regenerate IDL for NDR64 changes
Andrew Tridgell [Thu, 17 Sep 2009 22:15:58 +0000 (15:15 -0700)]
s4-sam: add a note about the solaris client
Andrew Tridgell [Thu, 17 Sep 2009 22:15:36 +0000 (15:15 -0700)]
ndrdump: fixed help
Andrew Tridgell [Thu, 17 Sep 2009 22:15:24 +0000 (15:15 -0700)]
ndr: num_auths is an array size, thus a uint3264
Andrew Tridgell [Thu, 17 Sep 2009 22:14:31 +0000 (15:14 -0700)]
ndr: split out ndr enum functions
This allows for easier implementation of the NDR32/NDR64 split
Andrew Tridgell [Thu, 17 Sep 2009 16:59:50 +0000 (09:59 -0700)]
idl: recompile our IDL
The NDR64 change affects every IDL file
Andrew Tridgell [Thu, 17 Sep 2009 16:10:21 +0000 (09:10 -0700)]
s4-pidl: add support for NDR64
Added support for NDR64 to the samba4 pidl generator
Andrew Tridgell [Thu, 17 Sep 2009 16:09:48 +0000 (09:09 -0700)]
s4-rpc: added NDR64 support
This adds support for the nd464 binding string option
Andrew Tridgell [Thu, 17 Sep 2009 16:08:47 +0000 (09:08 -0700)]
ndr: added support for NDR64
This adds NDR64 support for the push functions in libndr
Andrew Tridgell [Thu, 17 Sep 2009 16:07:44 +0000 (09:07 -0700)]
util: use likely/unlikely for NT_STATUS_* macros
Andrew Tridgell [Thu, 17 Sep 2009 16:07:17 +0000 (09:07 -0700)]
libreplace: added likely()/unlikely() macros for gcc
These macros allow the compile to better optimise code that has a lot
of if statements. I particularly want to use this for our low level
generated NDR code.
Björn Jacke [Thu, 17 Sep 2009 19:04:52 +0000 (21:04 +0200)]
s3: build with pam support when possible
Jeremy Allison [Thu, 17 Sep 2009 18:28:37 +0000 (11:28 -0700)]
Re-generated idl files with () for enum values.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 18:27:51 +0000 (11:27 -0700)]
Ensure we enclose the enum values in brackets to make the cast work.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 18:16:54 +0000 (11:16 -0700)]
Check in modified generated files for systems where pidl can't run.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 18:11:23 +0000 (11:11 -0700)]
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Jeremy Allison [Thu, 17 Sep 2009 18:08:42 +0000 (11:08 -0700)]
Fix the problem with pidl generating invalid C for enums. According
to the C standard an enum is guarenteed to be an (int), which means
for 4 byte ints specifying a type of 0x80000000 is an invalid value.
The Solaris compiler complains about this. Fix by adding an (int)
cast in front of the value generation.
Jeremy.
Kouhei Sutou [Thu, 13 Aug 2009 06:12:01 +0000 (15:12 +0900)]
spnego: Support ASN.1 BIT STRING and use it in SPNEGO.
Signed-off-by: Günther Deschner <gd@samba.org>
Matthias Dieter Wallnöfer [Thu, 17 Sep 2009 16:37:46 +0000 (18:37 +0200)]
s4:descriptor module - Revert and const fixups
- Revert a change introduced by me since I didn't understood the meaning of the
version check
- Added some "const" to suppress compiler warnings
Matthias Dieter Wallnöfer [Thu, 17 Sep 2009 16:17:55 +0000 (18:17 +0200)]
s4:descriptor - cosmetic
Matthias Dieter Wallnöfer [Thu, 17 Sep 2009 16:05:58 +0000 (18:05 +0200)]
s4:libnet_become_dc - Fix some uninitialised variables
Matthias Dieter Wallnöfer [Thu, 17 Sep 2009 14:00:55 +0000 (16:00 +0200)]
s4:provision - Some rework
- Add/change "wellKnownObjects" attributes
- Order entries in "provision_basedn_modify.ldif"
- Add/change "delete entries" object under BASEDN and CONFIGDN
- Fix default version number of "Default domain policy" group policy
- Add "domain updates" objects for interoperability with MS AD maintaining tools
- Show version number in the "oEMInformation" attribute (suggested by ekacnet)
- Smaller fixups
Jeremy Allison [Thu, 17 Sep 2009 17:04:19 +0000 (10:04 -0700)]
void functions can't return a value. Found by the Solaris compiler.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 17:03:14 +0000 (10:03 -0700)]
void functions can't return a value. Found by the Solaris compiler.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 17:00:31 +0000 (10:00 -0700)]
void functions can't return a value. Found by the Solaris compiler.
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 16:29:07 +0000 (09:29 -0700)]
We now pass the Microsoft SMB2 fileio test with EA's and streams...
Jeremy.
Jeremy Allison [Thu, 17 Sep 2009 16:25:25 +0000 (09:25 -0700)]
Remove ununsed variable warning.
Jeremy.
Matthias Dieter Wallnöfer [Sun, 13 Sep 2009 10:37:41 +0000 (12:37 +0200)]
s4/domain behaviour flags: Fix them up in various locations
Additional notes:
- Bump the level to Windows Server 2008 R2 (we should support always the latest
version - if we provision ourself)
- In "descriptor.c" the check for the "domainFunctionality" level shouldn't be
needed: ACL owner groups (not owner user) are supported since Windows 2000
Server (first AD edition)
- I took the argument from: http://support.microsoft.com/kb/329194
Matthias Dieter Wallnöfer [Wed, 9 Sep 2009 19:24:34 +0000 (21:24 +0200)]
s4/python: flags
- Introduce the "userAccountControl", "groupType" and "sAMAccountType" flags
- Corrects the "domain/forestFunctionality" and "domainControllerFunctionality" flags
Matthias Dieter Wallnöfer [Sun, 13 Sep 2009 09:01:44 +0000 (11:01 +0200)]
libds/common/flags: various
- Reorders the header file to have the order "userAccountFlags", "groupType",
"sAMAccountType" (matches the order in the flag_mapping.c and samldb module)
- Fixes the group account flags properly up
- Fixes the flags for "domain/forestFunctionality" and "domainControllerFunctionality"
up
Andrew Tridgell [Wed, 16 Sep 2009 10:58:21 +0000 (03:58 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Wed, 16 Sep 2009 10:57:56 +0000 (03:57 -0700)]
s4-repl: raise a debug level
Andrew Tridgell [Wed, 16 Sep 2009 10:43:37 +0000 (03:43 -0700)]
s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
When a partition is first created it still needs a uSNHighest value
Andrew Tridgell [Wed, 16 Sep 2009 10:58:13 +0000 (03:58 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Wed, 16 Sep 2009 10:57:56 +0000 (03:57 -0700)]
s4-repl: raise a debug level
Andrew Tridgell [Wed, 16 Sep 2009 10:57:09 +0000 (03:57 -0700)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba
Andrew Tridgell [Wed, 16 Sep 2009 10:56:07 +0000 (03:56 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Wed, 16 Sep 2009 10:43:37 +0000 (03:43 -0700)]
s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
When a partition is first created it still needs a uSNHighest value
Stefan Metzmacher [Wed, 16 Sep 2009 00:03:46 +0000 (02:03 +0200)]
libcli/auth: rewrite schannel sign/seal code to be more generic
This prepares support for HMAC-SHA256/AES.
metze
Stefan Metzmacher [Wed, 16 Sep 2009 00:36:49 +0000 (02:36 +0200)]
lib/crypto: include aes.h into crypto.h
metze
Andrew Tridgell [Wed, 16 Sep 2009 03:51:30 +0000 (20:51 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Wed, 16 Sep 2009 03:51:10 +0000 (20:51 -0700)]
s4-repl: take advantage of async RPC forwarding
This uses async RPC forwarding for the DsReplicaSync call
Andrew Tridgell [Wed, 16 Sep 2009 03:50:30 +0000 (20:50 -0700)]
s4-rpc: added a module for forwarding RPC requests
dcesrv_irpc_forward_rpc_call() can be used to forward an arbitrary RPC
request to another task in Samba4, with the return being handled
asynchronously.
This is useful for forwarding DRS requests to the repl or kcc tasks
Andrew Tridgell [Wed, 16 Sep 2009 02:53:05 +0000 (19:53 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Wed, 16 Sep 2009 02:26:33 +0000 (19:26 -0700)]
s4-drs: lock down key DRS calls
The key DRS calls should only be allowed by administrators or domain
controllers
Andrew Tridgell [Wed, 16 Sep 2009 02:25:45 +0000 (19:25 -0700)]
s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
Andrew Tridgell [Wed, 16 Sep 2009 01:46:18 +0000 (18:46 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Tue, 15 Sep 2009 21:07:43 +0000 (14:07 -0700)]
s4-ldb: ldap attribute names can contain a '.'
When they are of the form of OIDs
Andrew Tridgell [Tue, 15 Sep 2009 21:07:06 +0000 (14:07 -0700)]
s4-ldb: expose ldb_transaction_prepare_commit() in ldb
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
Andrew Tridgell [Tue, 15 Sep 2009 21:06:07 +0000 (14:06 -0700)]
s4-repl: don't do double replication
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
Andrew Tridgell [Tue, 15 Sep 2009 21:04:22 +0000 (14:04 -0700)]
tdb: allow reads after prepare commit
We previously only allowed a commit to happen after a prepare
commit. It is in fact safe to allow reads between a prepare and a
commit, and the s4 replication code can make use of that, so allow it.
Andrew Tridgell [Tue, 15 Sep 2009 18:47:42 +0000 (11:47 -0700)]
s4-drs: filter based on local_usn
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
Andrew Tridgell [Tue, 15 Sep 2009 18:46:59 +0000 (11:46 -0700)]
s4-repl: make sure we marshal the replPropertyMetaData after the last change
we were setting local_usn after the marshall, so it wasn't going into
the object
Andrew Tridgell [Tue, 15 Sep 2009 17:01:26 +0000 (10:01 -0700)]
s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
Andrew Tridgell [Tue, 15 Sep 2009 17:00:24 +0000 (10:00 -0700)]
s4-ldb: cope better with corruption of tdb records
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
Andrew Tridgell [Tue, 15 Sep 2009 16:43:27 +0000 (09:43 -0700)]
talloc: when we enable NULL tracking, reparent the autofree context
If NULL tracking is enabled after the autofree context is initialised
then autofree ends up separate from the null_context. This means that
talloc_report_full() doesn't report the autofree context. Fix this by
reparenting the autofree context when we create the null_context.
Andrew Tridgell [Tue, 15 Sep 2009 16:23:14 +0000 (09:23 -0700)]
s4-repl: add a debug to make it easier to monitor replication
Volker Lendecke [Wed, 16 Sep 2009 01:20:49 +0000 (03:20 +0200)]
s3: Fix reading beyond the end of a named stream in xattr_streams
This was found thanks to a test by Sivani from Microsoft against Samba at the
SDC plugfest
Volker Lendecke [Wed, 16 Sep 2009 01:15:53 +0000 (03:15 +0200)]
s3: Add some debugs to streams_xattr
Günther Deschner [Wed, 16 Sep 2009 01:23:05 +0000 (03:23 +0200)]
schannel: remove last traces of gensec.
Guenther
Günther Deschner [Wed, 16 Sep 2009 00:09:06 +0000 (02:09 +0200)]
lib/crypto: link in AES crypto for s4 as well.
Guenther
Günther Deschner [Tue, 15 Sep 2009 22:52:33 +0000 (00:52 +0200)]
s3-schannel: remove unused schannel_decode/schannel_encode.
Guenther
Günther Deschner [Tue, 15 Sep 2009 22:26:17 +0000 (00:26 +0200)]
schannel: fully share schannel sign/seal between s3 and 4.
Guenther
Günther Deschner [Tue, 15 Sep 2009 16:29:10 +0000 (18:29 +0200)]
schannel: move schannel_sign to main directory.
Guenther
Günther Deschner [Tue, 15 Sep 2009 23:07:26 +0000 (01:07 +0200)]
s4-schannel: try to fix the build.
Guenther
Günther Deschner [Sun, 13 Sep 2009 16:42:45 +0000 (18:42 +0200)]
s4-schannel: first step of decoupling schannel from gensec.
Guenther
Günther Deschner [Sun, 13 Sep 2009 13:21:20 +0000 (15:21 +0200)]
s4-schannel: strip trailing whitespace.
Guenther
Günther Deschner [Tue, 15 Sep 2009 20:13:12 +0000 (22:13 +0200)]
s3-schannel: fix blob length when pulling off a NL_AUTH_SIGNATURE in
cli_pipe_verify_schannel().
Guenther
Günther Deschner [Tue, 15 Sep 2009 21:52:20 +0000 (23:52 +0200)]
lib/crypto: add aes encryption routines to main cryto lib.
Guenther
Andrew Tridgell [Tue, 15 Sep 2009 21:53:02 +0000 (14:53 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Tue, 15 Sep 2009 21:07:43 +0000 (14:07 -0700)]
s4-ldb: ldap attribute names can contain a '.'
When they are of the form of OIDs
Andrew Tridgell [Tue, 15 Sep 2009 21:07:06 +0000 (14:07 -0700)]
s4-ldb: expose ldb_transaction_prepare_commit() in ldb
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
Andrew Tridgell [Tue, 15 Sep 2009 21:06:07 +0000 (14:06 -0700)]
s4-repl: don't do double replication
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
Andrew Tridgell [Tue, 15 Sep 2009 21:04:22 +0000 (14:04 -0700)]
tdb: allow reads after prepare commit
We previously only allowed a commit to happen after a prepare
commit. It is in fact safe to allow reads between a prepare and a
commit, and the s4 replication code can make use of that, so allow it.
Andrew Tridgell [Tue, 15 Sep 2009 18:47:42 +0000 (11:47 -0700)]
s4-drs: filter based on local_usn
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
Andrew Tridgell [Tue, 15 Sep 2009 18:46:59 +0000 (11:46 -0700)]
s4-repl: make sure we marshal the replPropertyMetaData after the last change
we were setting local_usn after the marshall, so it wasn't going into
the object
Andrew Tridgell [Tue, 15 Sep 2009 17:01:26 +0000 (10:01 -0700)]
s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
Andrew Tridgell [Tue, 15 Sep 2009 17:00:24 +0000 (10:00 -0700)]
s4-ldb: cope better with corruption of tdb records
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
Andrew Tridgell [Tue, 15 Sep 2009 16:43:27 +0000 (09:43 -0700)]
talloc: when we enable NULL tracking, reparent the autofree context
If NULL tracking is enabled after the autofree context is initialised
then autofree ends up separate from the null_context. This means that
talloc_report_full() doesn't report the autofree context. Fix this by
reparenting the autofree context when we create the null_context.
Andrew Tridgell [Tue, 15 Sep 2009 16:23:14 +0000 (09:23 -0700)]
s4-repl: add a debug to make it easier to monitor replication
Andrew Tridgell [Tue, 15 Sep 2009 21:42:46 +0000 (14:42 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Tue, 15 Sep 2009 21:42:26 +0000 (14:42 -0700)]
s4-libnet: use updated dsdb commit function
Andrew Tridgell [Tue, 15 Sep 2009 21:08:21 +0000 (14:08 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Tue, 15 Sep 2009 21:07:43 +0000 (14:07 -0700)]
s4-ldb: ldap attribute names can contain a '.'
When they are of the form of OIDs
Andrew Tridgell [Tue, 15 Sep 2009 21:07:06 +0000 (14:07 -0700)]
s4-ldb: expose ldb_transaction_prepare_commit() in ldb
It is useful to be able to control the 2 phase commit from application
code (s4 replication uses it)
Andrew Tridgell [Tue, 15 Sep 2009 21:06:07 +0000 (14:06 -0700)]
s4-repl: don't do double replication
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
Andrew Tridgell [Tue, 15 Sep 2009 21:04:22 +0000 (14:04 -0700)]
tdb: allow reads after prepare commit
We previously only allowed a commit to happen after a prepare
commit. It is in fact safe to allow reads between a prepare and a
commit, and the s4 replication code can make use of that, so allow it.
Andrew Tridgell [Tue, 15 Sep 2009 18:48:23 +0000 (11:48 -0700)]
Merge branch 'master' of /home/tridge/samba/git/combined
Andrew Tridgell [Tue, 15 Sep 2009 18:47:42 +0000 (11:47 -0700)]
s4-drs: filter based on local_usn
The getncchanges uSN is in our local space, so we must compare it to
the local_usn in replPropertyMetaData
Andrew Tridgell [Tue, 15 Sep 2009 18:46:59 +0000 (11:46 -0700)]
s4-repl: make sure we marshal the replPropertyMetaData after the last change
we were setting local_usn after the marshall, so it wasn't going into
the object
Andrew Tridgell [Tue, 15 Sep 2009 17:01:26 +0000 (10:01 -0700)]
s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
Using DLIST_ADD_END() to construct a long list is very inefficient (it
is O(n^2). These lists are not ordered, so using DLIST_ADD() is much
better.
Andrew Tridgell [Tue, 15 Sep 2009 17:00:24 +0000 (10:00 -0700)]
s4-ldb: cope better with corruption of tdb records
When doing an indexed search if we hit a corrupt record we abandoned
the indexed search and did a full search. The problem was that we
might have sent some records to the caller already, which means the
caller ended up with duplicate records. Fix this by returning a search
error if indexing returns an error and we have given any records to
the caller.
Andrew Tridgell [Tue, 15 Sep 2009 16:43:27 +0000 (09:43 -0700)]
talloc: when we enable NULL tracking, reparent the autofree context
If NULL tracking is enabled after the autofree context is initialised
then autofree ends up separate from the null_context. This means that
talloc_report_full() doesn't report the autofree context. Fix this by
reparenting the autofree context when we create the null_context.
Andrew Tridgell [Tue, 15 Sep 2009 16:23:14 +0000 (09:23 -0700)]
s4-repl: add a debug to make it easier to monitor replication
Björn Jacke [Tue, 15 Sep 2009 18:26:24 +0000 (20:26 +0200)]
libreplace: white space cleanups
Björn Jacke [Tue, 15 Sep 2009 17:41:58 +0000 (19:41 +0200)]
s3: ignore cups-config to tidy up library dependencies
contrary to krb5-config for example, which outputs useful things, cups-config
--libs does not output libs we have to link against. It outputs libs that cups
linked against. We just have to link against cups.
Andrew Bartlett [Tue, 15 Sep 2009 17:11:45 +0000 (10:11 -0700)]
libcli:nbt put util_net.c protos in new header file
This fixed a very odd build problem due to util.h importing
system/network.h being imported before the uid_wapper code.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Sep 2009 15:14:54 +0000 (08:14 -0700)]
s4:schema Add code to provide an index into the subClass tree
In time, this should avoid the astounding (order) complexity of the
objectclass sorting in objectclass.c eventually.
Andrew Bartlett
Günther Deschner [Tue, 15 Sep 2009 17:32:39 +0000 (19:32 +0200)]
s3-dcerpc: really fix remaining old auth level constants. sorry...
Guenther