kai/samba.git
11 years agoMerge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Jeremy Allison [Thu, 18 Dec 2008 23:40:05 +0000 (15:40 -0800)]
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba

11 years agoComment out the parent inheritance code (this is incorrect) as was
Jeremy Allison [Thu, 18 Dec 2008 23:38:28 +0000 (15:38 -0800)]
Comment out the parent inheritance code (this is incorrect) as was
done for POSIX ACLs.
Jeremy.

11 years agos4: Fix include path to work with tevent
Tim Prouty [Thu, 18 Dec 2008 23:01:07 +0000 (15:01 -0800)]
s4: Fix include path to work with tevent

11 years agoMove aggregate schema stub to it's own file
Andrew Bartlett [Thu, 18 Dec 2008 22:47:59 +0000 (09:47 +1100)]
Move aggregate schema stub to it's own file

This should make it easier to import just the schema entries from the
WSPP docs.

Andrew Bartlett

11 years agoFix bug #5980 - Race condition when granting level2 oplocks can cause break notify...
Jeremy Allison [Thu, 18 Dec 2008 21:27:42 +0000 (13:27 -0800)]
Fix bug #5980 - Race condition when granting level2 oplocks can cause break notify to be missed.
Jeremy.

11 years agoFix failures setting a random password
Andrew Bartlett [Thu, 18 Dec 2008 21:18:57 +0000 (08:18 +1100)]
Fix failures setting a random password

The test in extract_pw_from_buffer was incorrect: It tested if the
first byte of the new password was 0 (a 1/256 chance for the random
passwords), not if the password was allocated.

Andrew Bartlett

11 years agoCope with slight changes in tdb API.
Jelmer Vernooij [Thu, 18 Dec 2008 20:43:05 +0000 (20:43 +0000)]
Cope with slight changes in tdb API.

11 years agoMake sure to not close tdb database more than once.
Jelmer Vernooij [Thu, 18 Dec 2008 20:42:50 +0000 (20:42 +0000)]
Make sure to not close tdb database more than once.

11 years agoRemove swig use from tdb standalone build.
Jelmer Vernooij [Thu, 18 Dec 2008 19:49:53 +0000 (19:49 +0000)]
Remove swig use from tdb standalone build.

11 years agoImplement missing functions in pytdb.
Jelmer Vernooij [Thu, 18 Dec 2008 19:41:02 +0000 (19:41 +0000)]
Implement missing functions in pytdb.

11 years agoAdd simple manually written replacement for the tdb module.
Jelmer Vernooij [Thu, 18 Dec 2008 18:57:21 +0000 (18:57 +0000)]
Add simple manually written replacement for the tdb module.

11 years agoFix Python event tests after rename to tevent.
Jelmer Vernooij [Thu, 18 Dec 2008 16:51:59 +0000 (16:51 +0000)]
Fix Python event tests after rename to tevent.

11 years agoFix samba3sam test after removal of dom_sid IDL file.
Jelmer Vernooij [Thu, 18 Dec 2008 16:50:54 +0000 (16:50 +0000)]
Fix samba3sam test after removal of dom_sid IDL file.

11 years agoUse plain Python C API for registry module, rather than SWIG.
Jelmer Vernooij [Thu, 18 Dec 2008 16:49:33 +0000 (16:49 +0000)]
Use plain Python C API for registry module, rather than SWIG.

11 years agoAdd convenience macro for raising exceptions for NTSTATUS / WERROR.
Jelmer Vernooij [Thu, 18 Dec 2008 15:32:58 +0000 (15:32 +0000)]
Add convenience macro for raising exceptions for NTSTATUS / WERROR.

11 years agoMerge branch 'master' of ssh://git.samba.org/data/git/samba into pyregistry
Jelmer Vernooij [Thu, 18 Dec 2008 14:54:57 +0000 (14:54 +0000)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba into pyregistry

11 years agos4:lib/socket: socket_connect_send() and socket_connect_ev() should only wrok with...
Stefan Metzmacher [Wed, 17 Dec 2008 22:13:44 +0000 (23:13 +0100)]
s4:lib/socket: socket_connect_send() and socket_connect_ev() should only wrok with addresses

metze

11 years agos4:librpc/rpc: remove we should not redo the name resolving for secondary tcp connections
Stefan Metzmacher [Wed, 17 Dec 2008 23:09:17 +0000 (00:09 +0100)]
s4:librpc/rpc: remove we should not redo the name resolving for secondary tcp connections

metze

11 years agos4:libcli/wrepl: we don't need to resolve names
Stefan Metzmacher [Wed, 17 Dec 2008 22:12:10 +0000 (23:12 +0100)]
s4:libcli/wrepl: we don't need to resolve names

metze

11 years agos4:libcli/replace: add some RESOLVE_NAME_FLAG* flags
Stefan Metzmacher [Wed, 17 Dec 2008 15:55:44 +0000 (16:55 +0100)]
s4:libcli/replace: add some RESOLVE_NAME_FLAG* flags

metze

11 years agos4:selftest: we pass raw.delete.delete21
Stefan Metzmacher [Thu, 18 Dec 2008 00:02:25 +0000 (01:02 +0100)]
s4:selftest: we pass raw.delete.delete21

metze

11 years agos4:ntvfs_generic: pass RAW-OPEN again
Stefan Metzmacher [Thu, 18 Dec 2008 00:00:47 +0000 (01:00 +0100)]
s4:ntvfs_generic: pass RAW-OPEN again

This is the samba4 version of commit
9391dad85d08bb0939f4db1472c6cf063ebea892

metze

11 years agoRAW-CHKPATH: not every server behaves like samba3...
Stefan Metzmacher [Thu, 18 Dec 2008 07:54:59 +0000 (08:54 +0100)]
RAW-CHKPATH: not every server behaves like samba3...

metze

11 years agoBASE-LOCK: fix LOCK5
Stefan Metzmacher [Thu, 18 Dec 2008 06:49:41 +0000 (07:49 +0100)]
BASE-LOCK: fix LOCK5

We need to close all 3 file handle to make the unlink work.

metze

11 years agoHandle different failure modes when we wipe the db in provision
Andrew Bartlett [Thu, 18 Dec 2008 06:17:56 +0000 (17:17 +1100)]
Handle different failure modes when we wipe the db in provision

We didn't handle the mode where we can't load the main sam.ldb due to
the modules being 'wrong', and when we did remove the file, we didn't
wipe the partitions.

11 years agoParse options (and open the database) before starting transactions
Andrew Bartlett [Thu, 18 Dec 2008 03:31:52 +0000 (14:31 +1100)]
Parse options (and open the database) before starting transactions

11 years agoPrint error strings when transactions fail in ldb tools
Andrew Bartlett [Thu, 18 Dec 2008 03:30:11 +0000 (14:30 +1100)]
Print error strings when transactions fail in ldb tools

11 years agoRename ldb index pointer wrapper function
Andrew Bartlett [Thu, 18 Dec 2008 03:12:19 +0000 (14:12 +1100)]
Rename ldb index pointer wrapper function

This also asserts that it is used only for index records.

Andrew Bartlett

11 years agos3: Add statvfs implementation to the onefs vfs module
Aravind Srinivasan [Wed, 17 Dec 2008 20:02:19 +0000 (12:02 -0800)]
s3: Add statvfs implementation to the onefs vfs module

11 years agoSamba3 smbd now passes test BATCH23 (with the fix for bug #5979), only BATCH22 left...
Jeremy Allison [Thu, 18 Dec 2008 01:30:18 +0000 (17:30 -0800)]
Samba3 smbd now passes test BATCH23 (with the fix for bug #5979), only BATCH22 left to fix.
Jeremy.

11 years agoMerge branch 'master' of ssh://jra@git.samba.org/data/git/samba
Jeremy Allison [Thu, 18 Dec 2008 01:24:54 +0000 (17:24 -0800)]
Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba

11 years agoFix bug #5979 - Level 2 oplocks being granted improperly,
Jeremy Allison [Thu, 18 Dec 2008 01:23:13 +0000 (17:23 -0800)]
Fix bug #5979 - Level 2 oplocks being granted improperly,
Jeremy.

11 years agopackaging(RHEL-CTDB): fix typo in [u]mount.cifs installation
Michael Adam [Wed, 17 Dec 2008 21:27:39 +0000 (22:27 +0100)]
packaging(RHEL-CTDB): fix typo in [u]mount.cifs installation

Michael
(cherry picked from commit 835108bcf84a5f47f46d237c7a93c572348125a1)

Signed-off-by: Michael Adam <obnox@samba.org>
11 years agopackaging(RHEL-CTDB): fix build of [u]mount.cifs
Michael Adam [Wed, 17 Dec 2008 17:56:34 +0000 (18:56 +0100)]
packaging(RHEL-CTDB): fix build of [u]mount.cifs

mount.cifs is now built by make everything.
And it needs extra objects anyways (mtab.o),
which is why the build of mount.cifs failed.

Michael
(cherry picked from commit 96c811cf222be5463a6705feae73d6215685c5f1)

Signed-off-by: Michael Adam <obnox@samba.org>
11 years agopackaging(RHEL-CTDB): Fix accidential linebreak
Michael Adam [Wed, 17 Dec 2008 15:59:24 +0000 (16:59 +0100)]
packaging(RHEL-CTDB): Fix accidential linebreak

Michael
(cherry picked from commit 5cd8ff8a2aba6b1d6821d4ebb986449b03d40542)

Signed-off-by: Michael Adam <obnox@samba.org>
11 years agos3-ntsvcs: remove last traces of hand-marshalled NTSVCS.
Günther Deschner [Wed, 19 Nov 2008 13:37:47 +0000 (14:37 +0100)]
s3-ntsvcs: remove last traces of hand-marshalled NTSVCS.

Guenther

11 years agos3-ntsvcs: remove old _PNP_GetDeviceList.
Günther Deschner [Wed, 19 Nov 2008 13:35:09 +0000 (14:35 +0100)]
s3-ntsvcs: remove old _PNP_GetDeviceList.

Guenther

11 years agos3-ntsvcs: use pidl for _PNP_GetDeviceList.
Günther Deschner [Wed, 19 Nov 2008 13:33:36 +0000 (14:33 +0100)]
s3-ntsvcs: use pidl for _PNP_GetDeviceList.

Guenther

11 years agos4: smbtorture, fix the build of netlogon test after idl change.
Günther Deschner [Wed, 17 Dec 2008 22:51:30 +0000 (23:51 +0100)]
s4: smbtorture, fix the build of netlogon test after idl change.

Guenther

11 years agos3: refactor _netr_LogonControl{2,2Ex} server side.
Günther Deschner [Fri, 12 Dec 2008 23:55:04 +0000 (00:55 +0100)]
s3: refactor _netr_LogonControl{2,2Ex} server side.

Guenther

11 years agos4: fix smbtorture build after idl change.
Günther Deschner [Fri, 12 Dec 2008 23:51:47 +0000 (00:51 +0100)]
s4: fix smbtorture build after idl change.

Guenther

11 years agos3: re-run make samba3-idl.
Günther Deschner [Fri, 12 Dec 2008 23:51:18 +0000 (00:51 +0100)]
s3: re-run make samba3-idl.

Guenther

11 years agonetlogon: remove netr_BinaryString (duplicate of lsa_BinaryString).
Günther Deschner [Tue, 16 Dec 2008 20:45:52 +0000 (21:45 +0100)]
netlogon: remove netr_BinaryString (duplicate of lsa_BinaryString).

Guenther

11 years agonetlogon: fill in remaining levels in netr_CONTROL_DATA_INFORMATION.
Günther Deschner [Sat, 13 Dec 2008 00:13:01 +0000 (01:13 +0100)]
netlogon: fill in remaining levels in netr_CONTROL_DATA_INFORMATION.

Guenther

11 years agonetlogon: fix IDL for netr_LogonControl2Ex.
Günther Deschner [Fri, 12 Dec 2008 21:55:33 +0000 (22:55 +0100)]
netlogon: fix IDL for netr_LogonControl2Ex.

Guenther

11 years agonetlogon: add netr_NETLOGON_INFO_4.
Günther Deschner [Fri, 12 Dec 2008 21:53:51 +0000 (22:53 +0100)]
netlogon: add netr_NETLOGON_INFO_4.

Guenther

11 years agonetlogon: add all documented netlogon control codes.
Günther Deschner [Fri, 12 Dec 2008 21:53:21 +0000 (22:53 +0100)]
netlogon: add all documented netlogon control codes.

Guenther

11 years agos4:libcli/resolve: specify the port for the resulting socket_addresses
Stefan Metzmacher [Wed, 17 Dec 2008 16:25:40 +0000 (17:25 +0100)]
s4:libcli/resolve: specify the port for the resulting socket_addresses

metze

11 years agos4:libcli/resolve: optionally return the name that belongs to the returned address
Stefan Metzmacher [Sat, 13 Dec 2008 19:50:36 +0000 (20:50 +0100)]
s4:libcli/resolve: optionally return the name that belongs to the returned address

E.g. this helps for DNS CNAME and SRV results.

metze

11 years agos4:libcli/resolve: pass down flags to the resolver backends
Stefan Metzmacher [Sat, 13 Dec 2008 10:03:52 +0000 (11:03 +0100)]
s4:libcli/resolve: pass down flags to the resolver backends

metze

11 years agos4:libcli/resolve: remove all backend specific sync functions
Stefan Metzmacher [Sat, 13 Dec 2008 09:57:44 +0000 (10:57 +0100)]
s4:libcli/resolve: remove all backend specific sync functions

metze

11 years agos4:libcli/resolve: let the "host" module use the dns_ex.c code
Stefan Metzmacher [Fri, 12 Dec 2008 18:40:47 +0000 (19:40 +0100)]
s4:libcli/resolve: let the "host" module use the dns_ex.c code

That means we now return all ip addresses instead of just the first one.

metze

11 years agos4:libcli/resolve: add getaddrinfo()/dns_looup() resolving
Stefan Metzmacher [Fri, 12 Dec 2008 14:15:21 +0000 (15:15 +0100)]
s4:libcli/resolve: add getaddrinfo()/dns_looup() resolving

This "dns_ex" module provides flexible lookup methods
for dns lookups.

The getaddrinfo() part looks at /etc/hosts and dns.
As it handles CNAME replies badly we fallback
to use dns_lookup(name, "A").

The dns_lookup() makes DNS SRV lookups possible.

This module is not a real resolve module, it's just
a generic helper as the nbtlist.c code is.

The next step will be that the "host" module will
use the dns_ex.c code.

metze

11 years agos4:libcli/resolve: don't use __RESOLVE_H__ it might be used by system headers too
Stefan Metzmacher [Sat, 13 Dec 2008 10:24:10 +0000 (11:24 +0100)]
s4:libcli/resolve: don't use __RESOLVE_H__ it might be used by system headers too

metze

11 years agos4:lib/socket: we need to lookup the #20 netbios name when we connect to a remote...
Stefan Metzmacher [Fri, 12 Dec 2008 13:36:15 +0000 (14:36 +0100)]
s4:lib/socket: we need to lookup the #20 netbios name when we connect to a remote server

metze

11 years agos4:lib/socket: remove unused code
Stefan Metzmacher [Fri, 12 Dec 2008 13:35:42 +0000 (14:35 +0100)]
s4:lib/socket: remove unused code

metze

11 years agos4:headermap: dom_sid.h was renamed to server_id.h
Stefan Metzmacher [Wed, 17 Dec 2008 12:48:29 +0000 (13:48 +0100)]
s4:headermap: dom_sid.h was renamed to server_id.h

metze

11 years agoFix a valgrind error
Volker Lendecke [Wed, 17 Dec 2008 17:14:09 +0000 (18:14 +0100)]
Fix a valgrind error

Reported by naga_kishore_kommuri@yahoo.com

Derrel, please check!

Thanks,

Volker
(cherry picked from commit 3356b95f72e26ede4ab16a12c334be90b8b1a639)

11 years agoTweak with pam defines of older Linux versions
Lars Müller [Wed, 17 Dec 2008 14:39:35 +0000 (15:39 +0100)]
Tweak with pam defines of older Linux versions

PAM_AUTHTOK_RECOVERY_ERR is not defined by older Linux versions (SUSE
Linux Enterprise 9 and RedHat Enterprise 4).

Patch suggested by Philipp Thomas <pth at suse dot de>.

11 years agodocs: Fix typo in man idmap_hash.
Karolin Seeger [Wed, 17 Dec 2008 15:28:59 +0000 (16:28 +0100)]
docs: Fix typo in man idmap_hash.

Karolin

11 years agos3/smb.h: Remove unused LDAP_SSL_ON.
Karolin Seeger [Wed, 17 Dec 2008 15:26:43 +0000 (16:26 +0100)]
s3/smb.h: Remove unused LDAP_SSL_ON.

LDAP_SSL_ON is not defined at all.
Ldaps can be used by specifying an ldaps URL using the "passdb backend"
parameter.

Karolin

11 years agodocs: Update section "ldap ssl" in man smb.conf.
Karolin Seeger [Wed, 17 Dec 2008 15:18:38 +0000 (16:18 +0100)]
docs: Update section "ldap ssl" in man smb.conf.

Remove non-existent value "on".
Change default value to "no".
Add hint about ldaps.

Karolin

11 years agos3/loadparm.c: Change default value for "ldap ssl".
Karolin Seeger [Wed, 17 Dec 2008 14:53:51 +0000 (15:53 +0100)]
s3/loadparm.c: Change default value for "ldap ssl".

LDAP_SSL_ON is not defined at all. That's why the actual default value
was "" for a long time. Set a more sensible default value without chnging the
default behaviour.

-----8<------------------snip--------------8<--------------
user@host:/data/git/samba/v3-0-test/source> git grep LDAP_SSL_ON | cat
include/smb.h:enum ldap_ssl_types {LDAP_SSL_ON, LDAP_SSL_OFF,
LDAP_SSL_START_TLS};
param/loadparm.c:       Globals.ldap_ssl = LDAP_SSL_ON;
----->8------------------snap-------------->8--------------

It's the same in 3.2 and 3.3 series.

Karolin

11 years agodocs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.
Karolin Seeger [Wed, 17 Dec 2008 14:42:12 +0000 (15:42 +0100)]
docs: Fix some formatting issues in the "ldap ssl" section of man smb.conf.

Karolin

11 years agos4:headermap: we need the pathes for gen_ndr headers with and without ../
Stefan Metzmacher [Wed, 17 Dec 2008 12:30:05 +0000 (13:30 +0100)]
s4:headermap: we need the pathes for gen_ndr headers with and without ../

This should fix the OpenChange build

metze

11 years agolib/util: make it possible to use debug.h with using xfile.h
Stefan Metzmacher [Wed, 17 Dec 2008 10:34:41 +0000 (11:34 +0100)]
lib/util: make it possible to use debug.h with using xfile.h

metze

11 years agos4:lib/tevent: add lib/events/ compat and let things compile
Stefan Metzmacher [Tue, 16 Dec 2008 18:57:09 +0000 (19:57 +0100)]
s4:lib/tevent: add lib/events/ compat and let things compile

metze

11 years agos4:lib/events: move to toplevel directory as lib/tevent/
Stefan Metzmacher [Tue, 16 Dec 2008 15:10:22 +0000 (16:10 +0100)]
s4:lib/events: move to toplevel directory as lib/tevent/

This commit will not compile on its own.

metze

11 years agonet lua
Volker Lendecke [Sun, 14 Sep 2008 13:44:57 +0000 (15:44 +0200)]
net lua

This adds a lua command line interpreter with some sample code how to build
your own data types based on our internal data types.

Not meant as the final word, but as a playground for experiments for people.
Might be removed later when we find this turns out to be too awkward.

11 years agoCompile liblua
Volker Lendecke [Sun, 14 Sep 2008 13:30:57 +0000 (15:30 +0200)]
Compile liblua

11 years agoAdd the Lua distibution from http://www.lua.org/ftp/lua-5.1.4.tar.gz
Volker Lendecke [Fri, 19 Sep 2008 06:01:23 +0000 (08:01 +0200)]
Add the Lua distibution from lua.org/ftp/lua-5.1.4.tar.gz

Available under the MIT license.

Adding it to see how the build farm likes it. They claim to be 100% pure
ANSI C and compile everywhere. Lets see. If it breaks badly, we can remove
it again.

11 years agos4: fix LIBEVENTS dependencies and use more forward declarations
Stefan Metzmacher [Tue, 16 Dec 2008 23:06:34 +0000 (00:06 +0100)]
s4: fix LIBEVENTS dependencies and use more forward declarations

We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze

11 years agodocs: Fix TOC of generated HTML docs.
Karolin Seeger [Wed, 17 Dec 2008 08:17:26 +0000 (09:17 +0100)]
docs: Fix TOC of generated HTML docs.

This fixes bug #5968.
Thanks to Christian Perrier <bubulle@debian.org> for reporting!

Karolin

11 years agos3/s4: Fix DCOM idl bug
Tim Prouty [Wed, 17 Dec 2008 06:46:33 +0000 (22:46 -0800)]
s3/s4: Fix DCOM idl bug

A build warning uncovered a bug where a pointer was being passed in
instead of the dereferenced value of the pointer.

11 years agos4:testprogs: improve extended dn testing of the ldb blackbox tests
Andrew Bartlett [Tue, 16 Dec 2008 08:12:06 +0000 (09:12 +0100)]
s4:testprogs: improve extended dn testing of the ldb blackbox tests

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb: add some python tests for extended dns
Andrew Bartlett [Tue, 16 Dec 2008 08:11:11 +0000 (09:11 +0100)]
s4:ldb: add some python tests for extended dns

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:dsdb: remove normalise module
Andrew Bartlett [Tue, 16 Dec 2008 08:23:07 +0000 (09:23 +0100)]
s4:dsdb: remove normalise module

The extended_dn_out module provides the functionality now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on...
Andrew Bartlett [Tue, 16 Dec 2008 08:18:21 +0000 (09:18 +0100)]
s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on the backend

This just changes the existing stratagy of loading different modules
for the OpenLDAP backend to also include extended_dn_out_*

When we provision the OpenLDAP backend, we make sure to include the
'deref' overlay (which must be made available by the OpenLDAP build)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store.
Andrew Bartlett [Tue, 16 Dec 2008 08:21:55 +0000 (09:21 +0100)]
s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store.

By splitting the module, the extended_dn_in and extended_dn_store
moudles can use extended_dn_out to actually get the extended DN.  This
avoids code duplication.

The extended_dn_out module also contains a client implementation of
the OpenLDAP dereference control (draft-masarati-ldap-deref-00).

This also introduces a new control
'DSDB_CONTROL_DN_STORAGE_FORMAT_OID' to ask the extended_dn_out module
to return whatever the 'storage format' is.  This allows us to work
with both OpenLDAP (which performs a dereference at run time) and LDB
(which stores the GUID and SID on disk).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:dsdb: Make the linked_attributes module set an extended dn
Andrew Bartlett [Thu, 20 Nov 2008 09:06:16 +0000 (20:06 +1100)]
s4:dsdb: Make the linked_attributes module set an extended dn

This means that linked attributes will always have the same case form
as the actaul entry, as we search for that entry.  We then also use
the GUID and SID found on that entry to fill in the extended DN on disk.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:rootdse: fix the logic to indentify a rootdse search
Andrew Bartlett [Tue, 16 Dec 2008 08:01:35 +0000 (09:01 +0100)]
s4:rootdse: fix the logic to indentify a rootdse search

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb: make it possible to return per entry controls
Andrew Bartlett [Tue, 16 Dec 2008 07:59:05 +0000 (08:59 +0100)]
s4:ldb: make it possible to return per entry controls

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:selftest: lower debug level for slapd
Andrew Bartlett [Tue, 16 Dec 2008 07:51:41 +0000 (08:51 +0100)]
s4:selftest: lower debug level for slapd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain
Andrew Bartlett [Tue, 16 Dec 2008 07:48:44 +0000 (08:48 +0100)]
s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}
Andrew Bartlett [Tue, 16 Dec 2008 07:48:01 +0000 (08:48 +0100)]
s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:torture: add ldb tests
Andrew Bartlett [Tue, 16 Dec 2008 07:45:43 +0000 (08:45 +0100)]
s4:torture: add ldb tests

These tests are for both the new extended DN functionality (and were
vital in finding bugs during implementation) and for the normal DN
parsing and comparison routines.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldap_server: return the extended dn to the LDAP client if available
Andrew Bartlett [Tue, 16 Dec 2008 07:44:11 +0000 (08:44 +0100)]
s4:ldap_server: return the extended dn to the LDAP client if available

This uses an early peek at the extended_dn_control (in the request) to see what output
format to use.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb-samba: register samba specific extended dn handlers
Andrew Bartlett [Tue, 16 Dec 2008 07:43:12 +0000 (08:43 +0100)]
s4:ldb-samba: register samba specific extended dn handlers

This provides the two extended DN handlers for the GUID and SID types,
and makes the parsing more strict (where possible, it uses
ndr_pull_struct_blob_all(), to cause an error if trailing data is
found).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:samldb: make use of dom_sid_split_rid()
Andrew Bartlett [Tue, 16 Dec 2008 07:41:22 +0000 (08:41 +0100)]
s4:samldb: make use of dom_sid_split_rid()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:samldb: improve error strings
Andrew Bartlett [Tue, 16 Dec 2008 07:40:49 +0000 (08:40 +0100)]
s4:samldb: improve error strings

When things go wrong with LDB, this routine seems to be particularly
sensitive to it.  This extra debugging should help the next poor soul who
breaks LDB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb.i: hang the dn on the NULL context as the python destructor will free it
Andrew Bartlett [Tue, 16 Dec 2008 07:34:48 +0000 (08:34 +0100)]
s4:ldb.i: hang the dn on the NULL context as the python destructor will free it

This fixes a bug in the ldb.i python wrapper, that showed up under valgrind.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb: use try to print the extended dn in the ldif output
Andrew Bartlett [Tue, 16 Dec 2008 07:33:32 +0000 (08:33 +0100)]
s4:ldb: use try to print the extended dn in the ldif output

This allows searches with the extended DN control to still print the
extended DN in ldif output (it would otherwise be parsed and hidden in
the structure).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL
Andrew Bartlett [Tue, 16 Dec 2008 07:28:55 +0000 (08:28 +0100)]
s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL

Encode and decode the OpenLDAP dereference control (draft-masarati-ldap-deref-00)

At this time, the ldb_controls infrustructure does not handle request
and reply controls having different formats, so this is purely the
client implementation (ie, there is no decode of the client->server
packet, and no encode of the server->client packet).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:libcli/ldap: split out a ldap_decode_attribs_bare() function
Andrew Bartlett [Tue, 16 Dec 2008 07:27:51 +0000 (08:27 +0100)]
s4:libcli/ldap: split out a ldap_decode_attribs_bare() function

The OpenLDAP dereference control (draft-masarati-ldap-deref-00) uses
an attribute list, as found in the search reply, but without one
enclosing ASN1_SEQUENCE(0)

This allows the dereference control parsing code to use this as a
helper function.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb_ildap: try to pass extended DNs to the server
Andrew Bartlett [Tue, 16 Dec 2008 07:25:44 +0000 (08:25 +0100)]
s4:ldb_ildap: try to pass extended DNs to the server

Whenever we pass a DN to the LDAP server, we now use
ldb_dn_get_extended_linearized().  This allows us to send the extended
DN if set, and therefore allows searches of the form
'<GUID=aaa45ea0-94cd-45e9-8753-abe455d9a8f1>'.

We actually use the '0' format (GUID=aaa45ea094cd45e98753abe455d9a8f1)
because it is more widely supported (by Win2k in particular).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agos4:ldb: add infrastructure for extended dn handlers
Andrew Bartlett [Tue, 16 Dec 2008 07:19:07 +0000 (08:19 +0100)]
s4:ldb: add infrastructure for extended dn handlers

This introduces a new set of pluggable syntax, for use on the
extended DN, and uses them when parsing the DN.

If the DN appears to be in the extended form, we no longer return the
full DN 'as is', but only return the normal part from
ldb_dn_get_linearized().

When validating/parsing the DN we validate not only the format of the
DN, but also the contents of the GUID or SID (to ensure they are
plausable).

We also have functions to set and get the extended components on the DN.

For now, extended_dn_get_linearized() returns a newly constructed and
allocated string each time.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agoAdd hint to use passwordAttributes in @KLUDGE_ACL in future
Andrew Bartlett [Mon, 8 Dec 2008 11:22:21 +0000 (22:22 +1100)]
Add hint to use passwordAttributes in @KLUDGE_ACL in future

This module is not used at the moment, but if we do use it again, we
should try to avoid duplicate lists.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agoMake greater use of 'GUID_from_data_blob'
Andrew Bartlett [Wed, 3 Dec 2008 23:38:07 +0000 (10:38 +1100)]
Make greater use of 'GUID_from_data_blob'

This avoids accidentily running off the end of a string, and uses a
single 'guess which type of GUID I have' algorithm.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agoFix sequence number generation against OpenLDAP
Andrew Bartlett [Wed, 10 Dec 2008 06:23:44 +0000 (17:23 +1100)]
Fix sequence number generation against OpenLDAP

It seems that in 2deeb99fff1a90c79ba1927e1a069362e250a63c adding the
partition control to this request was missed out.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
11 years agonsswitch: fix compiler warnings in winbind_nss_linux.c
Stefan Metzmacher [Tue, 16 Dec 2008 23:30:21 +0000 (00:30 +0100)]
nsswitch: fix compiler warnings in winbind_nss_linux.c

metze