Andrew Tridgell [Sun, 22 Aug 2010 04:46:01 +0000 (14:46 +1000)]
pidl: added a __ndr_print__() method on python NDR objects
This allows you to print a returned NDR structure using
s.__ndr_print__() which gives an easy view of complex
structures, such as those from netlogon
Kai Blin [Sat, 14 Aug 2010 05:40:51 +0000 (07:40 +0200)]
s3: Fix netgrent configure checks for compilers not supporting -Werror-implicit-function-declaration
This should fix bug 7620.
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635
Jeremy Allison [Fri, 20 Aug 2010 22:57:08 +0000 (15:57 -0700)]
Fix bug 7627 - smbclient ignores "-I" when used with "-L", fails name resolution.
Still needs some more work to fix missing netbios name issues, but fixes
underlying issue of IP address being ignored.
Jeremy.
Jeremy Allison [Fri, 20 Aug 2010 22:56:37 +0000 (15:56 -0700)]
Fix const warning.
Kamen Mazdrashki [Fri, 20 Aug 2010 18:58:22 +0000 (21:58 +0300)]
s4-ndr_basic.c: Fix ndr_*_hyper() when [bigendian] data is processed
Kamen Mazdrashki [Thu, 19 Aug 2010 12:52:49 +0000 (15:52 +0300)]
s4-drsuapi: Implement custom printing for drsuapi protocol for
drsuapi_DsReplicaAttribute and drsuapi_DsAttributeValueCtr objects
This makes tracing what data has been transferred much easier
Volker Lendecke [Wed, 18 Aug 2010 16:35:53 +0000 (18:35 +0200)]
s3: Use sconn->client_id in session_claim
Stefan Metzmacher [Thu, 12 Aug 2010 13:59:17 +0000 (15:59 +0200)]
s3:librpc: make dcerpc_read_ncacn_packet_send/recv() available
metze
Stefan Metzmacher [Thu, 12 Aug 2010 13:49:32 +0000 (15:49 +0200)]
librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c
metze
Stefan Metzmacher [Fri, 20 Aug 2010 12:52:04 +0000 (14:52 +0200)]
s3:Makefile.in: use python with -u to disable stdin/out caching
metze
Stefan Metzmacher [Tue, 17 Aug 2010 06:05:14 +0000 (08:05 +0200)]
s3:winbindd: fix error handling in wb_next_grent_fetch_done()
We should not use 'result' uninitialized.
metze
Zahari Zahariev [Thu, 19 Aug 2010 15:30:03 +0000 (18:30 +0300)]
Remove place-holders when it is single domain
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
Andrew Tridgell [Fri, 20 Aug 2010 07:17:23 +0000 (17:17 +1000)]
s4-dsdb: the RODC_JOIN control also changes samAccountName
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:53 +0000 (07:26 +1000)]
s4-pysamdb: fixed get_domain_sid()
we need to actually return the SID!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:09 +0000 (07:26 +1000)]
s4-ldb: added support for rodc_control in ldb
this allows you to specify the RODC join control in python ldb calls
or on the command line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 03:06:08 +0000 (13:06 +1000)]
s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:38:26 +0000 (18:38 +1000)]
s4-drs: bring us much closer to the docs for DRS secret replication
The rules for when a RODC can replicate secrets are:
- it can always replicate its own acct
- it can also replicate its krbtgt acct
- it can't replicate other krbtgt accts
- it can't replicate interdomain trust accounts
- it can't replicate users in the denied group list
- it can replicate users in the allowed group list
otherwise it can't replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:36:12 +0000 (18:36 +1000)]
s4-dsdb: fixed dsdb_get_extended_dn_sid()
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:35:41 +0000 (18:35 +1000)]
idl: added the RODC allow/deny secrets RIDs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:31:05 +0000 (14:31 +1000)]
s4-drs: implement RODC attribute filtering override
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:27:17 +0000 (14:27 +1000)]
s4-drs: added sam_ctx_system on DRS bind state
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Fri, 20 Aug 2010 09:14:06 +0000 (11:14 +0200)]
s3:loadparm: make lp_load_ex static. We have wrappers for external callers.
Jim McDonough [Thu, 19 Aug 2010 12:46:59 +0000 (08:46 -0400)]
s3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient.
DOS error codes were being lost with the conversion to async
libsmbclient. If we're passing around NTSTATUS internally,
let's just convert it when we get it.
DOS ACCESS_DENIED on nautilus was not prompting for other credentials,
because it was not being mapped.
Simo Sorce [Thu, 19 Aug 2010 11:35:01 +0000 (07:35 -0400)]
s3-ads: Fix wrong test in if statement
Günther Deschner [Thu, 19 Aug 2010 13:24:20 +0000 (15:24 +0200)]
s3-waf: fix the build.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:22:01 +0000 (14:22 +0200)]
s3-ldapsam: add samba.ldif LDAP schema.
This one is suiteable for cn=config setups and should be added via ldapadd.
Thanks to Sumit Bose <sbose@redhat.com> for providing it.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:02:22 +0000 (14:02 +0200)]
s3-cli: fix uninitialized variable.
Volker, please check.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:01:47 +0000 (14:01 +0200)]
s3-idmap: fix uninitialized variable in idmap_tdb_sids_to_unixids_action().
Michael, please check.
Guenther
Matthieu Patou [Thu, 19 Aug 2010 08:37:00 +0000 (12:37 +0400)]
s4 provision: POLICY_ACL is already an FS acl no need to translate it
Matthieu Patou [Thu, 19 Aug 2010 08:33:57 +0000 (12:33 +0400)]
s4 provision: Add some documentation to GPO related functions
Matthieu Patou [Sat, 14 Aug 2010 14:51:55 +0000 (18:51 +0400)]
unit tests: debug to ease locating pb, remove dir if exists to avoid error
Matthieu Patou [Sat, 14 Aug 2010 12:57:49 +0000 (16:57 +0400)]
s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests
Matthieu Patou [Thu, 12 Aug 2010 13:28:28 +0000 (17:28 +0400)]
s4 upgradeprovision: add more attrbutes the ignore list
Also format in a pretty way the int64 ranges
Matthieu Patou [Thu, 12 Aug 2010 08:22:08 +0000 (12:22 +0400)]
s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing
Matthieu Patou [Sun, 11 Jul 2010 11:36:32 +0000 (15:36 +0400)]
s4 upgradeprovision: Add a function for schema reloading
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
Matthieu Patou [Wed, 11 Aug 2010 21:25:27 +0000 (01:25 +0400)]
s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES
This is used by upgradeprovision to readd this delta just before loading
a merged schema
Matthieu Patou [Tue, 10 Aug 2010 14:19:40 +0000 (18:19 +0400)]
s4 upgradeprovision: Fixes for increment_keyversion
fix
Matthieu Patou [Tue, 10 Aug 2010 13:39:29 +0000 (17:39 +0400)]
s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion
Günther Deschner [Wed, 18 Aug 2010 16:25:20 +0000 (18:25 +0200)]
s3-libsmb: fix some uninitialized variables.
Volker, please check.
Guenther
Surbhi Palande [Thu, 19 Aug 2010 08:56:30 +0000 (11:56 +0300)]
-ENOTSUP translates to NT_STATUS_NOT_SUPPORTED
https://launchpad.net/bugs/276472
This patch adds the translation of Unix Error code -ENOTSUP to NT Error Code
NT_STATUS_NOT_SUPPORTED. The absense of this translation wrongly sends back to
the client a STATUS_DENIED message in samba3.
Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com>
Volker Lendecke [Wed, 18 Aug 2010 16:16:24 +0000 (18:16 +0200)]
s3: Remove smb_pam_accountcheck from the auth modules
We go through the same check in auth/auth.c line 287 after the module has done
its job. So we don't have to do that check twice.
Kamen Mazdrashki [Thu, 19 Aug 2010 00:17:36 +0000 (03:17 +0300)]
s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists
Kamen Mazdrashki [Thu, 19 Aug 2010 00:08:29 +0000 (03:08 +0300)]
s4-test: make better error message for ATTID checks
Kamen Mazdrashki [Wed, 18 Aug 2010 23:47:14 +0000 (02:47 +0300)]
s4-test: Change attribute syntax and value for readability
When it comes to read logs and dumping data received
Octet String syntax comes in handy
Kamen Mazdrashki [Wed, 18 Aug 2010 10:21:10 +0000 (13:21 +0300)]
s4-test: Enable drs.rpc.msdsintid test case - it should be passing now
Kamen Mazdrashki [Wed, 18 Aug 2010 00:19:45 +0000 (03:19 +0300)]
s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be public
It is intended to be used in schema_syntax.c module
Kamen Mazdrashki [Wed, 18 Aug 2010 00:52:48 +0000 (03:52 +0300)]
s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs
Depending on which NC is being replicated, GetNCChanges() returns
either ATTID based on local prefixMap or msDs-IntId value of
the attributeSchema class for the attribute being replicated.
If set, msDs-IntId value is always returned when replicating
object form NC other than Schema NC.
Objects in Schema NC replica always use prefixMap based ATTIDs.
Kamen Mazdrashki [Wed, 18 Aug 2010 00:06:53 +0000 (03:06 +0300)]
s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema object
in case object replicated is not in Schema NC and attributeSchema
object has msDs-IntId attribute value set
Kamen Mazdrashki [Tue, 17 Aug 2010 01:48:24 +0000 (04:48 +0300)]
s4: fix few comment typos
Kamen Mazdrashki [Tue, 17 Aug 2010 01:44:52 +0000 (04:44 +0300)]
s4-schema_syntax.c: Fix white spaces and alignment
Kamen Mazdrashki [Tue, 17 Aug 2010 01:20:46 +0000 (04:20 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functions
Kamen Mazdrashki [Tue, 17 Aug 2010 01:12:54 +0000 (04:12 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functions
Kamen Mazdrashki [Tue, 17 Aug 2010 00:58:26 +0000 (03:58 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions
Kamen Mazdrashki [Tue, 17 Aug 2010 00:21:46 +0000 (03:21 +0300)]
s4-dsdb: Add context structure for dsdb_syntax conversion functions
This structure is intended to hold context-dependent data.
Syntax-conversion and object-conversion functions need
that data to convert objects and attributes from drs-to-ldb
and ldb-to-drs correctly.
For instance: ATTID value depends on whether we are converting
object from partition different that Schema partition.
Kamen Mazdrashki [Mon, 16 Aug 2010 15:57:02 +0000 (18:57 +0300)]
s4-test-dssync: remove unused variable
Jeremy Allison [Wed, 18 Aug 2010 23:25:15 +0000 (16:25 -0700)]
Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores.
Noticed by bj@sernet.de.
Jeremy Allison [Mon, 16 Aug 2010 23:31:33 +0000 (16:31 -0700)]
Fix bug 7563 - Creation of symlink using smbclient is buggy.
Fix semantics of symlink. "oldpath" should be an untouched blob,
"newpath" should fit the share path semantics.
Jeremy.
Volker Lendecke [Wed, 18 Aug 2010 14:44:04 +0000 (16:44 +0200)]
s3: Remove an unused variable
Stefan Metzmacher [Wed, 18 Aug 2010 13:47:15 +0000 (15:47 +0200)]
librpc/rpc: call do_ndr_print hook in dcerpc_binding_handle_call*()
metze
Simo Sorce [Wed, 18 Aug 2010 13:36:54 +0000 (09:36 -0400)]
s3-ads: Remove unused wrapper and make function static
Volker Lendecke [Tue, 10 Aug 2010 05:44:15 +0000 (07:44 +0200)]
s3: async cli_list
Volker Lendecke [Fri, 13 Aug 2010 12:01:03 +0000 (14:01 +0200)]
s3: Add cli_flush
Simo Sorce [Wed, 18 Aug 2010 10:46:53 +0000 (06:46 -0400)]
s3-ads: cleanup ads_keytab_list()
Simo Sorce [Wed, 18 Aug 2010 10:09:27 +0000 (06:09 -0400)]
s3-ads: cleanup ads_keytab_create_default()
Simo Sorce [Wed, 18 Aug 2010 08:33:32 +0000 (04:33 -0400)]
s3-ads: cleanup ads_keytab_add_entry()
Simo Sorce [Wed, 18 Aug 2010 08:16:41 +0000 (04:16 -0400)]
s3-ads: Split, simplify and cleanup keytab functions
add helper function for both smb_krb5_kt_add_entry_ext() and
ads_keytab_flush()
Volker Lendecke [Wed, 18 Aug 2010 11:20:50 +0000 (13:20 +0200)]
s3: Fix serverid_register_msg_flags
Thanks, Andreas, for pointing this out! (How drunk have I been?...)
Andreas Schneider [Wed, 18 Aug 2010 10:08:47 +0000 (12:08 +0200)]
s3-lib: Fixed a possible crash bug.
Volker please check!
Andreas Schneider [Thu, 29 Apr 2010 12:00:30 +0000 (14:00 +0200)]
s3-printing: Added function to update the queue.
Andreas Schneider [Thu, 29 Apr 2010 11:43:40 +0000 (13:43 +0200)]
s3-printing: Rename jobs_changed functions to jobs_added.
Volker Lendecke [Wed, 18 Aug 2010 09:17:52 +0000 (11:17 +0200)]
s3: Fix an uninitialized variable
Volker Lendecke [Tue, 17 Aug 2010 07:34:27 +0000 (09:34 +0200)]
s3: Use pipe_struct->client_id->name for pjob.clientmachine
Volker Lendecke [Tue, 17 Aug 2010 07:17:26 +0000 (09:17 +0200)]
s3: Move initializing pjob.clientname to print_job_start()
Volker Lendecke [Mon, 16 Aug 2010 09:01:26 +0000 (11:01 +0200)]
s3: Add "client_id" to pipes_struct
Volker Lendecke [Mon, 16 Aug 2010 07:39:29 +0000 (09:39 +0200)]
s3: Remove unneeded "client_address" from connection_struct
Volker Lendecke [Mon, 16 Aug 2010 06:30:36 +0000 (08:30 +0200)]
s3: Add smbd_server_connection->client_id
Volker Lendecke [Sun, 15 Aug 2010 14:13:00 +0000 (16:13 +0200)]
s3: Lift smbd_server_fd from reload_services()
Günther Deschner [Tue, 17 Aug 2010 13:03:58 +0000 (15:03 +0200)]
s3-build: only include smb_signing.h where needed.
Guenther
Andrew Bartlett [Wed, 18 Aug 2010 03:15:03 +0000 (13:15 +1000)]
s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed)
James Peach [Thu, 12 Aug 2010 21:31:52 +0000 (14:31 -0700)]
smbtorture: Make SAMBA3CASEINSENSITIVE report failures properly.
James Peach [Thu, 12 Aug 2010 19:36:24 +0000 (12:36 -0700)]
smbtorture: Emit correct test results if setup fails.
If the test setup fails, we still need to format the test result for the
UI. At leas in the subunit case, the format doesn't specify what to do
here, so we fail every test manually with the setup failure message.
James Peach [Thu, 12 Aug 2010 19:35:53 +0000 (12:35 -0700)]
smbtorture: Ensure that the RPC setup returns correct status.
Andrew Bartlett [Wed, 18 Aug 2010 00:00:40 +0000 (10:00 +1000)]
s4:ldap_server use talloc_unlink() to avoid talloc_free() with references
Both the session_info and the ldb can have references.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 10:33:36 +0000 (20:33 +1000)]
s4:auth Change {anonymous,system}_session to use common session_info generation
This also changes the primary group for anonymous to be the anonymous
SID, and adds code to detect and ignore this when constructing the token.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 09:55:30 +0000 (19:55 +1000)]
s4:auth Avoid doing database lookups for NT AUTHORITY users
Andrew Bartlett [Sat, 14 Aug 2010 07:45:57 +0000 (17:45 +1000)]
s4:auth Remove system_session_anon() from python bindings
Andrew Bartlett [Sat, 14 Aug 2010 04:16:41 +0000 (14:16 +1000)]
s4:auth Remove the system:anonymous parameter used for the LDAP backend
This isn't needed any more, and just introduces complexity.
Andrew Bartlett [Sat, 14 Aug 2010 04:15:49 +0000 (14:15 +1000)]
s4:auth Remove special case constructor for admin_session()
There isn't a good reason why this code is duplicated.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 03:30:51 +0000 (13:30 +1000)]
s4:security Remove use of user_sid and group_sid from struct security_token
This makes the structure more like Samba3's NT_USER_TOKEN
Andrew Bartlett [Sat, 14 Aug 2010 03:28:40 +0000 (13:28 +1000)]
s4:ntvfs Don't treat the user SID and primary group SID special for idmap
This simply askes IDMAP about all the user SIDs, rather than the user
and group sid, followed by all but the first two sids from the token.
Andrew Bartlett
Andrew Bartlett [Sat, 14 Aug 2010 03:26:35 +0000 (13:26 +1000)]
s4:security Bring in #defines for the user and primary group token location
This will allow us to stop duplicating the user and primary group SID in the
struct security_token, and therefore make it more like the NT_USER_TOKEN
in Samba3.
Andrew Bartlett
Volker Lendecke [Mon, 16 Aug 2010 06:00:48 +0000 (08:00 +0200)]
s3: Remove smbd_server_fd() from session_claim
Volker Lendecke [Sun, 15 Aug 2010 13:46:29 +0000 (15:46 +0200)]
s3: Remove smbd_server_fd() from read_smb_length()
Volker Lendecke [Sun, 15 Aug 2010 13:45:21 +0000 (15:45 +0200)]
s3: Move read_smb_length() to smbd/reply.c
Volker Lendecke [Sun, 15 Aug 2010 13:40:08 +0000 (15:40 +0200)]
s3: Remove smbd_server_fd from receive_smb_raw
This is only called from client code
Volker Lendecke [Sun, 15 Aug 2010 13:38:31 +0000 (15:38 +0200)]
s3: Lift smbd_server_fd() from receive_smb_raw_talloc
Volker Lendecke [Sun, 15 Aug 2010 13:36:28 +0000 (15:36 +0200)]
s3: Lift smbd_server_fd() from read_smb_length_return_keepalive
Volker Lendecke [Sun, 15 Aug 2010 13:30:21 +0000 (15:30 +0200)]
s3: Lift smbd_server_fd() from read_data()
All callers have appropriate debug messages themselves
Volker Lendecke [Sun, 15 Aug 2010 13:23:47 +0000 (15:23 +0200)]
s3: Lift smbd_server_fd() from read_fd_with_timeout()