kai/samba.git
12 years agoWHATSNEW: Start WHATSNEW for 3.3.0pre1.
Karolin Seeger [Wed, 6 Aug 2008 12:26:41 +0000 (14:26 +0200)]
WHATSNEW: Start WHATSNEW for 3.3.0pre1.

Karolin
(This used to be commit 28ae738eee37face7dc5e938a036f0c2d3d2a9d6)

12 years agolibnetapi: fix build of shared library after libnet_join changes.
Michael Adam [Wed, 6 Aug 2008 11:56:52 +0000 (13:56 +0200)]
libnetapi: fix build of shared library after libnet_join changes.

This needs create_builtin_administrators() and create_builtin_users()
from token_utils now. Did not pop up because the only users of the
shared lib currently are the examples in lib/netapi/examples/
which are not automatically built.

Michael
(This used to be commit 8dca23a5597a717c7f79bab0494122e71528272b)

12 years agofixed permissions on ctdb databases
Andrew Tridgell [Wed, 6 Aug 2008 06:35:43 +0000 (16:35 +1000)]
fixed permissions on ctdb databases
(This used to be commit 123fc3980a83d956bffaa689f3af81bbf81ce1c1)

12 years agofixed a fd leak when trying to regain contact to a domain controller
Andrew Tridgell [Wed, 6 Aug 2008 04:02:45 +0000 (14:02 +1000)]
fixed a fd leak when trying to regain contact to a domain controller
in winbind

When a w2k3 DC is rebooted the 139/445 ports come up before the
udp/389 cldap port. During this brief period, winbind manages to
connect to 139/445 but not to udp 389. It then enters a tight loop
where it leaks one fd each time. In a couple of seconds it runs out of
file descriptors, and leaves winbind crippled after the DC does
finally come up
(This used to be commit 57187cafbcc053e75bb54750494df9feabe3a738)

12 years agodbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().
Michael Adam [Tue, 5 Aug 2008 21:38:56 +0000 (23:38 +0200)]
dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().

Michael
(This used to be commit f8f21c8e3922806230e240cb54205fc2db7a3619)

12 years agosecrets: fix replacemend random seed generator (security issue).
Michael Adam [Tue, 5 Aug 2008 21:14:05 +0000 (23:14 +0200)]
secrets: fix replacemend random seed generator (security issue).

This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval  as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.

The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
   instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
   of sys_getpid() + 1 and incremented in subsequent calls.

In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.

Michael
(This used to be commit bfc5d34a196f667276ce1e173821db478d01258b)

12 years agodbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().
Michael Adam [Tue, 5 Aug 2008 21:13:06 +0000 (23:13 +0200)]
dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().

Michael
(This used to be commit 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0)

12 years agoidmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
Michael Adam [Tue, 5 Aug 2008 20:38:44 +0000 (22:38 +0200)]
idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().

The race is a regression introduced by the change to dbwrap.
It might have led to two concurrent processes returning the same id.

This fix is achieved by changing dbwrap_change_uint32_atomic() to
match the original behaviour of tdb_change_uint32_atomic(), which
is the following: *oldval is used as initial value when
the value does not yet exist and that the old value should be
returned in *oldval.

dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
to get new ids.

Michael
(This used to be commit 72bd83fea7572a6202027b200d192c05023aa633)

12 years agoregistry: use _bystring wrappers to dbwrap_trans_(store|delete).
Michael Adam [Mon, 4 Aug 2008 21:30:16 +0000 (23:30 +0200)]
registry: use _bystring wrappers to dbwrap_trans_(store|delete).

Michael
(This used to be commit 103ce6c9e94ce74e616fe922f2584fd46ae1f3f8)

12 years agoBuilding cifs.upcall is giving this build warning:
Steve French [Tue, 5 Aug 2008 20:36:11 +0000 (15:36 -0500)]
Building cifs.upcall is giving this build warning:

   client/cifs.upcall.c:205: warning: function declaration isn’t a prototype

This patch fixes this by properly declaring usage() args as void.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(This used to be commit 148a012421cdd875167e708c5dfa771d97bf9856)

12 years agocifs.upcall: fix manpage and comments
Steve French [Tue, 5 Aug 2008 18:27:07 +0000 (13:27 -0500)]
cifs.upcall: fix manpage and comments

The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
 docs-xml/manpages-3/cifs.upcall.8.xml |    4 ++--
 source/client/cifs.upcall.c           |    8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)
(This used to be commit 24a93d03c2ca4e718968e2024604e0f398c96659)

12 years agoBacking out most of changeset 5222b8db3fb692e5071bfd1b41849a8eb0a17995
Steve French [Tue, 5 Aug 2008 18:15:46 +0000 (13:15 -0500)]
Backing out most of changeset 5222b8db3fb692e5071bfd1b41849a8eb0a17995
(so parsing for domain parameter in mount.cifs matches online help)
and rephrasing original code to make it more clear.

The check for "domain" was meant to allow for "dom" or "DOM" and the
option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the
shorter ("dom") form.  The reason that the string we compare against
is larger was to improve readability (we could compare against "dom"
but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed
terser to just show the larger string in the strcmp target.   The
change to "workgoup" from workg* (anything which begins with "workg"
doesn't matter - it is a minor behavior change - but probably few
scripts depend on the "alias" for this option).

Rework code so that it is clearer what we are comparing against.
(This used to be commit 92fad0fc537e75c726d5d6794dd0c4fd61edca2d)

12 years agoman pages: Improve description of boolean values in smb.conf.5.
Karolin Seeger [Tue, 5 Aug 2008 12:20:32 +0000 (14:20 +0200)]
man pages: Improve description of boolean values in smb.conf.5.

This fixes bug #5378.
Thanks Morton K. Poulsen <morten+bugzilla.samba.org [at] afdelingp.dk>
for reporting!

Karolin
(This used to be commit 8195ca2132cbdba396dc35e9d04d4bdc3a8a666c)

12 years agoman pages: Add documentation about smbclient command "rename".
Karolin Seeger [Tue, 5 Aug 2008 12:10:11 +0000 (14:10 +0200)]
man pages: Add documentation about smbclient command "rename".

This fixes bug #5268.
Thanks to Alexander Franz <a.franz [at] gmx.net> for reporting!

Karolin
(This used to be commit 0a93fd2dedfa7fed1ad0b8a5e079bf7be72a4bd5)

12 years agoREADME.Coding: A few minor fixes.
Karolin Seeger [Tue, 5 Aug 2008 10:55:20 +0000 (12:55 +0200)]
README.Coding: A few minor fixes.

Karolin
(This used to be commit e61c6963cc25883c0b6e7e20596723397e294807)

12 years agolibnet_keytab: fix the build with heimdal
Stefan Metzmacher [Mon, 4 Aug 2008 12:28:02 +0000 (14:28 +0200)]
libnet_keytab: fix the build with heimdal

metze
(This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655)

12 years agoclikrb5: don't use krb5_keyblock_init() when no salt is specified
Stefan Metzmacher [Mon, 4 Aug 2008 11:52:18 +0000 (13:52 +0200)]
clikrb5: don't use krb5_keyblock_init() when no salt is specified

If the caller wants to create a key with no salt we should
not use krb5_keyblock_init() (only used when using heimdal)
because it does sanity checks on the key length.

metze
(This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)

12 years agocli_request_new() already gave use the req, remove a pointless function call
Volker Lendecke [Fri, 1 Aug 2008 14:05:49 +0000 (16:05 +0200)]
cli_request_new() already gave use the req, remove a pointless function call
(This used to be commit 08e97bd369ebe3ab1fd92433b168585faea92c68)

12 years agoFix a typo
Volker Lendecke [Fri, 1 Aug 2008 13:29:06 +0000 (15:29 +0200)]
Fix a typo
(This used to be commit 37bd2815c70176046bbe0232222b9f59dfa159c4)

12 years agolibnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync().
Michael Adam [Fri, 1 Aug 2008 15:13:42 +0000 (17:13 +0200)]
libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync().

Don't leak temporary data to callers but use a temporary context
that is freed at the end.

Michael
(This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25)

12 years agolibnet dssync: fix memory allocation for error/result messages.
Michael Adam [Fri, 1 Aug 2008 15:10:59 +0000 (17:10 +0200)]
libnet dssync: fix memory allocation for error/result messages.

Use the libnet_dssync_context as a talloc context for the
result_message and error_message string members.
Using the passed in mem_ctx makes the implicit assumption
that mem_ctx is at least as long-lived as the libnet_dssync_context,
which is wrong.

Michael
(This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)

12 years agodssync keytab: add comment header explaining add_to_keytab_entries().
Michael Adam [Fri, 1 Aug 2008 15:09:08 +0000 (17:09 +0200)]
dssync keytab: add comment header explaining add_to_keytab_entries().

Michael
(This used to be commit 1072bd9f96ff3853e5ff58239123fc8c76a99063)

12 years agolibnet dssync: add my C after dssync keytab changes.
Michael Adam [Fri, 1 Aug 2008 12:26:46 +0000 (14:26 +0200)]
libnet dssync: add my C after dssync keytab changes.

Michael
(This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d)

12 years agovampire keytab: add command line switch --clean-old-entries .
Michael Adam [Thu, 31 Jul 2008 22:12:18 +0000 (00:12 +0200)]
vampire keytab: add command line switch --clean-old-entries .

This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).

Michael
(This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)

12 years agodssync: add clean_old_entries flag to dssync_ctx.
Michael Adam [Thu, 31 Jul 2008 22:09:28 +0000 (00:09 +0200)]
dssync: add clean_old_entries flag to dssync_ctx.

Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().

Unused yet.

Michael

Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)

12 years agolibnet keytab: implement cleaning of old entries in libnet_keytab_add().
Michael Adam [Thu, 31 Jul 2008 22:07:40 +0000 (00:07 +0200)]
libnet keytab: implement cleaning of old entries in libnet_keytab_add().

Triggered by the flag clean_old_entries from the libnet_keytab_contex
(unused yet...).

Michael
(This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f)

12 years agolibnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries()
Michael Adam [Thu, 31 Jul 2008 22:05:42 +0000 (00:05 +0200)]
libnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries()

to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)

This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.

Michael
(This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a)

12 years agolibnet keytab: add flag clean_old_entries to libnet_keytab_context.
Michael Adam [Thu, 31 Jul 2008 22:03:10 +0000 (00:03 +0200)]
libnet keytab: add flag clean_old_entries to libnet_keytab_context.

Michael
(This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c)

12 years agolibnet keytab: use proper counter type (uint32_t) in libnet_keytab_add().
Michael Adam [Thu, 31 Jul 2008 21:15:35 +0000 (23:15 +0200)]
libnet keytab: use proper counter type (uint32_t) in libnet_keytab_add().

Michael
(This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9)

12 years agovampire keytab: introduce switch --single-obj-repl.
Michael Adam [Thu, 31 Jul 2008 21:05:45 +0000 (23:05 +0200)]
vampire keytab: introduce switch --single-obj-repl.

This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.

NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.

Michael
(This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6)

12 years agodssync keytab: when not in single object replication mode, use object dn list as...
Michael Adam [Thu, 31 Jul 2008 20:53:41 +0000 (22:53 +0200)]
dssync keytab: when not in single object replication mode, use object dn list as write filter.

I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.

Michael
(This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)

12 years agodssync keytab: support storing kerberos keys from supplemental credentials.
Michael Adam [Thu, 31 Jul 2008 10:25:06 +0000 (12:25 +0200)]
dssync keytab: support storing kerberos keys from supplemental credentials.

Michael
(This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c)

12 years agolibnet dssync: rename flag single to single_object_replication
Michael Adam [Wed, 30 Jul 2008 15:53:28 +0000 (17:53 +0200)]
libnet dssync: rename flag single to single_object_replication

So that it is more obvious what this controls.

Michael
(This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d)

12 years agonet rpc vampire: rename --repl-nodiff to --force-full-repl.
Michael Adam [Wed, 30 Jul 2008 15:46:13 +0000 (17:46 +0200)]
net rpc vampire: rename --repl-nodiff to --force-full-repl.

This more clear.

Michael
(This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca)

12 years agolibnet dssync: rename repl_nodiff flag to force_full_replication.
Michael Adam [Wed, 30 Jul 2008 15:44:22 +0000 (17:44 +0200)]
libnet dssync: rename repl_nodiff flag to force_full_replication.

Michael
(This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914)

12 years agolibnet dssync: support lists of dns (instead of one dn) for single object replication.
Michael Adam [Wed, 30 Jul 2008 11:02:36 +0000 (13:02 +0200)]
libnet dssync: support lists of dns (instead of one dn) for single object replication.

Just specify several DNs separated by spaces on the command line of
"net rpc vampire keytab" to get the passwords for each of these
accouns via single object replication.

Michael
(This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5)

12 years agolibnet dssync: move determination of request level into build_request()
Michael Adam [Wed, 30 Jul 2008 10:35:45 +0000 (12:35 +0200)]
libnet dssync: move determination of request level into build_request()

...where it belongs.

Michael
(This used to be commit 012b33f1c52df086e4f20e7494248d98fbced76a)

12 years agolibnet dssync: refactor dsgetncchanges loop out into libnet_dssync_getncchanges().
Michael Adam [Wed, 30 Jul 2008 10:32:30 +0000 (12:32 +0200)]
libnet dssync: refactor dsgetncchanges loop out into libnet_dssync_getncchanges().

Michael
(This used to be commit 93cda1aa0a627e81eff46547b247801aec2880a3)

12 years agolibnet dssync: fix single object replication by adding one check.
Michael Adam [Wed, 30 Jul 2008 10:31:38 +0000 (12:31 +0200)]
libnet dssync: fix single object replication by adding one check.

Before, this used the old uptodate vector in the request...

Michael
(This used to be commit 04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d)

12 years agolibnet dssync: simplify logic of libnet_dssync_process() main loop.
Michael Adam [Wed, 30 Jul 2008 10:00:49 +0000 (12:00 +0200)]
libnet dssync: simplify logic of libnet_dssync_process() main loop.

Untangle parsing of results and processing.
Make loop logic more obvious.
Call finishing operation after the loop, not inside.

Michael
(This used to be commit 47c8b3391cb1bb9656f93b55f9ea39c78b74ed36)

12 years agolibnet dssync: refactor creation of request out into new function
Michael Adam [Wed, 30 Jul 2008 08:27:00 +0000 (10:27 +0200)]
libnet dssync: refactor creation of request out into new function

libnet_dssync_build_request().

Michael
(This used to be commit d745c1af405058ec23d7d0c139505576a99f9057)

12 years agovampire keytab: add switch --repl-nodiff to trigger full replication.
Michael Adam [Tue, 29 Jul 2008 20:52:59 +0000 (22:52 +0200)]
vampire keytab: add switch --repl-nodiff to trigger full replication.

I.e. replication without keeping track of the up to date vector.

Michael
(This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac)

12 years agodssync keytab: store the samaccountname in the keytab for diff replication.
Michael Adam [Tue, 29 Jul 2008 16:07:07 +0000 (18:07 +0200)]
dssync keytab: store the samaccountname in the keytab for diff replication.

When retreiving a diff replication, the sAMAccountName attribute is usually
not replicated. So in order to build the principle, we need to store the
sAMAccounName in the keytab, referenced  by the DN of the object, so that
it can be retrieved if necessary.

It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name
with kvno=0 and ENCTYPE_NONE.

Michael
(This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e)

12 years agodssync keytab: move handling of removal of duplicates to libnet_keytab_add_entry().
Michael Adam [Tue, 29 Jul 2008 16:05:13 +0000 (18:05 +0200)]
dssync keytab: move handling of removal of duplicates to libnet_keytab_add_entry().

This makes libnet_keytab_remove_entries static and moves it up.
libnet_keytab_add_entry() now removes the duplicates in advance.
No special handling neede for the UTDV - this is also needed
for other entries...

Michael
(This used to be commit 3c463745445f6b64017918f442bf1021be219e83)

12 years agolibnet_keytab: add some debug statements to libnet_keytab_search().
Michael Adam [Tue, 29 Jul 2008 15:54:01 +0000 (17:54 +0200)]
libnet_keytab: add some debug statements to libnet_keytab_search().

Michael
(This used to be commit d3354c3516b56f254583f3dd065302b27d02af2b)

12 years agodssync keytab: store the UpToDate vector with ENCTYPE_NULL.
Michael Adam [Tue, 29 Jul 2008 13:23:12 +0000 (15:23 +0200)]
dssync keytab: store the UpToDate vector with ENCTYPE_NULL.

Michael
(This used to be commit 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d)

12 years agolibnet keytab: use libnet_keytab_add_entry() in libnet_keytab_add().
Michael Adam [Tue, 29 Jul 2008 13:21:30 +0000 (15:21 +0200)]
libnet keytab: use libnet_keytab_add_entry() in libnet_keytab_add().

This will in particular allow us to store ENCTYPE_NULL.

Michael
(This used to be commit 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6)

12 years agolibnet keytab: add function libnet_keytab_add_entry()
Michael Adam [Tue, 29 Jul 2008 13:19:18 +0000 (15:19 +0200)]
libnet keytab: add function libnet_keytab_add_entry()

This is a stripped down version of smb_krb5_kt_add_entry() that
takes one explicit enctype instead of an array. And it does
not neither salting of keys nor cleanup of old entries.

Michael
(This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3)

12 years agodssync keytab: log the DN of the object to be parsed.
Michael Adam [Tue, 29 Jul 2008 12:15:07 +0000 (14:15 +0200)]
dssync keytab: log the DN of the object to be parsed.

For debugging purposes.

Michael
(This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6)

12 years agodssync keytab: remove old UpToDateNess vectors from keytab before storing new one.
Michael Adam [Tue, 29 Jul 2008 12:13:37 +0000 (14:13 +0200)]
dssync keytab: remove old UpToDateNess vectors from keytab before storing new one.

Michael
(This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)

12 years agolibnet keytab: add function libnet_keytab_remove_entries().
Michael Adam [Tue, 22 Jul 2008 09:39:01 +0000 (11:39 +0200)]
libnet keytab: add function libnet_keytab_remove_entries().

This can be used to remove entries of given principal, kvno and enctype.

Michael
(This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087)

12 years agolibnet_keytab: cleanup libnet_keytab_search().
Michael Adam [Tue, 29 Jul 2008 12:39:40 +0000 (14:39 +0200)]
libnet_keytab: cleanup libnet_keytab_search().

Michael
(This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8)

12 years agolibnet keytab: test for matching enctype in libnet_keytab_search().
Michael Adam [Tue, 29 Jul 2008 11:32:17 +0000 (13:32 +0200)]
libnet keytab: test for matching enctype in libnet_keytab_search().

Michael
(This used to be commit 484b35f319178f360e406a1bc725dca2e9d95ee3)

12 years agodssync keytab: add parsing and logging of servicePrincipalName-s
Michael Adam [Tue, 29 Jul 2008 10:55:19 +0000 (12:55 +0200)]
dssync keytab: add parsing and logging of servicePrincipalName-s

As with the userPrincipalName, this is for debugging purposes only (for now..).

Michael
(This used to be commit 7a1d526cba4c93bb858a60d04b6486507fc25398)

12 years agodssync keytab: fix comma placement in debug output
Michael Adam [Tue, 29 Jul 2008 10:54:46 +0000 (12:54 +0200)]
dssync keytab: fix comma placement in debug output

Michael
(This used to be commit d21ea83f9392c8fa002d5b924dddca4190e82d09)

12 years agodssync keytab: add debugging output when skipping an object.
Michael Adam [Tue, 29 Jul 2008 08:17:15 +0000 (10:17 +0200)]
dssync keytab: add debugging output when skipping an object.

Michael
(This used to be commit f3c110097f2f6c5dd329f2ca595644c6a368a552)

12 years agolibnet keytab: add enctype parameter to libnet_keytab_search().
Michael Adam [Tue, 29 Jul 2008 08:16:37 +0000 (10:16 +0200)]
libnet keytab: add enctype parameter to libnet_keytab_search().

Not really used yet.

Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now).
This is what is currently stored. This is to be changed
to ENCTYPE_NULL.

Michael
(This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e)

12 years agodssync keytab: add store enctypes in the libnet_keytype_entry structs.
Michael Adam [Mon, 28 Jul 2008 12:42:30 +0000 (14:42 +0200)]
dssync keytab: add store enctypes in the libnet_keytype_entry structs.

Still unused by the libnet_keytab_add() function.
This will follow.
In preparation of supporting multiple encryption types in libnet_dssync_keytab.

Michael
(This used to be commit 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9)

12 years agolibnet_keytab: add enctype field to libnet_keytab_entry struct.
Michael Adam [Mon, 28 Jul 2008 12:40:54 +0000 (14:40 +0200)]
libnet_keytab: add enctype field to libnet_keytab_entry struct.

In preparation of supporting more enctyption types in libnet_dssync_keytab.

Michael
(This used to be commit 2b000a2acde8a09dabb538bdf89d7b885ce361d2)

12 years agodssync: allow replications of a single obj with net rpc vampire keytab.
Michael Adam [Thu, 17 Jul 2008 22:18:40 +0000 (00:18 +0200)]
dssync: allow replications of a single obj with net rpc vampire keytab.

This is triggered by setting the new "single" flag in the dssync_context
and filling the "object_dn" member with the dn of the object to be
fetched.

This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ
extended operation in the DsGetNCCHanges request. This variant does
honor an up-to-date-ness vectore passed in, but the answer does not
return a new up-to-dateness vector.

Call this operation as "net rpc vampire keytab /path/keytab object_dn" .

Michael
(This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0)

12 years agodssync: pass uptodateness vector into and out of DsGetNCChanges request.
Michael Adam [Wed, 16 Jul 2008 23:05:06 +0000 (01:05 +0200)]
dssync: pass uptodateness vector into and out of DsGetNCChanges request.

Also store the new uptodateness vector in the backend after completion
and retrieve the old vector before sending the DsGetNCChanges request.

This effectively accomplishes differential replication.

Michael
(This used to be commit a2a88808df16d153f45337b740391d419d87e87a)

12 years agodssync: skip analysis of the msDS_KeyVersionNumber attribute:
Michael Adam [Thu, 17 Jul 2008 11:32:19 +0000 (13:32 +0200)]
dssync: skip analysis of the msDS_KeyVersionNumber attribute:

It is a calculated attribute that won't get distributed via replication.

Michael
(This used to be commit d75b7a2052f1e447f2b3b63fdb054abef4403edf)

12 years agodssync: either use the req5 or the req8 request, depending on the supported_extenstion
Michael Adam [Thu, 17 Jul 2008 11:05:43 +0000 (13:05 +0200)]
dssync: either use the req5 or the req8 request, depending on the supported_extenstion

that have been recorded in the remote_info28 in the dssync_context.

Michael
(This used to be commit 3a2a69137e69c4bd0faa6af22d17e11dac022049)

12 years agodssync: record the bind info in the new remote_info28 in libnet_dssync_bind().
Michael Adam [Thu, 17 Jul 2008 11:04:04 +0000 (13:04 +0200)]
dssync: record the bind info in the new remote_info28 in libnet_dssync_bind().

This extracts the info24 data in case this is what was returned (instead of info28).
E.g. windows 2000 returns info24.

Michael
(This used to be commit 61b41aa615d5d46305653845584df7b1803f07ec)

12 years agodssync: add a drsuapi_DsBindInfo28 struct to the dssync_context struct
Michael Adam [Thu, 17 Jul 2008 11:02:31 +0000 (13:02 +0200)]
dssync: add a drsuapi_DsBindInfo28 struct to the dssync_context struct

to keep track of what the server told us upon DsBind.

Michael
(This used to be commit bf17d6af6104d20019a43e5486257085b9786793)

12 years agodssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checks
Michael Adam [Thu, 17 Jul 2008 09:54:32 +0000 (11:54 +0200)]
dssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checks

Michael
(This used to be commit 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5)

12 years agodssync keytab: add support for keeping track of the up-to-date-ness vector.
Michael Adam [Wed, 16 Jul 2008 22:54:35 +0000 (00:54 +0200)]
dssync keytab: add support for keeping track of the up-to-date-ness vector.

The startup operation should get the old up-to-date-ness vector from the backend
and the finish operation should store the new vector to the backend after replication.

This adds the change of the signatures of the operations ot the dssync_ops struct
and the implementation for the keytab ops. The up-to-date-ness vector is stored
under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name.

The vector is still uninterpreted in libnet_dssync_process().
This will be the next step...

This code is essentially by Metze.

Michael
(This used to be commit 01318fb27a1aa9e5fed0d4dd882a123ab568ac37)

12 years agolibnet_keytab: add a libnet_keytab_search() function
Michael Adam [Wed, 16 Jul 2008 22:53:13 +0000 (00:53 +0200)]
libnet_keytab: add a libnet_keytab_search() function

that searches and fetches an entry from a keytab file by principal and kvno.

This code is by metze.

Michael
(This used to be commit a51a60066b6703fc4e5db3536903abf1cdaca885)

12 years agodssync keytab: use add_to_keytab_entries() for pwd history in parse_object().
Michael Adam [Wed, 23 Jul 2008 22:30:07 +0000 (00:30 +0200)]
dssync keytab: use add_to_keytab_entries() for pwd history in parse_object().

Michael
(This used to be commit 61f071de92a7011c70f72dc31fef4430ffb1515a)

12 years agodssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility.
Michael Adam [Wed, 16 Jul 2008 21:12:31 +0000 (23:12 +0200)]
dssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility.

This will allow to construct principals of the form PREFIX/name@domain

Michael
(This used to be commit 7dd32b56a65574db95f4a0e136f54bd73862c59f)

12 years agodssync keytab: add check for success of ADD_TO_ARRAY().
Michael Adam [Wed, 16 Jul 2008 21:10:20 +0000 (23:10 +0200)]
dssync keytab: add check for success of ADD_TO_ARRAY().

Michael
(This used to be commit e6f6e61da46f02bb2676c705974adc26bdfa2623)

12 years agodssync keytab: refactor adding entry to keytab_context out into new function
Michael Adam [Wed, 16 Jul 2008 21:08:40 +0000 (23:08 +0200)]
dssync keytab: refactor adding entry to keytab_context out into new function

add_to_keytab_entries()

Michael
(This used to be commit 79151db6eae234a1f9e5131b7776689a4f03a0ef)

12 years agodssync: replace the processing_fn by startup/process/finish ops.
Michael Adam [Wed, 16 Jul 2008 15:12:04 +0000 (17:12 +0200)]
dssync: replace the processing_fn by startup/process/finish ops.

This remove static a variable for the keytab context in the keytab
processing function and simplifies the signature. The keytab context
is instead in the new private data member of the dssync_context struct.

This is in preparation of adding support for keeping track of the
up-to-date-ness vector, in order to be able to sync diffs instead
of the whole database.

Michael
(This used to be commit c51c3339f35e3bd921080d2e226e2422fc23e1e6)

12 years agoSamba3 HowTo: Fix duplicate chapter id.
Karolin Seeger [Fri, 1 Aug 2008 12:10:28 +0000 (14:10 +0200)]
Samba3 HowTo: Fix duplicate chapter id.

Karolin
(This used to be commit f67b6fd97e177a527e896861f337c2e70541f697)

12 years agonetapi: when using NetApi functions forward net's kerberos setting.
Günther Deschner [Thu, 31 Jul 2008 13:14:14 +0000 (15:14 +0200)]
netapi: when using NetApi functions forward net's kerberos setting.

Guenther
(This used to be commit d46f648d2e25ad712138f02e5060288278f4c1b1)

12 years agonet: Use NetLocalGroupAdd() for adding aliases.
Günther Deschner [Thu, 31 Jul 2008 13:12:09 +0000 (15:12 +0200)]
net: Use NetLocalGroupAdd() for adding aliases.

Guenther
(This used to be commit 2ed4ce0bf1723e35a6c5dfa7f8fa58fb9c7ab469)

12 years agonetapi: in NetLocalGroupAdd_r() only set description if necessary.
Günther Deschner [Thu, 31 Jul 2008 13:11:20 +0000 (15:11 +0200)]
netapi: in NetLocalGroupAdd_r() only set description if necessary.

Guenther
(This used to be commit 7e9fa2c5396d3663e83ffbf90475473fdb509871)

12 years agolibnetunjoin: add use_kerberos flag.
Günther Deschner [Thu, 31 Jul 2008 12:23:23 +0000 (14:23 +0200)]
libnetunjoin: add use_kerberos flag.

Guenther
(This used to be commit 2b262ca20de2a41833f68a88646a8df4d9507782)

12 years agonet: add "-k" switch for kerberos authentication (in preparation for #5416).
Günther Deschner [Wed, 30 Jul 2008 19:37:09 +0000 (21:37 +0200)]
net: add "-k" switch for kerberos authentication (in preparation for #5416).

Guenther
(This used to be commit 4cce94d464b16d29b638da3a581d98a237959b63)

12 years agolibnetjoin: add use_kerberos flag.
Günther Deschner [Wed, 30 Jul 2008 19:36:28 +0000 (21:36 +0200)]
libnetjoin: add use_kerberos flag.

Guenther
(This used to be commit 956c949dc739a8b3e9de3bb6f1af8e0e8b18dc98)

12 years agorpc_client: use init_samr_CryptPassword(Ex) in client tools.
Günther Deschner [Wed, 30 Jul 2008 17:52:56 +0000 (19:52 +0200)]
rpc_client: use init_samr_CryptPassword(Ex) in client tools.

Guenther
(This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)

12 years agoFix uninitialized variables.
Jeremy Allison [Wed, 30 Jul 2008 23:06:30 +0000 (16:06 -0700)]
Fix uninitialized variables.
Jeremy.
(This used to be commit 1db7e00a5400863fd5dbb81c1a4c6ea6092d0495)

12 years agoFix duplicate gloabl warning.
Jeremy Allison [Wed, 30 Jul 2008 22:01:33 +0000 (15:01 -0700)]
Fix duplicate gloabl warning.
Jeremy.
(This used to be commit 6da33797b0549a2da7dc0fa7ee21dc5e8a6b1459)

12 years agoRemoved redundant logging from create_builtin_users and create_builtin_administrators
Tim Prouty [Wed, 30 Jul 2008 16:35:13 +0000 (09:35 -0700)]
Removed redundant logging from create_builtin_users and create_builtin_administrators

The Debug messages in create_builtin_users and create_builtin_users have now
been encapsulated in add_sid_to_builtin.
(This used to be commit ca153139b1dced07c196aac93dbc9d9428d98124)

12 years agoEnabled domain groups to be added to builtin groups at domain join time
Tim Prouty [Thu, 24 Jul 2008 03:50:21 +0000 (20:50 -0700)]
Enabled domain groups to be added to builtin groups at domain join time

Previously this was done at token creation time if the Administrators and Users
builtins hadn't been created yet.  A major drawback to this approach is that if
a customer is joined to a domain and decides they want to join a different
domain, the domain groups from this new domain will not be added to the
builtins.

It would be ideal if these groups could be added exclusively at domain join
time, but we can't rely solely on that because there are cases where winbindd
must be running to allocate new gids for the builtins.  In the future if there
is a way to allocate gids for builtins without running winbindd, this code
can be removed from create_local_nt_token.

- Made create_builtin_users and create_builtin_administrators non-static so
they can be called from libnet
- Added a new function to libnet_join that will make a best effort to add
domain administrators and domain users to BUILTIN\Administrators and
BUILTIN\Users, respectively.  If the builtins don't exist yet, winbindd must be
running to allocate new gids, but if the builtins already exist, the domain
groups will be added even if winbindd is not running.  In the case of a
failure the error will be logged, but the join will not be failed.
- Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing.
(This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6)

12 years agoRefactored the code that adds Domain Admins to BUILTIN\Administrators to use the...
Tim Prouty [Thu, 24 Jul 2008 03:42:32 +0000 (20:42 -0700)]
Refactored the code that adds Domain Admins to BUILTIN\Administrators to use the new helper functions.

- Modified create_builtin_administrators and add_builtin_administrators to take
in the domain sid to reduce the number of times it needs to be looked up.
- Changed create_builtin_administrators to call the new helper functions.
- Changed create_local_nt_token to call the new version of
create_builtin_administrators and handle the new error that can be returned.
- Made it more explicit that add_builtin_administrators is only called when
winbindd can't be pinged.
(This used to be commit f6411ccb4a1530034e481e1c63b6114a93317b29)

12 years agoRefactored the code that adds Domain Users to BUILTIN\Users to use the new helper...
Tim Prouty [Thu, 24 Jul 2008 03:33:15 +0000 (20:33 -0700)]
Refactored the code that adds Domain Users to BUILTIN\Users to use the new helper functions.

- Modified create_builtin_users to take in the domain sid to reduce the number
of times it needs to be looked up.
- Changed create_builtin_users to call the new helper functions.
- Changed create_local_nt_token to call the new version of create_builtin_users
and handle the new error that can be returned.
(This used to be commit 8d75d40b9f6d22bae7430211f8a1fe99051b756c)

12 years agoHelper functions to enable domain groups to be added to builtin groups at domain...
Tim Prouty [Thu, 24 Jul 2008 03:24:39 +0000 (20:24 -0700)]
Helper functions to enable domain groups to be added to builtin groups at domain join time

Added two new helper functions which wrap the raw pdb alias functions so they
can be more conveniently called while adding domain groups to builtin groups.
(This used to be commit 668ef314559df40f1b8aa0991539adcd8d35ffe3)

12 years agorpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.
Günther Deschner [Wed, 30 Jul 2008 17:03:13 +0000 (19:03 +0200)]
rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper.

Guenther
(This used to be commit fef58091408cce0d7870c86f28f78cf9400cf2b6)

12 years agobuild: fix some no previous prototype warnings.
Günther Deschner [Wed, 30 Jul 2008 15:47:40 +0000 (17:47 +0200)]
build: fix some no previous prototype warnings.

Guenther
(This used to be commit 51062534fd58d7a914a6bbac2e52bb44e71363b7)

12 years agowinbindd: handle trusted domains without sid.
Günther Deschner [Tue, 29 Jul 2008 10:08:47 +0000 (12:08 +0200)]
winbindd: handle trusted domains without sid.

Guenther
(This used to be commit 0c1efc6c89b1a51a94d10971bf0fc515416709b3)

12 years agolibwbclient: let wbcStringToSid handle the global NULL sid.
Günther Deschner [Wed, 30 Jul 2008 14:59:11 +0000 (16:59 +0200)]
libwbclient: let wbcStringToSid handle the global NULL sid.

Guenther
(This used to be commit 09fed085bea9dae5bb8aacd986deed3d458e3574)

12 years agonetapi: add NetGroupGetUsers example code.
Günther Deschner [Fri, 18 Jul 2008 22:10:58 +0000 (00:10 +0200)]
netapi: add NetGroupGetUsers example code.

Guenther
(This used to be commit 0298f7fe9e273a94d14b5b6ce3dbd5e6deee9ecb)

12 years agonetapi: add NetGroupGetUsers to public header.
Günther Deschner [Fri, 18 Jul 2008 21:43:33 +0000 (23:43 +0200)]
netapi: add NetGroupGetUsers to public header.

Guenther
(This used to be commit d31f822b79ed5344ec3c6795d66ceefd024b7d30)

12 years agonetapi: add NetGroupGetUsers skeleton.
Günther Deschner [Fri, 18 Jul 2008 21:40:33 +0000 (23:40 +0200)]
netapi: add NetGroupGetUsers skeleton.

GUenther
(This used to be commit 0b4e2687ae8fb48faacceb4078d61f9fd2acea9d)

12 years agore-run make idl.
Günther Deschner [Fri, 18 Jul 2008 21:38:17 +0000 (23:38 +0200)]
re-run make idl.

Guenther
(This used to be commit 93ff6548977cb3e1c84fcb659475664de54e31b5)

12 years agonetapi: add NetGroupGetUsers to IDL.
Günther Deschner [Fri, 18 Jul 2008 21:37:31 +0000 (23:37 +0200)]
netapi: add NetGroupGetUsers to IDL.

Guenther
(This used to be commit 81be6207e51924a7632dfc0ec16ca3e570d417aa)

12 years agore-run make idl.
Günther Deschner [Fri, 18 Jul 2008 21:36:50 +0000 (23:36 +0200)]
re-run make idl.

Guenther
(This used to be commit ec2a56b5e726400f171d641587cbd0a4b99beec0)

12 years agonetapi: add some more USER_INFO structs to IDL.
Günther Deschner [Fri, 18 Jul 2008 21:36:26 +0000 (23:36 +0200)]
netapi: add some more USER_INFO structs to IDL.

Guenther
(This used to be commit 49ea8984e95618ff8dc8f1d5d757aec997899fd7)

12 years agonetapi: fix libnetapi_samr_lookup_user_map_USER_INFO.
Günther Deschner [Fri, 18 Jul 2008 21:35:33 +0000 (23:35 +0200)]
netapi: fix libnetapi_samr_lookup_user_map_USER_INFO.

Guenther
(This used to be commit 52218506d6ad51c4f340206d035f79272ba15e3b)