13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 23 Jul 2008 06:15:46 +0000 (16:15 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit 532ccbbe7aa360440f455dfa136f425b9996e998)

13 years agoRemove the 'accoc_group_id' check in the RPC server.
Andrew Bartlett [Wed, 23 Jul 2008 06:14:20 +0000 (16:14 +1000)]
Remove the 'accoc_group_id' check in the RPC server.

This check breaks more than it fixes, and while technically not
correct, is the best solution we have at this time.  Otherwise,
SCHANNEL binds from WinXP fail.

Andrew Bartlett
(This used to be commit f8628fa330abcd50923d995d5bda1f4811582ea9)

13 years agoExplain where some other OIDs are allocated.
Andrew Bartlett [Wed, 23 Jul 2008 03:49:00 +0000 (13:49 +1000)]
Explain where some other OIDs are allocated.

This is an odd place for an OID registry - we perhaps need a central
wiki page.

Andrew Bartlett
(This used to be commit 1c909973977ae117703c1ccf7589acc4625e76e5)

13 years agoChange occurrences of the u1 member of DsBindInfo* to pid after idl change.
Michael Adam [Tue, 22 Jul 2008 13:35:23 +0000 (15:35 +0200)]
Change occurrences of the u1 member of DsBindInfo* to pid after idl change.

(This used to be commit b91bbc5fe4a47e5823be6be5f2f203f1f14105de)

13 years agodrsuapi.idl: change the u1 field in DsBindInfo* to "pid".
Michael Adam [Tue, 22 Jul 2008 13:33:26 +0000 (15:33 +0200)]
drsuapi.idl: change the u1 field in DsBindInfo* to "pid".

According to the WSPP docs, section 5.35,
this is the "process identifyer" of the client.
It is meant for informational and debugging purposes
only and its assignment is implementation specific.

(This used to be commit 579306eb5b58b6c1142b3c489e4bcf6da50810d6)

13 years agodrsuapi.idl: add drsuapi_SupportedExtensionsExt bitfield.
Michael Adam [Tue, 22 Jul 2008 11:07:55 +0000 (13:07 +0200)]
drsuapi.idl: add drsuapi_SupportedExtensionsExt bitfield.

This knowledge is obtained from the wspp-docs (section 5.35).

(This used to be commit f5afb695045b1a2f3b8c00a4d82d40e8e50726c9)

13 years agodrsuapi.idl: the last 16 bytes in DsBindInfo48 ar the GUID of the config dn.
Michael Adam [Tue, 22 Jul 2008 10:46:04 +0000 (12:46 +0200)]
drsuapi.idl: the last 16 bytes in DsBindInfo48 ar the GUID of the config dn.

This bit seems not to be documented in the WSPP docs.

(This used to be commit 705f79bd0a5e93daa0cb11b5dcca36e75c75df93)

13 years agodrsuapi.idl: add drsuapi_DsBindInfo48.
Michael Adam [Tue, 22 Jul 2008 09:37:32 +0000 (11:37 +0200)]
drsuapi.idl: add drsuapi_DsBindInfo48.

This is necessary to make DsGetNcChanges work with win2008.

(This used to be commit dd278b069b8683a0e3721ebb7d0de06d2bc1c86f)

13 years agos3 cli_do_rpc_ndr does not use PI_* anymore
Volker Lendecke [Mon, 21 Jul 2008 11:05:23 +0000 (13:05 +0200)]
s3 cli_do_rpc_ndr does not use PI_* anymore
(This used to be commit e625c6b2516111002c99239c1a2188c6d5d87ab6)

13 years agoProperly cast array length in print functions.
Jelmer Vernooij [Mon, 21 Jul 2008 10:47:08 +0000 (12:47 +0200)]
Properly cast array length in print functions.
(This used to be commit f321240fa91fa19c1131f119c42f64897d220682)

13 years agoFix winbindd not to sit in a busy loop...
Andrew Bartlett [Mon, 21 Jul 2008 05:00:18 +0000 (15:00 +1000)]
Fix winbindd not to sit in a busy loop...

Clearly winbindd in Samba4 has not ever been run against windows, as
when we fixed the Samba4 server not to cause XP to loop like this,
Samba4's own client starts looping...

Andrew Bartlett
(This used to be commit 9741772190a85c7c42c17ff24a4aa3f53fbc9f3a)

13 years agoRename structures to better match the names in the WSPP IDL.
Andrew Bartlett [Mon, 21 Jul 2008 03:42:07 +0000 (13:42 +1000)]
Rename structures to better match the names in the WSPP IDL.

The 'comment' element in a number of domain structures is called
oem_information.  This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid

The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.

This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.

Andrew Bartlett
(This used to be commit 65dc0d536590d055a5ee775606ac90ee5fcaee9a)

13 years agoRemove bogus test in 'enum trusted domains' LSA server.
Andrew Bartlett [Mon, 21 Jul 2008 02:05:53 +0000 (12:05 +1000)]
Remove bogus test in 'enum trusted domains' LSA server.

The change to the RPC-LSA test proves that when the remote server has
0 trusted domains, it will return NT_STATUS_NO_MORE_ENTRIES, not

Andrew Bartlett
(This used to be commit 40a55b34c2ce75267cf004dc4cfb8153c061e66b)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Mon, 21 Jul 2008 01:27:23 +0000 (11:27 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit 55bde3c9daeafdac04574365c23d181345639f34)

13 years agoSleep longer in the hope that the OpenLDAP backend might catch up
Andrew Bartlett [Mon, 21 Jul 2008 01:18:54 +0000 (11:18 +1000)]
Sleep longer in the hope that the OpenLDAP backend might catch up
(This used to be commit 63c80c885dc3fb2228f082be8db752bb29e3962e)

13 years agoFix ldb_map to add/remove the same 'extra' objectclass
Andrew Bartlett [Mon, 21 Jul 2008 01:18:21 +0000 (11:18 +1000)]
Fix ldb_map to add/remove the same 'extra' objectclass

The code previously added data->add_objectClass, but only removed the
fixed objectclass of extensibleObject.

Found by the ldap.py test.

Andrew Bartlett
(This used to be commit 4fa15c3173a997fa0b9041161d81e742e1fdb41c)

13 years agoMake invalid 'member' detection work again.
Andrew Bartlett [Sun, 20 Jul 2008 23:36:24 +0000 (09:36 +1000)]
Make invalid 'member' detection work again.

This defines a rootdn globally, and due to OpenLDAP bugs, gives it
manage access to the whole database.  This makes the memberOf module
able to validate the links again, now we have database ACLs.

Andrew Bartlett
(This used to be commit 9fe3e9f09f89fd92f8a16768e53391ff5f8489ec)

13 years agoFix RAW-OPEN against Samba3
Volker Lendecke [Sat, 19 Jul 2008 10:47:31 +0000 (12:47 +0200)]
Fix RAW-OPEN against Samba3

This test assumed that fnums are recycled immediately after a close. This is
not true on Samba 3.

Andrew B., I assume this is just a bug in the test. Assuming recycled fnums
might be true on Windows and Samba 4, but I don't think we should assume this

(This used to be commit a4c3a59d47b2b1c794eda556d252c61907be1b3c)

13 years agoMake a seperate template for the refint configuration too
Andrew Bartlett [Fri, 18 Jul 2008 08:58:56 +0000 (18:58 +1000)]
Make a seperate template for the refint configuration too
(This used to be commit d2a527acc5ee6fe9b943657dc9c3ace920b2d619)

13 years agoPut the memberof template into a seperate setup/ file.
Andrew Bartlett [Fri, 18 Jul 2008 08:44:07 +0000 (18:44 +1000)]
Put the memberof template into a seperate setup/ file.

Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm
having with OpenLDAP

Andrew Bartlett
(This used to be commit 6d6e03834a1a77a8ceba41fbe8c9d49680065ba3)

13 years agoMore 'must be ignored' options from the MS-SMB doc.
Andrew Bartlett [Fri, 18 Jul 2008 08:40:19 +0000 (18:40 +1000)]
More 'must be ignored' options from the MS-SMB doc.

Also in particular the 'sync' flags (which Samba has traditionally

Thanks to Olivier Salamin <olivier.salamin@gmail.com> for pointing out
more flags that needed to be handled.

Andrew Bartlett
(This used to be commit 370bb39cd79fe49efd36a1ceb3e896d386e6d3ce)

13 years agoAdd the interface ID to the rpc_pipe_register_commands call in s3 srv code
Volker Lendecke [Wed, 16 Jul 2008 19:50:25 +0000 (21:50 +0200)]
Add the interface ID to the rpc_pipe_register_commands call in s3 srv code
(This used to be commit efe249928312f730ee580e72b9c640ef88b0ed5b)

13 years agodrsuapi: print out the number of linked attribute values we got
Stefan Metzmacher [Wed, 16 Jul 2008 11:02:54 +0000 (13:02 +0200)]
drsuapi: print out the number of linked attribute values we got

(This used to be commit 34f8b2abdd546f6b60ddae2ad839119f211c995c)

13 years agodrsuapi: make use of the 'more_data' field in DsGetNCChangesCtr[1|6]
Stefan Metzmacher [Wed, 16 Jul 2008 11:01:56 +0000 (13:01 +0200)]
drsuapi: make use of the 'more_data' field in DsGetNCChangesCtr[1|6]

(This used to be commit 35c7fa470a7433d081403b2b57a331c7dc287aef)

13 years agodrsuapi: check ctr6->drs_error
Stefan Metzmacher [Wed, 16 Jul 2008 11:00:07 +0000 (13:00 +0200)]
drsuapi: check ctr6->drs_error

(This used to be commit 511847f5f5015bcdef69e80b91cb08ffb1690e59)

13 years agodrsuapi: get ctr6 out of xpress compressed level
Stefan Metzmacher [Wed, 16 Jul 2008 10:58:29 +0000 (12:58 +0200)]
drsuapi: get ctr6 out of xpress compressed level

(This used to be commit 4e0708148a121bd41a12abf6122d5d6f3f09667a)

13 years agodrsuapi: total_object_count was the wrong guess
Stefan Metzmacher [Tue, 15 Jul 2008 14:59:09 +0000 (16:59 +0200)]
drsuapi: total_object_count was the wrong guess

The total_object_count member of DsGetNCChangesCtr[1|6] was wrong
it's the error code of an extended operation.

DsGetNCChangesCtr6 has a nc_object_count value which contains
the estimated amount of objects in the naming_context.

W2k seems to have a bug and sends this number of objects
in the extended_ret field. Maybe it's just a bug and
not a feature:-)

(This used to be commit 67931092128ce89aadf689a54e20d6e4a9d7fe2c)

13 years agodrsuapi.idl: fix unknowns in drsuapi_DsGetNCChangesCtr*
Stefan Metzmacher [Tue, 15 Jul 2008 13:36:54 +0000 (15:36 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsGetNCChangesCtr*

(This used to be commit 9e99e59ca7e56bf74417ec85339e09e86f50d17e)

13 years agolibnet/become_dc: an unknown field in drsuapi.idl changed to object_flags
Stefan Metzmacher [Tue, 15 Jul 2008 14:58:16 +0000 (16:58 +0200)]
libnet/become_dc: an unknown field in drsuapi.idl changed to object_flags

(This used to be commit a6198ab6cb829969b12068324d870966a6cfc029)

13 years agodrsuapi.idl: fix unknowns in drsuapi_DsReplicaObject*
Stefan Metzmacher [Tue, 15 Jul 2008 13:35:47 +0000 (15:35 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsReplicaObject*

(This used to be commit de2aed042d09ae7a31ddc4cd920c8fcf193ba06a)

13 years agodrsuapi.idl: fix unknowns in drsuapi_DsReplicaCursor[2]
Stefan Metzmacher [Tue, 15 Jul 2008 13:34:23 +0000 (15:34 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsReplicaCursor[2]

(This used to be commit a681e55067a83f06e465b81afb2b0b870b674dca)

13 years agodrsuapi.idl: correctly handle xpress compressed payload
Stefan Metzmacher [Fri, 11 Jul 2008 08:19:53 +0000 (08:19 +0000)]
drsuapi.idl: correctly handle xpress compressed payload


Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit d9d19eef4f67da89e7d818d23a2372bee6f86dba)

13 years agobecome_dc: we need to replicate using krb5 auth to work against w2k
Stefan Metzmacher [Wed, 16 Jul 2008 09:30:47 +0000 (11:30 +0200)]
become_dc: we need to replicate using krb5 auth to work against w2k

With NTLMSSP we just get strange responses with a random object count
and a NULL object list. On the domain partition where we try to replicate
the password fields.

(This used to be commit ce12a9105113ad7cff96b7d553a8d69901c56de7)

13 years agoNET-API-BECOME-DC: fix crash bugs because of unintialized variables
Stefan Metzmacher [Tue, 15 Jul 2008 16:28:25 +0000 (18:28 +0200)]
NET-API-BECOME-DC: fix crash bugs because of unintialized variables

(This used to be commit 6acf42c2e41bb1d44c1fcaaaa58fc3f148491836)

13 years agoAnother kludge to let the OpenLDAP backend catch up.
Andrew Bartlett [Wed, 16 Jul 2008 07:06:33 +0000 (17:06 +1000)]
Another kludge to let the OpenLDAP backend catch up.

This will go away when this is handled in an internal transation.

Andrew Bartlett
(This used to be commit f567e17758cfe937249beafae0a9087b67b27755)

13 years agoFix the build - this element was renamed.
Andrew Bartlett [Wed, 16 Jul 2008 05:28:54 +0000 (15:28 +1000)]
Fix the build - this element was renamed.
(This used to be commit 60161954ad5c99ce9934a968c5d41f41fafd780f)

13 years agoReorder whitespace in generated slapd.conf
Andrew Bartlett [Wed, 16 Jul 2008 04:04:24 +0000 (14:04 +1000)]
Reorder whitespace in generated slapd.conf

This helps us see the real groupings in the generated memberOf

Andrew Bartlett
(This used to be commit ec70ebb8310e563324233662f8e779c55fb87514)

13 years agoIgnore and handle more NT Create & X options.
Andrew Bartlett [Wed, 16 Jul 2008 04:00:18 +0000 (14:00 +1000)]
Ignore and handle more NT Create & X options.

The MS-SMB document explains that some of these options should be
ignored.  The test proves it.

/* Must be ignored by the server, per MS-SMB 2.2.8 */
/* Must be ignored by the server, per MS-SMB 2.2.8 */

If we implement HSM in samba4 (likely) we should honour this bit.
/* Don't pull this file off tape in a HSM system */

Andrew Bartlett
(This used to be commit 502739ff90d56d2c9aabe8e224317f6ceb175c17)

13 years agoDon't keep an extra ldb around forever.
Andrew Bartlett [Wed, 16 Jul 2008 01:11:25 +0000 (11:11 +1000)]
Don't keep an extra ldb around forever.

We just open it to figure out if we need to be a Global Catalog server.

Andrew Bartlett
(This used to be commit f13572d9e9f1962b637cbd573588184d1459d252)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 15 Jul 2008 12:22:34 +0000 (22:22 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet


(This used to be commit 5d539b7da46e38e7570fa5af4549b142f25e4585)

13 years agoSimplify the contextCSN determination.
Andrew Bartlett [Tue, 15 Jul 2008 12:10:42 +0000 (22:10 +1000)]
Simplify the contextCSN determination.

We only ever have one backend partition per Samba partition.

Andrew Bartlett
(This used to be commit 316a9b312a2d4a4ea5a5c70946fb06b61fab1a7d)

13 years agoLock down the LDAP backend - only samba may read or write
Andrew Bartlett [Tue, 15 Jul 2008 12:07:45 +0000 (22:07 +1000)]
Lock down the LDAP backend - only samba may read or write
(This used to be commit a3912801fb25f715725c06402d4bdff9a926f15d)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Tue, 15 Jul 2008 10:27:43 +0000 (20:27 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit 7fb8179f214bbba95eb35d221cb9892b55afe121)

13 years agoRevert Fedrora DS backend to use extensibleObject.
Andrew Bartlett [Tue, 15 Jul 2008 10:26:04 +0000 (20:26 +1000)]
Revert Fedrora DS backend to use extensibleObject.

Until I create a samba4openldaptop and samba4fedoratop...

Andrew Bartlett
(This used to be commit 6e232c4ae6dc4151599ab4e57add2ec232d4ac13)

13 years agoKill of some bogus debugs for the world who does not use the LDAP backend
Andrew Bartlett [Tue, 15 Jul 2008 09:31:37 +0000 (19:31 +1000)]
Kill of some bogus debugs for the world who does not use the LDAP backend
(This used to be commit 5bde586bdb4a1523a62a764b9ff292a4a8cee4fe)

13 years agoFix asking for credentials for non-LDAP provisions.
Andrew Bartlett [Tue, 15 Jul 2008 08:44:58 +0000 (18:44 +1000)]
Fix asking for credentials for non-LDAP provisions.
(This used to be commit 78416f4840df4f8d1f9cc5e46a48b19c86888050)

13 years agoRework provision to handle both simple and SASL binds.
Andrew Bartlett [Tue, 15 Jul 2008 05:46:32 +0000 (15:46 +1000)]
Rework provision to handle both simple and SASL binds.

Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).

Andrew Bartlett
(This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)

13 years agoConnect to the LDAP backend with SASL credentials.
Andrew Bartlett [Tue, 15 Jul 2008 05:15:12 +0000 (15:15 +1000)]
Connect to the LDAP backend with SASL credentials.

This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection.  (SASL selects NTLM or
DIGEST-MD5 on my system).

To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.

This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.

Andrew Bartlett
(This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)

13 years agoMake up a full hostname for ldapi connections.
Andrew Bartlett [Tue, 15 Jul 2008 05:10:29 +0000 (15:10 +1000)]
Make up a full hostname for ldapi connections.

The DIGEST-MD5 SASL method requires a hostname, so provide one.

Andrew Bartlett
(This used to be commit edfb2ed1f22bc735af5a0c3d3ae6ab6771d28f2c)

13 years agoAdd a standard filter for finding the LDAP secrets.
Andrew Bartlett [Tue, 15 Jul 2008 05:09:32 +0000 (15:09 +1000)]
Add a standard filter for finding the LDAP secrets.
(This used to be commit 28c784966809d634e8497e0716b30bad018467b4)

13 years agoCleanup ldap_bind_sasl.
Andrew Bartlett [Tue, 15 Jul 2008 05:08:57 +0000 (15:08 +1000)]
Cleanup ldap_bind_sasl.

With these changes, we don't leak the LDAP socket, and don't reset all
credentials feature flags, just the ones we are actually incompatible

Andrew Bartlett
(This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)

13 years agoUse secrets.ldb to store credentials to contact LDAP backend.
Andrew Bartlett [Tue, 15 Jul 2008 05:07:13 +0000 (15:07 +1000)]
Use secrets.ldb to store credentials to contact LDAP backend.

This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.

Andrew Bartlett
(This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)

13 years agoAllow ldap credentials to be (optionally) stored in secrets.ldb
Andrew Bartlett [Tue, 15 Jul 2008 05:05:41 +0000 (15:05 +1000)]
Allow ldap credentials to be (optionally) stored in secrets.ldb

This includes a simple bind DN, or SASL credentials.

The error messages are reworked as on systems without an LDAP backend,
we will fail to find this record very often.

Andrew Bartlett
(This used to be commit 95825ae6d5e9d9846f3a7505a81ebe603826227e)

13 years agoTry to make NTLMSSP less fussy for unimportant messages.
Andrew Bartlett [Tue, 15 Jul 2008 05:04:06 +0000 (15:04 +1000)]
Try to make NTLMSSP less fussy for unimportant messages.

We don't really care (because nobody uses them) what we send as the
domain and workstation in the negotiate packet.

Andrew Bartlett
(This used to be commit 9ac07e14873df2c18d0e9501691c2d4c4047e218)

13 years agoFix 'make gdbtest-enb' and the GDB_PROVISION option.
Andrew Bartlett [Tue, 15 Jul 2008 05:01:43 +0000 (15:01 +1000)]
Fix 'make gdbtest-enb' and the GDB_PROVISION option.
(This used to be commit 79c4d8e2fabc9c33d978c064b9c01ca45e463ced)

13 years agoRemove C++ keywords from events.h header.
Andrew Bartlett [Mon, 14 Jul 2008 08:47:10 +0000 (18:47 +1000)]
Remove C++ keywords from events.h header.

Andrew Bartlett
(This used to be commit 7ca421eb32bed3c400f863b654712d922c82bfb9)

13 years agorename sambaPassword -> userPassword.
Andrew Bartlett [Sat, 12 Jul 2008 05:26:42 +0000 (15:26 +1000)]
rename sambaPassword -> userPassword.

This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.

This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.

Andrew Bartlett
(This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)

13 years agoUse common code to fill in allowedAttributes in kludge_acl.
Andrew Bartlett [Fri, 11 Jul 2008 05:11:32 +0000 (15:11 +1000)]
Use common code to fill in allowedAttributes in kludge_acl.

This code is now in common with ad2oLschema.

Andrew Bartlett
(This used to be commit 0a797388ca442c3ad4809888897b1c63b65a7fdf)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Thu, 10 Jul 2008 08:07:51 +0000 (18:07 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit f956908cde7dd40643ff49cf433d0cf7765027de)

13 years agoAvoid the use of extensibleObject in ldap mapping backend.
Andrew Bartlett [Thu, 10 Jul 2008 07:54:43 +0000 (17:54 +1000)]
Avoid the use of extensibleObject in ldap mapping backend.

Instead of extensibleObject, we use the new (more correct) ad2oLschema
tool, and a new objectClass called 'samba4Top', which we add and
remove in the same way we did extensibleObject.

Andrew Bartlett
(This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)

13 years agoMake ad2oLschema even simpler, by moving the heavy work into dsdb.
Andrew Bartlett [Thu, 10 Jul 2008 05:52:44 +0000 (15:52 +1000)]
Make ad2oLschema even simpler, by moving the heavy work into dsdb.

This will allow the kludge_acl and schema code to leverage the same
work.  (We might even get schema validation soon! :-)

Andrew Bartlett
(This used to be commit cecd04ce1f8ce2af2fb654b3abc1499092405d60)

13 years ago(Hopefully) fix the build by re-adding security.NTACL
Jeremy Allison [Thu, 10 Jul 2008 00:46:11 +0000 (17:46 -0700)]
(Hopefully) fix the build by re-adding security.NTACL
const char. The deletion earlier was a typo.
(This used to be commit aa27344b96929c925b30965a1cd20e69c3dbd515)

13 years agoAdd in a version2 of the NT security descriptor store
Jeremy Allison [Wed, 9 Jul 2008 23:55:51 +0000 (16:55 -0700)]
Add in a version2 of the NT security descriptor store
that can store a timestamp along with the SD. Allows
us to check for validity against the POSIX st_ctime.
Keeps the IDL consistent with Samba3.3 IDL.
(This used to be commit 29843a6b339a581de714924219632390b156aa4f)

13 years agoldb_map: eliminate "discards qualifyer" warning (const).
Michael Adam [Fri, 27 Jun 2008 07:22:53 +0000 (09:22 +0200)]
ldb_map: eliminate "discards qualifyer" warning (const).

(This used to be commit b7c14af3790bcf825367a7f16d2aaa375b04393c)

13 years agolibnet_domain: eliminate "discards qualifier" warning (const).
Michael Adam [Fri, 27 Jun 2008 07:22:11 +0000 (09:22 +0200)]
libnet_domain: eliminate "discards qualifier" warning (const).

(This used to be commit ea99590046f50ec2d0c4afe0163fc8660a797ba4)

13 years agodsdb: eliminate disards qualifyer compile warning.
Michael Adam [Thu, 26 Jun 2008 21:30:42 +0000 (23:30 +0200)]
dsdb: eliminate disards qualifyer compile warning.

(This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)

13 years agoRevert "tdbtool: fix off-by-one error in argument length. (bug #2344)"
Michael Adam [Wed, 9 Jul 2008 10:48:05 +0000 (12:48 +0200)]
Revert "tdbtool: fix off-by-one error in argument length. (bug #2344)"

This reverts commit fafb8ad2b81b9a46cf8259bedc1dca5023b06115.

This fix is not valid:

1. convert_string() is not only used for key strings but also for data.

2. Some databases use string_tdb_data() i.e. non-null-terminated strings
   as keynames and others (like the one I was using), use
   string_term_tdb_data(), i.e. zero-terminated key strings.

After discussion with Metze, the easiest (and proper way) to
handle this is to specify key names as "keyname\0" for databases
which use string_term_tdb_data().

Sorry for the noise...

(This used to be commit 17c012c4645f4e9542537c15f80d9b4e74304d11)

13 years agotdbtool: fix off-by-one error in argument length. (bug #2344)
Michael Adam [Tue, 8 Jul 2008 13:33:36 +0000 (15:33 +0200)]
tdbtool: fix off-by-one error in argument length. (bug #2344)

This prevented all commands operating on keys (all non-traverse commands)
in tdbtool to fail with a "fetch failed" or "delete failed" message.

It seems that it fixes bug #2344 ...

Apparently this bug was introduced with 94e53472666ed in 2005.
Either nobody is using tdbtool or else tdb_find() has become
more strict about the key legth in the meantime. :-)

(This used to be commit fafb8ad2b81b9a46cf8259bedc1dca5023b06115)

13 years agorpc_server: use the transport session_info if available
Stefan Metzmacher [Sat, 17 May 2008 00:40:37 +0000 (02:40 +0200)]
rpc_server: use the transport session_info if available

(This used to be commit 76dd521bcf53a245bd1412968e9b921e5c2f10c9)

13 years agopacket: make it possible to free the packet_context from the send_callback
Stefan Metzmacher [Mon, 7 Jul 2008 16:55:59 +0000 (18:55 +0200)]
packet: make it possible to free the packet_context from the send_callback

(cherry picked from commit 20795c4a0d5f75561561470231de1a2fad2906ff)
(This used to be commit 5d5b4e4ab23e1c630dfde2b9f296681e3979c4e0)

13 years agosmb_server/smb: handle incoming multi fragmented nttrans requests
Stefan Metzmacher [Mon, 7 Jul 2008 17:40:35 +0000 (19:40 +0200)]
smb_server/smb: handle incoming multi fragmented nttrans requests

(This used to be commit 9a5f7bf68b20e3b490b209b5cfc4408566320f2e)

13 years agosmb_server/smb: prepare multi fragmented nttrans requests
Stefan Metzmacher [Mon, 7 Jul 2008 17:37:14 +0000 (19:37 +0200)]
smb_server/smb: prepare multi fragmented nttrans requests

(This used to be commit 36a39b92d732a682e38ad4b3f733951fee4757ed)

13 years agolibcli/raw: remove unused smb_raw_max_trans_data() function
Stefan Metzmacher [Mon, 7 Jul 2008 14:34:36 +0000 (16:34 +0200)]
libcli/raw: remove unused smb_raw_max_trans_data() function

(This used to be commit d235ce673705641e06b4ad5f5679e146b59a19e1)

13 years agotorture: .in.max_data should not depend on the smb max size
Stefan Metzmacher [Mon, 7 Jul 2008 16:07:47 +0000 (18:07 +0200)]
torture: .in.max_data should not depend on the smb max size

We now support async multi fragment SMBtrans calls.

(This used to be commit ba8499867af90dcd88455476b1f58a2ab18f159b)

13 years agorap: trans->in.max_data should not depend on the smb max size
Stefan Metzmacher [Mon, 7 Jul 2008 16:04:44 +0000 (18:04 +0200)]
rap: trans->in.max_data should not depend on the smb max size

We now support async multi fragment SMBtrans calls.

(This used to be commit 66e0c1754f14cf0100ca2d3e9c0cd8c87f9dc1e6)

13 years agodcerpc_smb: trans->in.max_data should not depend on the smb max size
Stefan Metzmacher [Mon, 7 Jul 2008 16:01:28 +0000 (18:01 +0200)]
dcerpc_smb: trans->in.max_data should not depend on the smb max size

We now support async multi fragment SMBtrans calls.

(This used to be commit 6813e22e9d300696a40993476629227d5cc4d35f)

13 years agolibcli/raw: make multi fragmented nttrans requests possible
Stefan Metzmacher [Mon, 7 Jul 2008 13:04:59 +0000 (15:04 +0200)]
libcli/raw: make multi fragmented nttrans requests possible

(This used to be commit a6aa055097313975299f214d8ebe8d45aa51d10a)

13 years agosmb_server/smb: trans(2) setup count is uint8_t
Stefan Metzmacher [Mon, 7 Jul 2008 12:00:53 +0000 (14:00 +0200)]
smb_server/smb: trans(2) setup count is uint8_t

(This used to be commit 1b507a9b8e2ede5a4eb542bdf7a0eab9269b9f7b)

13 years agolibcli/raw: trans(2) setup count is uint8_t
Stefan Metzmacher [Mon, 7 Jul 2008 12:00:09 +0000 (14:00 +0200)]
libcli/raw: trans(2) setup count is uint8_t

(This used to be commit 48ccb51caf7976ec07c8a9bfc1afd3076bf4ee22)

13 years agolibcli/raw: remove unused smbcli_request_receive_more() function
Stefan Metzmacher [Fri, 4 Jul 2008 18:47:24 +0000 (20:47 +0200)]
libcli/raw: remove unused smbcli_request_receive_more() function

(This used to be commit e1d81388fcabba9a947ed0be9ccae875e2b19135)

13 years agolibcli/raw: use the new recv_helper infrastructure for trans/trans2 replies
Stefan Metzmacher [Fri, 4 Jul 2008 18:46:10 +0000 (20:46 +0200)]
libcli/raw: use the new recv_helper infrastructure for trans/trans2 replies

(This used to be commit ec67c61b6a82e4f39a15f37a98ae3fe93bb81316)

13 years agolibcli/raw: use the new recv_helper infrastructure for nttrans replies
Stefan Metzmacher [Fri, 4 Jul 2008 18:07:52 +0000 (20:07 +0200)]
libcli/raw: use the new recv_helper infrastructure for nttrans replies

(This used to be commit 5bf136e233e26b4372155f494bae5118ef777a76)

13 years agolibcli/raw: add a recv_helper hook infrastructure
Stefan Metzmacher [Fri, 4 Jul 2008 17:52:23 +0000 (19:52 +0200)]
libcli/raw: add a recv_helper hook infrastructure

The recv helper will be called when a response comes
and the recv helper can decide to let the request
on the SMBCLI_REQUEST_RECV when more reponse packets
are expected. It's up to the helper function
to keep a reference to the in buffers, each incoming
response overwrites req->in.

(This used to be commit 6d84af89ba96627abe142ba7080c24ae2421ed6c)

13 years agolibcli/raw: the nttrans setup count is only 8-bit
Stefan Metzmacher [Fri, 4 Jul 2008 18:16:36 +0000 (20:16 +0200)]
libcli/raw: the nttrans setup count is only 8-bit

(This used to be commit a65599cc83a12ec61e5a6ba6ad9628619a0dc8a3)

13 years agosmb_server/smb: transs and transs2 calls have different word counts
Stefan Metzmacher [Mon, 7 Jul 2008 11:00:24 +0000 (13:00 +0200)]
smb_server/smb: transs and transs2 calls have different word counts

Also add a note about NT_STATUS_DOS(ERRSRV, ERRerror).

(This used to be commit 4287b7c1323796cf0688d0fae9b5bd4e840e3d48)

13 years agosmb_server/smb: fix crash bug with fragmented trans calls
Stefan Metzmacher [Mon, 7 Jul 2008 10:56:26 +0000 (12:56 +0200)]
smb_server/smb: fix crash bug with fragmented trans calls

We need to use smbsrv_setup_secondary_request(req) to send the
trans ack, because smbsrv_send_reply(req) destroys 'req'
and the partial trans list had dead elements in the list.

Also make sure the partial list element is removed by a talloc

(This used to be commit 221f4d6e534a40b7def6e51dc6b4f9e8057d18b7)

13 years agodcerpc.idl: the signing overhead can be more than 32 bytes
Stefan Metzmacher [Thu, 3 Jul 2008 11:40:31 +0000 (13:40 +0200)]
dcerpc.idl: the signing overhead can be more than 32 bytes

Windows seems to use 64 here, so we do now.

Before we got nca_proto_error fault because we send fragments
larger than the negotiated max frag size.

If the max frag size is 5840, we're sending 5837 bytes
when the auth_len is 45 and that matches w2k3 traffic.

(This used to be commit 351947dba3f7a26ac871d4aa7b6bba4cd472383a)

13 years agorpc_server: use the same chunk_size logic as we we use in the client
Stefan Metzmacher [Thu, 3 Jul 2008 11:39:55 +0000 (13:39 +0200)]
rpc_server: use the same chunk_size logic as we we use in the client

(This used to be commit 9ff0ce42b32bf0f1463d2cb9c2a6595f51b13d04)

13 years agoFix bug #5578, reported by sendel2000@hotbox.ru. Bad (non-Samba) use of strlcat gives...
Jeremy Allison [Wed, 2 Jul 2008 19:01:15 +0000 (12:01 -0700)]
Fix bug #5578, reported by sendel2000@hotbox.ru. Bad (non-Samba) use of strlcat gives error.
(This used to be commit e633dc4ec2d72c3d34b5e096e0460e07e07ab514)

13 years agoMerge commit 'origin/v4-0-stable' into v4-0-test
Stefan Metzmacher [Wed, 2 Jul 2008 13:43:57 +0000 (15:43 +0200)]
Merge commit 'origin/v4-0-stable' into v4-0-test
(This used to be commit 91c899290f6962f277c103f11d5d8dc0a7c9aa02)

13 years agoMerge commit 'release-4-0-0alpha5' into v4-0-stable
Stefan Metzmacher [Wed, 2 Jul 2008 13:33:20 +0000 (15:33 +0200)]
Merge commit 'release-4-0-0alpha5' into v4-0-stable
(This used to be commit d6652540c2dda9091ccc6d05c3ebb24a663c9fac)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 2 Jul 2008 11:47:21 +0000 (21:47 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit b4e7063058ac8587c526dd9133aee345e99f8ef8)

13 years agoMove ad2oLschema and oLschema2ldif into Samba4, out of LDB
Andrew Bartlett [Wed, 2 Jul 2008 11:30:08 +0000 (21:30 +1000)]
Move ad2oLschema and oLschema2ldif into Samba4, out of LDB

LDB does not know about nor process the AD schema, so it makes no
sense to have this tool there.  I've been changing it anyway, to use a
common schema manipulation library, and will enhance these links in
the future.

Andrew Bartlett
(This used to be commit c7704805b9a3541e4c8768278c8289b0aa6ed5e3)

13 years agoldap_server: allow modifies to the root dse record and pass them to the ldb layer
Stefan Metzmacher [Wed, 2 Jul 2008 08:28:42 +0000 (10:28 +0200)]
ldap_server: allow modifies to the root dse record and pass them to the ldb layer

(This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)

13 years agoFill in the auxiliary classes into the dsdb_schema.
Andrew Bartlett [Wed, 2 Jul 2008 05:19:49 +0000 (15:19 +1000)]
Fill in the auxiliary classes into the dsdb_schema.

Andrew Bartlett
(This used to be commit 615564b3daec0ffe17d05599b7ec8688619f5c65)

13 years agoCollapse auxillary classes in LDAP schema conversion.
Andrew Bartlett [Wed, 2 Jul 2008 05:15:54 +0000 (15:15 +1000)]
Collapse auxillary classes in LDAP schema conversion.

MS-ADTS describes the behaviour of auxiliary classes.
In effect, these are additional MUST or MAY attributes that are
appeneded to the parent class (the auxiliary does not become listed in
the objectClass attribute), and so we do just that, and merge them
here, for export to OpenLDAP as it's schema.

Andrew Bartlett
(This used to be commit d674e92591ea90eb3b2117d8dd21f79f718d7730)

13 years agoschema_fsmo: prepare auto allocation of schema oid prefixes
Stefan Metzmacher [Mon, 30 Jun 2008 15:17:24 +0000 (17:17 +0200)]
schema_fsmo: prepare auto allocation of schema oid prefixes

This implements the logic in the schema_fsmo_add() function,
but it only calls a dummy dsdb_create_prefix_mapping() yet.

(This used to be commit 9018b85e834de6714a78304ba1c7018838e30a61)

13 years agoschema_fsmo: move fsmo info into struct dsdb_schema
Stefan Metzmacher [Tue, 1 Jul 2008 14:35:13 +0000 (16:35 +0200)]
schema_fsmo: move fsmo info into struct dsdb_schema

(This used to be commit 8538d305c803268c712a90879f29a2a74ba0ef03)

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Tue, 1 Jul 2008 04:54:23 +0000 (14:54 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit cd5e48649ce0987952b2b55ea79c3ecceecfafd5)

13 years agoCreate PREFIX/var/lib and PREFIX/var/run in 'make install'.
Andrew Bartlett [Tue, 1 Jul 2008 04:53:31 +0000 (14:53 +1000)]
Create PREFIX/var/lib and PREFIX/var/run in 'make install'.

This is a problem because the location of the winbind privilaged pipe

Andrew Bartlett
(This used to be commit 68afc2893c032be0a8a31d996f90574ceb6c10ad)