kai/samba.git
7 years agolibcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/seal
Stefan Metzmacher [Wed, 16 Sep 2009 01:09:30 +0000 (03:09 +0200)]
libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/seal

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agolibcli/auth: add support for AES/HMAC-SHA256 schannel session key support
Stefan Metzmacher [Thu, 27 Aug 2009 15:28:35 +0000 (17:28 +0200)]
libcli/auth: add support for AES/HMAC-SHA256 schannel session key support

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agos4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it
Stefan Metzmacher [Tue, 29 Sep 2009 07:47:51 +0000 (09:47 +0200)]
s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agos4:rpc_server/netlogon: implement netr_LogonGetCapabilities
Stefan Metzmacher [Fri, 18 Sep 2009 18:24:16 +0000 (20:24 +0200)]
s4:rpc_server/netlogon: implement netr_LogonGetCapabilities

This is also needed to support AES.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agos4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc
Stefan Metzmacher [Fri, 23 Dec 2011 14:26:07 +0000 (15:26 +0100)]
s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc

The RODC stuff doesn't depend on the schannel algorithm.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agos4:librpc/rpc/dcerpc_schannel: rework downgrade logic
Stefan Metzmacher [Fri, 23 Dec 2011 14:22:06 +0000 (15:22 +0100)]
s4:librpc/rpc/dcerpc_schannel: rework downgrade logic

metze

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agoVERSION: Move on to beta5!
Andrew Bartlett [Tue, 17 Jul 2012 02:02:25 +0000 (12:02 +1000)]
VERSION: Move on to beta5!

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 17 06:10:52 CEST 2012 on sn-devel-104

7 years agoVERSION: Mark as the beta4 release save-diskspace-tags/samba-4.0.0beta4
Andrew Bartlett [Tue, 17 Jul 2012 02:01:38 +0000 (12:01 +1000)]
VERSION: Mark as the beta4 release

7 years agoWHATSNEW: prepare for 4.0 beta4
Andrew Bartlett [Tue, 17 Jul 2012 02:00:49 +0000 (12:00 +1000)]
WHATSNEW: prepare for 4.0 beta4

7 years agoRevert "Remove XSLT script to generate image dependencies, instead rely on make"
Jelmer Vernooij [Mon, 16 Jul 2012 12:26:50 +0000 (14:26 +0200)]
Revert "Remove XSLT script to generate image dependencies, instead rely on make"

This reverts commit c4493c22f129b2c94f361e6f8657adc7cd2dc1c6.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=7562

Conflicts:
docs-xml/Makefile

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Mon Jul 16 16:18:46 CEST 2012 on sn-devel-104

7 years agopytdb: Check if the database is closed before we touch it
Andrew Bartlett [Mon, 16 Jul 2012 09:43:15 +0000 (19:43 +1000)]
pytdb: Check if the database is closed before we touch it

If .close() has already been called, we have to play dead - the
self->ctx is just not valid any more, as we have been shut down to
allow some other part of Samba to open the tdb.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 16 13:51:52 CEST 2012 on sn-devel-104

7 years agopytdb: Check for errors parsing strings into TDB_DATA
Andrew Bartlett [Mon, 16 Jul 2012 09:03:40 +0000 (19:03 +1000)]
pytdb: Check for errors parsing strings into TDB_DATA

The call to PyStringAsString() can raise an exception, and we
want to return that rather than following a NULL pointer later.

Andrew Bartlett

7 years agoauth/credentials: Look in the secrets.tdb for the machine account
Andrew Bartlett [Sat, 14 Jul 2012 12:23:41 +0000 (22:23 +1000)]
auth/credentials: Look in the secrets.tdb for the machine account

This is for use with the -P/--machine-pass option.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 15 05:41:28 CEST 2012 on sn-devel-104

7 years agos4-param: Use a unique header name
Andrew Bartlett [Sat, 14 Jul 2012 12:22:37 +0000 (22:22 +1000)]
s4-param: Use a unique header name

7 years agos3-secrets: Use C99 types
Andrew Bartlett [Sat, 14 Jul 2012 12:18:29 +0000 (22:18 +1000)]
s3-secrets: Use C99 types

7 years agoFix bug #9016 - Connection to outbound trusted domain goes offline.
Jeremy Allison [Fri, 13 Jul 2012 23:25:23 +0000 (16:25 -0700)]
Fix bug #9016 - Connection to outbound trusted domain goes offline.

By the time we've gotten to init_dc_connection_network() we shouldn't
be second guessing the caller by calling winbindd_can_contact_domain().

If for some reason we do need to restrict the contact list here we
can add a condition to only contact the primary domain or domains
listed in the tdc cache, but I don't think that's neccessary.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104

7 years agos3: Make us survive smb2.lock.rw-shared with aio enabled
Volker Lendecke [Fri, 13 Jul 2012 06:38:07 +0000 (08:38 +0200)]
s3: Make us survive smb2.lock.rw-shared with aio enabled

schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT.
This is a valid error code that smb2.lock.rw-shared expects and
checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED,
masking the real, correct error message.

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 21:53:51 CEST 2012 on sn-devel-104

7 years agos3-auth_samba4: Explain that check_samba4_security is actually unused
Andrew Bartlett [Fri, 13 Jul 2012 05:51:49 +0000 (15:51 +1000)]
s3-auth_samba4: Explain that check_samba4_security is actually unused

Because of the evolution in the way the auth handling has been done, we do not
need this code any more.  Raw NTLM Session setup & X is done via the auth4 context
which returns a full session info.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 10:04:05 CEST 2012 on sn-devel-104

7 years agolib/util: Allocate enough space to reference blob->data[len]
Andrew Bartlett [Fri, 13 Jul 2012 05:42:08 +0000 (15:42 +1000)]
lib/util: Allocate enough space to reference blob->data[len]

Found by Thomas Hood <jdthood@gmail.com> using valgrind.

Thanks!

Andrew Bartlett

7 years agos3-auth Remove unused global_machine_account_needs_changing
Andrew Bartlett [Fri, 13 Jul 2012 01:01:47 +0000 (11:01 +1000)]
s3-auth Remove unused global_machine_account_needs_changing

This boolean was only set if the old machine account store (with an
MD4 hash in it) was returned.  We have not set that password type for
years.  If this call ever worked, it would store a plaintext password,
so we could only ever be here if we had set a password using a version
of Samba so old as not to store plaintext, and then never honered the
flag anyway.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104

7 years agos3-auth Remove confusing reference to global_machine_password_needs_changing
Andrew Bartlett [Fri, 13 Jul 2012 00:01:44 +0000 (10:01 +1000)]
s3-auth Remove confusing reference to global_machine_password_needs_changing

This is in the trusted domain codepath, not the primary domain code path.

Andrew Bartlett

7 years agos4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
Geza Gemes [Thu, 12 Jul 2012 14:05:04 +0000 (16:05 +0200)]
s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs

When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC

(commit message adjusted by abartlet)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agoUse HAVE_FSYNC, we bothered to test for it.
Jeremy Allison [Fri, 13 Jul 2012 00:20:51 +0000 (17:20 -0700)]
Use HAVE_FSYNC, we bothered to test for it.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 04:44:42 CEST 2012 on sn-devel-104

7 years agos4:registry:regdiff: use existing talloc context for the event context
Michael Adam [Thu, 12 Jul 2012 22:29:14 +0000 (00:29 +0200)]
s4:registry:regdiff: use existing talloc context for the event context

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 13 02:51:44 CEST 2012 on sn-devel-104

7 years agos4:registry:regdiff: add TALLOC_CTX * argument to open_backend()
Michael Adam [Thu, 12 Jul 2012 22:20:03 +0000 (00:20 +0200)]
s4:registry:regdiff: add TALLOC_CTX * argument to open_backend()

7 years agos4:registry: add a TALLOC_CTX argument to reg_open_remote()
Michael Adam [Thu, 12 Jul 2012 22:16:09 +0000 (00:16 +0200)]
s4:registry: add a TALLOC_CTX argument to reg_open_remote()

7 years agoLinux-specific optimization in aio_open code.
Jeremy Allison [Thu, 12 Jul 2012 17:10:32 +0000 (10:10 -0700)]
Linux-specific optimization in aio_open code.

Use initial_allocation_size to allocate on disk if sent. Ignore
failures (upper level will cope).

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 13 00:35:48 CEST 2012 on sn-devel-104

7 years agoSet fsp->initial_allocation_size before calling open_file_ntcreate().
Jeremy Allison [Thu, 12 Jul 2012 17:09:37 +0000 (10:09 -0700)]
Set fsp->initial_allocation_size before calling open_file_ntcreate().

Allows an SMB_VFS_OPEN() vfs module to do something interesting with
the request.

7 years agoMake sure we reset fsp->initial_allocation_size to zero if we didn't create the file.
Jeremy Allison [Wed, 11 Jul 2012 23:35:32 +0000 (16:35 -0700)]
Make sure we reset fsp->initial_allocation_size to zero if we didn't create the file.

This will become important as we set fsp->initial_allocation_size before
create.

7 years agoAdd an optimization to pthread aio writes to also do fsync if requested.
Jeremy Allison [Thu, 12 Jul 2012 17:57:47 +0000 (10:57 -0700)]
Add an optimization to pthread aio writes to also do fsync if requested.

Should help by ensuring complete writes done in sub-thread, not in
the main thread.

7 years agos3: Make us survive base-delaywrite with aio enabled
Volker Lendecke [Thu, 12 Jul 2012 16:47:42 +0000 (18:47 +0200)]
s3: Make us survive base-delaywrite with aio enabled

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 12 21:28:19 CEST 2012 on sn-devel-104

7 years agos3: Factor out "mark_file_modified"
Volker Lendecke [Thu, 12 Jul 2012 14:28:11 +0000 (16:28 +0200)]
s3: Factor out "mark_file_modified"

This is in preparation of making us survive base-delaywrite with async I/O activated

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
Michael Adam [Thu, 12 Jul 2012 14:00:59 +0000 (16:00 +0200)]
s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()

This does not check whether the given sid is in our domain, but
but whether it belongs to the local sam, which is a different
thing on a domain member server.

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104

7 years agos3: rename sid_check_is_domain() to sid_check_is_our_sam()
Michael Adam [Thu, 12 Jul 2012 13:55:21 +0000 (15:55 +0200)]
s3: rename sid_check_is_domain() to sid_check_is_our_sam()

This does not check whether the given sid is the domain sid,
but whether it is the sid of the local sam, which is different
for a domain member server.

7 years agos3:passdb: remove commented out pdb_lookup_names code
Michael Adam [Thu, 12 Jul 2012 13:51:21 +0000 (15:51 +0200)]
s3:passdb: remove commented out pdb_lookup_names code

This code is lying there unused since more than five years now.

7 years agos3/torture: adjust dependency to fix build when no winbind was build before
Björn Jacke [Thu, 12 Jul 2012 10:41:55 +0000 (12:41 +0200)]
s3/torture: adjust dependency to fix build when no winbind was build before

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jul 12 14:44:14 CEST 2012 on sn-devel-104

7 years agos3: make log message of FSCTL_IS_VOLUME_DIRTY more clear
Björn Jacke [Tue, 10 Jul 2012 10:26:50 +0000 (12:26 +0200)]
s3: make log message of FSCTL_IS_VOLUME_DIRTY more clear

7 years agotest: fix compile warning on test summary
Björn Jacke [Fri, 6 Jul 2012 05:01:09 +0000 (07:01 +0200)]
test: fix compile warning on test summary

7 years agomkversion: Remove quotes around SAMBA_VERSION_VENDOR_PATCH string
Ralph Wuerthner [Fri, 22 Jun 2012 10:24:14 +0000 (12:24 +0200)]
mkversion: Remove quotes around SAMBA_VERSION_VENDOR_PATCH string

This fixes a build error in source3/smbd/trans2.c when
SAMBA_VERSION_VENDOR_PATCH is set (as integer value).

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jul 12 04:03:08 CEST 2012 on sn-devel-104

7 years agos3:vfs_gpfs: fix ACL length calculation
Ralph Wuerthner [Tue, 3 Jul 2012 09:39:24 +0000 (11:39 +0200)]
s3:vfs_gpfs: fix ACL length calculation

GPFS 3.5 introduces ACL enhancements which are breaking our ACL length
calculations.

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 11 21:28:23 CEST 2012 on sn-devel-104

7 years agos3:vfs_gpfs: Check softquota before gracetime
Christof Schmitt [Mon, 18 Jun 2012 23:13:06 +0000 (16:13 -0700)]
s3:vfs_gpfs: Check softquota before gracetime

gpfs_quotactl can return a non-zero softquota gracetime even when no
softquota has been set. This could lead to "disk full" being reported to
a client. The easiest fix is to check for a valid softquota before
checking the softquota gracetime.

7 years agobuild: fix some indentation (tabs/vs spaces) in source3/wscript
Michael Adam [Wed, 11 Jul 2012 13:54:29 +0000 (15:54 +0200)]
build: fix some indentation (tabs/vs spaces) in source3/wscript

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 19:37:12 CEST 2012 on sn-devel-104

7 years agobuild: fix waf checks for seteuid on non-Linux platforms
Michael Adam [Wed, 11 Jul 2012 13:39:18 +0000 (15:39 +0200)]
build: fix waf checks for seteuid on non-Linux platforms

An indentation error had linux-specific checks called on non-linux
with the effect that "#define USE_LINUX_THREAD_CREDENTIALS 1"
was effective.

7 years agoAdd in the threaded async open engine.
Jeremy Allison [Wed, 11 Jul 2012 03:59:27 +0000 (20:59 -0700)]
Add in the threaded async open engine.

Fixes all issues raised originally. This code
will only do threaded opens with thread-specific
credentials (Linux for now) and changes credentials
before doing the call. Also only fires on O_CREAT|O_EXCL
so will only create new files, never open old ones
async.

Volker, this is isolated enough that it shouldn't
prevent you from refactoring it into a new module
when the aio pread/pwrite code is moved into the
default aio path.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 08:04:56 CEST 2012 on sn-devel-104

7 years agoMove set_thread_credentials_permanently() to set_thread_credentials()
Jeremy Allison [Tue, 10 Jul 2012 23:56:20 +0000 (16:56 -0700)]
Move set_thread_credentials_permanently() to set_thread_credentials()
as we need to keep the saved set uid/gid otherwise there is an
interaction with open[at]() and NO_ATIME returning EPERM. As this
is meant for threaded code inside the process we don't need
to do an irreverisble change anyway.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104

7 years agoFix typo we've had for a long time in set_re_uid() in the USE_SETRESUID case.
Jeremy Allison [Tue, 10 Jul 2012 23:50:51 +0000 (16:50 -0700)]
Fix typo we've had for a long time in set_re_uid() in the USE_SETRESUID case.

We only set the real euid, not the effective one. This is not
a security issue as this is *only* used in the quota code, and
only between code that brackets it with save_re_uid()/restore_re_uid(),
Also this is not used on most platforms (we use USE_SETREUID by
preference) but it's better to have this right. Bug to follow to get this
fixed in 3.6.next and 3.5.next.

7 years agoCope with a (non-security) open race we've had for ever as NTCreateX isn't atomic...
Jeremy Allison [Tue, 10 Jul 2012 17:15:07 +0000 (10:15 -0700)]
Cope with a (non-security) open race we've had for ever as NTCreateX isn't atomic on POSIX.

On open without create, the file did exist, but some
other (local or NFS) process either renamed/unlinked
and re-created the file with different dev/ino after
we walked the path, but before we did the open. We
could retry the open but it's a rare enough case it's
easier to just fail the open to prevent creating any
problems in the open file db having the wrong dev/ino
key.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 21:57:33 CEST 2012 on sn-devel-104

7 years agoNow we have a guaranteed indication of a file being created, use it to set the create...
Jeremy Allison [Tue, 10 Jul 2012 00:03:45 +0000 (17:03 -0700)]
Now we have a guaranteed indication of a file being created, use it to set the create disposition correctly.

7 years agoAdd function fd_open_atomic() which uses O_CREAT|O_EXCL to return a guaranteed indica...
Jeremy Allison [Mon, 9 Jul 2012 23:59:49 +0000 (16:59 -0700)]
Add function fd_open_atomic() which uses O_CREAT|O_EXCL to return a guaranteed indication of creation of a new file.

7 years agoSimplify the logic in open_file() some more.
Jeremy Allison [Mon, 9 Jul 2012 23:13:06 +0000 (16:13 -0700)]
Simplify the logic in open_file() some more.

Move the inheritance work into the if block
where we created the file. We can never have
created the file (and thus need no inheritance)
for a stat-open.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 03:30:22 CEST 2012 on sn-devel-104

7 years agoSimplify the logic in open_file().
Jeremy Allison [Mon, 9 Jul 2012 23:08:01 +0000 (16:08 -0700)]
Simplify the logic in open_file().

Move the fstat call into the block which opens a file descriptor.
Remove the stat() call in the stat-open case. We already failed
the open if !file_existed.

7 years agoUse new common function.
Jeremy Allison [Mon, 9 Jul 2012 19:28:48 +0000 (12:28 -0700)]
Use new common function.

7 years agoMake check_same_stat() and check_same_dev_ino() common functions.
Jeremy Allison [Mon, 9 Jul 2012 19:26:56 +0000 (12:26 -0700)]
Make check_same_stat() and check_same_dev_ino() common functions.

7 years agoFactor out check_same_dev_ino() from check_same_stat() so it can be called separately.
Jeremy Allison [Mon, 9 Jul 2012 18:35:20 +0000 (11:35 -0700)]
Factor out check_same_dev_ino() from check_same_stat() so it can be called separately.

7 years agolib/ldb: Bump ldb release due to pyldb changes save-diskspace-tags/ldb-1.1.8
Andrew Bartlett [Sun, 8 Jul 2012 23:27:16 +0000 (09:27 +1000)]
lib/ldb: Bump ldb release due to pyldb changes

We strictly need these changes to pass make test, and the concat change is
backwards incompatible, so we really want to use the right version.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  9 04:34:06 CEST 2012 on sn-devel-104

7 years agos4-torture: add ntprinting ndr operations testsuite.
Günther Deschner [Fri, 6 Jul 2012 17:02:00 +0000 (19:02 +0200)]
s4-torture: add ntprinting ndr operations testsuite.

Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul  6 20:55:26 CEST 2012 on sn-devel-104

7 years agontprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprintin...
Günther Deschner [Fri, 6 Jul 2012 16:22:36 +0000 (18:22 +0200)]
ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read.

Guenther

7 years agondr: fix push/pull DATA_BLOB with NDR_NOALIGN
David Disseldorp [Fri, 6 Jul 2012 12:00:27 +0000 (14:00 +0200)]
ndr: fix push/pull DATA_BLOB with NDR_NOALIGN

This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:

1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
        typedef struct {
...
                [flag(NDR_ALIGN8)]    DATA_BLOB _pad;
        } dcerpc_request;

2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
        typedef struct {
...
                [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
        } dcerpc_request;

3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
        typedef [public] struct {
...
                DATA_BLOB data;
        } DsCompressedChunk;

The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).

This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
        typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
                DATA_BLOB sid;
...
        } eventlog_Record_tdb;

ntprinting.idl:
        typedef [flag(NDR_NOALIGN),public] struct {
...
                DATA_BLOB *nt_dev_private;
        } ntprinting_devicemode;

        typedef [flag(NDR_NOALIGN),public] struct {
...
                DATA_BLOB data;
        } ntprinting_printer_data;

Signed-off-by: Günther Deschner <gd@samba.org>
7 years agontprinting: make decode_ntprinting helpers public in idl.
Günther Deschner [Fri, 6 Jul 2012 16:04:33 +0000 (18:04 +0200)]
ntprinting: make decode_ntprinting helpers public in idl.

Guenther

7 years agos3: Fix Coverity ID 709470 Uninitialized scalar variable
Volker Lendecke [Thu, 5 Jul 2012 18:30:51 +0000 (20:30 +0200)]
s3: Fix Coverity ID 709470 Uninitialized scalar variable

Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul  6 18:46:06 CEST 2012 on sn-devel-104

7 years agos4-selftest: do a dbcheck on our two vampire DCs
Andrew Bartlett [Fri, 6 Jul 2012 10:55:43 +0000 (20:55 +1000)]
s4-selftest: do a dbcheck on our two vampire DCs

However, due to using --domain-critical-only we have to knownfail the
vampire DC here, as we do not fill in the backlinks on non-critical
objects correctly.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  6 16:54:10 CEST 2012 on sn-devel-104

7 years agos4-dbcheck: Check for an object without a parent
Andrew Bartlett [Fri, 6 Jul 2012 09:59:09 +0000 (19:59 +1000)]
s4-dbcheck: Check for an object without a parent

Such objects are then moved to the appropriate LostAndFound container,
just as they would be if replicated.

Andrew Bartlett

7 years agos4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn
Andrew Bartlett [Fri, 6 Jul 2012 09:58:51 +0000 (19:58 +1000)]
s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn

7 years agopydsdb: Add bindings for dsdb_wellknown_dn()
Andrew Bartlett [Fri, 6 Jul 2012 09:57:58 +0000 (19:57 +1000)]
pydsdb: Add bindings for dsdb_wellknown_dn()

7 years agopyldb: Add bindings for ldb_dn_remove_base_components
Andrew Bartlett [Fri, 6 Jul 2012 09:57:10 +0000 (19:57 +1000)]
pyldb: Add bindings for ldb_dn_remove_base_components

7 years agos4-pydsdb: Add bindings for dsdb_find_nc_root()
Andrew Bartlett [Fri, 6 Jul 2012 08:12:58 +0000 (18:12 +1000)]
s4-pydsdb: Add bindings for dsdb_find_nc_root()

7 years agos4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
Andrew Bartlett [Fri, 6 Jul 2012 10:48:34 +0000 (20:48 +1000)]
s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type

This checks the type rather than just dereferencing the pointer.

Andrew Bartlett

7 years agopyldb: Fix dn concat operation to be the other way around
Andrew Bartlett [Fri, 6 Jul 2012 10:41:10 +0000 (20:41 +1000)]
pyldb: Fix dn concat operation to be the other way around

This now concatonates Dn(ldb, "cn=config") + Dn(ldb, "dc=samba,dc=org") as "cn=config,dc=samba,dc=org"

Andrew Bartlett

7 years agoauth: Common function for retrieving PAC_LOGIN_INFO from PAC
Christof Schmitt [Thu, 5 Jul 2012 20:17:00 +0000 (13:17 -0700)]
auth: Common function for retrieving PAC_LOGIN_INFO from PAC

Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
7 years agos4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Andreas Schneider [Fri, 29 Jun 2012 15:59:36 +0000 (17:59 +0200)]
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104

7 years agos4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np
Andreas Schneider [Fri, 29 Jun 2012 15:59:17 +0000 (17:59 +0200)]
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np

7 years agos4-lsarpc: Restrict LookupSids3 to crypto connections only.
Andreas Schneider [Fri, 29 Jun 2012 14:42:16 +0000 (16:42 +0200)]
s4-lsarpc: Restrict LookupSids3 to crypto connections only.

7 years agos4-lsarpc: Restrict LookupNames4 to crypto connections only.
Andreas Schneider [Fri, 29 Jun 2012 14:41:29 +0000 (16:41 +0200)]
s4-lsarpc: Restrict LookupNames4 to crypto connections only.

7 years agos4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.
Andreas Schneider [Wed, 27 Jun 2012 11:45:55 +0000 (13:45 +0200)]
s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.

7 years agos4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.
Andreas Schneider [Wed, 27 Jun 2012 11:01:57 +0000 (13:01 +0200)]
s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.

7 years agoselftest: Update knownfail list for samba4.rpc.lsalookup.
Andreas Schneider [Thu, 5 Jul 2012 10:41:44 +0000 (12:41 +0200)]
selftest: Update knownfail list for samba4.rpc.lsalookup.

7 years agos4-selftest: Don't run lsarpc requiring a named pipe over tcpip.
Andreas Schneider [Fri, 6 Jul 2012 06:04:45 +0000 (08:04 +0200)]
s4-selftest: Don't run lsarpc requiring a named pipe over tcpip.

7 years agos4-selftest: Don't plan lsa.secrets tests over tcpip.
Andreas Schneider [Fri, 29 Jun 2012 15:59:50 +0000 (17:59 +0200)]
s4-selftest: Don't plan lsa.secrets tests over tcpip.

These will only work over a named pipe or ncalrpc.

7 years agos4-libnet: Skip calling lsarpc functions over a wrong pipe.
Andreas Schneider [Thu, 5 Jul 2012 22:01:41 +0000 (00:01 +0200)]
s4-libnet: Skip calling lsarpc functions over a wrong pipe.

7 years agos4-torture: Call lsarpc tests over the correct pipe.
Andreas Schneider [Thu, 5 Jul 2012 22:00:04 +0000 (00:00 +0200)]
s4-torture: Call lsarpc tests over the correct pipe.

7 years agos4-torture: Don't consider NONE_MAPPED an error in LookupSids3.
Andreas Schneider [Thu, 5 Jul 2012 12:11:51 +0000 (14:11 +0200)]
s4-torture: Don't consider NONE_MAPPED an error in LookupSids3.

7 years agos4-torture: Don't consider NONE_MAPPED an error in LookupNames4.
Andreas Schneider [Thu, 5 Jul 2012 12:11:25 +0000 (14:11 +0200)]
s4-torture: Don't consider NONE_MAPPED an error in LookupNames4.

7 years agos4-torture: Add a lsarpc test_GetUserName_fail function.
Andreas Schneider [Fri, 29 Jun 2012 15:57:12 +0000 (17:57 +0200)]
s4-torture: Add a lsarpc test_GetUserName_fail function.

7 years agos4-torture: Add a lsarpc test_OpenPolicy2_fail function.
Andreas Schneider [Fri, 29 Jun 2012 15:50:06 +0000 (17:50 +0200)]
s4-torture: Add a lsarpc test_OpenPolicy2_fail function.

7 years agos4-torture: Add a lsarpc test_OpenPolicy_fail function.
Andreas Schneider [Fri, 29 Jun 2012 14:50:38 +0000 (16:50 +0200)]
s4-torture: Add a lsarpc test_OpenPolicy_fail function.

7 years agos4-torture: Add a lsarpc test_LookupNames4_fail function.
Andreas Schneider [Fri, 29 Jun 2012 10:10:20 +0000 (12:10 +0200)]
s4-torture: Add a lsarpc test_LookupNames4_fail function.

7 years agos4-torture: Add a lsarpc test_LookupSids3_fail function.
Andreas Schneider [Fri, 29 Jun 2012 09:54:45 +0000 (11:54 +0200)]
s4-torture: Add a lsarpc test_LookupSids3_fail function.

7 years agos3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
Andreas Schneider [Tue, 26 Jun 2012 15:25:57 +0000 (17:25 +0200)]
s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.

http://thread.gmane.org/gmane.network.protocol.cifs.general/291

7 years agos3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
Andreas Schneider [Mon, 25 Jun 2012 16:53:03 +0000 (18:53 +0200)]
s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.

See MS-LAT, Section 2.1 Transport.

7 years agos3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
Andreas Schneider [Mon, 25 Jun 2012 16:49:11 +0000 (18:49 +0200)]
s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.

See MS-LAT, Section 2.1 Transport.

7 years agos3-lsarpc: Restrict the transport for ncacn_np functions.
Andreas Schneider [Mon, 25 Jun 2012 16:45:35 +0000 (18:45 +0200)]
s3-lsarpc: Restrict the transport for ncacn_np functions.

See MS-LAT, section 2.1 Transport.

7 years agos3-rpc: Return the correct ntstatus depending on the transport.
Andreas Schneider [Tue, 3 Jul 2012 11:01:47 +0000 (13:01 +0200)]
s3-rpc: Return the correct ntstatus depending on the transport.

7 years agos3-rpc_server: Make it possible to use more rpc exceptions.
Andreas Schneider [Wed, 27 Jun 2012 13:21:11 +0000 (15:21 +0200)]
s3-rpc_server: Make it possible to use more rpc exceptions.

7 years agos3-selftest: Run lsa tests over np and tcpip.
Andreas Schneider [Wed, 27 Jun 2012 09:15:05 +0000 (11:15 +0200)]
s3-selftest: Run lsa tests over np and tcpip.

7 years agos4-torture: Test LookupSids3/LookupNames4 over np and tcpip.
Andreas Schneider [Wed, 27 Jun 2012 09:14:35 +0000 (11:14 +0200)]
s4-torture: Test LookupSids3/LookupNames4 over np and tcpip.

7 years agos4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP.
Andreas Schneider [Tue, 26 Jun 2012 08:38:08 +0000 (10:38 +0200)]
s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP.

7 years agos4-torture: Make sure lsa_OpenPolicy fails over TCP/IP.
Andreas Schneider [Tue, 26 Jun 2012 07:58:12 +0000 (09:58 +0200)]
s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP.

7 years agos4-torture: Make sure ncacn_np tests are only called over the a pipe.
Andreas Schneider [Mon, 25 Jun 2012 17:06:34 +0000 (19:06 +0200)]
s4-torture: Make sure ncacn_np tests are only called over the a pipe.

7 years agos4-torture: Test LookupSids3 and LookupNames4 only over tcpip.
Andreas Schneider [Mon, 25 Jun 2012 16:23:31 +0000 (18:23 +0200)]
s4-torture: Test LookupSids3 and LookupNames4 only over tcpip.

LookupSids3 and LookupNames4 are only available over tcpip and MUST
fail over named pipes.

7 years agos4-torture: Use test_LookupSids3 function.
Andreas Schneider [Mon, 25 Jun 2012 16:03:40 +0000 (18:03 +0200)]
s4-torture: Use test_LookupSids3 function.