Andrew Bartlett [Fri, 18 Jul 2008 08:58:56 +0000 (18:58 +1000)]
Make a seperate template for the refint configuration too
Andrew Bartlett [Fri, 18 Jul 2008 08:44:07 +0000 (18:44 +1000)]
Put the memberof template into a seperate setup/ file.
Set a memberof-dn in a fruitless attempt to fix the ACL problem I'm
having with OpenLDAP
Andrew Bartlett
Andrew Bartlett [Fri, 18 Jul 2008 08:40:19 +0000 (18:40 +1000)]
More 'must be ignored' options from the MS-SMB doc.
Also in particular the 'sync' flags (which Samba has traditionally
ignored).
Thanks to Olivier Salamin <olivier.salamin@gmail.com> for pointing out
more flags that needed to be handled.
Andrew Bartlett
Volker Lendecke [Wed, 16 Jul 2008 19:50:25 +0000 (21:50 +0200)]
Add the interface ID to the rpc_pipe_register_commands call in s3 srv code
Stefan Metzmacher [Wed, 16 Jul 2008 11:02:54 +0000 (13:02 +0200)]
drsuapi: print out the number of linked attribute values we got
metze
Stefan Metzmacher [Wed, 16 Jul 2008 11:01:56 +0000 (13:01 +0200)]
drsuapi: make use of the 'more_data' field in DsGetNCChangesCtr[1|6]
metze
Stefan Metzmacher [Wed, 16 Jul 2008 11:00:07 +0000 (13:00 +0200)]
drsuapi: check ctr6->drs_error
metze
Stefan Metzmacher [Wed, 16 Jul 2008 10:58:29 +0000 (12:58 +0200)]
drsuapi: get ctr6 out of xpress compressed level
metze
Stefan Metzmacher [Tue, 15 Jul 2008 14:59:09 +0000 (16:59 +0200)]
drsuapi: total_object_count was the wrong guess
The total_object_count member of DsGetNCChangesCtr[1|6] was wrong
it's the error code of an extended operation.
DsGetNCChangesCtr6 has a nc_object_count value which contains
the estimated amount of objects in the naming_context.
W2k seems to have a bug and sends this number of objects
in the extended_ret field. Maybe it's just a bug and
not a feature:-)
metze
Stefan Metzmacher [Tue, 15 Jul 2008 13:36:54 +0000 (15:36 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsGetNCChangesCtr*
metze
Stefan Metzmacher [Tue, 15 Jul 2008 14:58:16 +0000 (16:58 +0200)]
libnet/become_dc: an unknown field in drsuapi.idl changed to object_flags
metze
Stefan Metzmacher [Tue, 15 Jul 2008 13:35:47 +0000 (15:35 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsReplicaObject*
metze
Stefan Metzmacher [Tue, 15 Jul 2008 13:34:23 +0000 (15:34 +0200)]
drsuapi.idl: fix unknowns in drsuapi_DsReplicaCursor[2]
metze
Stefan Metzmacher [Fri, 11 Jul 2008 08:19:53 +0000 (08:19 +0000)]
drsuapi.idl: correctly handle xpress compressed payload
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 16 Jul 2008 09:30:47 +0000 (11:30 +0200)]
become_dc: we need to replicate using krb5 auth to work against w2k
With NTLMSSP we just get strange responses with a random object count
and a NULL object list. On the domain partition where we try to replicate
the password fields.
metze
Stefan Metzmacher [Tue, 15 Jul 2008 16:28:25 +0000 (18:28 +0200)]
NET-API-BECOME-DC: fix crash bugs because of unintialized variables
metze
Andrew Bartlett [Wed, 16 Jul 2008 07:06:33 +0000 (17:06 +1000)]
Another kludge to let the OpenLDAP backend catch up.
This will go away when this is handled in an internal transation.
Andrew Bartlett
Andrew Bartlett [Wed, 16 Jul 2008 05:28:54 +0000 (15:28 +1000)]
Fix the build - this element was renamed.
Andrew Bartlett [Wed, 16 Jul 2008 04:04:24 +0000 (14:04 +1000)]
Reorder whitespace in generated slapd.conf
This helps us see the real groupings in the generated memberOf
handling.
Andrew Bartlett
Andrew Bartlett [Wed, 16 Jul 2008 04:00:18 +0000 (14:00 +1000)]
Ignore and handle more NT Create & X options.
The MS-SMB document explains that some of these options should be
ignored. The test proves it.
/* Must be ignored by the server, per MS-SMB 2.2.8 */
/* Must be ignored by the server, per MS-SMB 2.2.8 */
If we implement HSM in samba4 (likely) we should honour this bit.
/* Don't pull this file off tape in a HSM system */
Andrew Bartlett
Andrew Bartlett [Wed, 16 Jul 2008 01:11:25 +0000 (11:11 +1000)]
Don't keep an extra ldb around forever.
We just open it to figure out if we need to be a Global Catalog server.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 12:22:34 +0000 (22:22 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Conflicts:
source/dsdb/samdb/ldb_modules/simple_ldap_map.c
Andrew Bartlett [Tue, 15 Jul 2008 12:10:42 +0000 (22:10 +1000)]
Simplify the contextCSN determination.
We only ever have one backend partition per Samba partition.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 12:07:45 +0000 (22:07 +1000)]
Lock down the LDAP backend - only samba may read or write
Andrew Bartlett [Tue, 15 Jul 2008 10:27:43 +0000 (20:27 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Tue, 15 Jul 2008 10:26:04 +0000 (20:26 +1000)]
Revert Fedrora DS backend to use extensibleObject.
Until I create a samba4openldaptop and samba4fedoratop...
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 09:31:37 +0000 (19:31 +1000)]
Kill of some bogus debugs for the world who does not use the LDAP backend
Andrew Bartlett [Tue, 15 Jul 2008 08:44:58 +0000 (18:44 +1000)]
Fix asking for credentials for non-LDAP provisions.
Andrew Bartlett [Tue, 15 Jul 2008 05:46:32 +0000 (15:46 +1000)]
Rework provision to handle both simple and SASL binds.
Fedora DS is still setup for simple binds only, at this point.
(it also fails on other issues).
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:15:12 +0000 (15:15 +1000)]
Connect to the LDAP backend with SASL credentials.
This reworks our LDAP backend code to move from anonymous access to a
shared-secret SASL-protected connection. (SASL selects NTLM or
DIGEST-MD5 on my system).
To get this working, we must pre-populate the LDAP backend with a DN
to store ths SASL secret on, and we use back-ldif for this.
This gives us a reasonable basis to deploy a replicated OpenLDAP
backend solution.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:10:29 +0000 (15:10 +1000)]
Make up a full hostname for ldapi connections.
The DIGEST-MD5 SASL method requires a hostname, so provide one.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:09:32 +0000 (15:09 +1000)]
Add a standard filter for finding the LDAP secrets.
Andrew Bartlett [Tue, 15 Jul 2008 05:08:57 +0000 (15:08 +1000)]
Cleanup ldap_bind_sasl.
With these changes, we don't leak the LDAP socket, and don't reset all
credentials feature flags, just the ones we are actually incompatible
with.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:07:13 +0000 (15:07 +1000)]
Use secrets.ldb to store credentials to contact LDAP backend.
This makes Samba4 behave much like Samba3 did, and use a single set of
administrative credentials for it's connection to LDAP.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:05:41 +0000 (15:05 +1000)]
Allow ldap credentials to be (optionally) stored in secrets.ldb
This includes a simple bind DN, or SASL credentials.
The error messages are reworked as on systems without an LDAP backend,
we will fail to find this record very often.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:04:06 +0000 (15:04 +1000)]
Try to make NTLMSSP less fussy for unimportant messages.
We don't really care (because nobody uses them) what we send as the
domain and workstation in the negotiate packet.
Andrew Bartlett
Andrew Bartlett [Tue, 15 Jul 2008 05:01:43 +0000 (15:01 +1000)]
Fix 'make gdbtest-enb' and the GDB_PROVISION option.
Andrew Bartlett [Mon, 14 Jul 2008 08:47:10 +0000 (18:47 +1000)]
Remove C++ keywords from events.h header.
Andrew Bartlett
Andrew Bartlett [Sat, 12 Jul 2008 05:26:42 +0000 (15:26 +1000)]
rename sambaPassword -> userPassword.
This attribute is used in a very similar way (virtual attribute
updating the password) in AD on Win2003, so eliminate the difference.
This should not cause a problem for on-disk passwords, as by default
we do not store the plaintext at all.
Andrew Bartlett
Andrew Bartlett [Fri, 11 Jul 2008 05:11:32 +0000 (15:11 +1000)]
Use common code to fill in allowedAttributes in kludge_acl.
This code is now in common with ad2oLschema.
Andrew Bartlett
Andrew Bartlett [Thu, 10 Jul 2008 08:07:51 +0000 (18:07 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Thu, 10 Jul 2008 07:54:43 +0000 (17:54 +1000)]
Avoid the use of extensibleObject in ldap mapping backend.
Instead of extensibleObject, we use the new (more correct) ad2oLschema
tool, and a new objectClass called 'samba4Top', which we add and
remove in the same way we did extensibleObject.
Andrew Bartlett
Andrew Bartlett [Thu, 10 Jul 2008 05:52:44 +0000 (15:52 +1000)]
Make ad2oLschema even simpler, by moving the heavy work into dsdb.
This will allow the kludge_acl and schema code to leverage the same
work. (We might even get schema validation soon! :-)
Andrew Bartlett
Jeremy Allison [Thu, 10 Jul 2008 00:46:11 +0000 (17:46 -0700)]
(Hopefully) fix the build by re-adding security.NTACL
const char. The deletion earlier was a typo.
Jeremy.
Jeremy Allison [Wed, 9 Jul 2008 23:55:51 +0000 (16:55 -0700)]
Add in a version2 of the NT security descriptor store
that can store a timestamp along with the SD. Allows
us to check for validity against the POSIX st_ctime.
Keeps the IDL consistent with Samba3.3 IDL.
Jeremy.
Michael Adam [Fri, 27 Jun 2008 07:22:53 +0000 (09:22 +0200)]
ldb_map: eliminate "discards qualifyer" warning (const).
Michael
Michael Adam [Fri, 27 Jun 2008 07:22:11 +0000 (09:22 +0200)]
libnet_domain: eliminate "discards qualifier" warning (const).
Michael
Michael Adam [Thu, 26 Jun 2008 21:30:42 +0000 (23:30 +0200)]
dsdb: eliminate disards qualifyer compile warning.
Michael
Michael Adam [Wed, 9 Jul 2008 10:48:05 +0000 (12:48 +0200)]
Revert "tdbtool: fix off-by-one error in argument length. (bug #2344)"
This reverts commit
fafb8ad2b81b9a46cf8259bedc1dca5023b06115.
This fix is not valid:
1. convert_string() is not only used for key strings but also for data.
2. Some databases use string_tdb_data() i.e. non-null-terminated strings
as keynames and others (like the one I was using), use
string_term_tdb_data(), i.e. zero-terminated key strings.
After discussion with Metze, the easiest (and proper way) to
handle this is to specify key names as "keyname\0" for databases
which use string_term_tdb_data().
Sorry for the noise...
Michael
Michael Adam [Tue, 8 Jul 2008 13:33:36 +0000 (15:33 +0200)]
tdbtool: fix off-by-one error in argument length. (bug #2344)
This prevented all commands operating on keys (all non-traverse commands)
in tdbtool to fail with a "fetch failed" or "delete failed" message.
It seems that it fixes bug #2344 ...
Apparently this bug was introduced with
94e53472666ed in 2005.
Either nobody is using tdbtool or else tdb_find() has become
more strict about the key legth in the meantime. :-)
Michael
Stefan Metzmacher [Sat, 17 May 2008 00:40:37 +0000 (02:40 +0200)]
rpc_server: use the transport session_info if available
metze
Stefan Metzmacher [Mon, 7 Jul 2008 16:55:59 +0000 (18:55 +0200)]
packet: make it possible to free the packet_context from the send_callback
metze
(cherry picked from commit
20795c4a0d5f75561561470231de1a2fad2906ff)
Stefan Metzmacher [Mon, 7 Jul 2008 17:40:35 +0000 (19:40 +0200)]
smb_server/smb: handle incoming multi fragmented nttrans requests
metze
Stefan Metzmacher [Mon, 7 Jul 2008 17:37:14 +0000 (19:37 +0200)]
smb_server/smb: prepare multi fragmented nttrans requests
metze
Stefan Metzmacher [Mon, 7 Jul 2008 14:34:36 +0000 (16:34 +0200)]
libcli/raw: remove unused smb_raw_max_trans_data() function
metze
Stefan Metzmacher [Mon, 7 Jul 2008 16:07:47 +0000 (18:07 +0200)]
torture: .in.max_data should not depend on the smb max size
We now support async multi fragment SMBtrans calls.
metze
Stefan Metzmacher [Mon, 7 Jul 2008 16:04:44 +0000 (18:04 +0200)]
rap: trans->in.max_data should not depend on the smb max size
We now support async multi fragment SMBtrans calls.
metze
Stefan Metzmacher [Mon, 7 Jul 2008 16:01:28 +0000 (18:01 +0200)]
dcerpc_smb: trans->in.max_data should not depend on the smb max size
We now support async multi fragment SMBtrans calls.
metze
Stefan Metzmacher [Mon, 7 Jul 2008 13:04:59 +0000 (15:04 +0200)]
libcli/raw: make multi fragmented nttrans requests possible
metze
Stefan Metzmacher [Mon, 7 Jul 2008 12:00:53 +0000 (14:00 +0200)]
smb_server/smb: trans(2) setup count is uint8_t
metze
Stefan Metzmacher [Mon, 7 Jul 2008 12:00:09 +0000 (14:00 +0200)]
libcli/raw: trans(2) setup count is uint8_t
metze
Stefan Metzmacher [Fri, 4 Jul 2008 18:47:24 +0000 (20:47 +0200)]
libcli/raw: remove unused smbcli_request_receive_more() function
metze
Stefan Metzmacher [Fri, 4 Jul 2008 18:46:10 +0000 (20:46 +0200)]
libcli/raw: use the new recv_helper infrastructure for trans/trans2 replies
metze
Stefan Metzmacher [Fri, 4 Jul 2008 18:07:52 +0000 (20:07 +0200)]
libcli/raw: use the new recv_helper infrastructure for nttrans replies
metze
Stefan Metzmacher [Fri, 4 Jul 2008 17:52:23 +0000 (19:52 +0200)]
libcli/raw: add a recv_helper hook infrastructure
The recv helper will be called when a response comes
and the recv helper can decide to let the request
on the SMBCLI_REQUEST_RECV when more reponse packets
are expected. It's up to the helper function
to keep a reference to the in buffers, each incoming
response overwrites req->in.
metze
Stefan Metzmacher [Fri, 4 Jul 2008 18:16:36 +0000 (20:16 +0200)]
libcli/raw: the nttrans setup count is only 8-bit
metze
Stefan Metzmacher [Mon, 7 Jul 2008 11:00:24 +0000 (13:00 +0200)]
smb_server/smb: transs and transs2 calls have different word counts
Also add a note about NT_STATUS_DOS(ERRSRV, ERRerror).
metze
Stefan Metzmacher [Mon, 7 Jul 2008 10:56:26 +0000 (12:56 +0200)]
smb_server/smb: fix crash bug with fragmented trans calls
We need to use smbsrv_setup_secondary_request(req) to send the
trans ack, because smbsrv_send_reply(req) destroys 'req'
and the partial trans list had dead elements in the list.
Also make sure the partial list element is removed by a talloc
destructor.
metze
Stefan Metzmacher [Thu, 3 Jul 2008 11:40:31 +0000 (13:40 +0200)]
dcerpc.idl: the signing overhead can be more than 32 bytes
Windows seems to use 64 here, so we do now.
Before we got nca_proto_error fault because we send fragments
larger than the negotiated max frag size.
If the max frag size is 5840, we're sending 5837 bytes
when the auth_len is 45 and that matches w2k3 traffic.
metze
Stefan Metzmacher [Thu, 3 Jul 2008 11:39:55 +0000 (13:39 +0200)]
rpc_server: use the same chunk_size logic as we we use in the client
metze
Jeremy Allison [Wed, 2 Jul 2008 19:01:15 +0000 (12:01 -0700)]
Fix bug #5578, reported by sendel2000@hotbox.ru. Bad (non-Samba) use of strlcat gives error.
Jeremy.
Stefan Metzmacher [Wed, 2 Jul 2008 13:43:57 +0000 (15:43 +0200)]
Merge commit 'origin/v4-0-stable' into v4-0-test
Stefan Metzmacher [Wed, 2 Jul 2008 13:33:20 +0000 (15:33 +0200)]
Merge commit 'release-4-0-0alpha5' into v4-0-stable
Andrew Bartlett [Wed, 2 Jul 2008 11:47:21 +0000 (21:47 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 2 Jul 2008 11:30:08 +0000 (21:30 +1000)]
Move ad2oLschema and oLschema2ldif into Samba4, out of LDB
LDB does not know about nor process the AD schema, so it makes no
sense to have this tool there. I've been changing it anyway, to use a
common schema manipulation library, and will enhance these links in
the future.
Andrew Bartlett
Stefan Metzmacher [Wed, 2 Jul 2008 08:28:42 +0000 (10:28 +0200)]
ldap_server: allow modifies to the root dse record and pass them to the ldb layer
metze
Andrew Bartlett [Wed, 2 Jul 2008 05:19:49 +0000 (15:19 +1000)]
Fill in the auxiliary classes into the dsdb_schema.
Andrew Bartlett
Andrew Bartlett [Wed, 2 Jul 2008 05:15:54 +0000 (15:15 +1000)]
Collapse auxillary classes in LDAP schema conversion.
MS-ADTS 3.1.1.3.1.1.5 describes the behaviour of auxiliary classes.
In effect, these are additional MUST or MAY attributes that are
appeneded to the parent class (the auxiliary does not become listed in
the objectClass attribute), and so we do just that, and merge them
here, for export to OpenLDAP as it's schema.
Andrew Bartlett
Stefan Metzmacher [Mon, 30 Jun 2008 15:17:24 +0000 (17:17 +0200)]
schema_fsmo: prepare auto allocation of schema oid prefixes
This implements the logic in the schema_fsmo_add() function,
but it only calls a dummy dsdb_create_prefix_mapping() yet.
metze
Stefan Metzmacher [Tue, 1 Jul 2008 14:35:13 +0000 (16:35 +0200)]
schema_fsmo: move fsmo info into struct dsdb_schema
metze
Andrew Bartlett [Tue, 1 Jul 2008 04:54:23 +0000 (14:54 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Tue, 1 Jul 2008 04:53:31 +0000 (14:53 +1000)]
Create PREFIX/var/lib and PREFIX/var/run in 'make install'.
This is a problem because the location of the winbind privilaged pipe
moved.
Andrew Bartlett
Stefan Metzmacher [Mon, 30 Jun 2008 15:15:49 +0000 (17:15 +0200)]
schema_fsmo: only set module->private_data in case we keep the struct for a long time
metze
Stefan Metzmacher [Mon, 30 Jun 2008 11:03:17 +0000 (13:03 +0200)]
drsuapi.idl: remove some unknows from DsGetNCChanges() (update samba4 callers)
metze
Stefan Metzmacher [Mon, 30 Jun 2008 11:01:02 +0000 (13:01 +0200)]
drsuapi.idl: remove some unknows from DsGetNCChanges()
metze
Andrew Bartlett [Mon, 30 Jun 2008 11:54:43 +0000 (21:54 +1000)]
A couple more package updates
Andrew Bartlett [Mon, 30 Jun 2008 11:54:28 +0000 (21:54 +1000)]
On the way to alpha6!
Andrew Bartlett [Mon, 30 Jun 2008 11:54:01 +0000 (21:54 +1000)]
Merge branch '4-0-stable' into 4-0-local
Andrew Bartlett [Mon, 30 Jun 2008 09:34:11 +0000 (19:34 +1000)]
Merge branch '4-0-local' into v4-0-stable
Andrew Bartlett [Mon, 30 Jun 2008 09:34:02 +0000 (19:34 +1000)]
More updates for spec file, for alpha5
Andrew Bartlett [Mon, 30 Jun 2008 09:31:20 +0000 (19:31 +1000)]
Ensure we install smbd as well...
Andrew Bartlett [Mon, 30 Jun 2008 08:12:20 +0000 (18:12 +1000)]
Mark as 'not a git snapshot'.
Andrew Bartlett [Mon, 30 Jun 2008 08:07:26 +0000 (18:07 +1000)]
Prepare for alpha5 tarball.
Now we have packaging/Fedora in the tree, make that directory or copy
files into there.
Andrew Bartlett
Andrew Bartlett [Mon, 30 Jun 2008 08:06:02 +0000 (18:06 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Stefan Metzmacher [Sat, 28 Jun 2008 18:42:27 +0000 (20:42 +0200)]
nbt_server/wins: don't force wins_ldb as shared_module
metze
Stefan Metzmacher [Fri, 27 Jun 2008 13:34:31 +0000 (15:34 +0200)]
dsdb: don't force the build of ldb modules as shared_module
metze
Stefan Metzmacher [Sat, 28 Jun 2008 18:41:45 +0000 (20:41 +0200)]
ldb_ildap: don't force the build as shared_module
metze
Stefan Metzmacher [Sat, 28 Jun 2008 08:50:49 +0000 (10:50 +0200)]
auth: don't force the build of auth_server as shared_module
metze
Stefan Metzmacher [Sat, 28 Jun 2008 09:01:20 +0000 (11:01 +0200)]
lib/talloc: build as MERGED_OBJ instead of STATIC_LIBRARY
metze
Stefan Metzmacher [Sat, 28 Jun 2008 08:59:02 +0000 (10:59 +0200)]
lib/events: build as MERGED_OBJ instead of STATIC_LIBRARY
metze