Jelmer Vernooij [Wed, 29 Sep 2010 00:29:02 +0000 (02:29 +0200)]
pidl: Fix handling of typedefs of typedefs.
Günther Deschner [Fri, 1 Oct 2010 04:42:58 +0000 (06:42 +0200)]
s3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
days we moved away from fstrings.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:08:47 +0000 (06:08 +0200)]
s3-net: better handle obscure 0x80070002 error reply when trying to update an
not yet published printer.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:07:25 +0000 (06:07 +0200)]
s3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from win7.
Guenther
Günther Deschner [Fri, 1 Oct 2010 04:05:38 +0000 (06:05 +0200)]
s3-spoolss: dont overwrite location change notify.
Guenther
Andrew Tridgell [Fri, 1 Oct 2010 03:56:20 +0000 (20:56 -0700)]
s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
this fails intermittently on sn-devel. Guenther suggested adding it to
knownfail
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct 1 04:37:36 UTC 2010 on sn-devel-104
Andrew Bartlett [Fri, 1 Oct 2010 03:13:34 +0000 (20:13 -0700)]
heimdal: added verbose logging of hemimdal crypto errors
Andrew Tridgell [Fri, 1 Oct 2010 02:41:50 +0000 (19:41 -0700)]
autobuild: fixed the --tail option for new log locations
Andrew Tridgell [Thu, 30 Sep 2010 22:24:58 +0000 (15:24 -0700)]
s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
otherwise we don't get the secrets!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 22:02:50 +0000 (15:02 -0700)]
s4-spn: don't try and send an empty SPN list
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Fri, 1 Oct 2010 01:31:06 +0000 (01:31 +0000)]
selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.
Andrew Tridgell [Fri, 1 Oct 2010 00:24:50 +0000 (17:24 -0700)]
selftest: fixed a selftest error on sn
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Thu, 30 Sep 2010 23:41:58 +0000 (01:41 +0200)]
delete_object: Remove unnecessary pass calls.
Jelmer Vernooij [Thu, 30 Sep 2010 23:05:12 +0000 (01:05 +0200)]
s4-selftest: Remove unnecessary PYTHONPATH overrides.
Jelmer Vernooij [Thu, 30 Sep 2010 16:29:58 +0000 (18:29 +0200)]
s4-selftest: Normalize paths.
Jelmer Vernooij [Thu, 30 Sep 2010 16:23:20 +0000 (18:23 +0200)]
s4-selftest: Finish conversion of selftest.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 12:55:04 +0000 (14:55 +0200)]
s4-selftest: Convert tests.sh to Python.
Andrew Tridgell [Thu, 30 Sep 2010 21:42:02 +0000 (14:42 -0700)]
autobuild: push of ref/notes/commits isn't allowed in master
metze may enable this later
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 30 22:25:02 UTC 2010 on sn-devel-104
Andrew Tridgell [Thu, 30 Sep 2010 19:45:00 +0000 (12:45 -0700)]
s4-provision: wipe the old keytabs when provisioning
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:44:39 +0000 (12:44 -0700)]
s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
we need to fetch the msDS-keyVersionNumber from the writeable DC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:43:45 +0000 (12:43 -0700)]
s4-drs: put the GCSPN flag into the repsTo if requested
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:43:14 +0000 (12:43 -0700)]
s4-libnet: wipe the old keytab when exporting
this prevents confusion with old keytab entries
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 30 Sep 2010 19:42:35 +0000 (12:42 -0700)]
s4-dsdb: silence the domainFunctionality not setup warning
Andrew Tridgell [Thu, 30 Sep 2010 17:41:36 +0000 (10:41 -0700)]
autobuild: added much better email reporting
logs are now accessible via http://git.samba.org
Andrew Tridgell [Thu, 30 Sep 2010 16:37:42 +0000 (09:37 -0700)]
autobuild: fixed exit status
this should fix the case where we don't send logs on failure
Andrew Tridgell [Thu, 30 Sep 2010 06:30:18 +0000 (23:30 -0700)]
s4-drs: added support for level 10 of getncchanges
added a simple mapping from req8
Zahari Zahariev [Thu, 30 Sep 2010 01:13:02 +0000 (04:13 +0300)]
LDAPCmp feature to compare nTSecurityDescriptors
New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Volker Lendecke [Wed, 29 Sep 2010 10:17:05 +0000 (12:17 +0200)]
s3: Add "smbcontrol winbindd ip-dropped <local-ip>"
This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.
Volker Lendecke [Thu, 30 Sep 2010 14:27:42 +0000 (16:27 +0200)]
s3: Re-introduce a procid_self()
Giving the parent pid to reinit_after_fork is not a good idea....
None of the other callers do this, checked it.
Volker Lendecke [Thu, 30 Sep 2010 13:17:09 +0000 (15:17 +0200)]
s3: Fix a typo in dump-domain-list smbcontrol usage msg
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:38 +0000 (10:31 +0200)]
s4-selftest: Add some more comments to skip file.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:29 +0000 (10:31 +0200)]
selftest: Eliminate some unnecessary spaces.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:03 +0000 (10:31 +0200)]
selftest: Avoid accessing deprecated BaseException.message.
Thanks to Andreas for pointing this out.
Jelmer Vernooij [Thu, 30 Sep 2010 07:29:42 +0000 (09:29 +0200)]
subunit: Import new upstream snapshot (adds subunit_progress())
Jelmer Vernooij [Thu, 30 Sep 2010 07:18:01 +0000 (09:18 +0200)]
testtools: Import new upstream snapshot.
Andrew Tridgell [Thu, 30 Sep 2010 05:08:48 +0000 (22:08 -0700)]
s4-drepl: don't call UpdateRefs on a RODC
we use the ADD_REF bit in getncchanges instead
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:04:21 +0000 (22:04 -0700)]
s4-drepl: fixed the checking of replica_flags in the drepl server
we were incorrectly avoiding a getncchanges when WRIT_REP was not set
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:03:35 +0000 (22:03 -0700)]
s4-kcc: fixed the replica_flags in repsFrom in the kcc
if our calculated replica_flags doesn't match the ones in our repsFrom
then update it
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 05:02:54 +0000 (22:02 -0700)]
idl-drsuapi: fixed another replica_flags that should use the bitmap
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Thu, 30 Sep 2010 00:33:49 +0000 (17:33 -0700)]
s4-dns: send A record updates via TKEY
Günther Deschner [Thu, 30 Sep 2010 00:28:41 +0000 (02:28 +0200)]
s3-spoolss: make sure to exit early and with the appropriate error code in
_spoolss_GetPrinterDriver2.
Guenther
Günther Deschner [Thu, 30 Sep 2010 00:05:36 +0000 (02:05 +0200)]
spoolss: use the correct flags for spoolss_PrinterInfo1 struct.
Guenther
Günther Deschner [Wed, 29 Sep 2010 02:51:56 +0000 (04:51 +0200)]
s3-spoolss: Fix servername/printername handling which turns out to be very important to get right.
Guenther
Günther Deschner [Wed, 29 Sep 2010 02:49:57 +0000 (04:49 +0200)]
s4-smbtorture: add new EnumPrinters test to test printername/servername
behaviour in EnumPrinter and GetPrinter calls.
Guenther
Andrew Tridgell [Wed, 29 Sep 2010 23:35:52 +0000 (16:35 -0700)]
s4-samldb: also set a password on the krbtgt_NNNN account
when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 22:50:04 +0000 (15:50 -0700)]
s4-devel: added new options to getncchanges script
added --pas, --dest-dsa and --replica-flags options
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Wed, 29 Sep 2010 22:49:15 +0000 (15:49 -0700)]
s4-drs: implement PAS checks and access checks for getncchanges
This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified
attributes.
This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets
Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Andrew Tridgell [Wed, 29 Sep 2010 22:46:23 +0000 (15:46 -0700)]
s4-drs: added drs_security_access_check_nc_root()
this checks securiity on the NC root of the specified naming context
Andrew Tridgell [Wed, 29 Sep 2010 22:45:27 +0000 (15:45 -0700)]
util: added BINARY_ARRAY_SEARCH_V()
this is used to search an array of values
Andrew Tridgell [Wed, 29 Sep 2010 06:19:26 +0000 (23:19 -0700)]
s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 06:18:47 +0000 (23:18 -0700)]
libds: added more UF_ -> ACB_ flags mappings
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 29 Sep 2010 08:47:34 +0000 (10:47 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
metze
Stefan Metzmacher [Wed, 29 Sep 2010 07:37:05 +0000 (09:37 +0200)]
midltests: support for fragmented RPC traffic
metze
Stefan Metzmacher [Wed, 29 Sep 2010 07:06:58 +0000 (09:06 +0200)]
midltests: print out the alloc_hint for requests and responses
metze
Stefan Metzmacher [Wed, 29 Sep 2010 04:03:08 +0000 (06:03 +0200)]
midltests: improve NDR64 downgrade
metze
Stefan Metzmacher [Wed, 29 Sep 2010 08:28:29 +0000 (10:28 +0200)]
midltests: revert to a simple default midltests.idl
metze
Günther Deschner [Wed, 29 Sep 2010 06:54:00 +0000 (08:54 +0200)]
s3-waf: add basic make test infrastructure, not able to test yet.
Guenther
Günther Deschner [Wed, 29 Sep 2010 06:49:39 +0000 (08:49 +0200)]
s3-waf: clean up socket-wrapper and nss-wrapper a little.
Guenther
Günther Deschner [Wed, 29 Sep 2010 06:48:49 +0000 (08:48 +0200)]
s3-waf: add vlp binary.
Guenther
Andrew Tridgell [Wed, 29 Sep 2010 03:47:03 +0000 (20:47 -0700)]
s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
we can't do SPN updates via sam writes and replication, as the sam is
read-only
Andrew Tridgell [Wed, 29 Sep 2010 03:46:15 +0000 (20:46 -0700)]
s4-drsutils: expose DsBind() call in drs_utils.py
this will be used by samba_spnupdate
Andrew Tridgell [Wed, 29 Sep 2010 03:43:58 +0000 (20:43 -0700)]
s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.
By forcing TZ=GMT in these scripts we avoid the problem
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Wed, 29 Sep 2010 02:35:56 +0000 (19:35 -0700)]
s4-rodc: RODC should not accept requests for role transfer
A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP
Andrew Tridgell [Wed, 29 Sep 2010 02:11:34 +0000 (19:11 -0700)]
s4-provision: simplify our generated krb5.conf
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:10:27 +0000 (19:10 -0700)]
s4-kdc: RODC DCs should be able to produce forwardable tickets
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:09:58 +0000 (19:09 -0700)]
heimdal: fixed timegm UTC/GMT bug
This was a wonderful bug!
On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 02:07:43 +0000 (19:07 -0700)]
s4-sam: fixed termination of krbtgt_attrs (comma and NULL)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 29 Sep 2010 01:01:21 +0000 (18:01 -0700)]
ldb-dn: don't crash on NULL in ldb_binary_encode_string()
Thanks to Nadya for finding this one!
Andrew Bartlett [Tue, 28 Sep 2010 23:06:39 +0000 (09:06 +1000)]
s4-kdc Ensure that an RODC may act as a server (needed to fill
the krbtgt role).
Andrew Bartlett
Andrew Bartlett [Tue, 28 Sep 2010 20:44:33 +0000 (06:44 +1000)]
heimdal Use a seperate krb5_auth_context for the delegated credentials
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.
Andrew Bartlett
Stefan Metzmacher [Tue, 28 Sep 2010 07:57:22 +0000 (09:57 +0200)]
midltests/todo: add some random idl files I had tested month ago
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:36:51 +0000 (02:36 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:50:19 +0000 (02:50 +0200)]
midltests: add some usefull defines to midltests.idl
metze
Stefan Metzmacher [Wed, 29 Sep 2010 00:35:54 +0000 (02:35 +0200)]
midltests: make it possible to allow downgrades to NDR32
metze
Stefan Metzmacher [Tue, 28 Sep 2010 09:04:59 +0000 (11:04 +0200)]
midltests: add a midltests_tcp.exe tool
This uses a man in the middle approach in order to dump the
request and response pdus.
It also tests NDR32 and NDR64.
metze
Stefan Metzmacher [Tue, 28 Sep 2010 08:50:05 +0000 (10:50 +0200)]
midltests: move the current implementation to midltests_simple.exe
metze
Stefan Metzmacher [Tue, 28 Sep 2010 07:47:55 +0000 (09:47 +0200)]
testprogs/win32: add vs2010-metze.cmd
metze
Günther Deschner [Tue, 28 Sep 2010 23:18:07 +0000 (01:18 +0200)]
s3-printing: skip metadata entry when traversing printerlist.
We were creating a new printer (with a very broken name) out of the
lasttimestamp entry all the time.
Simo, please check.
Guenther
Stefan Metzmacher [Wed, 5 Aug 2009 11:43:49 +0000 (13:43 +0200)]
pidl: add support for pointers in typedefs
metze
Stefan Metzmacher [Tue, 21 Sep 2010 08:34:30 +0000 (10:34 +0200)]
pidl:NDR/Parser: remove unused code for array element index
metze
Stefan Metzmacher [Tue, 21 Sep 2010 01:48:09 +0000 (03:48 +0200)]
pidl:NDR/Parser: simplify logic in ParseMemCtxPullFlags()
metze
Stefan Metzmacher [Tue, 21 Sep 2010 01:41:03 +0000 (03:41 +0200)]
pidl:NDR/Client: make the generated code look a bit nicer
metze
Stefan Metzmacher [Mon, 20 Sep 2010 22:44:30 +0000 (00:44 +0200)]
librpc/ndr: remove 'async' from ndr_interface_call
metze
Stefan Metzmacher [Mon, 20 Sep 2010 22:41:29 +0000 (00:41 +0200)]
pidl: remove unused async property handling
metze
Stefan Metzmacher [Tue, 21 Sep 2010 01:10:10 +0000 (03:10 +0200)]
pidl/Python: use has_property($d, "noopnum") helper function
metze
Stefan Metzmacher [Tue, 21 Sep 2010 01:05:41 +0000 (03:05 +0200)]
pidl:NDR/Client.pm: remove unreached code
metze
Stefan Metzmacher [Tue, 21 Sep 2010 00:17:21 +0000 (02:17 +0200)]
pidl/Python: remove todo handling from PythonFunction(), it's done by the caller
metze
Stefan Metzmacher [Mon, 20 Sep 2010 23:40:56 +0000 (01:40 +0200)]
pidl/Typelist: let typeIs() do TYPEDEF dereference in the HASH case
metze
Günther Deschner [Tue, 28 Sep 2010 20:53:08 +0000 (22:53 +0200)]
s3-waf: add in a little hack to deal with the ECHO rpc module for non-developer builds.
This will be removed once we have the rpc modules subsystem in place.
Guenther
Andrew Tridgell [Tue, 28 Sep 2010 18:24:37 +0000 (11:24 -0700)]
autobuild: use git notes for autobuild messages
This avoids changing the commit ID when we add a note that the
autobuild has passed
thanks to Jelmer for this suggestion!
Andrew Tridgell [Tue, 28 Sep 2010 18:23:35 +0000 (11:23 -0700)]
selftest: enable FAIL_IMMEDIATELY in autobuild make test
this should reduce the time we wait for previous failing builds.
Right now this will only work for s4, as we need a makefile change for
s3 support
Andrew Tridgell [Tue, 28 Sep 2010 17:48:38 +0000 (10:48 -0700)]
s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ
this extended getncchanges operation replicates a single object
Andrew Tridgell [Tue, 28 Sep 2010 17:46:03 +0000 (10:46 -0700)]
ldb-tdb: ignore failure to register control on rootdse
this is expected for non-sam LDBs
Andrew Tridgell [Tue, 28 Sep 2010 17:40:18 +0000 (10:40 -0700)]
s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges
this allows for replication by GUID or SID
Andrew Tridgell [Tue, 28 Sep 2010 17:39:52 +0000 (10:39 -0700)]
s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c
this will be used outside of the drs server.
This also fixes the handling of the ndr_size elements of the
drs_ObjectIdentifier
Andrew Tridgell [Tue, 28 Sep 2010 17:38:40 +0000 (10:38 -0700)]
waf: we don't need the preprocessor recursion limit any more
thanks to ita for this
Nadezhda Ivanova [Mon, 27 Sep 2010 04:16:47 +0000 (21:16 -0700)]
s4-drs: Added check for drs-manage-topology to updateRefs.
Nadezhda Ivanova [Mon, 27 Sep 2010 04:14:45 +0000 (21:14 -0700)]
s4-drs: Added drs_security_access_check function
It takes a security token, an ldb_context, and the desired CAR and checks
if the principal has this CAR granted
Nadezhda Ivanova [Mon, 27 Sep 2010 04:12:48 +0000 (21:12 -0700)]
s4-dsdb: adapted check_access_on_dn for use in drs.