Günther Deschner [Tue, 30 Jun 2009 09:38:41 +0000 (11:38 +0200)]
s4-smbtorture: remove trailing whitespace from RPC-SPOOLSS.
Guenther
Don Davis [Tue, 30 Jun 2009 08:12:02 +0000 (18:12 +1000)]
Rework the kerberos-notes.txt in order and format
This reworks the notes file to be less stream-of-consciousness and more
task for porting, with a very particular focus on a potential port of
Samba4 to use MIT Kerberos.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 30 Jun 2009 05:30:13 +0000 (15:30 +1000)]
s4:ldb Allow rootdse module to build without ldb_private.h
It seems quite reasonable to allow modules to re-initialise the set of
cached DNs on the ldb context.
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jun 2009 05:12:29 +0000 (15:12 +1000)]
s4: dsdb Avoid using the internal ldb_private.h header
This job is not complete (the partition module remains a unfinished
task), but now we do use the private ldb headers much less.
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jun 2009 02:11:14 +0000 (12:11 +1000)]
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jun 2009 02:06:38 +0000 (12:06 +1000)]
s4:kdc Only get the lp_ctx once for a LDB_fetch()
Andrew Bartlett [Tue, 30 Jun 2009 00:29:30 +0000 (10:29 +1000)]
Rework hdb-samba4 to remove useless abstractions.
The function LDB_lookup_principal() has been eliminated, and it's
contents spread back to it's callers. Removing the abstraction makes
the code clearer.
Also ensure we never pass unescaped user input to a LDB search
function.
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jun 2009 00:19:19 +0000 (10:19 +1000)]
s4:dsdb Explain the parsing steps for userPrincipalName cracknames calls
Günther Deschner [Mon, 29 Jun 2009 21:42:58 +0000 (23:42 +0200)]
s4-smbtorture: use torture_comment & torture_warning in RPC samr tests.
Guenther
Michael Adam [Mon, 29 Jun 2009 21:23:07 +0000 (23:23 +0200)]
s3:build: check for external liblua, link lua statically if using internal lib
So liblua is treated the same way as libtalloc and libtdb.
Michael
Günther Deschner [Tue, 23 Jun 2009 22:24:03 +0000 (00:24 +0200)]
s4-smbtorture: correctly test comment behaviour in RPC-SAMR-USERS against s3.
Guenther
Günther Deschner [Tue, 23 Jun 2009 22:23:09 +0000 (00:23 +0200)]
s3-pdb_tdb: give 'unknown_str' the proper name 'comment' and set comment in passdb.
pdb_{get,set}_comment were already existing in the API but were never used.
Guenther
Stefan Metzmacher [Mon, 29 Jun 2009 14:31:31 +0000 (16:31 +0200)]
s3:pdb_ads: we need to make the fd for tldap/tsocket non-blocking
metze
Michael Adam [Mon, 29 Jun 2009 14:26:42 +0000 (16:26 +0200)]
s3:fix build of old linux quota system and other unixes' quota implementation
By fixing the use of struct stat_ex.
Michael
Michael Adam [Mon, 29 Jun 2009 14:11:13 +0000 (16:11 +0200)]
s3:lib/sysquotas: fix usage of SMB_STRUCT_STAT (struct stat_ex).
This fixes the build with quotas / configure time detection
of sys_quota interface.
Michael
Michael Adam [Mon, 29 Jun 2009 13:39:46 +0000 (15:39 +0200)]
lib/util: fix building tevent_ntstatus without config.h
(when called from places with "#define NO_CONFIG_H" set, such as configure)
Michael
Stefan Metzmacher [Mon, 29 Jun 2009 11:13:05 +0000 (13:13 +0200)]
tsocket/bsd: also ask for TEVENT_FD_READ when we want to write into a stream socket
Otherwise we would not notice a broken connection.
metze
Stefan Metzmacher [Mon, 29 Jun 2009 11:05:27 +0000 (13:05 +0200)]
tsocket/bsd: more correctly check if the cached tevent_fd is still valid
I some cases the pointer value of tevent_context is the same again,
if we do something like:
ev1 = tevent_context_init();
...
fde = tevent_add_fd(ev1, fd, TEVENT_FD_READ...);
...
talloc_free(ev1);
...
ev2 = tevent_context_init();
if (ev1 == ev2) {
/* this can happen! */
}
if (tevent_fd_get_flags(fde) == 0) {
/* this is always true */
}
But the "talloc_free(ev1)" will set fde->event_ctx to NULL
and tevent_fd_get_flags() will always return 0.
metze
Günther Deschner [Mon, 29 Jun 2009 12:34:49 +0000 (14:34 +0200)]
s3-selftest: add RPC-SAMR-MACHINE-AUTH to list of test to run against s3.
Guenther
Günther Deschner [Fri, 26 Jun 2009 14:53:51 +0000 (16:53 +0200)]
s4-smbtorture: add RPC-SAMR-MACHINE-AUTH test.
This test talks to a DC as a joined workstation member - in the same way
winbindd does, in particular the calls used in this test's query pattern
will all request for SEC_FLAG_MAXIMUM_ALLOWED access_mask
(which pretty much all of samba's client code does as well).
In fact this test verifies that winbind can correctly talk to a samba dc using
samr dcerpc calls.
Guenther
Günther Deschner [Fri, 26 Jun 2009 14:51:53 +0000 (16:51 +0200)]
s4-smbtorture: add torture_suite_add_machine_workstation_rpc_iface_tcase.
Unlike torture_suite_add_machine_bdc_rpc_iface_tcase() which joins as a BDC
(ACB_SRVTRUST) this joins as a member workstation (ACB_WSTRUST).
Guenther
Jeff Layton [Mon, 29 Jun 2009 10:16:38 +0000 (06:16 -0400)]
mount.cifs: don't pass text ro/rw options to kernel
/bin/mount strips off the ro/rw options after setting the MS_RDONLY
flag appropriately. Make mount.cifs do the same thing.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Andrew Bartlett [Mon, 29 Jun 2009 10:12:23 +0000 (20:12 +1000)]
Fix ndrdump to use a common setup_logging() API
By adding a new common setup_logging_stdout() API, we no longer need to abuse the ABI compatability between the different setup_logging() calls in Samba3 and Samba4's DEBUG() subsystems.
The revert of
49a6d757b4d944cd22c91b2838beb83f04fbe1e9 works with this
to fix bug 6211.
Andrew Bartlett
Andrew Bartlett [Mon, 29 Jun 2009 09:57:57 +0000 (19:57 +1000)]
Revert "s4:debug: make setup_logging() a bit more compatible with samba3"
The problem is that the enum was previously a 'rachet', that is, it
would only reset to a level higher than it was previouly set to.
Changing the order broke file-based logging for our production sites.
This reverts commit
49a6d757b4d944cd22c91b2838beb83f04fbe1e9.
Matthias Dieter Wallnöfer [Sat, 20 Jun 2009 20:47:19 +0000 (22:47 +0200)]
Adds the impersonation level in ntcreatex requests to SAMBA 3 misc torture test
Specifies the impersonation level according to the reporter commit in bug #6283
David Markey [Mon, 29 Jun 2009 06:12:03 +0000 (08:12 +0200)]
Fix bug 6514: net gives unhelpful "lp_load failed" when it's missing smb.conf
Matthias Dieter Wallnöfer [Sat, 27 Jun 2009 12:16:19 +0000 (14:16 +0200)]
Correct some typos in the LDB partition module
Matthias Dieter Wallnöfer [Sat, 27 Jun 2009 11:38:38 +0000 (13:38 +0200)]
SAMDB: Don't check for "sAMAccountName" twice
Matthias Dieter Wallnöfer [Tue, 23 Jun 2009 16:27:26 +0000 (18:27 +0200)]
Enhancement of "simple ldap map" with "systemFlags" attribute
Enhance the simple ldap map to support also the "systemFlags" attribute in the
correct way.
Andrew Kroeger [Tue, 23 Jun 2009 12:26:17 +0000 (07:26 -0500)]
ldb: Properly handle NULL when copying attr lists.
When copying an attribute list, ensure the list itself is not NULL before
attempting to access elements of the list.
Matthias Dieter Wallnöfer [Mon, 22 Jun 2009 18:51:43 +0000 (20:51 +0200)]
Correct the headers of some SAMBA 4 setup python scripts
Nathaniel McCallum [Mon, 22 Jun 2009 13:26:33 +0000 (15:26 +0200)]
Two patches which fix issues on cross compiling/building
Matthias Dieter Wallnöfer [Sun, 21 Jun 2009 17:07:02 +0000 (19:07 +0200)]
Fixes for SAMBA3RPC torture test
On calls where both NT_STATUS and WERROR results are returned and consulted
we have to make sure to form function results considering both.
This errors have been found through a run against SAMBA 4.
Matthias Dieter Wallnöfer [Sat, 20 Jun 2009 21:36:10 +0000 (23:36 +0200)]
Small patch for SPOOLSS pipe
Prevents a crash of the SAMBA 4 daemon on the torture SPOOLSS test due to not
initialised structures.
Volker Lendecke [Sun, 28 Jun 2009 15:48:07 +0000 (17:48 +0200)]
_lsa_QueryInfoPolicy: Use symbolic info level names
Volker Lendecke [Sun, 28 Jun 2009 15:36:12 +0000 (17:36 +0200)]
Turn the pdb_rid_algorithm into a capabilities call that returns flags
Volker Lendecke [Sun, 28 Jun 2009 13:30:08 +0000 (15:30 +0200)]
Make pdb_ads survive a restart of Samba4
The search function retries once, the modifying call that hits a dead smbd
returns an error. The next try will reconnect. This was simple to implement and
provides a good compromise against Samba4 idling our connection. Most of the
modifying calls are quickly after a search (like OpenUser) anyway.
Volker Lendecke [Sun, 28 Jun 2009 13:29:38 +0000 (15:29 +0200)]
If the connection is down, don't try another write.
Volker Lendecke [Sun, 28 Jun 2009 12:41:11 +0000 (14:41 +0200)]
Add tldap_search_va
Volker Lendecke [Sun, 28 Jun 2009 11:03:14 +0000 (13:03 +0200)]
tldap_msg_received: Properly free the asn1_struct in case of an error
Volker Lendecke [Sat, 27 Jun 2009 18:03:55 +0000 (20:03 +0200)]
Move read_ldap_done after read_ldap_send
Volker Lendecke [Sat, 27 Jun 2009 16:14:25 +0000 (18:14 +0200)]
Convert tldap to tstream
Volker Lendecke [Sat, 27 Jun 2009 15:21:19 +0000 (17:21 +0200)]
Add tstream_read_packet
Volker Lendecke [Sat, 27 Jun 2009 18:04:37 +0000 (20:04 +0200)]
Properly free a downlevel readv request. Metze, please check
Volker Lendecke [Sat, 27 Jun 2009 20:28:47 +0000 (22:28 +0200)]
tldap: Don't fire off more than one read_ldap request during searches
Volker Lendecke [Sat, 27 Jun 2009 10:20:18 +0000 (12:20 +0200)]
Stop listening for inotify data when there's none
There have been some reports that we're flooding syslog with "No data on
inotify fd?!". I haven't been able to reproduce this yet. Until then, it is
better to just list this message once.
Volker Lendecke [Sat, 27 Jun 2009 09:31:53 +0000 (11:31 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Tue, 16 Jun 2009 09:51:11 +0000 (11:51 +0200)]
s3/lanman: Workaround for KB932762.
This addresses bug #6498.
Volker Lendecke [Fri, 26 Jun 2009 19:52:34 +0000 (21:52 +0200)]
The solaris linker seems to require an extra mention of dependent libs
Jim McDonough [Fri, 26 Jun 2009 19:24:57 +0000 (15:24 -0400)]
Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
Volker Lendecke [Fri, 26 Jun 2009 15:38:58 +0000 (17:38 +0200)]
Fix some dead code warnings from SUN Studio
Volker Lendecke [Fri, 26 Jun 2009 14:45:25 +0000 (16:45 +0200)]
Fix a typo in a comment
Sam Liddicott [Fri, 26 Jun 2009 11:31:19 +0000 (12:31 +0100)]
Upgrade ntvfs_map_*info to ntvfs_map_async_setup/ntvfs_map_async_finish
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an
old synchronous mapping technique, acceptable on the grounds that
they were only used by the simple vfs which was synchronous.
Other vfs may/do use these functions, and by upgrading them to use the
ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be
used asynchronously.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 26 Jun 2009 12:09:10 +0000 (14:09 +0200)]
s3:passdb: fix bug #6509: use gid (not uid) cache in fetch_gid_from_cache().
With the previous code, the cache can never have been hit at all.
Michael
Günther Deschner [Thu, 25 Jun 2009 15:43:28 +0000 (17:43 +0200)]
s3-vlp: drastically shrink size and dependencies of the virtual line printer.
This gets vlp from 13M down to 214K on my box.
Guenther
Tim Prouty [Fri, 26 Jun 2009 01:40:17 +0000 (18:40 -0700)]
s3: pass a valid stat into file_ntimes()
file_ntimes() calls can_write_to_file() which expects a valid stat struct
Tim Prouty [Fri, 26 Jun 2009 01:19:09 +0000 (18:19 -0700)]
s3 file_access: Convert some more functions over to use smb_filneame
Tim Prouty [Fri, 26 Jun 2009 00:24:19 +0000 (17:24 -0700)]
s3: simplify some redundant logic in is_ntfs_default_stream_smb_fname()
Tim Prouty [Thu, 25 Jun 2009 21:44:23 +0000 (14:44 -0700)]
s3: Remove get_full_smb_filename() from open_directory()
This is possible because open_directory() returns an error if
the fname is a stream, so the base_name can be used.
Tim Prouty [Thu, 25 Jun 2009 18:20:36 +0000 (11:20 -0700)]
s3 onefs: Plumb smb_filename through onefs createfile path
Tim Prouty [Thu, 25 Jun 2009 21:16:46 +0000 (14:16 -0700)]
s3: Change set_ea() and its callers to use smb_filename
Jeremy Allison [Thu, 25 Jun 2009 19:57:15 +0000 (12:57 -0700)]
Fix bug #6506 - SMBD server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE.
Reported and verified by Long Li <longli@microsoft.com>
Jeremy.
Kai Blin [Thu, 25 Jun 2009 19:36:49 +0000 (21:36 +0200)]
s4 auth_winbind: Internally, info3 has utf8 buffers, not utf16 buffers.
Thanks to gd for the catch.
Kai Blin [Thu, 25 Jun 2009 17:38:51 +0000 (19:38 +0200)]
s4 auth_winbind: Don't allocate the rids for the info3 structure within the loop
Kai Blin [Thu, 25 Jun 2009 17:16:02 +0000 (19:16 +0200)]
s4: Add libwbclient backend to auth_winbind
Günther Deschner [Thu, 25 Jun 2009 14:38:39 +0000 (16:38 +0200)]
s3-netlogon: remove remaining netlogon init functions.
Guenther
Volker Lendecke [Thu, 25 Jun 2009 12:46:17 +0000 (14:46 +0200)]
Add a \n to a debug message in smbacl4_nfs42win
Jeff Layton [Thu, 25 Jun 2009 11:27:25 +0000 (07:27 -0400)]
mount.cifs: add support for sending IPv6 scope ID to kernel
When getaddrinfo returns an IPv6 address with a non-zero scope_id, send
that to the kernel appended to the address with a '%' delimiter. This
allows people to mount servers via their link-local IPv6 addresses
(given a kernel that understands this address format, of course).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Günther Deschner [Thu, 25 Jun 2009 10:12:05 +0000 (12:12 +0200)]
s3-netlogon: remove init_netr_SamInfo functions.
Guenther
Günther Deschner [Thu, 25 Jun 2009 10:00:20 +0000 (12:00 +0200)]
s3-netlogon: fix validation level 2 support in netr_SamLogon and friends.
Guenther
Günther Deschner [Tue, 23 Jun 2009 22:24:55 +0000 (00:24 +0200)]
s3-examples: make get_next_oid exectuable.
Guenther
Günther Deschner [Thu, 25 Jun 2009 00:06:21 +0000 (02:06 +0200)]
s3-samr: refactor _samr_SetDomainInfo().
Guenther
Günther Deschner [Wed, 24 Jun 2009 23:52:06 +0000 (01:52 +0200)]
s3-samr: refactor _samr_QueryDomainInfo().
Guenther
Tim Prouty [Mon, 22 Jun 2009 22:26:56 +0000 (15:26 -0700)]
s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
Tim Prouty [Thu, 18 Jun 2009 18:38:42 +0000 (11:38 -0700)]
s3: Convert is_visible_file to use talloc_asprintf instead of malloc
Stefan Metzmacher [Tue, 9 Jun 2009 20:34:14 +0000 (22:34 +0200)]
s3:smbd: send SMB2 interim responses for async calls
metze
Stefan Metzmacher [Tue, 9 Jun 2009 20:33:32 +0000 (22:33 +0200)]
s3:smbd: add support for async interim SMB2 responses and prepare SMB2 cancel
metze
Stefan Metzmacher [Tue, 9 Jun 2009 19:29:40 +0000 (21:29 +0200)]
s3:smbd: keep a list of outstanding SMB2 requests
metze
Stefan Metzmacher [Tue, 9 Jun 2009 18:44:13 +0000 (20:44 +0200)]
s3:smbd: add smbd_smb2_send_oplock_break()
metze
Stefan Metzmacher [Tue, 9 Jun 2009 18:02:48 +0000 (20:02 +0200)]
s3:smbd: the SMB2-COMPOUND test shows that the related vs. unrelated flags isn't checked first
metze
Volker Lendecke [Wed, 24 Jun 2009 10:41:16 +0000 (12:41 +0200)]
Reenable the LDAPI socket for the merged build
It seems that the samba4 part of the merged build does not pick up the
DEVELOPER flag from the s3 configure.
Jelmer, can you fix that properly?
Thanks,
Volker
Volker Lendecke [Wed, 24 Jun 2009 10:39:21 +0000 (12:39 +0200)]
Only set the password if there is one
Günther Deschner [Tue, 23 Jun 2009 22:27:33 +0000 (00:27 +0200)]
s4-smbtorture: more paranoid checks while testing group membership in RPC-SAMR.
Guenther
Günther Deschner [Tue, 23 Jun 2009 18:27:05 +0000 (20:27 +0200)]
s3-printing: eliminate another non sec_initial_uid using security check.
Guenther
Günther Deschner [Tue, 23 Jun 2009 18:26:27 +0000 (20:26 +0200)]
s3-spoolss: restructure _spoolss_EndDocPrinter().
Guenther
Günther Deschner [Tue, 23 Jun 2009 09:16:23 +0000 (11:16 +0200)]
s3-lsa: Fix error path in _lsa_EnumAccountRights.
This needs to return NT_STATUS_OBJECT_NAME_NOT_FOUND
again as described in MS-LSAD 3.1.4.5.10 and tested with the
RPC-SAMR-USER-PRIVILEGES test.
Guenther
Günther Deschner [Wed, 8 Apr 2009 17:18:13 +0000 (19:18 +0200)]
s3-eventlog: implement _eventlog_ReportEventW().
Guenther
Günther Deschner [Tue, 23 Jun 2009 08:58:04 +0000 (10:58 +0200)]
s3: re-run make idl.
Guenther
Günther Deschner [Tue, 23 Jun 2009 08:55:05 +0000 (10:55 +0200)]
samr: add samr_UserInfoLevel and samr_DomainInfoClass enums based on MS-SAMR.
Guenther
Aravind Srinivasan [Tue, 16 Jun 2009 22:11:32 +0000 (15:11 -0700)]
s3: forward MSG_DEBUG from smbd parent to all children
Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in smbd.pid, while the "all" target
would send a message to all processes.
The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful. This was implemented
in winbindd in
065760ed. This patch does the same thing for smbd.
Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.
The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.
Günther Deschner [Mon, 22 Jun 2009 20:35:58 +0000 (22:35 +0200)]
s3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads struct.
Guenther
Volker Lendecke [Sat, 20 Jun 2009 16:43:58 +0000 (18:43 +0200)]
Add tldap paged searches, together with two helper routines
Volker Lendecke [Sat, 20 Jun 2009 16:42:18 +0000 (18:42 +0200)]
Reorganize retrieving errors and server-sent controls
This attaches the data to the tldap_message instead of the tevent_req.
It adds tldap_ctx_lastmsg() to retrieve the last message for the users of
the sync wrappers.
Volker Lendecke [Fri, 19 Jun 2009 16:20:20 +0000 (18:20 +0200)]
Move asn1_load_nocopy() to lib/util/asn1.c
Volker Lendecke [Fri, 19 Jun 2009 15:39:13 +0000 (17:39 +0200)]
Move asn1_blob() to lib/util/asn1.c
Volker Lendecke [Fri, 19 Jun 2009 12:01:10 +0000 (14:01 +0200)]
Add tldap_supports_control
Volker Lendecke [Fri, 19 Jun 2009 12:00:31 +0000 (14:00 +0200)]
Add tldap_entry_has_attrvalue
Volker Lendecke [Sat, 6 Jun 2009 21:21:01 +0000 (23:21 +0200)]
tldap control support
Volker Lendecke [Sat, 6 Jun 2009 19:06:33 +0000 (21:06 +0200)]
Prepare control support
We will have arrays of controls passed to tldap.c. Follow a mantra from the
classic book "Thinking Forth" by Leo Brodie: Favor counts over terminators :-)
This makes the parameter lists to tldap pretty long, but everyone will have
wrapper routines anyway, see for example tldap_search_fmt. And the OpenLDAP
manpages call the non-_ext routines deprecated, probably for a reason.
Volker Lendecke [Sat, 20 Jun 2009 09:46:42 +0000 (11:46 +0200)]
Fix setting passwords in pdb_ads
The samba4 password_hash module does not allow changing the password fields via
the "delete oldval" -> "add newval" set of modify operations, it requires a
single "replace with newval" operation.
Andrew, Samba3 by default uses that delete/add pair to detect if between
fetching the old value and storing the new one the old value has changed. This
is lost by using the "replace" operation.
Would it make sense to add this to the password_hash module?
Volker