Simo Sorce [Mon, 23 Aug 2010 21:11:32 +0000 (17:11 -0400)]
s3-dcerpc: Allocate structure members on the right context
Volker Lendecke [Mon, 23 Aug 2010 19:00:27 +0000 (21:00 +0200)]
s3: PAM_RHOST and PAM_TTY are enums on FreeBSD
Matthias Dieter Wallnöfer [Mon, 23 Aug 2010 05:37:36 +0000 (07:37 +0200)]
s4:getncchanges.c - fix some counter variable types
They should be "unsigned" since they count LDB objects. And also the SID array
can be counted as "unsigned".
Jelmer Vernooij [Mon, 23 Aug 2010 13:10:07 +0000 (15:10 +0200)]
replace: Fix ifndefs for formatting defines.
Thanks to Michael Brown for pointing this out.
Andrew Tridgell [Mon, 23 Aug 2010 02:47:51 +0000 (12:47 +1000)]
s4-devel: added a getncchanges developer script
this allows for command line access to getncchanges
it also provides a good example of calling DRSUAPI interfaces from
python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:56 +0000 (12:07 +1000)]
s4-pyrpc: use s4_event_context_init()
This fixes a crash when using kerberos and the python dcercpc
interface, which requires event nesting
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:19 +0000 (12:07 +1000)]
s4-pyregistry: use s4_event_context_init()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 02:07:00 +0000 (12:07 +1000)]
s4-event: event_context_find() should use s4_event_context_init()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:36:29 +0000 (11:36 +1000)]
s4-net: role should be case insensitive for join
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:33:19 +0000 (11:33 +1000)]
s4-drs: show the user sid that does the GetNCChanges call
this is useful when debugging replication
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:32:28 +0000 (11:32 +1000)]
s4-drs: removed the warning on WRIT_REP being set
we just need to clear this flag
Andrew Tridgell [Mon, 23 Aug 2010 01:31:48 +0000 (11:31 +1000)]
s4-net: added initial implemention of RODC join
This does the join using python code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:30:22 +0000 (11:30 +1000)]
libnet-s4: added replicate() command in pynet
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:13:22 +0000 (11:13 +1000)]
s4-libnet: split libnet_Vampire() into two parts
libnet_Replicate() will do just the replication portion of
libnet_Vampire(). This will be used by the RODC join, where the join
part of the operation happens in python, and behaves quite differently
to the libnet_Join() code.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Mon, 23 Aug 2010 01:11:35 +0000 (11:11 +1000)]
s4-libnet: show the DN when DsAddEntry() fails
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 22:52:19 +0000 (08:52 +1000)]
s4-net: moved the net join command to python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 22:50:04 +0000 (08:50 +1000)]
s4-libnet: added join type constants to python interface
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 21:52:25 +0000 (07:52 +1000)]
s4-python: added ndr_print() method in ndr
Andrew Tridgell [Sun, 22 Aug 2010 21:51:55 +0000 (07:51 +1000)]
pidl-python: fixed the docstrings for ndr_print, ndr_pack and ndr_unpack
Andrew Tridgell [Sun, 22 Aug 2010 21:28:09 +0000 (07:28 +1000)]
libreplace: fixed the strptime() waf test
Thanks to Jelmer for pointing this out
Andrew Bartlett [Fri, 20 Aug 2010 02:15:15 +0000 (12:15 +1000)]
s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
Andrew Bartlett [Fri, 20 Aug 2010 12:30:46 +0000 (22:30 +1000)]
s3:pdbtest Fix command name of pdbtest
Signed-off-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Sun, 22 Aug 2010 20:55:01 +0000 (22:55 +0200)]
s3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.
Andrew Bartlett [Fri, 20 Aug 2010 07:51:48 +0000 (17:51 +1000)]
s3:param Clarify parameter name on init_globals()
This parameter is used with the registry backend to
cause the globals table to be re-initialised.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Sun, 22 Aug 2010 18:00:46 +0000 (20:00 +0200)]
s3: Turn two macros into functions
Volker Lendecke [Wed, 18 Aug 2010 16:23:49 +0000 (18:23 +0200)]
s3: Pass the rhost through smb_pam_accountcheck
Volker Lendecke [Wed, 18 Aug 2010 15:31:39 +0000 (17:31 +0200)]
s3: Rename auth.c:backends to auth_backends
Volker Lendecke [Sun, 22 Aug 2010 16:41:39 +0000 (18:41 +0200)]
s3: Fix some nonemtpy blank lines
Jelmer Vernooij [Sun, 22 Aug 2010 15:12:26 +0000 (17:12 +0200)]
s4: Only install testparm to /usr/bin/, no longer to /usr/sbin.
Jelmer Vernooij [Sun, 22 Aug 2010 15:03:47 +0000 (17:03 +0200)]
s4: Install testparm to /usr/bin, consistent with old behaviour.
Andrew Tridgell [Wed, 18 Aug 2010 23:22:54 +0000 (09:22 +1000)]
s4-waf: re-use SAMBA_LIBRARY() in building shared modules
make SAMBA_MODULE() call SAMBA_LIBRARY() to do the heavy lifting. This
fixes the problem with modules being a bit too slim :-)
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Volker Lendecke [Wed, 18 Aug 2010 14:50:26 +0000 (16:50 +0200)]
s3: Move check_access to cgi.c, its only user
Volker Lendecke [Wed, 18 Aug 2010 14:48:20 +0000 (16:48 +0200)]
s3: Replace calls to check_access by allow_access
We already have both the name and address of the client stored now
Jelmer Vernooij [Sun, 22 Aug 2010 03:24:55 +0000 (05:24 +0200)]
Avoid use of Samba DTD, which requires net access.
Jelmer Vernooij [Sun, 22 Aug 2010 03:02:00 +0000 (05:02 +0200)]
wafsamba: fix CHECK_XSLTPROC_MANPAGES().
Jelmer Vernooij [Sun, 22 Aug 2010 03:00:57 +0000 (05:00 +0200)]
Use DocBook DTD rather than Samba one, as no Samba-specific things are
used in the tdb manpages.
Andrew Tridgell [Sun, 22 Aug 2010 04:51:12 +0000 (14:51 +1000)]
s4-net: better error message on net setpassword
Andrew Tridgell [Sun, 22 Aug 2010 04:50:46 +0000 (14:50 +1000)]
librpc: add python bindings for the netlogon pipe
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:50:22 +0000 (14:50 +1000)]
pyldb: do type checking on the list form of ldb add
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:49:10 +0000 (14:49 +1000)]
pidl: give the varible name for bad type in python calls
This makes it much clearer which argument to a function had the wrong
type
Andrew Tridgell [Sun, 22 Aug 2010 04:47:22 +0000 (14:47 +1000)]
pidl: cope with bad type conversions in unions
This prevents a crash when converting bad types in NDR unions
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Sun, 22 Aug 2010 04:46:01 +0000 (14:46 +1000)]
pidl: added a __ndr_print__() method on python NDR objects
This allows you to print a returned NDR structure using
s.__ndr_print__() which gives an easy view of complex
structures, such as those from netlogon
Kai Blin [Sat, 14 Aug 2010 05:40:51 +0000 (07:40 +0200)]
s3: Fix netgrent configure checks for compilers not supporting -Werror-implicit-function-declaration
This should fix bug 7620.
Volker Lendecke [Sat, 21 Aug 2010 09:32:58 +0000 (11:32 +0200)]
s3: Fix bug 7635
Jeremy Allison [Fri, 20 Aug 2010 22:57:08 +0000 (15:57 -0700)]
Fix bug 7627 - smbclient ignores "-I" when used with "-L", fails name resolution.
Still needs some more work to fix missing netbios name issues, but fixes
underlying issue of IP address being ignored.
Jeremy.
Jeremy Allison [Fri, 20 Aug 2010 22:56:37 +0000 (15:56 -0700)]
Fix const warning.
Kamen Mazdrashki [Fri, 20 Aug 2010 18:58:22 +0000 (21:58 +0300)]
s4-ndr_basic.c: Fix ndr_*_hyper() when [bigendian] data is processed
Kamen Mazdrashki [Thu, 19 Aug 2010 12:52:49 +0000 (15:52 +0300)]
s4-drsuapi: Implement custom printing for drsuapi protocol for
drsuapi_DsReplicaAttribute and drsuapi_DsAttributeValueCtr objects
This makes tracing what data has been transferred much easier
Volker Lendecke [Wed, 18 Aug 2010 16:35:53 +0000 (18:35 +0200)]
s3: Use sconn->client_id in session_claim
Stefan Metzmacher [Thu, 12 Aug 2010 13:59:17 +0000 (15:59 +0200)]
s3:librpc: make dcerpc_read_ncacn_packet_send/recv() available
metze
Stefan Metzmacher [Thu, 12 Aug 2010 13:49:32 +0000 (15:49 +0200)]
librpc/rpc: move dcerpc_read_ncacn_packet_send/recv() to dcerpc_util.c
metze
Stefan Metzmacher [Fri, 20 Aug 2010 12:52:04 +0000 (14:52 +0200)]
s3:Makefile.in: use python with -u to disable stdin/out caching
metze
Stefan Metzmacher [Tue, 17 Aug 2010 06:05:14 +0000 (08:05 +0200)]
s3:winbindd: fix error handling in wb_next_grent_fetch_done()
We should not use 'result' uninitialized.
metze
Zahari Zahariev [Thu, 19 Aug 2010 15:30:03 +0000 (18:30 +0300)]
Remove place-holders when it is single domain
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.
There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
Andrew Tridgell [Fri, 20 Aug 2010 07:17:23 +0000 (17:17 +1000)]
s4-dsdb: the RODC_JOIN control also changes samAccountName
when adding a user with the RODC_JOIN control, the samAccountName is
automatically set to the krbtgt_NNNNN form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:53 +0000 (07:26 +1000)]
s4-pysamdb: fixed get_domain_sid()
we need to actually return the SID!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 21:26:09 +0000 (07:26 +1000)]
s4-ldb: added support for rodc_control in ldb
this allows you to specify the RODC join control in python ldb calls
or on the command line
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 19 Aug 2010 03:06:08 +0000 (13:06 +1000)]
s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
when we deny a EXOP_REPL_SECRET call we should set the exop error code
to NONE, and the main return code to WERR_DS_DRA_ACCESS_DENIED (based
on observing windows server behaviour)
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:38:26 +0000 (18:38 +1000)]
s4-drs: bring us much closer to the docs for DRS secret replication
The rules for when a RODC can replicate secrets are:
- it can always replicate its own acct
- it can also replicate its krbtgt acct
- it can't replicate other krbtgt accts
- it can't replicate interdomain trust accounts
- it can't replicate users in the denied group list
- it can replicate users in the allowed group list
otherwise it can't replicate
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:36:12 +0000 (18:36 +1000)]
s4-dsdb: fixed dsdb_get_extended_dn_sid()
it should honor the component_name
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 08:35:41 +0000 (18:35 +1000)]
idl: added the RODC allow/deny secrets RIDs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:31:05 +0000 (14:31 +1000)]
s4-drs: implement RODC attribute filtering override
When a RODC uses extended getncchanges operation
DRSUAPI_EXOP_REPL_SECRET it gets an override on the ability to
replicate the secret attributes.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 18 Aug 2010 04:27:17 +0000 (14:27 +1000)]
s4-drs: added sam_ctx_system on DRS bind state
The getncchanges call needs to be able to access the sam as the system
user for RODC clients. To do this it needs a sam_ctx connection with
system credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Fri, 20 Aug 2010 09:14:06 +0000 (11:14 +0200)]
s3:loadparm: make lp_load_ex static. We have wrappers for external callers.
Jim McDonough [Thu, 19 Aug 2010 12:46:59 +0000 (08:46 -0400)]
s3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient.
DOS error codes were being lost with the conversion to async
libsmbclient. If we're passing around NTSTATUS internally,
let's just convert it when we get it.
DOS ACCESS_DENIED on nautilus was not prompting for other credentials,
because it was not being mapped.
Simo Sorce [Thu, 19 Aug 2010 11:35:01 +0000 (07:35 -0400)]
s3-ads: Fix wrong test in if statement
Günther Deschner [Thu, 19 Aug 2010 13:24:20 +0000 (15:24 +0200)]
s3-waf: fix the build.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:22:01 +0000 (14:22 +0200)]
s3-ldapsam: add samba.ldif LDAP schema.
This one is suiteable for cn=config setups and should be added via ldapadd.
Thanks to Sumit Bose <sbose@redhat.com> for providing it.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:02:22 +0000 (14:02 +0200)]
s3-cli: fix uninitialized variable.
Volker, please check.
Guenther
Günther Deschner [Thu, 19 Aug 2010 12:01:47 +0000 (14:01 +0200)]
s3-idmap: fix uninitialized variable in idmap_tdb_sids_to_unixids_action().
Michael, please check.
Guenther
Matthieu Patou [Thu, 19 Aug 2010 08:37:00 +0000 (12:37 +0400)]
s4 provision: POLICY_ACL is already an FS acl no need to translate it
Matthieu Patou [Thu, 19 Aug 2010 08:33:57 +0000 (12:33 +0400)]
s4 provision: Add some documentation to GPO related functions
Matthieu Patou [Sat, 14 Aug 2010 14:51:55 +0000 (18:51 +0400)]
unit tests: debug to ease locating pb, remove dir if exists to avoid error
Matthieu Patou [Sat, 14 Aug 2010 12:57:49 +0000 (16:57 +0400)]
s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests
Matthieu Patou [Thu, 12 Aug 2010 13:28:28 +0000 (17:28 +0400)]
s4 upgradeprovision: add more attrbutes the ignore list
Also format in a pretty way the int64 ranges
Matthieu Patou [Thu, 12 Aug 2010 08:22:08 +0000 (12:22 +0400)]
s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing
Matthieu Patou [Sun, 11 Jul 2010 11:36:32 +0000 (15:36 +0400)]
s4 upgradeprovision: Add a function for schema reloading
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
Matthieu Patou [Wed, 11 Aug 2010 21:25:27 +0000 (01:25 +0400)]
s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES
This is used by upgradeprovision to readd this delta just before loading
a merged schema
Matthieu Patou [Tue, 10 Aug 2010 14:19:40 +0000 (18:19 +0400)]
s4 upgradeprovision: Fixes for increment_keyversion
fix
Matthieu Patou [Tue, 10 Aug 2010 13:39:29 +0000 (17:39 +0400)]
s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion
Günther Deschner [Wed, 18 Aug 2010 16:25:20 +0000 (18:25 +0200)]
s3-libsmb: fix some uninitialized variables.
Volker, please check.
Guenther
Surbhi Palande [Thu, 19 Aug 2010 08:56:30 +0000 (11:56 +0300)]
-ENOTSUP translates to NT_STATUS_NOT_SUPPORTED
https://launchpad.net/bugs/276472
This patch adds the translation of Unix Error code -ENOTSUP to NT Error Code
NT_STATUS_NOT_SUPPORTED. The absense of this translation wrongly sends back to
the client a STATUS_DENIED message in samba3.
Signed-off-by: Surbhi Palande <surbhi.palande@canonical.com>
Volker Lendecke [Wed, 18 Aug 2010 16:16:24 +0000 (18:16 +0200)]
s3: Remove smb_pam_accountcheck from the auth modules
We go through the same check in auth/auth.c line 287 after the module has done
its job. So we don't have to do that check twice.
Kamen Mazdrashki [Thu, 19 Aug 2010 00:17:36 +0000 (03:17 +0300)]
s4-drs: ATTIDs for deleted attributes should be based on msDs-IntId value if it exists
Kamen Mazdrashki [Thu, 19 Aug 2010 00:08:29 +0000 (03:08 +0300)]
s4-test: make better error message for ATTID checks
Kamen Mazdrashki [Wed, 18 Aug 2010 23:47:14 +0000 (02:47 +0300)]
s4-test: Change attribute syntax and value for readability
When it comes to read logs and dumping data received
Octet String syntax comes in handy
Kamen Mazdrashki [Wed, 18 Aug 2010 10:21:10 +0000 (13:21 +0300)]
s4-test: Enable drs.rpc.msdsintid test case - it should be passing now
Kamen Mazdrashki [Wed, 18 Aug 2010 00:19:45 +0000 (03:19 +0300)]
s4-dsdb: No need for dsdb_syntax_one_DN_drsuapi_to_ldb() to be public
It is intended to be used in schema_syntax.c module
Kamen Mazdrashki [Wed, 18 Aug 2010 00:52:48 +0000 (03:52 +0300)]
s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs
Depending on which NC is being replicated, GetNCChanges() returns
either ATTID based on local prefixMap or msDs-IntId value of
the attributeSchema class for the attribute being replicated.
If set, msDs-IntId value is always returned when replicating
object form NC other than Schema NC.
Objects in Schema NC replica always use prefixMap based ATTIDs.
Kamen Mazdrashki [Wed, 18 Aug 2010 00:06:53 +0000 (03:06 +0300)]
s4-dsdb-syntax: ATTID should be msDs-IntId value for the attributeSchema object
in case object replicated is not in Schema NC and attributeSchema
object has msDs-IntId attribute value set
Kamen Mazdrashki [Tue, 17 Aug 2010 01:48:24 +0000 (04:48 +0300)]
s4: fix few comment typos
Kamen Mazdrashki [Tue, 17 Aug 2010 01:44:52 +0000 (04:44 +0300)]
s4-schema_syntax.c: Fix white spaces and alignment
Kamen Mazdrashki [Tue, 17 Aug 2010 01:20:46 +0000 (04:20 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_drsuapi_to_ldb functions
Kamen Mazdrashki [Tue, 17 Aug 2010 01:12:54 +0000 (04:12 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_ldb_to_drsuapi functions
Kamen Mazdrashki [Tue, 17 Aug 2010 00:58:26 +0000 (03:58 +0300)]
s4-dsdb: Use dsdb_syntax_ctx in *_validate_ldb functions
Kamen Mazdrashki [Tue, 17 Aug 2010 00:21:46 +0000 (03:21 +0300)]
s4-dsdb: Add context structure for dsdb_syntax conversion functions
This structure is intended to hold context-dependent data.
Syntax-conversion and object-conversion functions need
that data to convert objects and attributes from drs-to-ldb
and ldb-to-drs correctly.
For instance: ATTID value depends on whether we are converting
object from partition different that Schema partition.
Kamen Mazdrashki [Mon, 16 Aug 2010 15:57:02 +0000 (18:57 +0300)]
s4-test-dssync: remove unused variable
Jeremy Allison [Wed, 18 Aug 2010 23:25:15 +0000 (16:25 -0700)]
Fix bug 7626 - Typo in configure samba_cv__CC_NEGATIVE_ENUM_VALUES two underscores.
Noticed by bj@sernet.de.
Jeremy Allison [Mon, 16 Aug 2010 23:31:33 +0000 (16:31 -0700)]
Fix bug 7563 - Creation of symlink using smbclient is buggy.
Fix semantics of symlink. "oldpath" should be an untouched blob,
"newpath" should fit the share path semantics.
Jeremy.
Volker Lendecke [Wed, 18 Aug 2010 14:44:04 +0000 (16:44 +0200)]
s3: Remove an unused variable