dsdb-show_deleted: Check if the base DN is deleted before doing a full search

This avoids doing more work than we need to, such as a full database
scan, if the base DN is deleted.  The tdb layer cannot handle this
because we do not know to check for the isDeleted attribute there.

This was inspired by an investigation of the samr.large-dc test, which
is slow in part because of attempted SD propegation on the deleted DNs.

The samba3sam code is not compatible with this change (which implies
having checkBaseOnSearch: TRUE set on @OPTIONS), so this module is now
replaced with show_deleted_dummy for this test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

dsdb: Add show_deleted_dummy module, for use in samba3sam test

This simply consumes the critical flags from the show_deleted and
show_recycled controls, without implementing them.

This is needed because upcoming changes to show_deleted break this
test.  Other parts of Samba set these flags as critical and while we
could skip the module, I would rather not change that just for this
quite strange but important test.

Andrew Bartlett

s3sam

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

samba_upgradeprovision: Improve error messages and only search for schema in the schema partition

This change is needed for the upcoming change to show_deleted to check the base DN.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

dsdb: Assert that incoming DRS objects are valid in the local schema

This should change some of the random segfaults seen in autobuild into
errors we can further debug.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Remove byte_range_lock->read_only

With the rewritten brl_get_lock_readonly we only set the destructor for
r/w lock records anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct  6 22:20:05 CEST 2013 on sn-devel-104

smbd: Remove the brl_get_locks wrapper

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: brl_get_locks_internal is always called r/w now

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Restructure brl_get_locks_readonly

This is step 1 to get rid of brl_get_locks_internal with its complex readonly
business. It also optimizes 2 things: First, it uses dbwrap_parse_record to
avoid a talloc and memcpy, and second it uses talloc_pooled_object.

And -- hopefully it is easier to understand the caching logic with
fsp->brlock_rec and the clustering escape.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Avoid an if-statement per read/write in the non-clustered case

Without clustering, fsp->brlock_rec will never be set anyway. In the
clustering case we can't use the seqnum trick, so this is slow enough
that the additional if-statement does not matter in this case anyway. In
the non-clustered case it might. Have not measured it, but every little
bit helps I guess.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Remove unused "brl->key" struct element

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct  6 15:49:43 CEST 2013 on sn-devel-104

smbd: Convert some dbgtxt to DEBUG

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

torture: Remove an unused variable

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

torture: Continue buffer check after NOT_IMPLEMENTED infolevels

Patch from the SDC plugfest. Not every implementation supports every
infolevel, and we want to be able to test buffersize error behaviour
for all supported infolevels

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli: Correct smb2_lease_pull

We don't really use leases yet, so so far this went by unnoticed. It's
the V2 lease requests that hold the parent lease key, not the V1 ones.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli: Add const to smb2_lease_pull

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

torture: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Fix a comment

This has been converted from a timed event to an immediate one in
e7dab403c0ca6f6

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Fix confusing comments

The brlock-check is done in grant_fsp_oplock_type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: Avoid calling serverid_exists twice

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd:smb2: clarify and comment code treating dh2c blob check.

This makes the code that checks for extra create blobs in the
case of the dh2c blob look very similar to the corresponding
(slightly mode complex) code for the dhnc blob.

With this preparation it will be easier and more obvious how
to add proper treatment of the lease request blobs when leases
get implemented.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Oct  5 15:56:11 CEST 2013 on sn-devel-104

smbd:smb2: ignore an dhnq blob along with a dhnc in create

This is according to MS-SMB2, 3.3.5.9.7
"Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context"

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd:smb2_create: fix return code for durable handle create blob combinations

According to MS-SMB2:

3.3.5.9.7 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context
3.3.5.9.12 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context

and verified by test results.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-v2-open.reopen2c

- create durable with v1 request
- reconnect with v2 reconnect request
==> fails

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-v2-open.reopen2b

- connect with durable v2
- reconnect with durable v1
=> succeeds

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-v2-open.create-blob

test various combinations of durable create and reconnect
request blobs, according to
MS-SMB2, 3.3.5.9.12:
"Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2 Create Context"

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: extend the durable-open.reopen2 test

Add tests for:
- filename and many other things don't matter in reconnect
- additionally specified DHnQ request blob is ignored.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: extend the durable-v2-open.reopen2 test

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd:smb2: successfully answer a DHnC request when the initial create was DH2Q

I.e. the durable reconnect attempt is v1 while the original create was durable
v2 including the create guid.

Implement this by skipping the create_guid verification when
the reconnect request is v1.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd:smb2_create: add comment about validity of check reconnect blob being only one

With leases this will not be true any more.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add a durable-open.reopen-lease-v2 test

like durable-open.reopen2-lease but with v2 lease requets

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-v2-open.reopen2-lease-v2

lease v2 variant of the reopen2 test.
Test various success and failure cases.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add smb2_lease_v2_create() wrapper to smb2_lease_v2_create_share()

that sets share all. similar to smb2_lease_create()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-v2-open.reopen2-lease

lease v1 variant of the reopen2 test

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: add durable-open.reopen2-lease test

lease-variant of the reopen2 test

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: fix durable-open lease tests to pass against windows.

Fix is: reconnect with same client-guid as on the first connection.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture:smb2: add smbcli_options argument to torture_smb2_connection_ext()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libcli:smb2: make smbcli_options argument to smb2_connect_(send|ext) const

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libcli:smb2: add the smb2_capabilities to the smbcli_options

and initialize them in lpcfg_smbcli_options() instead of
in smb2_transport_init() as previously.

This will allow us to control them from callers later.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libcli:smb2: add the client_guid to the smbcli_options

and initialize it in lpcfg_smbcli_options() instead of
in smb2_transport_init() as previously.

Having the client guid in the smbcli_options will allow
us to control them from callers later.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture:spoolss: use smb2_connect() instead of smb2_connet_ext()

in print_test_smbd: we don't need to pass the previous_session_id.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture:smb2: fix a comment in the durable-open.lock-oplock test

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

samba_backup: fix bug, add command line parameter, improve error messages

Also remove .bak suffix from tdb/ldb backups for more consistent restore procedures

Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct  5 13:51:34 CEST 2013 on sn-devel-104

shadow_copy2: use stored mount_point instead of recalculating.

In the case of snapdirseverywhere but NOT crossmountpoints.

This spares stat calls.
And is the only correct thing to do if the mount point was
specified in the configuration.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: improve debug in shadow_copy2_convert() in snapdirseverywhere mode

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: fix shadow_copy2_convert() in the classical case.

I.e. the non-snapdirseverywhere case.
This in particular fixes the case of a snapdir hierarchy
that is parallel to the share or mountpoint and not subordinate.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add some blank lines for visual separation to shadow_copy2_convert()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: initialize "converted" string to null in shadow_copy2_convert()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: fix shadow_copy2_strip_snapshot() in the classical case

I.e., fix detection of already converted names.

This is done by using the shadow_copy2_snapshot_path() function
and comparing if the input string starts with that.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add some debug to shadow_copy2_strip_snapshot()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comments explaining decisions in shadow_copy2_strip_snapshot()

This should make it more easy to understand what the cases are.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: introduce shadow_copy2_snapshot_path()

This builds the posix snapshot path for the connection
at the provided timestamp. For the non-snapdirseverywhere case.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: factor shadow_copy2_posix_gmt_string() out of shadow_copy2_insert_string()

for re-use..

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: shadow_copy2_insert_string(): do not prepend a "/" in absolute mode

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: make shadow_copy2_find_snapdir() return const char *

instead of char *. This eliminates compiler warnings.
snapdir is a const string in all occasions.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: in the classical case, use configured path in shadow_copy2_find_snapdir()

There is no point in searching for snapdir if not in snapdirseverywhere mode.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: implement disk_free

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: log resulting config at the end of shadow_copy2_connect()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add snapshot_basepath to the config.

This is the absolute version of snapdir.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add rel_connectpath to config.

This is the share root, relative to the basedir.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: introduce "shadow:mountpoint" option

Possiblity to explicitly set the share's mount point.
This is useful mainly for debugging and testing purposes.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: re-add the basedir option.

Disable basedir if it is not an absolute path or if
snapdirseverywhere or crossmountpoints is enabled.

Pair-Programmed-With: Björn Baumbach <bb@sernet.de>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: disable "snapdir:crossmountpoints" if the snapdir is absolute.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: introduce the bool "snapdir_absolute" in the config.

Not exposed but to be used internally.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: introduce config struct and function shadow_copy2_connect()

This moves the parsing of the config to a central place.
So users of configuation don't need to call lp_parm_... all the time.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comment explaining the SMB level GMT format pattern

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comment block explaining shadow_copy2_convert()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comment block explaining shadow_copy2_insert_string()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comment block explaining shadow_copy2_find_snapdir()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add header comment explaining have_snapdir()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: add comment header describing shadow_copy2_strip_snapshot()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

shadow_copy2: break overly long lines in shadow_copy2_snapshot_to_gmt()

According to coding guidelines.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Revert "Support UPN_DNS_INFO in the PAC"

This reverts commit a6be8a97f705247c1b1cbb0595887d8924740a71.

We fail (often) to parse a krb5pac type 12 buffer due to the incomplete change
which came in via a6be8a97f705247c1b1cbb0595887d8924740a71. This change came
into master and has only been released in RCs so no regression to published
4.0.x releases. We should revert this for 4.1 for now until we can make it work
in all cases (see work on this in
https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12).
Without this revert the entire PAC parsing may fail which can effect serious
implications (krb5 smb session setup not working).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct  3 17:08:46 CEST 2013 on sn-devel-104

Remove dead code. Now we have no SWAT we don't use the invalid_services array or associated counter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  3 03:22:36 CEST 2013 on sn-devel-104

smbd:smb2: fix error code when the header says the request is signed but we don't have a sesseion

I.e. when the request is a session setup.
We replied with ACCESS_DENIED, but windows expects USER_SESSION_DELETED

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct  2 22:07:44 CEST 2013 on sn-devel-104

s3:smb2_server: don't rely on the SMB2_HDR_FLAG_SIGNED if signing is required

Windows (at least the test suites) may skip the SMB2_HDR_FLAG_SIGNED
in a reauth session setup, but still provide a valid signature.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

librpc: Fix blank line endings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct  2 15:02:07 CEST 2013 on sn-devel-104

libndr: Fix ndr_print_bitmap_flag for value=0

Don't endlessly loop

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

librpc: return a ndr_pull_error instead of just NDR_ERR_NDR64 when upper bits of 64 bit value are not 0

Signed-off-by: Matthieu Patou <mat@matws.net>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

net: allow "net idmap get ranges" to list all ranges

Omission of SID parameter lists ranges for all domains.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Oct  2 12:23:33 CEST 2013 on sn-devel-104

idmap_autorid: allow iterate functions to operate on all domain ranges

by allowing handed in domsid to be NULL

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: implement "net idmap delete ranges"

Inspired by a patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_delete_domain_ranges()

This uses the new idmap_autorid_iterate_domain_ranges() function.
Based on earlier patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: add "net idmap get ranges" operation for autorid

Implemented using the idmap_autorid_iterate_domain_ranges_read() function.
Based on earlier patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_iterate_domain_ranges[_read]()

Functions to perform an action on all domain range mappings for
a given domain, specified by the domain sid.

Inspired by a previous patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: implement "net idmap delete range"

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_delete_range_by_num()

query and delete a mapping specified by the range number.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_delete_range_by_sid()

Delete a range mapping as specified by domain SID and range index.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_build_keystr_talloc()

talloc version of idmap_autorid_build_keystr()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: extend idmap_autorid_addrange to allow to set mappings below the HWM

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: implement "net idmap get range"

get the range for a domain sid and range index.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: improve clarity of idmap_autorid_addrange_action() by adding mem_ctx.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: add "net idmap set range" (for autorid backend)

This lets the admin store a range for a domain/index pair.
Call syntax is:

net idmap set range <RANGE> <DOMSID> [<INDEX>]

INDEX defaults to 0.

Pair-Programmed-With: Atul Kulkarni <atul.kulkarni@in.ibm.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

net idmap: add utility function parse_uint32()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

net: add "net idmap get config" to read the autorid config from the database

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: add "net idmap get" command

This has no subcommands yet and is added in preparation of adding some.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: add "net idmap set config" command to store the autorid global config

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

idmap_autorid: add idmap_autorid_saveconfigstr()

Store a configuration as provided by a config string
after parsing and validating the string.

Based on similar patch by Atul Kulkarni <atul.kulkarni@in.ibm.com>.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: add new function net_idmap_opendb_autorid()

This checks the backend is autorid, and opens the db if so.
If readonly == true, the DB is simply opened for reading.
If readonly == false, the DB is created if necessary and
initialized with HWMs.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Atul Kulkarni <atul.kulkarni@in.ibm.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: rename "idmap_dump_ctx" to "net_idmap_ctx".

This started specific, but is now generic.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

net: move the "net idmap delete" functionality to subcommand "net idmap delete mapping"

This is in preparation of adding more types of entries to delete...

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>