Andrew Bartlett [Fri, 6 Jul 2012 09:57:10 +0000 (19:57 +1000)]
pyldb: Add bindings for ldb_dn_remove_base_components
Andrew Bartlett [Fri, 6 Jul 2012 08:12:58 +0000 (18:12 +1000)]
s4-pydsdb: Add bindings for dsdb_find_nc_root()
Andrew Bartlett [Fri, 6 Jul 2012 10:48:34 +0000 (20:48 +1000)]
s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
This checks the type rather than just dereferencing the pointer.
Andrew Bartlett
Andrew Bartlett [Fri, 6 Jul 2012 10:41:10 +0000 (20:41 +1000)]
pyldb: Fix dn concat operation to be the other way around
This now concatonates Dn(ldb, "cn=config") + Dn(ldb, "dc=samba,dc=org") as "cn=config,dc=samba,dc=org"
Andrew Bartlett
Christof Schmitt [Thu, 5 Jul 2012 20:17:00 +0000 (13:17 -0700)]
auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 29 Jun 2012 15:59:36 +0000 (17:59 +0200)]
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104
Andreas Schneider [Fri, 29 Jun 2012 15:59:17 +0000 (17:59 +0200)]
s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np
Andreas Schneider [Fri, 29 Jun 2012 14:42:16 +0000 (16:42 +0200)]
s4-lsarpc: Restrict LookupSids3 to crypto connections only.
Andreas Schneider [Fri, 29 Jun 2012 14:41:29 +0000 (16:41 +0200)]
s4-lsarpc: Restrict LookupNames4 to crypto connections only.
Andreas Schneider [Wed, 27 Jun 2012 11:45:55 +0000 (13:45 +0200)]
s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.
Andreas Schneider [Wed, 27 Jun 2012 11:01:57 +0000 (13:01 +0200)]
s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.
Andreas Schneider [Thu, 5 Jul 2012 10:41:44 +0000 (12:41 +0200)]
selftest: Update knownfail list for samba4.rpc.lsalookup.
Andreas Schneider [Fri, 6 Jul 2012 06:04:45 +0000 (08:04 +0200)]
s4-selftest: Don't run lsarpc requiring a named pipe over tcpip.
Andreas Schneider [Fri, 29 Jun 2012 15:59:50 +0000 (17:59 +0200)]
s4-selftest: Don't plan lsa.secrets tests over tcpip.
These will only work over a named pipe or ncalrpc.
Andreas Schneider [Thu, 5 Jul 2012 22:01:41 +0000 (00:01 +0200)]
s4-libnet: Skip calling lsarpc functions over a wrong pipe.
Andreas Schneider [Thu, 5 Jul 2012 22:00:04 +0000 (00:00 +0200)]
s4-torture: Call lsarpc tests over the correct pipe.
Andreas Schneider [Thu, 5 Jul 2012 12:11:51 +0000 (14:11 +0200)]
s4-torture: Don't consider NONE_MAPPED an error in LookupSids3.
Andreas Schneider [Thu, 5 Jul 2012 12:11:25 +0000 (14:11 +0200)]
s4-torture: Don't consider NONE_MAPPED an error in LookupNames4.
Andreas Schneider [Fri, 29 Jun 2012 15:57:12 +0000 (17:57 +0200)]
s4-torture: Add a lsarpc test_GetUserName_fail function.
Andreas Schneider [Fri, 29 Jun 2012 15:50:06 +0000 (17:50 +0200)]
s4-torture: Add a lsarpc test_OpenPolicy2_fail function.
Andreas Schneider [Fri, 29 Jun 2012 14:50:38 +0000 (16:50 +0200)]
s4-torture: Add a lsarpc test_OpenPolicy_fail function.
Andreas Schneider [Fri, 29 Jun 2012 10:10:20 +0000 (12:10 +0200)]
s4-torture: Add a lsarpc test_LookupNames4_fail function.
Andreas Schneider [Fri, 29 Jun 2012 09:54:45 +0000 (11:54 +0200)]
s4-torture: Add a lsarpc test_LookupSids3_fail function.
Andreas Schneider [Tue, 26 Jun 2012 15:25:57 +0000 (17:25 +0200)]
s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
http://thread.gmane.org/gmane.network.protocol.cifs.general/291
Andreas Schneider [Mon, 25 Jun 2012 16:53:03 +0000 (18:53 +0200)]
s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
Andreas Schneider [Mon, 25 Jun 2012 16:49:11 +0000 (18:49 +0200)]
s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
See MS-LAT, Section 2.1 Transport.
Andreas Schneider [Mon, 25 Jun 2012 16:45:35 +0000 (18:45 +0200)]
s3-lsarpc: Restrict the transport for ncacn_np functions.
See MS-LAT, section 2.1 Transport.
Andreas Schneider [Tue, 3 Jul 2012 11:01:47 +0000 (13:01 +0200)]
s3-rpc: Return the correct ntstatus depending on the transport.
Andreas Schneider [Wed, 27 Jun 2012 13:21:11 +0000 (15:21 +0200)]
s3-rpc_server: Make it possible to use more rpc exceptions.
Andreas Schneider [Wed, 27 Jun 2012 09:15:05 +0000 (11:15 +0200)]
s3-selftest: Run lsa tests over np and tcpip.
Andreas Schneider [Wed, 27 Jun 2012 09:14:35 +0000 (11:14 +0200)]
s4-torture: Test LookupSids3/LookupNames4 over np and tcpip.
Andreas Schneider [Tue, 26 Jun 2012 08:38:08 +0000 (10:38 +0200)]
s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP.
Andreas Schneider [Tue, 26 Jun 2012 07:58:12 +0000 (09:58 +0200)]
s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP.
Andreas Schneider [Mon, 25 Jun 2012 17:06:34 +0000 (19:06 +0200)]
s4-torture: Make sure ncacn_np tests are only called over the a pipe.
Andreas Schneider [Mon, 25 Jun 2012 16:23:31 +0000 (18:23 +0200)]
s4-torture: Test LookupSids3 and LookupNames4 only over tcpip.
LookupSids3 and LookupNames4 are only available over tcpip and MUST
fail over named pipes.
Andreas Schneider [Mon, 25 Jun 2012 16:03:40 +0000 (18:03 +0200)]
s4-torture: Use test_LookupSids3 function.
Andreas Schneider [Mon, 25 Jun 2012 15:55:02 +0000 (17:55 +0200)]
s4-torture: Fix build warnings in lsa test.
Andrew Bartlett [Fri, 6 Jul 2012 05:40:02 +0000 (15:40 +1000)]
s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade
This makes it clear that they cannot be a DC until they are upgraded with
samba-tool domain dcpromo.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 6 09:59:13 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 6 Jul 2012 05:39:09 +0000 (15:39 +1000)]
s4-selftest: Test samba-tool domain dcpromo
This needs a new environment to test it properly. This requires a raise in the
number of socket wrapper interfaces.
Andrew Bartlett
Andrew Bartlett [Fri, 6 Jul 2012 05:38:06 +0000 (15:38 +1000)]
s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC
This command is like dcpromo in that it upgrades the existing workstation account
to be a domain controller.
The SID (and therefore any file ownerships) is preserved.
Andrew Bartlett
Andrew Bartlett [Fri, 6 Jul 2012 05:36:12 +0000 (15:36 +1000)]
s4-dsdb: Give a much better error message when parentGUID generation fails
Andrew Bartlett [Fri, 6 Jul 2012 05:35:42 +0000 (15:35 +1000)]
s4-dsdb: Use parent_object_guid to find the correct parent for new objects
This allows the parent to be renmaed while a new object is added on another replica.
This rename may also be a delete, in which case we must move it to lostandfound.
Andrew Bartlett
Björn Jacke [Wed, 13 Jun 2012 16:10:34 +0000 (18:10 +0200)]
talloc: remove unused variables
found by the IRIX compiler
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Jul 5 23:50:54 CEST 2012 on sn-devel-104
Björn Jacke [Thu, 5 Jul 2012 19:48:29 +0000 (21:48 +0200)]
lib/addns: remove defines we don't need or have for sure via libreplace
Björn Jacke [Thu, 5 Jul 2012 18:47:58 +0000 (20:47 +0200)]
lib/addns: remove use of uint8 uint16 and uint32 in favour of C99 types
Björn Jacke [Thu, 5 Jul 2012 09:43:16 +0000 (11:43 +0200)]
s3: evaluate MNT_QUOTA and MNT_RDONLY in statvfs also on darwin
Michael Adam [Tue, 3 Jul 2012 12:42:46 +0000 (14:42 +0200)]
s3:registry: untangle assignment from check in reg_enumkey()
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 5 17:57:16 CEST 2012 on sn-devel-104
Michael Adam [Tue, 3 Jul 2012 12:42:12 +0000 (14:42 +0200)]
s3:registry: untangle assignment from check in reg_enumvalue()
Björn Jacke [Wed, 4 Jul 2012 09:14:15 +0000 (11:14 +0200)]
s4/heimdal: fix make-proto.pl with perl 5.16
Thanks to Torsten Kurbad. This fixes #9025.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Jul 4 13:51:07 CEST 2012 on sn-devel-104
Björn Jacke [Wed, 4 Jul 2012 08:33:58 +0000 (10:33 +0200)]
replace: make the INT64_MAX define more portable
Björn Jacke [Tue, 3 Jul 2012 22:33:41 +0000 (00:33 +0200)]
s3: if we know a file is immutable, report it to be readonly
on *BSD we get the immutable flag via st_flags, we should use that if possible.
Rusty Russell [Wed, 4 Jul 2012 04:21:07 +0000 (13:51 +0930)]
ntdb: make --disable-ntdb work properly.
As per bug #9024, make --disable-ntdb work again.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Jul 4 08:11:33 CEST 2012 on sn-devel-104
Jeremy Allison [Tue, 3 Jul 2012 20:34:21 +0000 (13:34 -0700)]
Add waf/configure tests for openat.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 4 02:37:59 CEST 2012 on sn-devel-104
Jeremy Allison [Tue, 3 Jul 2012 22:32:10 +0000 (15:32 -0700)]
Move copy_unix_token() from locking/locking.c to lib/util.c.
Make public.
Jeremy Allison [Tue, 3 Jul 2012 19:39:23 +0000 (12:39 -0700)]
Add function set_thread_credentials_permanently(). Panic if fail.
Not yet used.
Jeremy Allison [Fri, 29 Jun 2012 23:18:10 +0000 (16:18 -0700)]
Allow init_aio_threadpool() to be setup for different threadpool handles with different completion functions.
Andreas Schneider [Fri, 22 Jun 2012 14:41:37 +0000 (16:41 +0200)]
doc: Remove references to deprecated 'share modes' parameter.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 3 23:49:18 CEST 2012 on sn-devel-104
Andreas Schneider [Fri, 22 Jun 2012 14:37:26 +0000 (16:37 +0200)]
s3-smbd: Remove deprecated 'share modes' option.
Andreas Schneider [Fri, 22 Jun 2012 14:32:59 +0000 (16:32 +0200)]
doc: Remove documentation for obsolete ldapsam_compat.
Andreas Schneider [Fri, 22 Jun 2012 14:27:56 +0000 (16:27 +0200)]
s3-passdb: Remove obsolte ldapsam_compat support.
Andreas Schneider [Fri, 22 Jun 2012 14:00:26 +0000 (16:00 +0200)]
doc: Remove all references to 'printer admin' option.
Andreas Schneider [Fri, 22 Jun 2012 13:38:25 +0000 (15:38 +0200)]
s3-printing: Remove deprecated lp_printer_admin().
Andreas Schneider [Fri, 22 Jun 2012 13:26:46 +0000 (15:26 +0200)]
doc: Remove documentation about idmap_adex.
Andreas Schneider [Fri, 22 Jun 2012 13:25:14 +0000 (15:25 +0200)]
s3-winbind: Remove obsolte idmap_adex.
Andrew Bartlett [Tue, 3 Jul 2012 11:46:51 +0000 (21:46 +1000)]
ldb: bump version due to header and internal implementation changes
We need this version, not the previous release, for Samba.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 3 17:20:32 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 3 Jul 2012 02:41:56 +0000 (12:41 +1000)]
WHATSNEW: Spell out version, avoid samba4 except to refer to the past
Björn Baumbach [Thu, 14 Jun 2012 17:07:23 +0000 (19:07 +0200)]
wafsamba: samba_version: add samba version suffix to vcs_fields
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 3 Jul 2012 01:57:22 +0000 (11:57 +1000)]
build: Run distcheck in the correct directory
This is a leftover from the move to the top level build.
Andrew Bartlett
Volker Lendecke [Fri, 29 Jun 2012 11:30:44 +0000 (13:30 +0200)]
s3: Fix Coverity ID 709217 Dereference after null check
A few lines before we did check for x != NULL. I think this might
fix a potential remote crash.
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jul 3 15:30:17 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 29 Jun 2012 10:37:40 +0000 (12:37 +0200)]
s3: Fix Coverity ID 709218 Uninitialized pointer read
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 2 Jul 2012 12:47:45 +0000 (14:47 +0200)]
s3:vfs: use smbXsrv_open instead of smbXsrv_open0 in files_struct
Michael Adam [Mon, 2 Jul 2012 12:46:32 +0000 (14:46 +0200)]
s3:vfs: use smbXsrv_tcon instead of smbXsrv_tcon0 in connection_struct.
Michael Adam [Mon, 2 Jul 2012 14:10:26 +0000 (16:10 +0200)]
s3:smb: include "smbXsrv.h" before "vfs.h"
This is still needed as long as smbXsrv_open/_tcon are referenced
in files_struct and connection_struct respectively. Eventually,
these structures should not have a backlink to the smb world any more.
Michael Adam [Mon, 2 Jul 2012 12:46:00 +0000 (14:46 +0200)]
s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available
This is currently needed for files_struct and connection_struct
that contain backlinks to smbXsrv_open and smbXsrv_tcon, respectively.
Finally, these backlinks to the smb level structures should be removed.
Michael Adam [Mon, 2 Jul 2012 11:37:07 +0000 (13:37 +0200)]
s3:smbd:smb2: fix prototype of make_connection_smb2() to use smbXsrv_tcon
instead of internal smbXsrv_tcon0.
Michael Adam [Mon, 2 Jul 2012 12:27:06 +0000 (14:27 +0200)]
s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available
Michael Adam [Mon, 2 Jul 2012 11:31:12 +0000 (13:31 +0200)]
s3:smbd:smb2: change smbXsrv_tcon0 to smbXsrv_tcon in smbd_smb2_request_check_tcon()
smbXsrv_tcon0 is the internal name for the (current) version0 of the
structure. Externally, only smbXsrv_tcon should be used.
Michael Adam [Mon, 2 Jul 2012 11:25:05 +0000 (13:25 +0200)]
s3:smbd:smb2: change smbXsrv_session0 to smbXsrv_session in struct user_struct.
smbXsrv_session0 is the internal name of (current) version 0 of
the structure. Externally, only smbXsrv_session should be used.
Amitay Isaacs [Tue, 3 Jul 2012 04:20:44 +0000 (14:20 +1000)]
samba-tool: gpo: Update copyright
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jul 3 09:10:21 CEST 2012 on sn-devel-104
Amitay Isaacs [Tue, 3 Jul 2012 04:55:10 +0000 (14:55 +1000)]
samba-tool: gpo: Improve error messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Tue, 3 Jul 2012 04:23:48 +0000 (14:23 +1000)]
samba-tool: gpo: Add del subcommand to delete GPO
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 04:22:42 +0000 (14:22 +1000)]
samba-tool: gpo: Add listcontainers subcommand to list containers using given GPO
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 04:17:48 +0000 (14:17 +1000)]
samba-tool: gpo: Use utility function dc_url() to set the connection url
In create and fetch subcommands, we also need to know DC hostname. So first
find a DC and use DC hostname to construct connection url. If ldap:// url is
specified with -H, then use that to construct DC hostname.
Amitay Isaacs [Tue, 3 Jul 2012 04:16:41 +0000 (14:16 +1000)]
samba-tool: gpo: Refactor code using utility functions
Amitay Isaacs [Tue, 3 Jul 2012 04:13:01 +0000 (14:13 +1000)]
samba-tool: gpo: Add utility functions get_gpo_containers and del_gpo_link
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch
Amitay Isaacs [Tue, 3 Jul 2012 00:58:37 +0000 (10:58 +1000)]
s4-pysmb: Add deltree() method to remove directory and its contents
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 01:27:21 +0000 (11:27 +1000)]
samba-tool: Fix indentation
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 01:26:41 +0000 (11:26 +1000)]
samba-tool: gpo: Use gpo (id) instead of gpo_dn (DN)
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 01:22:55 +0000 (11:22 +1000)]
samba-tool: gpo: Correct the attribute name from gPlink to gPLink
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Amitay Isaacs [Tue, 3 Jul 2012 01:21:25 +0000 (11:21 +1000)]
samba-tool: gpo: Fix policy DN
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
Jeremy Allison [Mon, 2 Jul 2012 21:08:41 +0000 (14:08 -0700)]
Fix the waf/autoconf builds to detect correctly the 32-bit or 64-bit syscall ABI on Linux.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 3 05:32:21 CEST 2012 on sn-devel-104
Jeremy Allison [Mon, 2 Jul 2012 17:22:10 +0000 (10:22 -0700)]
Ensure we select the correct syscall numbers on a 32-bit Linux system.
Andrew Bartlett [Mon, 2 Jul 2012 22:22:51 +0000 (08:22 +1000)]
VERSION: Move on to beta4!
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 3 02:44:15 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 2 Jul 2012 22:22:12 +0000 (08:22 +1000)]
VERSION: Mark as the beta3 release
Andrew Bartlett [Mon, 2 Jul 2012 22:54:57 +0000 (08:54 +1000)]
WHATSNEW: Mention Exchange 2010 support
Andrew Bartlett [Mon, 2 Jul 2012 22:21:23 +0000 (08:21 +1000)]
WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures
Andrew Bartlett [Sun, 1 Jul 2012 22:06:53 +0000 (08:06 +1000)]
s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
This support is too painful to use.
Andrew Bartlett
Andrew Bartlett [Sun, 1 Jul 2012 21:24:21 +0000 (07:24 +1000)]
s4-bind: Remove patches now incorporated into bind9
These patches are in bind9 now, and we do not recomment using them any more
as the improved version in bind 9.8 is much less prone to failure.
Andrew Bartlett
Andrew Bartlett [Sun, 1 Jul 2012 21:21:54 +0000 (07:21 +1000)]
s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.
If users are using this version, simply treat it as a static server.
Andrew Bartlett
Andrew Bartlett [Sat, 30 Jun 2012 08:30:57 +0000 (18:30 +1000)]
auth: Remove .get_challenge (only used for security=server)
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett