IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A SMB server should only care about specific SECINFO flags
and ignore others e.g. SECINFO_PROTECTED_DACL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is in preparation for adding NETWORK_INTERFACE_INFO Ioctl smbtorture test
case. This data structure is described in MS-SMB2 Sec. 2.2.32.5
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 26 17:30:00 CEST 2014 on sn-devel-104
Thanks to Noel Power <noel.power@suse.com> for finding this!
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
[ddiss@samba.org: changed Noel's address, as requested]
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun 12 16:01:10 CEST 2014 on sn-devel-104
This will make it easier in the future to NDR_PRINT a lease and
a lease key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
FSRVP can possibly return any HRESULT error in addition to it's own
specific errors. This change searches the HRESULT errors for a description
if the error doesn't match any of the known FSRVP ones.
Also removed some errors defined in fsrvp.idl (now that they are defined
in hresult.h)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This way we can alter the define depending on the generated code.
E.g python bindings won't have an 'ndr' struct available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should not be mixed with the object guid! They are different things!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should always go through just one code path to [re]set a value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The CHECK_SYNTAX macro is currently used to compare ndr_syntax_ids and
return false on mismatch. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 24 21:46:39 CET 2014 on sn-devel-104
The CHECK macro is currently used to dump error and return false on
VT condition check failure. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For Python bindings PIDL wants the struct to be defined as public if we
want to use __ndr_print/pack/unpack.
Define the [public] attribute to ForestTrustCollisionInfo/Record to
allow easier debugging when there is collision in establishing a trust.
This change does not affect C code as NDR functions are always
generated, only not exposed in Python bindings.
https://bugzilla.samba.org/show_bug.cgi?id=10504
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Mon Mar 24 12:44:50 CET 2014 on sn-devel-104
domains with more then 10 subdomains are not so uncommon.
https://bugzilla.samba.org/show_bug.cgi?id=10439
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Feb 13 16:30:50 CET 2014 on sn-devel-104
For now this is just an alternate wrapper to
access binding->object.
Currently callers are reusing binding->object to store the
abstract syntax id instead of just the object uuid.
Some services on Windows use the same GUID for the
'object' and the 'abstract syntax', but they are completely
different things!
Most services use a null object guid, some reuse the
guid of the abstract syntax and use it like a 'class' object.
But the object guid is only really used by DCOM,
in order to call functions relative to an object instance,
which a dynamically allocated object guid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We now make a copy of the given string, so that we can mark chunks
inline. Then we call dcerpc_binding_set_string_option() in order
to set the elements.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This allows get value string of a [key=value] option
of the dcerpc_binding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
dcerpc_floor_set_rhs_data() handles the special cases now
and we keep the 'host' part unmodified except
EPM_PROTOCOL_IP addresses. No special '\\' handling anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
For EPM_PROTOCOL_IP we can only marshal ipv4 addresses,
everything else gets '0.0.0.0' (4 zero bytes on the wire).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
We don't return any "const char *" values here, so give the caller
a chance to talloc_free() the result.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
See [MS-SWN] for the details.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
They can be used to parse a fragmented NDR byte stream.
ndr_pull_append() appends more data that can be processed
and ndr_pull_pop() removed already processed data.
This will be used to implement dcerpc pipes, where we can get
a verify large amount of pipe chunks, once we processed a chunk
we can forget about the related data, but we may need to keep some
bytes in order to get the alignment right.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This will be usefull to try parsing DCERPC pipe chunks for
LIBNDR_FLAG_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
If we pull a pipe chunk we need a way to check if we
have enough bytes to parse the complete chunk.
Setting ndr_pull->flags |= LIBNDR_FLAG_INCOMPLETE_BUFFER
would change NDR_ERR_BUFSIZE (and later maybe others)
into NDR_ERR_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This IDL code:
typedef [nodiscriminant] union {
[default] dcerpc_empty empty;
[case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
} dcerpc_object;
Compiles into the following default-before-case marshalling code:
switch (level) {
default: {
NDR_CHECK(ndr_push_dcerpc_empty(ndr, NDR_SCALARS, &r->empty));
break; }
case LIBNDR_FLAG_OBJECT_PRESENT: {
NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->object));
break; }
}
The default entry before case does not change the flow of execution but
is more logical when present at the end of the switch statement.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This extracts the dcerpc_sec_verification_trailer from the end
of an ndr_pull structure, it found it reduces ndr->data_size.
NDR_ERR_ALLOC is the only possible error, all other errors
are ignored and a trailer with command count = 0 is returned.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This helps wireshark reassamble the PDUs generated by socket_wrapper.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
See [MS-RPCE] 2.2.2.13 Verification Trailer for details.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
To [C706 - DCE 1.1: Remote Procedure Call] and [MS-RPCE].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This lets ndr_pull_subcontext_end() make sure that all
subcontext bytes are consumed otherwise it returns NDR_ERR_UNREAD_BYTES.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the gensec backend supports it there's no reason not sign the header.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should do this explicit instead of relying on
tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Previous implementation had a problem with NDR64 with uint32 and
uint3264 being in the wrong order
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104
In 816e68f94f the display of unset bits has been
effectively disabled while only the check for 0 bits was supposed to be avoided
(because it creates the infite loop).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 9 19:56:39 CEST 2013 on sn-devel-104
This reverts commit a6be8a97f7.
We fail (often) to parse a krb5pac type 12 buffer due to the incomplete change
which came in via a6be8a97f7. This change came
into master and has only been released in RCs so no regression to published
4.0.x releases. We should revert this for 4.1 for now until we can make it work
in all cases (see work on this in
https://git.samba.org/?p=gd/samba/.git;a=shortlog;h=refs/heads/master-krb5pac_type12).
Without this revert the entire PAC parsing may fail which can effect serious
implications (krb5 smb session setup not working).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10178
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 3 17:08:46 CEST 2013 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 2 15:02:07 CEST 2013 on sn-devel-104
That way we get hexdump -C style output for the content of the pipe chunks.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
It's much easier to look at hexdump -C style output than
a few thousand lines with 1 byte each.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
We control version numbers via 'vnum' from the wscript_build files for all other
libraries. In case of libndr we already reported a wrong 0.0.1 version via
pkgconfig while in fact the library is versioned as 0.0.2.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Thu Aug 22 20:48:44 CEST 2013 on sn-devel-104
[MS-DTYP].pdf 2.4.7
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
... saves 200 bytes on 64 bit Linux with -O3
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 14 22:27:43 CEST 2013 on sn-devel-104
Issue description: I was trying to add maximum number of aces on Microsoft
share, where I was able to add nearly 1800 aces on a file/folder SD. But Samba
does not support adding 1800 aces to SD instead it limited to 1000.
Expected behavior: Ideally SAMBA should also support as like Windows to compare
with Windows standard. Set to 2000 until we add EA limits in the server.
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104
Not sure if we need this, bug samba.org specifies it, so this can cause ANY queries
against samba.org to fail.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sun May 26 20:05:38 CEST 2013 on sn-devel-104
Not sure if we need this, but samba.org specifies it, so this could cause ANY
queries against samba.org to fail.
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Normally we would activate [ms_union] for the entire interface but given the
fact we use this IDL file also for custom-marshalled structures we would
generate union arm alignment also for the custom-marshalled unions where they
are inappropriate. Thus, only enable [ms_union] only for unions that are part of
the MS-RPRN IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This is to create IDL-stored NFSv4 ACLs, just as we use for posix ACLs
to permit better testing.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
The level5 driver does return only one of these flags with a different value,
will get fixed later.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 7 19:06:25 CET 2013 on sn-devel-104
This in turn causes an include of <net/if.h> to hang on some systems, as
/net/ means to run the automounter!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104
This will isolate the hash of the ACL from any intermediate mapping that
the POSIX -> NT mapping subsystem might need to do, and which might
change if we need to correct that mapping.
Andrew Bartlett
Previously marked as UNKNOWN_12 the UPN_DNS_INFO is defined in MS-PAC
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Sep 28 01:13:44 CEST 2012 on sn-devel-104
I've pushed the wrong branch for this, sorry about that.
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep 5 14:10:54 CEST 2012 on sn-devel-104
Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
ntprinting.idl:
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB *nt_dev_private;
} ntprinting_devicemode;
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB data;
} ntprinting_printer_data;
Signed-off-by: Günther Deschner <gd@samba.org>
This copes with the fact that r->sub_auths is a fixed-size array, not
an allocated pointer, and so will still have some bytes no filled in
if the sid did not have a MAX_SUB_AUTHS sub-authorities.
Andrew Bartlett
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.
Andrew Bartlett
Signed-off-by: Andreas Schneider <asn@samba.org>
This reverts commit 2642f38588.
This is not needed anymore, as 035342c117
"Fix bug #8373 - Can't join XP Pro workstations to 3.6.1 DC." is
the more generic fix for the problem.
metze
Treat LIBNDR_FLAG_NOALIGN and LIBNDR_FLAG_REMAINING the same as the
other align flags - make them mutually exclusive.
Combined work from Metze, Günther and Jeremy.
This started per https://bugzilla.samba.org/show_bug.cgi?id=8872#c4
and avoids any possible collision with a different process.
We also need to ensure that across a Samba installation on a single
node that id.vnn is the same. Samba4 previously used 0, while Samba3
used NONCLUSTER_VNN. When a message is sent between these 'different'
nodes, the error NT_STATUS_INVALID_DEVICE_REQUEST is raised.
Andrew Bartlett
From notify_internal.c:
/*
* The notify database is split up into two databases: One
* relatively static index db and the real notify db with the
* volatile entries.
*/
This change is necessary to make notify scale better in a cluster
In determining whether to compile a given .idl source file, build_idl.sh
currently checks:
a) that all build output files exist
b) build output files are newer than their corresponding .idl source
The .idl is rebuilt if either of the above conditions is false.
This logic does not catch the case where the pidl compiler itself is
changed. An IDL rebuild should occur in such a case.
https://bugzilla.samba.org/show_bug.cgi?id=8865
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Mon Apr 16 16:29:45 CEST 2012 on sn-devel-104
There is no need to return the PAC signatures via the special-purpose
torture element. Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
OpenPrinterEx requests have also been observed in the wild carrying
non-utf16 garbage after the device mode devicename field null
terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.
This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.
https://bugzilla.samba.org/show_bug.cgi?id=8606
Signed-off-by: Jeremy Allison <jra@samba.org>
The same as ndr_pull_charset(), however only perform character
conversion on bytes prior to and including the null terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).
Only for NT4 we need to do a downgrade to the returned negotiate flags.
See also 0970369ca0.
DRSUAPI_DRS_UPDATE flags are used in
DRS_MSG_REPMOD_V1 message structure when repsFrom
is modified via RPC. The RPCs are currently uncoded but
samba_kcc maintains the flags (and uses them to identify
what repsFrom changes are to be executed). These are currently
helpful to samba_kcc and are intended to ultimately be used in
RPCs.
Signed-off-by: Andrew Tridgell <tridge@samba.org>