1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

29374 Commits

Author SHA1 Message Date
Stefan Metzmacher
67767de4e9 s4:libcli: add support for SMB_EXTENDED_SIGNATURES during SMBtconX
metze
2012-08-04 09:10:22 +02:00
Stefan Metzmacher
8dafdb54e3 s4:dsdb:replicated_objects: do not move 'instanceType' to the end of msg->elements on RODC replication
It's very important that the order of msg->elements and md->ctr.ctr1.array
is the same.

metze
2012-08-03 08:27:58 +02:00
Björn Baumbach
d6428319d4 s4: samba_spnupdate: fix "if we are DNS server" check
We need to check if we have hasMasterNCs. If we are RODC we have
hasFullReplicaNCs instead of hasMasterNCs.

TODO: maybe check for hasFullReplicaNCs, too?

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-08-03 08:11:33 +02:00
Stefan Metzmacher
e9562530d9 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug  2 10:54:18 CEST 2012 on sn-devel-104
2012-08-02 10:54:18 +02:00
Stefan Metzmacher
95b64f08a3 s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag
metze
2012-08-02 09:00:24 +02:00
Andrew Tridgell
02dcf05914 heimdal: fixed -Werror=format error in com_err
This needs to be merged upstream

Autobuild-User(master): Andrew Tridgell <tridge@samba.org>
Autobuild-Date(master): Thu Aug  2 08:59:24 CEST 2012 on sn-devel-104
2012-08-02 08:59:24 +02:00
Stefan Metzmacher
d3aaa1ebc8 libcli/smb: move some TCON related defines to smb_constants.h
metze
2012-08-01 14:17:16 +02:00
Stefan Metzmacher
00cde56bfd s4:libcli/raw: remove unused smbcli_session->user_session_key
metze
2012-08-01 14:17:14 +02:00
Stefan Metzmacher
7977d90f1e s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key()
metze
2012-08-01 14:17:14 +02:00
Stefan Metzmacher
286e249737 s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key()
metze
2012-08-01 14:17:13 +02:00
Stefan Metzmacher
803fb40449 s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key()
metze
2012-08-01 14:17:13 +02:00
Stefan Metzmacher
ac1452c4f9 s4:libcli/smb_composite: make use of smb1cli_session_set_session_key()
metze
2012-08-01 14:17:12 +02:00
Stefan Metzmacher
1a9a910ce3 s4:libcli/smb_composite: always use set_user_session_key() helper
metze
2012-08-01 14:17:12 +02:00
Andrew Bartlett
31787417ca s4-repl: Add tests for add replication conflicts and use of LostAndFound
LostAndFound is used when we find children of a deleted object that are not themselves deleted.

Andrew Bartlett
2012-07-31 14:15:29 +02:00
Andrew Bartlett
6d1b8ff8a7 s4-dsdb: Replace any existing lastKnownParent attribute during delete
This allows a lastKnownParent from LostAndFound to be replaced.

Andrew Bartlett
2012-07-31 14:15:29 +02:00
Andrew Bartlett
fcb54ca25f s4-dsdb: Improve tracing in repl_meta_data
When we call ldb_module_done() rather than just calling the callback, we make log entries
that are critical in debugging.

Andrew Bartlett
2012-07-31 14:15:29 +02:00
Andrew Bartlett
bc5be09bae s4-dsdb: Handle rename conflicts in both directions
Previously we would only consider renaming the local object, now we can cope with
renaming the remote object as well.

This should avoid most of the cases where Samba AD replication can just stop.

Andrew Bartlett
2012-07-31 14:15:29 +02:00
Andrew Bartlett
221cd524e3 s4-dsdb: Request extended DN and show deleted when searching for a possible parent
This fixes up the lastKnownParent attribute on lostAndFound objects to have a GUID

(found by dbcheck).

Andrew Bartlett
2012-07-31 14:15:29 +02:00
Andrew Bartlett
d6f47bd5a3 s4-torture: Fix format string errors found by -Werror=format 2012-07-30 14:25:10 +10:00
Andrew Bartlett
2dfb2a4e45 s4-samba-tool ldapcmp: Fix synopsis
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 30 06:25:46 CEST 2012 on sn-devel-104
2012-07-30 06:25:46 +02:00
Andrew Bartlett
14bd5ca68f s4-samba-tool ldapcmp: Add ridNextRID and rIDPreviousAllocationPool as per-DC attributes 2012-07-30 12:30:28 +10:00
Andrew Bartlett
b567d3a607 s4-dsdb: Fill in lastKnownParent when moving to lostAndFound
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 16:51:34 CEST 2012 on sn-devel-104
2012-07-29 16:51:34 +02:00
Andrew Bartlett
54b83ce9b7 s4-dsdb: Do not strip base components off DN before searching for NC root 2012-07-29 22:55:33 +10:00
Andrew Bartlett
056b215156 s4-dsdb: Change move to lostAndFound to use container in this partiion and add debugging
The logic looking for LostAndFound failed for a user, so add extensive
debugging to make this eaiser to trace down in future.

Andrew Bartlett
2012-07-29 22:55:33 +10:00
Andrew Bartlett
03a75afa79 s4-dsdb: Provide a way to force incoming renames to take priority
This should mean that a samba-tool drs replicate --full-sync forces a
replication of all objects, regardless of if we think the local name
is newer and regards any local name as being in conflict.

Andrew Bartlett
2012-07-29 22:55:33 +10:00
Andrew Bartlett
26eb35409c s4-dsdb: Provide a way to handle conflicts due to rename
This allows us to proceed with replication when the source DC is sending us an object
which has a matching object in this NC (by name) but not by GUID.

Andrew Bartlett
2012-07-29 22:55:33 +10:00
Andrew Bartlett
fc6d7bfbe7 s4-librpc: Fix private context for dcerpc_connect_timeout_handler
This was incorrect in 02a356ea77.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 14:54:33 CEST 2012 on sn-devel-104
2012-07-29 14:54:32 +02:00
Andrew Bartlett
1547d5fe00 s4-repl: Use ldb_dn_new() to create the rootDSE DN
Based on a patch proposal by Matthieu Patou <mat@matws.net>.

Andrew Bartlett
2012-07-29 20:59:53 +10:00
Andrew Bartlett
de0b902ffa s4-repl: Use NULL for pointer test when checking for ldb_msg_new() failure 2012-07-29 20:59:53 +10:00
Andrew Bartlett
6a37b55dfb s4-dbcheck: Add lastKnownParent when moving an object to lostAndFound
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 28 05:40:43 CEST 2012 on sn-devel-104
2012-07-28 05:40:43 +02:00
Andrew Bartlett
b181a0b96b lib/param: Remove use of lp{cfg,}_socket_address outside the NBT client and server
In these other cases, control of the sockets to bind to can be obtained using
"bind interfaces only = yes" and "interfaces = ".

Andrew Bartlett
2012-07-27 17:59:51 +10:00
Stefan Metzmacher
0aac3c09f1 libcli/smb: pass smbXcli_session to smb2cli_tcon_set_values()
metze
2012-07-25 14:48:50 +02:00
Stefan Metzmacher
4d6d783afe s4:libcli/smb2: remove unused smb2_session->pid
metze
2012-07-25 12:15:05 +02:00
Stefan Metzmacher
e20e84d527 s4:libcli/smb2: remove unused variable
metze
2012-07-25 12:15:05 +02:00
Stefan Metzmacher
56aa419d87 libcli/smb: there's no PID field in the SMB2/3 header anymore
It's a reserved field...

metze
2012-07-25 12:15:05 +02:00
Stefan Metzmacher
7de4ae7f9f libcli/smb: pass smbXcli_tcon to smb2cli_req_create/send()
metze
2012-07-25 12:15:04 +02:00
Stefan Metzmacher
57fda88dfb s4:libcli/smb2: remove unused elements from smb2_tree
metze
2012-07-25 12:15:04 +02:00
Stefan Metzmacher
56af56d041 s4:torture/smb2: create temporary smbXcli_tcon/session structures instead of changing them
metze
2012-07-25 12:15:04 +02:00
Stefan Metzmacher
72e047f7c5 s4:torture/smb2: use smb2cli_tcon_capabilities()
metze
2012-07-25 12:15:03 +02:00
Stefan Metzmacher
18bd029ffb s4:torture: remove unused shm_setup()
metze
2012-07-25 12:15:02 +02:00
Stefan Metzmacher
97b1776cb6 s4:torture: replace shm_setup() with anonymous_shared_allocate()
metze
2012-07-25 12:15:02 +02:00
Stefan Metzmacher
41538b17c5 s4:libcli/smb2: setup a smbXcli_tcon for each smb2_tree
metze
2012-07-24 22:20:06 +02:00
Stefan Metzmacher
b9100a7ac4 libcli/smb: pass down smbXcli_tcon to smb1cli_req_create/send() and smb1cli_trans*
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 21:22:44 CEST 2012 on sn-devel-104
2012-07-24 21:22:44 +02:00
Stefan Metzmacher
29dc01b175 s4:libcli/raw: setup a smbXcli_tcon for each smbcli_tree
metze
2012-07-24 18:44:05 +02:00
Stefan Metzmacher
cc0d490630 s4:libcli/raw: parse extended SMBtconX responses
metze
2012-07-24 18:44:04 +02:00
Stefan Metzmacher
a6e5b98827 s4:libcli/raw: fix SMBtconX response parsing
metze
2012-07-24 18:44:03 +02:00
Andrew Bartlett
b94ab3c608 lib/param: Remove 'case insensitive filesystem'
We use the slightly confusing 'case sensitive = yes' option for the same behaviour.

This avoids adding even more confusing documentation for the ntvfs-only option.

Andrew Bartlett
2012-07-24 10:46:12 +10:00
Andrew Bartlett
8b1a9f3ebd lib/param: Remove "ntptr providor" and hard-code in s4 spoolss server
This stub codebase does not justify a merged parameter.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-24 10:46:12 +10:00
Jeremy Allison
4c1762c3a8 Fix debug print warning message. 2012-07-24 00:09:46 +02:00
Stefan Metzmacher
43b070d8dd libcli/smb: pass down smbXcli_session to smb1cli_req_create/send() and smb1cli_trans*
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 24 00:08:58 CEST 2012 on sn-devel-104
2012-07-24 00:08:58 +02:00
Stefan Metzmacher
af90c71ed8 s4:libcli/raw: setup a smbXcli_session for each smbcli_session
metze
2012-07-23 22:13:29 +02:00
Geza Gemes
e2cea8fbea s4-classicupgrade: Add unix attributes during upgrade
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
2012-07-22 13:20:19 +02:00
Sergey Urushkin
e8b3b1c110 s4 rfc2307 gids mapping fix
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-22 19:11:26 +10:00
Jeremy Allison
2922fdaaf0 Move source4/smbd/pidfile into lib/util in preparation for making it in common. 2012-07-19 15:41:52 -07:00
Andrew Bartlett
8822b3b662 s4-param: Remove unused "idmap trusted only"
When we revamp the idmap layer, we will end up just following the s3
options, and this option is not used there either.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-19 08:02:32 +02:00
Andrew Bartlett
faa9b2e1b1 s4-torture: Move check of map-to-guest above SID list check
This makes it easier to interpret failing output.

Andrew Bartlett
2012-07-19 04:04:20 +02:00
Andrew Bartlett
624f11e4b4 s4-torture: Allow unix.whoami to test against a member server
This compares only the domain SIDs betwen the two servers, rather than
the full token, as well known and other SIDs may be added locally
in both cases.

This also expands the test environments this is run against to verify
this between our AD server and domain members.

Andrew Bartlett
2012-07-19 04:04:20 +02:00
Andrew Bartlett
8825085ea4 s4-torture: Also print GID values in whoami test 2012-07-19 04:04:20 +02:00
Christof Schmitt
6305b4b64f torture: Print SIDs as additional debug output in unix.whoami 2012-07-19 04:04:20 +02:00
Andrew Bartlett
d0d05f8474 s4-lib/tls: Try socket_send() multiple times to send partial packets
This works around an artificial limitation in socket_wrapper that breaks
some versions of GnuTLS when we return a short write.

Instead, keep pushing until the OS will not take it.

The correct solution will be to use tls_tstream, but the client code
for this is not yet tested and needs the ldap client layer changed
to use it.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 18 11:23:55 CEST 2012 on sn-devel-104
2012-07-18 11:23:55 +02:00
Andrew Bartlett
02a356ea77 s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.

This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Andrew Bartlett
fc36ebfa78 s4-dbcheck: Check for and correct incorrect instanceType values 2012-07-18 09:32:53 +02:00
Andrew Bartlett
e4001a78c1 dsdb: Allocate new OID to allow updates of a read-only replica
Normally this would be a very bad idea, but the specific case of fixing the instanceType
is the only case where this makes sense.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Andrew Bartlett
5630e25a35 s4-dsdb: Allow dbcheck to correct an incorrect instanceType 2012-07-18 09:32:53 +02:00
Andrew Bartlett
96db13405b s4-dsdb: Ensure we never write read-only objects onto a read-write replica
We should prevent this much further up the stack, but at least add a choke
at this point for now.

Additionally, this avoids administrator-forced replications causing
considerable damange to the directory.

Andrew Bartlett
2012-07-18 09:32:53 +02:00
Rusty Russell
127352c78c source4/torture: add talloc_stackframe()
We need a stackframe to call lp_load().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Jul 18 09:31:07 CEST 2012 on sn-devel-104
2012-07-18 09:31:07 +02:00
Andreas Schneider
18692b060f s4-auth: Make sure we use the correct credential state.
If we create a copy of the credential state we miss updates to the
credentials.

To establish a netlogon schannel connection we create client credentials
and authenticate with them using

dcerpc_netr_ServerAuthenticate2()

For this we call netlogon_creds_client_authenticator() which increases
the sequence number and steps the credentials. Lets assume the sequence
number is 1002.

After a successful authentication we get the server credentials and we
send bind a auth request with the received creds. This sets up gensec
and the gensec schannel module created a copy of the client creds and
stores it in the schannel auth state. So the creds stored in gensec have
the sequence number 1002.

After that we continue and need the client credentials to call

dcerpc_netr_LogonGetCapabilities()

to verify the connection. So we need to increase the sequence number of
the credentials to 1004 and step the credentials to the next state. The
server always does the same and everything is just fine here.

The connection is established and we want to do another netlogon call.
So we get the creds from gensec and want to do a netlogon call e.g.

dcerpc_netr_SamLogonWithFlags.

We get the needed creds from gensec. The sequence number is 1002 and
we talk to the server. The server is already ahead cause we are already
at sequence number 1004 and the server expects it to be 1006. So the
server gives us ACCESS_DENIED cause we use a copy in gensec.

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 13:26:37 +02:00
Andreas Schneider
197781a651 s4-librpc: Add capabilities check for AES encrypted connections.
Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 13:26:34 +02:00
Andreas Schneider
a3e835635c s4-torture: Improve samlogon test. 2012-07-17 10:58:39 +02:00
Andreas Schneider
2c3dc04be2 s4-torture: Add DCERPC_SCHANNEL_AES tests.
Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
04d770adac s4:rpc_server/netlogon: add support for AES based netlogon schannel
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
780006db9d s4:librpc/rpc: add DCERPC_SCHANNEL_AES support
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
99231181e3 s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
e48aabc006 s4:rpc_server/netlogon: implement netr_LogonGetCapabilities
This is also needed to support AES.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
342a2e6181 s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodc
The RODC stuff doesn't depend on the schannel algorithm.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
e7c7a91130 s4:librpc/rpc/dcerpc_schannel: rework downgrade logic
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Andrew Bartlett
6d24c899db s4-param: Use a unique header name 2012-07-15 11:49:29 +10:00
Geza Gemes
70de501d6a s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
When provisioning with --use_rfc2307=yes populate the subtree:
CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it
possible to manipulate the posix attributes via ADUC

(commit message adjusted by abartlet)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-13 06:00:17 +02:00
Michael Adam
bf650a1b59 s4:registry:regdiff: use existing talloc context for the event context
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 13 02:51:44 CEST 2012 on sn-devel-104
2012-07-13 02:51:44 +02:00
Michael Adam
342ab97506 s4:registry:regdiff: add TALLOC_CTX * argument to open_backend() 2012-07-13 00:57:20 +02:00
Michael Adam
6ee16cefc9 s4:registry: add a TALLOC_CTX argument to reg_open_remote() 2012-07-13 00:57:19 +02:00
Günther Deschner
4cafbb4e74 s4-torture: add ntprinting ndr operations testsuite.
Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul  6 20:55:26 CEST 2012 on sn-devel-104
2012-07-06 20:55:25 +02:00
Andrew Bartlett
4654dcaae7 s4-selftest: do a dbcheck on our two vampire DCs
However, due to using --domain-critical-only we have to knownfail the
vampire DC here, as we do not fill in the backlinks on non-critical
objects correctly.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  6 16:54:10 CEST 2012 on sn-devel-104
2012-07-06 16:54:09 +02:00
Andrew Bartlett
f9d90922f5 s4-dbcheck: Check for an object without a parent
Such objects are then moved to the appropriate LostAndFound container,
just as they would be if replicated.

Andrew Bartlett
2012-07-06 22:55:50 +10:00
Andrew Bartlett
7782e334b9 s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn 2012-07-06 22:55:50 +10:00
Andrew Bartlett
023508ed17 pydsdb: Add bindings for dsdb_wellknown_dn() 2012-07-06 22:55:50 +10:00
Andrew Bartlett
e4077a8ca5 s4-pydsdb: Add bindings for dsdb_find_nc_root() 2012-07-06 22:45:34 +10:00
Andrew Bartlett
507e6fdce5 s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
This checks the type rather than just dereferencing the pointer.

Andrew Bartlett
2012-07-06 22:45:34 +10:00
Christof Schmitt
7285ed586f auth: Common function for retrieving PAC_LOGIN_INFO from PAC
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-06 20:45:51 +10:00
Andreas Schneider
a49eb60e04 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 11:50:40 CEST 2012 on sn-devel-104
2012-07-06 11:50:40 +02:00
Andreas Schneider
1744e99d0a s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np 2012-07-06 10:00:58 +02:00
Andreas Schneider
997c780d24 s4-lsarpc: Restrict LookupSids3 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
1a12bbd5d8 s4-lsarpc: Restrict LookupNames4 to crypto connections only. 2012-07-06 10:00:58 +02:00
Andreas Schneider
13a7f98f9f s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3. 2012-07-06 10:00:58 +02:00
Andreas Schneider
9fa979c934 s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4. 2012-07-06 10:00:58 +02:00
Andreas Schneider
de54047c05 s4-selftest: Don't run lsarpc requiring a named pipe over tcpip. 2012-07-06 10:00:58 +02:00
Andreas Schneider
48b30bfce6 s4-selftest: Don't plan lsa.secrets tests over tcpip.
These will only work over a named pipe or ncalrpc.
2012-07-06 10:00:58 +02:00
Andreas Schneider
0b93587b7e s4-libnet: Skip calling lsarpc functions over a wrong pipe. 2012-07-06 10:00:58 +02:00
Andreas Schneider
027b913a25 s4-torture: Call lsarpc tests over the correct pipe. 2012-07-06 10:00:58 +02:00
Andreas Schneider
a070ce3555 s4-torture: Don't consider NONE_MAPPED an error in LookupSids3. 2012-07-06 10:00:57 +02:00
Andreas Schneider
2a46c7fff2 s4-torture: Don't consider NONE_MAPPED an error in LookupNames4. 2012-07-06 10:00:57 +02:00
Andreas Schneider
eeba5ad9fa s4-torture: Add a lsarpc test_GetUserName_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
5dc5cdaa6c s4-torture: Add a lsarpc test_OpenPolicy2_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
39a13d1981 s4-torture: Add a lsarpc test_OpenPolicy_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
4ece074f25 s4-torture: Add a lsarpc test_LookupNames4_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
ed7be198c4 s4-torture: Add a lsarpc test_LookupSids3_fail function. 2012-07-06 10:00:57 +02:00
Andreas Schneider
47e5a8c2b3 s4-torture: Test LookupSids3/LookupNames4 over np and tcpip. 2012-07-06 10:00:56 +02:00
Andreas Schneider
1c46bffb11 s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP. 2012-07-06 10:00:56 +02:00
Andreas Schneider
8bc4d7a3e6 s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP. 2012-07-06 10:00:56 +02:00
Andreas Schneider
22da7106b3 s4-torture: Make sure ncacn_np tests are only called over the a pipe. 2012-07-06 10:00:56 +02:00
Andreas Schneider
00171a549a s4-torture: Test LookupSids3 and LookupNames4 only over tcpip.
LookupSids3 and LookupNames4 are only available over tcpip and MUST
fail over named pipes.
2012-07-06 10:00:56 +02:00
Andreas Schneider
682277b44c s4-torture: Use test_LookupSids3 function. 2012-07-06 10:00:56 +02:00
Andreas Schneider
1000884bb3 s4-torture: Fix build warnings in lsa test. 2012-07-06 10:00:56 +02:00
Andrew Bartlett
8f443895f2 s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade
This makes it clear that they cannot be a DC until they are upgraded with
samba-tool domain dcpromo.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  6 09:59:13 CEST 2012 on sn-devel-104
2012-07-06 09:59:13 +02:00
Andrew Bartlett
2908bbe06a s4-selftest: Test samba-tool domain dcpromo
This needs a new environment to test it properly.  This requires a raise in the
number of socket wrapper interfaces.

Andrew Bartlett
2012-07-06 08:10:18 +02:00
Andrew Bartlett
1c86ab9c50 s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC
This command is like dcpromo in that it upgrades the existing workstation account
to be a domain controller.

The SID (and therefore any file ownerships) is preserved.

Andrew Bartlett
2012-07-06 08:10:18 +02:00
Andrew Bartlett
c436f986ca s4-dsdb: Give a much better error message when parentGUID generation fails 2012-07-06 08:10:18 +02:00
Andrew Bartlett
8b32d9ad2d s4-dsdb: Use parent_object_guid to find the correct parent for new objects
This allows the parent to be renmaed while a new object is added on another replica.

This rename may also be a delete, in which case we must move it to lostandfound.

Andrew Bartlett
2012-07-06 08:10:18 +02:00
Björn Jacke
bb4995b0d1 s4/heimdal: fix make-proto.pl with perl 5.16
Thanks to Torsten Kurbad. This fixes #9025.

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Jul  4 13:51:07 CEST 2012 on sn-devel-104
2012-07-04 13:51:07 +02:00
Amitay Isaacs
01a425e534 samba-tool: gpo: Update copyright
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jul  3 09:10:21 CEST 2012 on sn-devel-104
2012-07-03 09:10:21 +02:00
Amitay Isaacs
5c9ecb4082 samba-tool: gpo: Improve error messages
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2012-07-03 15:20:42 +10:00
Amitay Isaacs
df4a6e3a3f samba-tool: gpo: Add del subcommand to delete GPO
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:42 +10:00
Amitay Isaacs
8768f4fc34 samba-tool: gpo: Add listcontainers subcommand to list containers using given GPO
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:42 +10:00
Amitay Isaacs
0365df93e6 samba-tool: gpo: Use utility function dc_url() to set the connection url
In create and fetch subcommands, we also need to know DC hostname. So first
find a DC and use DC hostname to construct connection url. If ldap:// url is
specified with -H, then use that to construct DC hostname.
2012-07-03 15:20:42 +10:00
Amitay Isaacs
a9c4336733 samba-tool: gpo: Refactor code using utility functions 2012-07-03 15:20:42 +10:00
Amitay Isaacs
5ca24346bf samba-tool: gpo: Add utility functions get_gpo_containers and del_gpo_link
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch
2012-07-03 15:20:42 +10:00
Amitay Isaacs
e3828d4ccb s4-pysmb: Add deltree() method to remove directory and its contents
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:41 +10:00
Amitay Isaacs
807ff1e343 samba-tool: Fix indentation
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:41 +10:00
Amitay Isaacs
e93ed5f69a samba-tool: gpo: Use gpo (id) instead of gpo_dn (DN)
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:41 +10:00
Amitay Isaacs
963f0df179 samba-tool: gpo: Correct the attribute name from gPlink to gPLink
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:41 +10:00
Amitay Isaacs
7563032acd samba-tool: gpo: Fix policy DN
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03 15:20:41 +10:00
Andrew Bartlett
d31f55b297 s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
This support is too painful to use.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
5de841f6f2 s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.

If users are using this version, simply treat it as a static server.

Andrew Bartlett
2012-07-03 08:13:02 +10:00
Andrew Bartlett
eba8799514 auth: Remove .get_challenge (only used for security=server)
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett
2012-07-03 08:13:01 +10:00
Günther Deschner
2105400028 s4-torture: more printf removal from samlogon torture test.
Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul  2 17:19:55 CEST 2012 on sn-devel-104
2012-07-02 17:19:55 +02:00
Jeremy Allison
821bd95156 Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
2012-06-28 17:15:16 -07:00
Andrew Bartlett
a29bf4acf5 selftest: run pdbtest against s3dc as well
This validates the password expiry, account disable in the s3 auth code
and the save/restore of values in tdbsam.

It also provides the first test of some net sam set subcommands.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 20:39:38 CEST 2012 on sn-devel-104
2012-06-28 20:39:38 +02:00
Andrew Bartlett
30fd88ed65 selftest: use a loop rather than declare tests for both dc and s3dc 2012-06-28 18:46:23 +02:00
Günther Deschner
7468ce6f93 s4-torture: fix typo in samlogon test.
Guenther

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Jun 28 18:43:46 CEST 2012 on sn-devel-104
2012-06-28 18:43:46 +02:00
Günther Deschner
4aaeed2dac s4-torture: use torture context for printing debug output.
Guenther
2012-06-28 16:45:10 +02:00
Rusty Russell
f80e399ab2 source4/smbd/pidfile: don't panic if pid file is corrupt.
In particular, on a virtual machine after a forced reboot, it
contained "Ille" instead of a valid PID.  Given it was the right
length, I'm assuming it was filesystem corruption.

process_exists_by_pid() then panics, when given a pid < 1.

Reported-by: lostogre on #samba-technical
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Thu Jun 28 05:19:24 CEST 2012 on sn-devel-104
2012-06-28 05:19:24 +02:00
Andrew Bartlett
471a6b3992 s4-selftest: expand passdb testing
This tests pdb_samba4 in the first instance
2012-06-27 11:29:17 +02:00
Andrew Bartlett
6f71878263 s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it non-critical 2012-06-27 11:29:17 +02:00
Andrew Bartlett
165521a9b9 s4-dsdb: Remove hooks for non-directory password handling
This was an interesting hack, and the local_password module still exists, but
until it has a use case and a test case, remove the bypass of password_hash.

Andrew Bartlett
2012-06-27 11:29:17 +02:00
David Disseldorp
98ec5e95ca s3-torture: Use static printer for smbd spooler test
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun 26 18:04:43 CEST 2012 on sn-devel-104
2012-06-26 18:04:43 +02:00
David Disseldorp
33f08906c6 torture: add test for smbd print job spooling
Clients can print by performing file IO on a printer share, rather than
issuing spoolss RPCs.
This commit attempts to reproduce bug 8719.
2012-06-26 16:10:39 +02:00
Andrew Bartlett
43555d6439 s4-samldb: do not talloc_steal() the elements of the original request 2012-06-26 14:10:17 +02:00
Andrew Bartlett
c983ea8e5d s4-join: Setup correct DNS configuration
This means we do not need to run samba_upgradedns any more.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 24 18:10:10 CEST 2012 on sn-devel-104
2012-06-24 18:10:10 +02:00
Andrew Bartlett
02cbc3fbb6 s4-samba_upgradedns: Do not set DNS account for internal server
The internal DNS server does not need the samba-only NAME-dns
account.

Andrew Bartlett
2012-06-25 00:26:41 +10:00
Andrew Bartlett
01f52239dc s4-join: Import DNS zones in AD DC join 2012-06-25 00:26:41 +10:00
Andrew Bartlett
0eab44c297 selftest: Test unix.whoami with kerberos on plugin_s4_dc
This also tests the comparison with LDAP on anonymous connections
and marks this as knownfail, while we investigate the correct
behaviour here.

Andrew Bartlett
2012-06-24 23:46:10 +10:00
Andrew Bartlett
f199c5dbc0 s4-classicupgrade: Allow DNS backend to be specified 2012-06-24 23:46:09 +10:00
Andrew Bartlett
73a33be036 s4-drepl: Ensure that the op->source does not get deallocated too early
We need to have the struct dreplsrv_partition_source_dsa around until the end of the
async op, so we use talloc_reference after carefully checking the callers and
making the modifications required.

This prevents a crash when replicating partitions in the vampire_dc test after
adding DNS replication at join time.

Andrew Bartlett
2012-06-24 23:46:09 +10:00
Matthieu Patou
763f9e8201 selftest: schema is not automatically reloaded now so if you modify it you have to reload it
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Sat Jun 23 10:48:13 CEST 2012 on sn-devel-104
2012-06-23 10:48:13 +02:00
Matthieu Patou
c00485b258 s4-dsdb: operational handle modifyTimeStamp on the CN=aggregate DN
modifyTimeStamp is a generated attribute, for most object it's generated
directly from the whenChanged attribute. But for the CN=aggregate object
in the schema we have to handle it in a different way, that's because
for this object whenChanged!=modifyTimeStamp (as checked against Windows
2003R2 DCs) instead the modifyTimeStamp reflect the timestamp of the
most recently modified and loaded schema object (that is to the one with
the highest USN before the schema was reload due to timeout or by the
reloadSchemaNow command).
Some third party are using this information to know if they have to
update their schema cache and also to check that schema updates have
been correctly reloaded by the DC, a good example of this behavior is
exchange 2010.
2012-06-22 23:42:08 -07:00
Matthieu Patou
2f3adc001e s4-schema: improve the documentation of the dsdb_schema structure 2012-06-22 23:42:08 -07:00
Matthieu Patou
718ed842ba s4-dsdb: Check for key SCHEMA_SEQ_NUM in metadata.tdb updates
If the value has changed then reload the schema, this means that now the
schema is only reloaded on a periodical basis or if we have been asked
explicitly to do it and not necesserly if the schema partition has
changed.
2012-06-22 23:42:08 -07:00
Matthieu Patou
6f3a8b41f5 s4-dsdb: Add/Update SCHEMA_SEQ_NUM key in the metadata.tdb after schemaUpdateNow
The idea is to signal to other process accessing the database that the
schema was forced to be reloaded and so they should reload as well.
2012-06-22 23:22:04 -07:00
Matthieu Patou
9f1213d954 s4-drs: if schema has changed during replication notify other process that they have to reload the schema 2012-06-22 23:22:04 -07:00
Matthieu Patou
f2deb05f77 s4-dsdb: move schema_load at the top of module stack 2012-06-22 23:22:03 -07:00
Matthieu Patou
283af3857c s4-extended: do not try to fix if there is no schema 2012-06-22 23:22:03 -07:00
Matthieu Patou
9374ee1ba1 s4-schema: keep track of the timestamp of the most recently changed/created object 2012-06-22 23:22:03 -07:00
Matthieu Patou
2d20a918db s4-schema: generalized time use its own syntax now 2012-06-22 23:22:03 -07:00
Matthieu Patou
884d66d959 s4-drsuapi: Fix a const warning 2012-06-22 23:22:02 -07:00
Matthieu Patou
392e83ffe6 s4-drsuapi: rework the crackname implementation of functionnal names 2012-06-22 23:22:02 -07:00
Matthieu Patou
f421aa8218 s4-dsdb-linkedattributes: register the VERIFY_NAME control, handle it when we are a GC
In theory when presented this control and not a GC we should use the
specified name as the DC to contact for cross-domain link verification.
But for the moment we don't support this so we just fail when we have
this control and are not a GC.
2012-06-22 23:22:02 -07:00
Matthieu Patou
f110f2d63f s4-ldap: handle VERIFY_NAME control encoding/decoding 2012-06-22 23:22:02 -07:00
Matthieu Patou
d7aa7e8ef0 s4-dsdb: support otherWellKnownObjects 2012-06-22 23:22:02 -07:00
Matthieu Patou
6edd940135 s4-dsdb: Try to avoid much of the time a db search for msDS-IntID
We search in the schema if we have already this intid (using dsdb_attribute_by_attributeID_id because
in the range 0x80000000 0xBFFFFFFFF, attributeID is a DSDB_ATTID_TYPE_INTID).
If so generate another random value.
If not check if the highest USN in the database for the schema partition is the
one that we know.
If so it means that's only this ldb context that is touching the schema in the database.
If not it means that's someone else has modified the database while we are doing our changes too
(this case should be very bery rare) in order to be sure do the search in the database.
2012-06-22 23:22:02 -07:00
Matthieu Patou
1521bb95a7 dsdb-schema: do not reload more often than schema_reload_interval
Samba 4 use to try to reload the schema every time dsdb_get_schema was
called (which could be 20+ time per ldb request). Now we only reload at
most every xx seconds (xx being the value of dsdb:"schema_reload_interval"
 or 120). The timestamp of the last reloaded schema is kept in the
 dsdb_schema object. There is also a timestamp in the ldb_context, that
 is used by the LDAP server to know if it has to reload the schema after
 handling the request. This is used to allow that the schema will be
 immediately reload after a schemaUpdateNow request has been issued, the
 reload can't occur in the handling of the LDAP request itself because
 we have a transaction autostarted.
2012-06-22 23:16:04 -07:00
Matthieu Patou
f8fd615c59 s4-dsdb: fix a warning about unused variable 2012-06-22 23:16:04 -07:00
Stefan Metzmacher
9c44f40b8d s4:torture/raw: add raw.session.expire1
This demonstrates the interaction of CAP_DYNAMIC_REAUTH
and NT_STATUS_NETWORK_SESSION_EXPIRED.

metze
2012-06-22 12:56:48 +02:00
Stefan Metzmacher
31ad4d77e3 s4:torture/smb2: run smb2.session.reauth5 in a subdirectory
This way we can give anonymous full access to the directory.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 11:30:06 CEST 2012 on sn-devel-104
2012-06-22 11:30:05 +02:00
Stefan Metzmacher
0c54e7c936 s4:torture/smb2: add smb2.durable-open.lock-oplock
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 22 03:37:54 CEST 2012 on sn-devel-104
2012-06-22 03:37:54 +02:00
Stefan Metzmacher
7d8db45028 s4:torture/smb2: rename smb2.durable-open.lock to smb2.durable-open.lock-lease
metze
2012-06-22 01:47:33 +02:00
Jelmer Vernooij
cbd660d013 samdb: Accept a list of member variables rather than a comma-separated string. 2012-06-21 18:05:33 +02:00
Andrew Bartlett
33ff033204 s4-provision: Give better clues on what Samba needs for s3fs ACL support
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 21 14:07:55 CEST 2012 on sn-devel-104
2012-06-21 14:07:55 +02:00
Stefan Metzmacher
9089d487c4 s4:torture/smb2: add smb2.durable-open.delete_on_close1
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jun 21 10:19:00 CEST 2012 on sn-devel-104
2012-06-21 10:19:00 +02:00
Amitay Isaacs
17ad62b33a samba-tool: gpo: Fix creation of filesystem ACL from directory ACL
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jun 21 03:25:57 CEST 2012 on sn-devel-104
2012-06-21 03:25:57 +02:00
Amitay Isaacs
0c29804bb0 s4-pysmb: Parse security info as an unsigned integer 2012-06-21 09:41:46 +10:00
Andrew Bartlett
bc9e12183f s4-torture: Expand whoami test to confirm the user token.
This uses the tokenGroups attribute on LDAP and the posix whoami call
to confirm that user token matches between LDAP and CIFS.

I have a seperate patch for the anonymous case, because this isn't
consistent at this stage, and we need to study and fix that.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 20 18:43:43 CEST 2012 on sn-devel-104
2012-06-20 18:43:43 +02:00
Andrew Bartlett
06243510dc s4-torture: Change the unix.whoami test to use torture_assert() 2012-06-20 16:52:05 +02:00
Andrew Bartlett
352dbddb6d s4-idmap: Add parameter 'idmap_ldb:use rfc2307' and correct implementation errors 2012-06-20 16:22:41 +10:00
Andrew Bartlett
2b50e8c534 s4-provision: Remove --slapd-path option
This just leaves a default enough for the test code to still check the start
of the provision.  This may well be removed in future, and we wish to reduce
the extra options to provision.

Andrew Bartlett
2012-06-20 16:22:41 +10:00
Andrew Bartlett
706a998c1f s4-provision: Remove last unused remenants of the 'sid generator' configuration
This was part of the now-abandoned S4 AD LDAP backend project.

Andrew Bartlett
2012-06-20 16:22:41 +10:00
Andrew Bartlett
7f498f8987 Revert "s4-libcli: Remove unused finddcs_nbt"
This reverts commit 06c90cb6f5.

There is genuine interest in using this currently unused code, so put
it back into the tree to avoid folks having to rewrite it.

It should be carefully hooked back into libnet at some point, and
possibly told how to talk to the s3 nmbd socket if nbt_server isn't
running.

The wscript patches are skipped, due to the way the extra
dep interacted with the build system.  When used, this will be resolved.

Andrew Bartlett
2012-06-20 16:22:40 +10:00
Andrew Bartlett
e49656e2ee auth: Use only security_token_is_system to determine that a user is SYSTEM
This removes the duplication on how to detect that a user is system in Samba
now that the smbd system account is also only SID_NT_SYSTEM we can use the same
check everywhere.

Andrew Bartlett

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-19 10:38:13 +02:00
Rusty Russell
316e5e376c lib/tdb_wrap: use tdb directly, not tdb_compat.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-19 05:38:07 +02:00
Rusty Russell
df4a6e8228 ldb: use tdb directly, not tdb_compat.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-06-19 05:38:07 +02:00
Stefan Metzmacher
ede2fa8e69 heimdal:lib/wind: include <stdlib.h> at the end
This makes sure config.h gets includes first.

This should fix the build on AIX.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jun 17 16:16:24 CEST 2012 on sn-devel-104
2012-06-17 16:16:23 +02:00
Stefan Metzmacher
326d1749fc heimdal:lib/wind: make sure errorlist_table.c includes config.h as first header
This should fix the build on AIX.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 16 23:59:07 CEST 2012 on sn-devel-104
2012-06-16 23:59:06 +02:00
Stefan Metzmacher
bd45745b09 heimdal:lib/krb5: don't name a struct 'token'
This is a static const struct and the name is never used,
so just make it an anonymous struct.

This hopefully fixes the build on AIX:

"../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined.
"../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../source4/heimdal/lib/com_err/com_err.h.
"../source4/heimdal/lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h".
"../source4/heimdal/lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type.
"../source4/heimdal/lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type.
"../source4/heimdal/lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type.
"../source4/heimdal/lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type.
"../source4/heimdal/lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type.
Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin'
Build failed:  -> task failed (err #1):
	{task: cc expand_path.c -> expand_path_52.o}
gmake: *** [all] Error 1

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104
2012-06-16 15:20:58 +02:00
Andrew Bartlett
d949736f8d s4-classicupgrade: Also ask testparm for 'smb passwd file' 2012-06-16 08:18:10 +02:00
Andrew Bartlett
d9f7195a1f s4-classicupgrade: Use "samba classic" description for samba3 NT4-like domains in samba3upgrade 2012-06-16 08:18:10 +02:00
Andrew Bartlett
39766b75a4 s4-lib/param: FLAG DAY for the default FILE SERVER
This commit changes the default file server to be s3fs.  Existing
installs wishing to keep the ntvfs file server need to set this in
their smb.conf:

server services = +smb -s3fs
dcerpc endpoint services = +winreg +srvsvc

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
b58dc1826e s4-s3upgrade: Assert that administrator has a SID of -500, and only skip root if it is -500
Many upgraded installations have root as -1000, and so that account needs to be kept.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
61f7f01554 s4-s3upgrade: Add my wins.dat and fix the parsing error
The issue was that the numbers at the end of the lines are space
padded.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
d0b60f02dd s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entries 2012-06-16 08:18:10 +02:00
Andrew Bartlett
3c65bac0b6 s4-idmap: Add mapping using uidNumber and gidNumber like idmap_ad
This is a solution for users who are upgrading from Samba 3.x in
particuar, or have clients that will be using idmap_ad.  This avoids
needing to have duplicate values in idmap.ldb and in the directory.

No check for conflicts is made with the idmap.ldb - the AD store always wins.

Andrew Bartlett
2012-06-16 08:18:10 +02:00
Andrew Bartlett
d1d36d2563 s4-selftest: Add tests for dbcheck on an old database that needs repair
We changed a lot since alpha13, so there are lots of legitimate errors to fix.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 16 05:44:15 CEST 2012 on sn-devel-104
2012-06-16 05:44:15 +02:00
Andrew Bartlett
fa223eb26b s4-dbcheck: Always specify the dhcheck control
This will then allow us to make schema modifications, overriding the default ban.

Andrew Bartlett
2012-06-16 03:55:06 +02:00
Andrew Bartlett
72953b1eb8 selftest: Add targetdir and tdbrestore parameters to undump.sh 2012-06-16 03:55:06 +02:00
Andrew Bartlett
67bdf4fa11 lib/param: Use server role = 'standalone server' to be consistant with member server
standalne is left as an alias.

Andrew Bartlett
2012-06-15 09:18:33 +02:00
Andrew Bartlett
b8815dc23d lib/param: Create a seperate server role for "active directory domain controller"
This will allow us to detect from the smb.conf if this is a Samba4 AD
DC which will allow smarter handling of (for example) accidentially
starting smbd rather than samba.

To cope with upgrades from existing Samba4 installs, 'domain
controller' is a synonym of 'active directory domain controller' and
new parameters 'classic primary domain controller' and 'classic backup
domain controller' are added.

Andrew Bartlett
2012-06-15 09:18:33 +02:00
Stefan Metzmacher
59733d911b heimdal:lib/hdb: <config.h> needs to be the first header
This should fix build problems on AIX.

metze
2012-06-15 07:17:43 +02:00
Stefan Metzmacher
96ada4d87b s4:ntvfs: add '_fn' suffix to all ntvfs_ops function pointers
This hopefully fixes the build on systems where _LARGE_FILES
triggers defines of syscalls e.g. '#define lseek lseek64'
on AIX.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 13 11:03:15 CEST 2012 on sn-devel-104
2012-06-13 11:03:15 +02:00
Michael Adam
25216d7537 s4:smbd: fix typos
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun 12 09:21:15 CEST 2012 on sn-devel-104
2012-06-12 09:21:14 +02:00
Michael Adam
23a73c51ac s4:kerberos: fix typos in kerberos-notes.txt 2012-06-12 07:21:46 +02:00
Michael Adam
6b2175c834 s4:gensec: fix a comment typo 2012-06-12 07:21:45 +02:00
Michael Adam
7dd22bdb47 s4:torture: fix use of non-existent word (existant) 2012-06-12 07:21:45 +02:00
Michael Adam
2a1ab92793 s4:tests: fix use of a non-existent word (existant) 2012-06-12 07:21:45 +02:00
Michael Adam
cec6ebf4c3 s4:provision: fix use of non-existent word (existant) 2012-06-12 07:21:44 +02:00
Michael Adam
acd3a6bb6c s4:registry:testsuite: fix use of non-existent word (existant) 2012-06-12 07:21:44 +02:00
Michael Adam
d91182c5ae s4:heimdal: fix use of a non-existent word (existant) 2012-06-12 07:21:44 +02:00
Andrew Bartlett
29ff3ce568 s4-selftest: Test samba-tool drs replicate --local --full-sync 2012-06-11 11:44:07 +02:00
Björn Jacke
2fb4c551e8 s4/pvfs: handle non-POSIX compliant Tru64, NetBSD and FreeBSD errno on O_NOFOLLOW symlink open calls
see also f75f1d6233
2012-06-10 21:38:08 +02:00
Stefan Metzmacher
0eeaf10fd0 heimdal:lib/asn1: try to fix the build on IRIX
cc-1028 cc: ERROR File = ../source4/heimdal/lib/asn1/gen_template.c, Line = 548
  The expression used must have a constant value.

  struct templatehead template = { 0L, &(template). tqh_first };
                                         ^
If this really fixes the IRIX build, we'll propose this for heimdal upstream.

metze
2012-06-10 18:16:28 +02:00
David Disseldorp
53c62bca2f s4-torture: fsrvp test suite
Covers most operations defined by the File Server Remote VSS Protocol.
2012-06-08 13:34:31 +02:00
Alexander Bokovoy
23aac2039d waf: support --without-ad-dc for Heimdal (embedded and system) as well
--without-ad-dc was hardwired to mean --with-system-mitkrb5. With this change
it also possible to build source3/ code and source4/ client side without
building AD DC functionality using Heimdal (embedded or system).
2012-06-07 16:08:02 +03:00
Andrew Bartlett
06c90cb6f5 s4-libcli: Remove unused finddcs_nbt
This would only do the NBT getdc lookup for a single DC (but would
find multiple DCs at first stage), but more particular it of course
uses Netbios rather than DNS names.

In any case it was also unused, as we use CLDAP for reliable DC
location these days.

Found by callcatcher

Andrew Bartlett
2012-06-07 06:45:06 +02:00
Andrew Bartlett
1e28aa147f build: Add missing deps and make MESSAGING a private library
To remove finddcs_nbt these missing deps need to be added.  These
subsystems linked to to implicit dependencies provided by finddcs.
Due to the new arrangmenet of subsystems, MESSAGING needs to be a
private library to avoid being a source of duplicate symbols.

Andrew Bartlett
2012-06-07 06:45:06 +02:00
Michael Adam
abe4798398 s4:dns-server: remove an extra blank line from handle_question() 2012-06-06 19:37:13 +02:00
Kai Blin
f3df2988ba s4 dns: Correctly handle A questions for CNAMEs
When an A/AAAA lookup is made for a name that actually is a CNAME
record, we need to return the CNAME record, and then do the A/AAAA
lookup for the name the CNAME points at.

This still fails for CNAMEs pointing at records for domains we need to
ask our forwarders for.

Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Wed Jun  6 15:23:55 CEST 2012 on sn-devel-104
2012-06-06 15:23:55 +02:00
Kai Blin
754c60e417 s4 dns: Structure tests a bit better 2012-06-06 13:26:14 +02:00
Stefan Metzmacher
cd99e61202 s4:torture/locktest: fix compiler warning
metze
2012-06-05 17:33:49 +02:00
Andrew Bartlett
dc799d4b42 s4-provision: Test for posix ACLs in the actual sysvol path
This avoids issues in the previous location where lp may not be initialised at this point
and instead simply waits until we have a known sysvol path, and test for ACL support
there.

Andrew Bartlett
2012-06-05 04:27:36 +02:00
Andrew Bartlett
d2b635cc2f s4-provision: Place xattr.tdb in the actual state directory
This patch does two things: it fixes up the spelling of "state dir" to
"state directory" so that we actually find the smb.conf parameter, and
we move it to after we process the global settings in case this is
changed in the future.

Andrew Bartlett
2012-06-05 04:27:36 +02:00
Andriy Syrovenko
1a2b65cd31 Add '--use-ntvfs' option to 'samba-tool domain join' 2012-06-05 04:27:36 +02:00
Andrew Bartlett
f9b7cd53b9 s4-xattr: Use libreplace xattr functions directly 2012-06-02 02:13:49 +02:00
Alexander Bokovoy
eaf9b86d60 Revert "waf-mitkrb5: enable dcerpc_server library to support OpenChange client code"
This reverts commit f8c447b1a4.

After discussing with Julien (Openchange) and Metze, I decided to revert this code.
Instead I made a patch to Openchange which allows to build client side only.

Openchange server code requires working s4 member DC and --without-ad-dc build
does not provide working provisioning even if we enable dcerpc_server and end point mapper.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Fri Jun  1 16:46:08 CEST 2012 on sn-devel-104
2012-06-01 16:46:07 +02:00
Alexander Bokovoy
6e9aca7d41 waf: check for krb5_create_checksum and krb5_creds.flags for some Heimdal versions
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Jun  1 11:23:21 CEST 2012 on sn-devel-104
2012-06-01 11:23:21 +02:00
Alexander Bokovoy
f8c447b1a4 waf-mitkrb5: enable dcerpc_server library to support OpenChange client code
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-06-01 09:29:47 +02:00
Michael Adam
15d567265e build: rename build targets smbclient -> smbclient4 and smbclient3 -> smbclient
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu May 31 06:36:55 CEST 2012 on sn-devel-104
2012-05-31 06:36:55 +02:00
Michael Adam
769908540f s4:selftest: change the blackbox.samba_tool_demote test to use a binary mapping for smbclient 2012-05-31 04:46:07 +02:00
Michael Adam
72fbbdb9b3 s4:selftest: change the blackbox.passwords test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
e7281b450a s4:selftest: change the blackbox.pkinit test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
d86ae30bb8 s4:selftest: change the blackbox.kinit test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
104135faa9 s4:selftest: change the blackbox.export.keytab test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
00f5473de8 s4:selftest: change the blackbox.chgdcpass test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
df0cadbcc9 s4:selftest: change the blackbox.samba_tool test to use a binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
da82c07e13 s4:selftets: change the blackbox.bogusdomain test to use binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
11a2eeabaa s4:selftest: change the blackbox.smbclient test to use binary mapping for smbclient 2012-05-31 04:46:06 +02:00
Michael Adam
fef5ce7f0f s4:selftest: determine nmblookup via binary mapping for blackbox test in tests.py 2012-05-31 04:46:06 +02:00
Amitay Isaacs
866279df9f dsdb: Fix error checking conditions in partition_metadata module
Thanks to Matthieu Patou <mat@matws.net> for pointing it out.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed May 30 17:00:01 CEST 2012 on sn-devel-104
2012-05-30 17:00:00 +02:00
Andrew Bartlett
3e92bff13d s4-provision: Use the s3fs file server by default in migrations
This covers both migrations from s3 and joining a domain as a new DC.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed May 30 14:57:22 CEST 2012 on sn-devel-104
2012-05-30 14:57:22 +02:00
Andrew Bartlett
65bd5eb04b lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used there
This is also where the related krb5_princ_component is declared.

Also fix the configure check to use the correct name

This helps the autoconf build on Heimdal.

Andrew Bartlett
2012-05-30 12:55:39 +02:00
Kai Blin
6a1ad76c5e s4-dns: Use W_ERROR_HAVE_NO_MEMORY in create_response_rr 2012-05-30 00:38:00 +02:00
Kai Blin
9d128bbb62 s4-dns: Use proper talloc hierarchy for NS records in create_response_rr 2012-05-30 00:38:00 +02:00
Kai Blin
ffc568eb42 s4-dns: Use proper talloc hierarchy for AAAA records in create_response_rr 2012-05-30 00:37:59 +02:00
Volker Lendecke
d5ce36b148 s4-dns: Remove sync dns_process
Signed-off-by: Kai Blin <kai@samba.org>
2012-05-30 00:37:59 +02:00