[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-107-g532ccbb
The branch, v4-0-test has been updated via 532ccbbe7aa360440f455dfa136f425b9996e998 (commit) via f8628fa330abcd50923d995d5bda1f4811582ea9 (commit) via 1c909973977ae117703c1ccf7589acc4625e76e5 (commit) from b91bbc5fe4a47e5823be6be5f2f203f1f14105de (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 532ccbbe7aa360440f455dfa136f425b9996e998 Merge: f8628fa330abcd50923d995d5bda1f4811582ea9 b91bbc5fe4a47e5823be6be5f2f203f1f14105de Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:15:46 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local commit f8628fa330abcd50923d995d5bda1f4811582ea9 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:14:20 2008 +1000 Remove the 'accoc_group_id' check in the RPC server. This check breaks more than it fixes, and while technically not correct, is the best solution we have at this time. Otherwise, SCHANNEL binds from WinXP fail. Andrew Bartlett commit 1c909973977ae117703c1ccf7589acc4625e76e5 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 13:49:00 2008 +1000 Explain where some other OIDs are allocated. This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett --- Summary of changes: source/rpc_server/dcerpc_server.c | 11 +++ source/setup/schema_samba4.ldif |6 ++ 2 files changed, 17 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index d8dafd6..91ae5fc 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) uint32_t context_id; const struct dcesrv_interface *iface; +#if 0 + /* It is not safe to enable this check - windows clients +* (WinXP in particular) will use it for NETLOGON calls, for +* the subsequent SCHANNEL bind. It turns out that NETLOGON +* calls include no policy handles, so it is safe there. Let +* the failure occour on the attempt to reuse a poilcy handle, +* rather than here */ + + /* Association groups allow policy handles to be shared across +* multiple client connections. We don't implement this yet. */ if (call-pkt.u.bind.assoc_group_id != 0) { return dcesrv_bind_nak(call, 0); } +#endif if (call-pkt.u.bind.num_contexts 1 || call-pkt.u.bind.ctx_list[0].num_transfer_syntaxes 1) { diff --git a/source/setup/schema_samba4.ldif b/source/setup/schema_samba4.ldif index 21d17c5..3e129e4 100644 --- a/source/setup/schema_samba4.ldif +++ b/source/setup/schema_samba4.ldif @@ -3,9 +3,15 @@ # ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema ## 1.3.6.1.4.1.7165.4.1.x - attributetypes + ## 1.3.6.1.4.1.7165.4.2.x - objectclasses + ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +### see dsdb/samdb/samdb.h + ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations +### see dsdb/samdb/samdb.h + ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track # # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-112-gae311d8
The branch, v4-0-test has been updated via ae311d89d2d477b235a6a9294a8bb463ed0a8c05 (commit) via af629a3738298d27eb2dbecf466ceb503cec9638 (commit) via a93b20b85b7b35965c428f1543cb7bbe96e16d42 (commit) via 136a85599815670c807f212d7d4003ec53a13729 (commit) via 74d684f6b329d7dd573cdc55e16bb8e629474b02 (commit) from 532ccbbe7aa360440f455dfa136f425b9996e998 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05 Merge: af629a3738298d27eb2dbecf466ceb503cec9638 532ccbbe7aa360440f455dfa136f425b9996e998 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:20:07 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet commit af629a3738298d27eb2dbecf466ceb503cec9638 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:19:54 2008 +1000 The SMB session key must not be more than 16 bytes in SAMR (and presumably LSA). Tests show that Vista requires the sesion key to be truncated for a domain join. Andrew Bartlett commit a93b20b85b7b35965c428f1543cb7bbe96e16d42 Merge: 136a85599815670c807f212d7d4003ec53a13729 b91bbc5fe4a47e5823be6be5f2f203f1f14105de Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:15:43 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet commit 136a85599815670c807f212d7d4003ec53a13729 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Jul 22 11:09:18 2008 +1000 Install'named.txt' to private/ as documentation. This document is much more use when subbed with all the right things. Andrew Bartlett commit 74d684f6b329d7dd573cdc55e16bb8e629474b02 Author: Matthias Dieter Wallnöfer [EMAIL PROTECTED] Date: Tue Jul 22 11:06:47 2008 +1000 Improve DNS and Group poicy configurations. - fixes bug #4813 (simplify DNS setup) - This reworks the named.conf to be a fully fledged include - This also moves the documentation into named.txt - improves bug #4900 (Group policy support in Samba) - by creating an empty GPT.INI - fixes bug #5582 (DNS: Enhanced zone file) - This is now closer to the zone file AD creates committed by Andrew Bartlett --- Summary of changes: source/librpc/rpc/dcerpc_util.c| 14 +- source/rpc_server/dcerpc_server.c | 11 - source/scripting/python/samba/provision.py | 31 - source/setup/named.conf| 63 ++-- source/setup/named.txt | 46 source/setup/provision.zone|7 +++- 6 files changed, 115 insertions(+), 57 deletions(-) create mode 100644 source/setup/named.txt Changeset truncated at 500 lines: diff --git a/source/librpc/rpc/dcerpc_util.c b/source/librpc/rpc/dcerpc_util.c index 71c6d5f..32646e8 100644 --- a/source/librpc/rpc/dcerpc_util.c +++ b/source/librpc/rpc/dcerpc_util.c @@ -647,11 +647,21 @@ NTSTATUS dcerpc_generic_session_key(struct dcerpc_connection *c, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcerpc_fetch_session_key(struct dcerpc_pipe *p, - DATA_BLOB *session_key) + DATA_BLOB *session_key) { - return p-conn-security_state.session_key(p-conn, session_key); + NTSTATUS status; + status = p-conn-security_state.session_key(p-conn, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key-length = MIN(session_key-length, 16); + + return NT_STATUS_OK; } diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index 91ae5fc..a2ca897 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -270,11 +270,20 @@ NTSTATUS dcesrv_generic_session_key(struct dcesrv_connection *p, /* fetch the user session key - may be default (above) or the SMB session key + + The key is always truncated to 16 bytes */ _PUBLIC_ NTSTATUS dcesrv_fetch_session_key(struct dcesrv_connection *p, DATA_BLOB *session_key) { - return p-auth_state.session_key(p, session_key); + NTSTATUS status = p-auth_state.session_key(p, session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + session_key-length = MIN(session_key-length, 16); + + return NT_STATUS_OK; } diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index 6eb47c8..4b31038 100644 --- a/source/scripting/python/samba/provision.py +++
Re: [SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-107-g532ccbb
Andrew Bartlett schrieb: The branch, v4-0-test has been updated via 532ccbbe7aa360440f455dfa136f425b9996e998 (commit) via f8628fa330abcd50923d995d5bda1f4811582ea9 (commit) via 1c909973977ae117703c1ccf7589acc4625e76e5 (commit) from b91bbc5fe4a47e5823be6be5f2f203f1f14105de (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 532ccbbe7aa360440f455dfa136f425b9996e998 Merge: f8628fa330abcd50923d995d5bda1f4811582ea9 b91bbc5fe4a47e5823be6be5f2f203f1f14105de Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:15:46 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local commit f8628fa330abcd50923d995d5bda1f4811582ea9 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 16:14:20 2008 +1000 Remove the 'accoc_group_id' check in the RPC server. This check breaks more than it fixes, and while technically not correct, is the best solution we have at this time. Otherwise, SCHANNEL binds from WinXP fail. Andrew Bartlett commit 1c909973977ae117703c1ccf7589acc4625e76e5 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Jul 23 13:49:00 2008 +1000 Explain where some other OIDs are allocated. This is an odd place for an OID registry - we perhaps need a central wiki page. Andrew Bartlett --- Summary of changes: source/rpc_server/dcerpc_server.c | 11 +++ source/setup/schema_samba4.ldif |6 ++ 2 files changed, 17 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index d8dafd6..91ae5fc 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -534,9 +534,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) uint32_t context_id; const struct dcesrv_interface *iface; +#if 0 + /* It is not safe to enable this check - windows clients + * (WinXP in particular) will use it for NETLOGON calls, for + * the subsequent SCHANNEL bind. It turns out that NETLOGON + * calls include no policy handles, so it is safe there. Let + * the failure occour on the attempt to reuse a poilcy handle, + * rather than here */ + + /* Association groups allow policy handles to be shared across + * multiple client connections. We don't implement this yet. */ if (call-pkt.u.bind.assoc_group_id != 0) { return dcesrv_bind_nak(call, 0); } +#endif I think we should just allow 0 or the 0x12345678 value we give away and fail all other values... Would that be enough to make WinXP work? metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-113-g26d1f93
The branch, v4-0-test has been updated via 26d1f9366d8611af1a69095b4cede2d2c95c982d (commit) from ae311d89d2d477b235a6a9294a8bb463ed0a8c05 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 26d1f9366d8611af1a69095b4cede2d2c95c982d Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu Jul 17 13:36:59 2008 +0200 libnet/become_dc: add a comment and explain why it's important to specify krb5 metze --- Summary of changes: source/libnet/libnet_become_dc.c |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c index 556ba80..31a9206 100644 --- a/source/libnet/libnet_become_dc.c +++ b/source/libnet/libnet_become_dc.c @@ -1516,6 +1516,15 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s, drsuapi-s = s; if (!drsuapi-binding) { + /* +* Note: It's important to pass 'krb5' as auth_type here +* otherwise the replication will not work with +* Windows 2000. If NTLMSSP is used Windows 2000 +* returns garbage in the DsGetNCChanges() response +* if encrypted password attributes would be in the response. +* That means the replication of the schema and configuration +* partition works fine, but it fails for the domain partition. +*/ if (lp_parm_bool(s-libnet-lp_ctx, NULL, become_dc, print, false)) { binding_str = talloc_asprintf(s, ncacn_ip_tcp:%s[krb5,print,seal], s-source_dsa.dns_name); if (composite_nomem(binding_str, c)) return; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-115-g7ee9910
The branch, v4-0-test has been updated via 7ee99105ea3a50d8ee2c83ecd39e834ed9efb98c (commit) via 67a99e445871861945fd0a45784cffb358bdccf3 (commit) from 26d1f9366d8611af1a69095b4cede2d2c95c982d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7ee99105ea3a50d8ee2c83ecd39e834ed9efb98c Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 11:06:50 2008 +0200 smbtorture: add a warning for unknown BindInfo length to the RPC-DSSYNC test Michael commit 67a99e445871861945fd0a45784cffb358bdccf3 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 11:05:24 2008 +0200 smbtorture: add support for the DSBindInfo48 to the RPC-DSSYNC test. Michael --- Summary of changes: source/torture/rpc/dssync.c | 12 1 files changed, 12 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/torture/rpc/dssync.c b/source/torture/rpc/dssync.c index 35fd4df..3279047 100644 --- a/source/torture/rpc/dssync.c +++ b/source/torture/rpc/dssync.c @@ -214,9 +214,21 @@ static bool _test_DsBind(struct torture_context *tctx, b-peer_bind_info28.repl_epoch = 0; break; } + case 48: { + struct drsuapi_DsBindInfo48 *info48; + info48 = b-req.out.bind_info-info.info48; + b-peer_bind_info28.supported_extensions= info48-supported_extensions; + b-peer_bind_info28.site_guid = info48-site_guid; + b-peer_bind_info28.pid = info48-pid; + b-peer_bind_info28.repl_epoch = info48-repl_epoch; + break; + } case 28: b-peer_bind_info28 = b-req.out.bind_info-info.info28; break; + default: + printf(DsBind - warning: unknown BindInfo length: %u\n, + b-req.out.bind_info-length); } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-116-gc123e59
The branch, v4-0-test has been updated via c123e597cc84685abf2b0d3564e1a26d80bbef2f (commit) from 7ee99105ea3a50d8ee2c83ecd39e834ed9efb98c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c123e597cc84685abf2b0d3564e1a26d80bbef2f Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 14:41:16 2008 +0200 rpc_server: be more strict with the incoming assoc_group_id Allow 0 and 0x12345678 only. This fixes the RPC-HANDLES test. metze --- Summary of changes: source/rpc_server/dcerpc_server.c | 24 1 files changed, 12 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index a2ca897..ac36825 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -543,20 +543,20 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call) uint32_t context_id; const struct dcesrv_interface *iface; -#if 0 - /* It is not safe to enable this check - windows clients -* (WinXP in particular) will use it for NETLOGON calls, for -* the subsequent SCHANNEL bind. It turns out that NETLOGON -* calls include no policy handles, so it is safe there. Let -* the failure occour on the attempt to reuse a poilcy handle, -* rather than here */ - - /* Association groups allow policy handles to be shared across -* multiple client connections. We don't implement this yet. */ - if (call-pkt.u.bind.assoc_group_id != 0) { + /* +* Association groups allow policy handles to be shared across +* multiple client connections. We don't implement this yet. +* +* So we just allow 0 if the client wants to create a new +* association group. +* +* And we allow the 0x12345678 value, we give away as +* assoc_group_id back to the clients +*/ + if (call-pkt.u.bind.assoc_group_id != 0 + call-pkt.u.bind.assoc_group_id != 0x12345678) { return dcesrv_bind_nak(call, 0); } -#endif if (call-pkt.u.bind.num_contexts 1 || call-pkt.u.bind.ctx_list[0].num_transfer_syntaxes 1) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-133-g08618bb
The branch, v4-0-test has been updated via 08618bbd508ede0bb9e1922fae562cffdca41cbd (commit) via 8300259f103f8cfe014988fad0f7ee0d49bb1ac2 (commit) via 97b7901afbccc9647ad2958d4cf12300de2655d1 (commit) via ca9cd81a1798fb15195566422b3cad7c282fce89 (commit) via 4ad73a0bf8952783d3d9a7339c0c4fd8ca28981a (commit) via 5edff84429ef0d03b47a438e18861d26c97e17b6 (commit) via 1bf552856f3a930c4716ceb73d9ba9adf7502d3d (commit) via da9ceb2bf17f964334d9317829d40483e2c04b10 (commit) via 7219740ef434091617c6bb727374251987ff2a62 (commit) via 19b8c8e37bafab050ab61266c35006efada2947c (commit) via 24c5b10136f6e640832193aaf9e6d7e865c288bc (commit) via 5b860572686167d0291161f6597f143e538e2f3a (commit) via 9a70b2237d4fdd523edfbca0329ad35e71faf998 (commit) via 26e9169d454349795ad0bc64d7f65059541ab89e (commit) via ca28d05b11e602e0f98cda0e02f973562c199dc6 (commit) via ac02d6a0f765e3b66fb6796f129edb1a348ecd84 (commit) via 6a7637b12e4a34915a53e81a0f47571da21fdc5a (commit) from c123e597cc84685abf2b0d3564e1a26d80bbef2f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 08618bbd508ede0bb9e1922fae562cffdca41cbd Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 09:35:19 2008 +0200 password_hash: add generation of the Primary:Kerberos-Newer-Keys blob But it's still of by default until we now what triggers this generation. It could be that the value is always generated but the KDC only uses it when in a specific funtional level, but it could also be that it's only generated in a specific functional level. metze commit 8300259f103f8cfe014988fad0f7ee0d49bb1ac2 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:47:27 2008 +0200 hdb-ldb: try to find Primary:Kerberos-Newer-Keys and fallback to Primary:Kerberos Now provide AES tickets if we find the keys in the supplementalCredentials attribute metze commit 97b7901afbccc9647ad2958d4cf12300de2655d1 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 12:28:07 2008 +0200 drsblobs.idl: add idl for Primary:Kerberos-Newer-Keys blob in supplementalCredentials metze commit ca9cd81a1798fb15195566422b3cad7c282fce89 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:54:21 2008 +0200 password_hash: order the supplementalCredentials Packages in the same order like windows metze commit 4ad73a0bf8952783d3d9a7339c0c4fd8ca28981a Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:27:36 2008 +0200 password_hash: split the generation of krb5 keys into a different function metze commit 5edff84429ef0d03b47a438e18861d26c97e17b6 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:32:49 2008 +0200 password_hash: simplify the logic if we have cleartext we always generate the hashes metze commit 1bf552856f3a930c4716ceb73d9ba9adf7502d3d Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 10:05:43 2008 +0200 password_hash: fix callers after idl change for package_PrimaryKerberos metze commit da9ceb2bf17f964334d9317829d40483e2c04b10 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 08:53:34 2008 +0200 drsblobs.idl: fix unknowns in package_PrimaryKerberos idl metze commit 7219740ef434091617c6bb727374251987ff2a62 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:41:51 2008 +0200 hdb-ldb: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE metze commit 19b8c8e37bafab050ab61266c35006efada2947c Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:31:14 2008 +0200 password_hash: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE metze commit 24c5b10136f6e640832193aaf9e6d7e865c288bc Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:06:32 2008 +0200 drsblobs.idl: fix idl for supplementalCredentialsSubBlob metze commit 5b860572686167d0291161f6597f143e538e2f3a Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 12:00:42 2008 +0200 password_hash: ignore reserved value, but still set it like windows does metze commit 9a70b2237d4fdd523edfbca0329ad35e71faf998 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:53:03 2008 +0200 drsblobs.idl: rename unknown1 - reserved metze commit 26e9169d454349795ad0bc64d7f65059541ab89e Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:31:45 2008 +0200 password_hash: don't add zero padding as w2k8 also don't add it metze commit ca28d05b11e602e0f98cda0e02f973562c199dc6 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 18:46:24 2008 +0200 hdb-ldb: fix comment about padding metze commit ac02d6a0f765e3b66fb6796f129edb1a348ecd84
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-137-g1f5704e
The branch, v4-0-test has been updated via 1f5704e2dee5900e8d1d87699b76f67c0e12854e (commit) via 97e8d5813df19cae294b6de2a880606f0f8c2c59 (commit) via 7d80fab912576923c7474d77b8ed960b01296914 (commit) via a8aea9274170a2b472c45c97a4904bd299d2a92e (commit) from 08618bbd508ede0bb9e1922fae562cffdca41cbd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1f5704e2dee5900e8d1d87699b76f67c0e12854e Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 15:34:45 2008 +0200 drsuapi: always set the pid field of the outgoing DsBindInfo to 0. This is for debugging and informational purposes only. The assignment is implementation specific. (WSPP docs, sec. 5.35). Michael commit 97e8d5813df19cae294b6de2a880606f0f8c2c59 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 15:21:44 2008 +0200 libnet_unbecome_dc: teach unbecomeDC_drsuapi_bind_recv() DsBindInfo48. ..to work agains w2k8. Michael commit 7d80fab912576923c7474d77b8ed960b01296914 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 15:18:57 2008 +0200 libnet_become_cd: teach becomeDC_drsuapi_bind_recv() DsBindInfo48. To work with w2k8. Michael commit a8aea9274170a2b472c45c97a4904bd299d2a92e Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 14:07:06 2008 +0200 dsdb: teach dreplsrv_out_drsuapi_bind_recv() knowledge of DsBindInfo48. To make it work against w2k8. Michael --- Summary of changes: source/dsdb/repl/drepl_out_helpers.c |9 + source/libnet/libnet_become_dc.c | 16 ++-- source/libnet/libnet_unbecome_dc.c | 11 ++- source/torture/rpc/dssync.c |2 +- 4 files changed, 30 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source/dsdb/repl/drepl_out_helpers.c b/source/dsdb/repl/drepl_out_helpers.c index 0700867..345e3db 100644 --- a/source/dsdb/repl/drepl_out_helpers.c +++ b/source/dsdb/repl/drepl_out_helpers.c @@ -146,6 +146,15 @@ static void dreplsrv_out_drsuapi_bind_recv(struct rpc_request *req) st-drsuapi-remote_info28.repl_epoch = 0; break; } + case 48: { + struct drsuapi_DsBindInfo48 *info48; + info48 = st-bind_r.out.bind_info-info.info48; + st-drsuapi-remote_info28.supported_extensions = info48-supported_extensions; + st-drsuapi-remote_info28.site_guid= info48-site_guid; + st-drsuapi-remote_info28.pid = info48-pid; + st-drsuapi-remote_info28.repl_epoch = info48-repl_epoch; + break; + } case 28: st-drsuapi-remote_info28 = st-bind_r.out.bind_info-info.info28; break; diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c index 31a9206..6a13974 100644 --- a/source/libnet/libnet_become_dc.c +++ b/source/libnet/libnet_become_dc.c @@ -1611,12 +1611,7 @@ static void becomeDC_drsuapi_bind_send(struct libnet_BecomeDC_state *s, bind_info28-supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS; #endif bind_info28-site_guid = s-dest_dsa.site_guid; - if (s-domain.behavior_version == 2) { - /* TODO: find out how this is really triggered! */ - bind_info28-pid= 528; - } else { - bind_info28-pid= 516; - } + bind_info28-pid= 0; bind_info28-repl_epoch = 0; drsuapi-bind_info_ctr.length = 28; @@ -1649,6 +1644,15 @@ static WERROR becomeDC_drsuapi_bind_recv(struct libnet_BecomeDC_state *s, drsuapi-remote_info28.repl_epoch = 0; break; } + case 48: { + struct drsuapi_DsBindInfo48 *info48; + info48 = drsuapi-bind_r.out.bind_info-info.info48; + drsuapi-remote_info28.supported_extensions = info48-supported_extensions; + drsuapi-remote_info28.site_guid= info48-site_guid; + drsuapi-remote_info28.pid = info48-pid; + drsuapi-remote_info28.repl_epoch = info48-repl_epoch; + break; + } case 28: drsuapi-remote_info28 = drsuapi-bind_r.out.bind_info-info.info28; break; diff --git
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-139-ga7bfa1f
The branch, v4-0-test has been updated via a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d (commit) via af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3 (commit) from 1f5704e2dee5900e8d1d87699b76f67c0e12854e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 16:23:31 2008 +0200 libnet_become_dc: send msDS_Behavior_Version == 3 (win2k8) in DsAddEntry instead of version 2 (win2k3). This makes the NET-API-BECOME-DC test work against windows 2003 and 2008. Michael commit af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 17:54:25 2008 +0200 libnet_become_cd: add boolean option become_dc:force krb5 to control krb5 auth. This allows controlling whether krb5 auth is forced for the rpc bind in libnet_become_dc. It defaults to yes. For Windows 2000, DsGetNCChanges only krb5 auth works due to a bug in Windows (it returns garbage - a positive object count is returned along with first object == NULL). For Windows 2008, on the other hand, krb5 auth does not work currently due to the lack of support for AES keys. (Metze is working on that.) Michael --- Summary of changes: source/dsdb/common/flags.h |1 + source/libnet/libnet_become_dc.c | 30 +++--- 2 files changed, 20 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source/dsdb/common/flags.h b/source/dsdb/common/flags.h index 3611141..e8802fd 100644 --- a/source/dsdb/common/flags.h +++ b/source/dsdb/common/flags.h @@ -122,3 +122,4 @@ #define DS_BEHAVIOR_WIN20000 #define DS_BEHAVIOR_WIN2003_INTERIM1 #define DS_BEHAVIOR_WIN20032 +#define DS_BEHAVIOR_WIN20083 diff --git a/source/libnet/libnet_become_dc.c b/source/libnet/libnet_become_dc.c index 6a13974..1ce067c 100644 --- a/source/libnet/libnet_become_dc.c +++ b/source/libnet/libnet_become_dc.c @@ -1516,22 +1516,30 @@ static void becomeDC_drsuapi_connect_send(struct libnet_BecomeDC_state *s, drsuapi-s = s; if (!drsuapi-binding) { + char *krb5_str = ; + char *print_str = ; /* -* Note: It's important to pass 'krb5' as auth_type here -* otherwise the replication will not work with -* Windows 2000. If NTLMSSP is used Windows 2000 -* returns garbage in the DsGetNCChanges() response +* Note: Replication only works with Windows 2000 when 'krb5' is +* passed as auth_type here. If NTLMSSP is used, Windows +* 2000 returns garbage in the DsGetNCChanges() response * if encrypted password attributes would be in the response. * That means the replication of the schema and configuration * partition works fine, but it fails for the domain partition. */ - if (lp_parm_bool(s-libnet-lp_ctx, NULL, become_dc, print, false)) { - binding_str = talloc_asprintf(s, ncacn_ip_tcp:%s[krb5,print,seal], s-source_dsa.dns_name); - if (composite_nomem(binding_str, c)) return; - } else { - binding_str = talloc_asprintf(s, ncacn_ip_tcp:%s[krb5,seal], s-source_dsa.dns_name); - if (composite_nomem(binding_str, c)) return; + if (lp_parm_bool(s-libnet-lp_ctx, NULL, become_dc, +force krb5, true)) + { + krb5_str = krb5,; } + if (lp_parm_bool(s-libnet-lp_ctx, NULL, become_dc, +print, false)) + { + print_str = print,; + } + binding_str = talloc_asprintf(s, ncacn_ip_tcp:%s[%s%sseal], + s-source_dsa.dns_name, + krb5_str, print_str); + if (composite_nomem(binding_str, c)) return; c-status = dcerpc_parse_binding(s, binding_str, drsuapi-binding); talloc_free(binding_str); if (!composite_is_ok(c)) return; @@ -2096,7 +2104,7 @@ static void becomeDC_drsuapi1_add_entry_send(struct libnet_BecomeDC_state *s) vd[0] = data_blob_talloc(vd, NULL, 4); if (composite_nomem(vd[0].data, c)) return; - SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2003); + SIVAL(vd[0].data, 0, DS_BEHAVIOR_WIN2008); vs[0].blob = vd[0]; -- Samba Shared
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3395-g4b8362f
The branch, v3-3-test has been updated via 4b8362f9777debd21c47154e786b7017fbf847f7 (commit) from 5ab391d466ce9ddea31f6f6bf467aa6c5f3a7efb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 4b8362f9777debd21c47154e786b7017fbf847f7 Author: Steve French [EMAIL PROTECTED] Date: Wed Jul 23 14:25:17 2008 -0500 cifs.upcall: fix compile warning Steve French noticed these warnings when building cifs.upcall: Compiling client/cifs.upcall.c client/cifs.upcall.c: In function 'usage': client/cifs.upcall.c:204: warning: declaration of 'prog' shadows a global declaration client/cifs.upcall.c:33: warning: shadowed declaration is here Change the usage function to not take and arg and have it just use the global prog variable. Fix a typo in the log message generated when an unknown option is specified. Also getopt() always returns '?' when it sees an unknown option so there's no point in printing it out. Signed-off-by: Jeff Layton [EMAIL PROTECTED] --- Summary of changes: source/client/cifs.upcall.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c index 3860f33..e389326 100644 --- a/source/client/cifs.upcall.c +++ b/source/client/cifs.upcall.c @@ -201,7 +201,7 @@ int cifs_resolver(const key_serial_t key, const char *key_descr) } void -usage(const char *prog) +usage() { syslog(LOG_WARNING, Usage: %s [-c] [-v] key_serial, prog); fprintf(stderr, Usage: %s [-c] [-v] key_serial\n, prog); @@ -234,7 +234,7 @@ int main(const int argc, char *const argv[]) goto out; } default:{ - syslog(LOG_WARNING, unknow option: %c, c); + syslog(LOG_WARNING, unknown option: %c, c); goto out; } } @@ -242,7 +242,7 @@ int main(const int argc, char *const argv[]) /* is there a key? */ if (argc = optind) { - usage(prog); + usage(); goto out; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3403-gd78667c
The branch, v3-3-test has been updated via d78667c88515aa4fffc49b44c00f470f7d25bd4d (commit) via 5db983d1538453f0ba35d67a099396a18c7ab736 (commit) via a5de166833631dbc8450277d180c69086deacd4b (commit) via 5459745369092a4d48fee18fb1be53f195405370 (commit) via e33af40ad41816531c3189ef146f192a902d3229 (commit) via 38aca9c11783daf30e19b4951451ec9a6b85cd30 (commit) via 398702a818a0c292ab5b4f76be95168de83ffa25 (commit) via fb0379aede4665987679c2e1b5ae943f124804b6 (commit) from 4b8362f9777debd21c47154e786b7017fbf847f7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit d78667c88515aa4fffc49b44c00f470f7d25bd4d Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 23:10:34 2008 +0200 re-run make idl after adding idl for idl for Primary:Kerberos-Newer-Keys Michael commit 5db983d1538453f0ba35d67a099396a18c7ab736 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jul 22 12:28:07 2008 +0200 drsblobs.idl: add idl for Primary:Kerberos-Newer-Keys blob in supplementalCredentials metze (cherry picked from commit 97b7901afbccc9647ad2958d4cf12300de2655d1) commit a5de166833631dbc8450277d180c69086deacd4b Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 23:06:30 2008 +0200 re-run make idl after fixing unknowns in package_PrimaryKerberos (drsblobs.idl) Michael commit 5459745369092a4d48fee18fb1be53f195405370 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 08:53:34 2008 +0200 drsblobs.idl: fix unknowns in package_PrimaryKerberos idl metze (cherry picked from commit da9ceb2bf17f964334d9317829d40483e2c04b10) commit e33af40ad41816531c3189ef146f192a902d3229 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 23:02:09 2008 +0200 re-run make idl after fixing idl for supplementalCredentialsSubBlob. Michael commit 38aca9c11783daf30e19b4951451ec9a6b85cd30 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:06:32 2008 +0200 drsblobs.idl: fix idl for supplementalCredentialsSubBlob metze (cherry picked from commit 24c5b10136f6e640832193aaf9e6d7e865c288bc) commit 398702a818a0c292ab5b4f76be95168de83ffa25 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Jul 23 22:42:18 2008 +0200 re-run make idl after changing unknown1-reserved in drsblobs.idl Michael commit fb0379aede4665987679c2e1b5ae943f124804b6 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Wed Jul 23 13:53:03 2008 +0200 drsblobs.idl: rename unknown1 - reserved metze --- Summary of changes: source/librpc/gen_ndr/drsblobs.h | 68 - source/librpc/gen_ndr/ndr_drsblobs.c | 542 + source/librpc/gen_ndr/ndr_drsblobs.h | 20 +- source/librpc/idl/drsblobs.idl | 64 - 4 files changed, 605 insertions(+), 89 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/gen_ndr/drsblobs.h b/source/librpc/gen_ndr/drsblobs.h index e6df05f..c0db9e9 100644 --- a/source/librpc/gen_ndr/drsblobs.h +++ b/source/librpc/gen_ndr/drsblobs.h @@ -7,7 +7,7 @@ #ifndef _HEADER_drsblobs #define _HEADER_drsblobs -#define SUPPLEMENTAL_CREDENTIALS_PREFIX( P ) +#define SUPPLEMENTAL_CREDENTIALS_PREFIX( ) enum drsuapi_DsAttributeId; struct replPropertyMetaData1 { @@ -149,13 +149,25 @@ struct ldapControlDirSyncCookie { struct supplementalCredentialsPackage { uint16_t name_len;/* [value(2*strlen_m(name))] */ uint16_t data_len;/* [value(strlen(data))] */ - uint16_t unknown1; + uint16_t reserved; const char *name;/* [charset(UTF16)] */ const char *data;/* [charset(DOS)] */ }; +enum supplementalCredentialsSignature +#ifndef USE_UINT_ENUMS + { + SUPPLEMENTAL_CREDENTIALS_SIGNATURE=0x0050 +} +#else + { __donnot_use_enum_supplementalCredentialsSignature=0x7FFF} +#define SUPPLEMENTAL_CREDENTIALS_SIGNATURE ( 0x0050 ) +#endif +; + struct supplementalCredentialsSubBlob { const char *prefix;/* [value(SUPPLEMENTAL_CREDENTIALS_PREFIX),charset(UTF16)] */ + enum supplementalCredentialsSignature signature;/* [value(SUPPLEMENTAL_CREDENTIALS_SIGNATURE)] */ uint16_t num_packages; struct supplementalCredentialsPackage *packages; }/* [gensize] */; @@ -179,23 +191,25 @@ struct package_PrimaryKerberosString { }; struct package_PrimaryKerberosKey { + uint16_t reserved1;/* [value(0)] */ + uint16_t reserved2;/* [value(0)] */ + uint32_t reserved3;/* [value(0)] */ uint32_t keytype; uint32_t value_len;/* [value((value?value-length:0))] */ DATA_BLOB *value;/*
[SCM] CTDB repository - branch master updated - b1fed105ad780e89a128a611ef0bd659818eeebf
The branch, master has been updated via b1fed105ad780e89a128a611ef0bd659818eeebf (commit) via 8fed021d11160b137f4140ea02947347250e2959 (commit) via e8ef9891aa31c374921b23cc74e1eda1f8218bf0 (commit) from 0de79352c9b36c118e36905f08ebbe38ecbb957e (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit b1fed105ad780e89a128a611ef0bd659818eeebf Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Jul 23 15:36:23 2008 +1000 run the testparm commands in 50.samba in the background, only running in the foreground if something fails commit 8fed021d11160b137f4140ea02947347250e2959 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Jul 23 15:35:46 2008 +1000 allow for probing of directories without raising an error commit e8ef9891aa31c374921b23cc74e1eda1f8218bf0 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Jul 23 15:25:52 2008 +1000 fixed buffering in ctdb logging code to handle multiple lines correctly --- Summary of changes: config/events.d/50.samba | 96 +- config/functions | 25 +--- server/ctdb_logging.c| 39 ++- 3 files changed, 125 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/50.samba b/config/events.d/50.samba index 9aa21e2..498aa17 100755 --- a/config/events.d/50.samba +++ b/config/events.d/50.samba @@ -17,10 +17,81 @@ shift SAMBA_CLEANUP_PERIOD=10 } +# we keep a cached copy of smb.conf here +smbconf_cache=$CTDB_BASE/state/samba/smb.conf.cache + + +# +# update the smb.conf cache in the foreground +testparm_foreground_update() { +mkdir -p $CTDB_BASE/state/samba || exit 1 +testparm -s 2 /dev/null | egrep -v 'registry.shares.=|include.=' $smbconf_cache +} + +# +# update the smb.conf cache in the background +testparm_background_update() { +# if the cache doesn't exist, then update in the foreground +[ -f $smbconf_cache ] || { + testparm_foreground_update +} +# otherwise do a background update +( + tmpfile=${smbconf_cache}.$$ + testparm -s $tmpfile 2 /dev/null + # remember the pid of the teamparm process + pid=$! + # give it 10 seconds to run + timeleft=10 + while [ $timeleft -gt 0 ]; do + timeleft=$(($timeleft - 1)) + # see if the process still exists + kill -0 $pid /dev/null 21 || { + # it doesn't exist, grab its exit status + wait $pid + [ $? = 0 ] || { + echo 50.samba: smb.conf background update exited with status $? + rm -f ${tmpfile} + exit 1 + } + # put the new smb.conf contents in the cache (atomic rename) + # make sure we remove references to the registry while doing + # this to ensure that running testparm on the cache does + # not use the registry + egrep -v 'registry.shares.=|include.=' $tmpfile ${tmpfile}.2 + rm -f $tmpfile + mv -f ${tmpfile}.2 $smbconf_cache || { + echo 50.samba: failed to update background cache + rm -f ${tmpfile}.2 + exit 1 + } + exit 0 + } + # keep waiting for testparm to finish + sleep 1 + done + # it took more than 10 seconds - kill it off + rm -f ${tmpfile} + kill -9 $pid /dev/null 21 + echo 50.samba: timed out updating smbconf cache in background + exit 1 +) +} + +## +# show the testparm output using a cached smb.conf +# to avoid registry access +testparm_cat() { +[ -f $smbconf_cache ] || { + testparm_foreground_update +} +testparm -s $smbconf_cache $@ 2/dev/null +} + # function to see if ctdb manages winbind check_ctdb_manages_winbind() { [ -z $CTDB_MANAGES_WINBIND ] { -secmode=`testparm -s --parameter-name=security 2 /dev/null` +secmode=`testparm_cat --parameter-name=security` case $secmode in ADS|DOMAIN) CTDB_MANAGES_WINBIND=yes; @@ -108,21 +179,26 @@ case $cmd in touch $CTDB_BASE/state/samba/periodic_cleanup } - [ $CTDB_SAMBA_SKIP_CONF_CHECK != yes ] { - testparm -s 21 | egrep '^WARNING|^ERROR|^Unknown' { - echo ERROR: testparm shows smb.conf is not clean - exit 1 - } + testparm_background_update + + testparm_cat | egrep '^WARNING|^ERROR|^Unknown' { + testparm_foreground_update +
Build status as of Thu Jul 24 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-07-23 00:00:33.0 + +++ /home/build/master/cache/broken_results.txt 2008-07-24 00:00:09.0 + @@ -1,22 +1,22 @@ -Build status as of Wed Jul 23 00:00:03 2008 +Build status as of Thu Jul 24 00:00:02 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 8 0 +ccache 34 8 0 ctdb 0 0 0 distcc 1 0 0 -ldb 32 32 0 -libreplace 32 12 0 -lorikeet-heimdal 26 19 0 -pidl 18 17 0 -ppp 10 0 0 -rsync33 11 0 +ldb 34 33 0 +libreplace 33 12 0 +lorikeet-heimdal 27 20 0 +pidl 19 18 0 +ppp 11 0 0 +rsync34 11 0 samba-docs 0 0 0 -samba-gtk3 3 0 -samba_3_2_test 33 21 0 -samba_4_0_test 31 28 0 -smb-build31 5 0 -talloc 33 7 0 -tdb 33 14 0 +samba-gtk4 4 0 +samba_3_2_test 34 22 0 +samba_4_0_test 32 29 1 +smb-build32 5 0 +talloc 34 7 0 +tdb 34 14 0
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-141-gbbe895d
The branch, v4-0-test has been updated via bbe895db7144b192981fad9ab6bbd3ebacb8d299 (commit) via 39f9184ddf215f2b512319211c0a05702218ef87 (commit) from a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit bbe895db7144b192981fad9ab6bbd3ebacb8d299 Author: Anatoliy Atanasov [EMAIL PROTECTED] Date: Mon Jul 21 17:04:49 2008 +0300 dsdb_create_prefix_mapping() implementation checks for existing prefix maping in ldb. if one not found it creates a mapping for it and updates the prefixMap schema attribute in ldb. commit 39f9184ddf215f2b512319211c0a05702218ef87 Author: Anatoliy Atanasov [EMAIL PROTECTED] Date: Wed Jul 23 09:59:17 2008 +0300 Handle schema reloading request. The ldif for that operation looks like this: dn: changetype: Modify add: schemaUpdateNow schemaUpdateNow: 1 It uses the rootdse's object functional attribute schemaUpdateNow. In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID. In the partition module its dispatched to the schema_fsmo module. The request is processed in the schema_fsmo module by schema_fsmo_extended(). --- Summary of changes: source/dsdb/samdb/ldb_modules/partition.c | 49 + source/dsdb/samdb/ldb_modules/rootdse.c | 47 - source/dsdb/samdb/ldb_modules/schema_fsmo.c | 64 ++- source/dsdb/samdb/samdb.h |2 + source/dsdb/schema/schema_init.c| 293 +++ 5 files changed, 415 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source/dsdb/samdb/ldb_modules/partition.c b/source/dsdb/samdb/ldb_modules/partition.c index 22826e4..9285d6d 100644 --- a/source/dsdb/samdb/ldb_modules/partition.c +++ b/source/dsdb/samdb/ldb_modules/partition.c @@ -699,6 +699,50 @@ static int partition_extended_replicated_objects(struct ldb_module *module, stru return partition_replicate(module, req, ext-partition_dn); } +static int partition_extended_schema_update_now(struct ldb_module *module, struct ldb_request *req) +{ + struct dsdb_control_current_partition *partition; + struct partition_private_data *data; + struct ldb_dn *schema_dn; + struct partition_context *ac; + struct ldb_module *backend; + int ret; + + schema_dn = talloc_get_type(req-op.extended.data, struct ldb_dn); + if (!schema_dn) { + ldb_debug(module-ldb, LDB_DEBUG_FATAL, partition_extended: invalid extended data\n); + return LDB_ERR_PROTOCOL_ERROR; + } + + data = talloc_get_type(module-private_data, struct partition_private_data); + if (!data) { + return LDB_ERR_OPERATIONS_ERROR; + } + + partition = find_partition( data, schema_dn ); + if (!partition) { + return ldb_next_request(module, req); + } + + ac = partition_init_handle(req, module); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + backend = make_module_for_next_request(req, module-ldb, partition-module); + if (!backend) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + if (ret != LDB_SUCCESS) { + return ret; + } + + return ldb_next_request(backend, req); +} + + /* extended */ static int partition_extended(struct ldb_module *module, struct ldb_request *req) { @@ -708,6 +752,11 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req return partition_extended_replicated_objects(module, req); } + /* forward schemaUpdateNow operation to schema_fsmo module*/ + if (strcmp(req-op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) == 0) { + return partition_extended_schema_update_now( module, req ); + } + /* * as the extended operation has no dn * we need to send it to all partitions diff --git a/source/dsdb/samdb/ldb_modules/rootdse.c b/source/dsdb/samdb/ldb_modules/rootdse.c index 75f99a1..97491a2 100644 --- a/source/dsdb/samdb/ldb_modules/rootdse.c +++ b/source/dsdb/samdb/ldb_modules/rootdse.c @@ -391,9 +391,50 @@ static int rootdse_init(struct ldb_module *module) return ldb_next_init(module); } +static int rootdse_modify(struct ldb_module *module, struct ldb_request *req) +{ + struct ldb_result *ext_res; + int ret; + struct ldb_dn *schema_dn; + struct ldb_message_element *schemaUpdateNowAttr; + + /* + If dn is not we should let it pass through + */ +
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-147-g24309db
The branch, v4-0-test has been updated via 24309dbf4d9622fcfafa29ef98bc0459fdaa814b (commit) via 4f6646f06988b1fb8be9e0c8ae833bb9792184af (commit) via 4b3af09450cf33c6785a3d8fc68047f2e388 (commit) via 036f73d39a7ef882fd76afcd3c11eef483f6c308 (commit) via 341f64834e13cdbc7d4742a4652ae39b70a4231f (commit) via af7fb2e38ba27cf8058eb1cef1f96bbc7b19849f (commit) from bbe895db7144b192981fad9ab6bbd3ebacb8d299 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 24309dbf4d9622fcfafa29ef98bc0459fdaa814b Merge: 4f6646f06988b1fb8be9e0c8ae833bb9792184af bbe895db7144b192981fad9ab6bbd3ebacb8d299 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 14:26:30 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test commit 4f6646f06988b1fb8be9e0c8ae833bb9792184af Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 14:21:52 2008 +1000 we can't query the ACL on a new file till it exists! commit 4b3af09450cf33c6785a3d8fc68047f2e388 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 14:21:31 2008 +1000 initialise query_maximal_access here too commit 036f73d39a7ef882fd76afcd3c11eef483f6c308 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 14:20:02 2008 +1000 make sure we initialise query_maximal_access commit 341f64834e13cdbc7d4742a4652ae39b70a4231f Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 14:19:49 2008 +1000 fixed spelling error commit af7fb2e38ba27cf8058eb1cef1f96bbc7b19849f Author: Andrew Tridgell [EMAIL PROTECTED] Date: Thu Jul 24 11:48:27 2008 +1000 fixd a bug in the signal handling code - we could get phantom signals (signum 64) --- Summary of changes: source/lib/events/events_signal.c | 10 +- source/ntvfs/posix/pvfs_open.c| 12 ++-- source/ntvfs/posix/xattr_system.c |2 +- source/smb_server/smb/nttrans.c |1 + source/smb_server/smb/reply.c |1 + 5 files changed, 14 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/events/events_signal.c b/source/lib/events/events_signal.c index 80a14ac..652df53 100644 --- a/source/lib/events/events_signal.c +++ b/source/lib/events/events_signal.c @@ -46,15 +46,15 @@ struct sigcounter { the poor design of signals means that this table must be static global */ static struct sig_state { - struct signal_event *sig_handlers[NUM_SIGNALS]; - struct sigaction *oldact[NUM_SIGNALS]; - struct sigcounter signal_count[NUM_SIGNALS]; + struct signal_event *sig_handlers[NUM_SIGNALS+1]; + struct sigaction *oldact[NUM_SIGNALS+1]; + struct sigcounter signal_count[NUM_SIGNALS+1]; struct sigcounter got_signal; int pipe_hack[2]; #ifdef SA_SIGINFO /* with SA_SIGINFO we get quite a lot of info per signal */ - siginfo_t *sig_info[NUM_SIGNALS]; - struct sigcounter sig_blocked[NUM_SIGNALS]; + siginfo_t *sig_info[NUM_SIGNALS+1]; + struct sigcounter sig_blocked[NUM_SIGNALS+1]; #endif } *sig_state; diff --git a/source/ntvfs/posix/pvfs_open.c b/source/ntvfs/posix/pvfs_open.c index 01a249c..6114b20 100644 --- a/source/ntvfs/posix/pvfs_open.c +++ b/source/ntvfs/posix/pvfs_open.c @@ -631,12 +631,6 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, status = pvfs_access_check_create(pvfs, req, name, access_mask); NT_STATUS_NOT_OK_RETURN(status); - if (io-generic.in.query_maximal_access) { - status = pvfs_access_maximal_allowed(pvfs, req, name, - io-generic.out.maximal_access); - NT_STATUS_NOT_OK_RETURN(status); - } - /* check that the parent isn't opened with delete on close set */ status = pvfs_resolve_parent(pvfs, req, name, parent); if (NT_STATUS_IS_OK(status)) { @@ -707,6 +701,12 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, goto cleanup_delete; } + if (io-generic.in.query_maximal_access) { + status = pvfs_access_maximal_allowed(pvfs, req, name, + io-generic.out.maximal_access); + NT_STATUS_NOT_OK_RETURN(status); + } + /* form the lock context used for byte range locking and opendb locking */ status = pvfs_locking_key(name, f-handle, f-handle-odb_locking_key); diff --git a/source/ntvfs/posix/xattr_system.c b/source/ntvfs/posix/xattr_system.c index 7283d71..9a89f2a 100644 --- a/source/ntvfs/posix/xattr_system.c +++ b/source/ntvfs/posix/xattr_system.c @@ -74,7 +74,7 @@ again: return NT_STATUS_NOT_FOUND; } else { -