[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Fri Jun 15 03:11:02 MDT 2012


The branch, master has been updated
       via  9afd4be s3-build: Do not write loadparm generated files into the build tree
       via  8e31d97 s3-lib: Convert lib/events.c to modern tevent names
       via  bf3235f docs: document new server role values
       via  60b6348 s3-auth: rework default auth methods around the lp_server_role() parameter
       via  67bdf4f lib/param: Use server role = 'standalone server' to be consistant with member server
       via  11db5b1 lib/param: make security=domain and security=ads conflict with being a DC
       via  b8815dc lib/param: Create a seperate server role for "active directory domain controller"
       via  b9a75d8 s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth module list
       via  5df459a s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
       via  9b3cf96 s3-auth: Fix system token generation not to dereference pointer as an integer
       via  f0c5800 s3-auth: Give the SYSTEM token all privileges
      from  8cca7b0 s3:smb2_server: remember the request_time on an incoming request

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9afd4be688429d7bb344087cb3eda876f18e19f9
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Jun 15 12:34:28 2012 +1000

    s3-build: Do not write loadparm generated files into the build tree
    
    We need to keep these files away from where waf might see them.
    
    Andrew Bartlett
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Fri Jun 15 11:10:14 CEST 2012 on sn-devel-104

commit 8e31d97c8b62d34aff5d52bfe46dbcc5805dae03
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jun 11 14:53:20 2012 +1000

    s3-lib: Convert lib/events.c to modern tevent names

commit bf3235f8c6159e238226bef59f39c46ecc6888d8
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jun 11 11:40:17 2012 +1000

    docs: document new server role values

commit 60b63482441deee2d6db523bd295caf21af187ad
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jun 11 10:51:47 2012 +1000

    s3-auth: rework default auth methods around the lp_server_role() parameter
    
    To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER
    is mapped to the samba4 auth module, and this is no longer required to
    be specified in fileserver.conf.
    
    Andrew Bartlett

commit 67bdf4fa11f097144a831b51c424bdac3618a927
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jun 11 10:50:08 2012 +1000

    lib/param: Use server role = 'standalone server' to be consistant with member server
    
    standalne is left as an alias.
    
    Andrew Bartlett

commit 11db5b1f3321b3d5b73bb16f4030111c9a35fbbe
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jun 11 10:40:32 2012 +1000

    lib/param: make security=domain and security=ads conflict with being a DC
    
    This simplifies our supported configurations down to those that we test and expect
    to work.  security=domain and domain logons = yes has never made much sense, and
    security=ads and domain logons = yes was only ever used in early experiments for
    our AD support using smbd.
    
    The correct way to be an AD DC is to set "server role = active directory domain controller"
    
    Andrew Bartlett

commit b8815dc23d36468cce9b615335ed62f119eb8f35
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jun 10 22:08:20 2012 +1000

    lib/param: Create a seperate server role for "active directory domain controller"
    
    This will allow us to detect from the smb.conf if this is a Samba4 AD
    DC which will allow smarter handling of (for example) accidentially
    starting smbd rather than samba.
    
    To cope with upgrades from existing Samba4 installs, 'domain
    controller' is a synonym of 'active directory domain controller' and
    new parameters 'classic primary domain controller' and 'classic backup
    domain controller' are added.
    
    Andrew Bartlett

commit b9a75d8438470065633c1ff69c653eaa799d5718
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sun Jun 10 16:05:58 2012 +1000

    s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth module list

commit 5df459aed7f9f85a9eb15a16b1ad5a8bbdd1df5a
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jun 14 09:35:10 2012 +1000

    s3-auth: Fix system info3 return to be just SID_NT_SYSTEM
    
    The SID for the SYSTEM token should be a fixed value, and not the
    administrator.  Note however that it will be replaced by the SID of
    sec_initial_uid() by the create_local_token() code.  Fixing this
    requires fixes the other parts of the code that cannot cope with a
    token of just SID_NT_SYSTEM.
    
    Andrew Bartlett

commit 9b3cf96fb042429eaf79ede426e406ea1fa32079
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Thu Jun 14 09:30:37 2012 +1000

    s3-auth: Fix system token generation not to dereference pointer as an integer
    
    This continues on from commit caaebb455cf955f66c2f662c53998c480cb2d6c9
    which is marked as being part of bug #8944, ldapsam:trusted and ipasam
    and an additional fix for bug #8567
    (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9).
    
    The problem here was that the primary_gid was simply the pointer result
    of dom_sid_parse_talloc() cast to a uint32_t (found by the IRIX cc on
    the build farm).
    
    Andrew Bartlett

commit f0c58007588f1e6346f378a13c9d881c25eabbd8
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri Jun 15 09:14:26 2012 +1000

    s3-auth: Give the SYSTEM token all privileges

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                         |   12 +++---
 dfs_server/dfs_server_ad.c                         |    6 ++--
 docs-xml/smbdotconf/security/serverrole.xml        |   26 ++++++++++++-
 file_server/file_server.c                          |    1 -
 lib/param/loadparm.c                               |    6 ++--
 lib/param/loadparm_server_role.c                   |   22 ++---------
 lib/param/param.h                                  |    2 +-
 lib/param/param_enums.c                            |   10 +++--
 lib/param/util.c                                   |    1 +
 libds/common/roles.h                               |   10 ++----
 source3/Makefile.in                                |   26 +++++++-------
 source3/auth/auth.c                                |   39 ++++++++++----------
 source3/auth/auth_util.c                           |   32 +++++++++++------
 source3/autoconf/lib/param/README                  |    3 ++
 source3/autoconf/source3/param/README              |    3 ++
 source3/autogen.sh                                 |   10 +++---
 source3/include/smb_macros.h                       |    2 +-
 source3/lib/events.c                               |   28 +++++++-------
 source4/auth/ntlm/auth.c                           |    1 +
 source4/auth/ntlm/auth_sam.c                       |    2 +-
 source4/cldap_server/cldap_server.c                |    2 +-
 source4/dns_server/dns_server.c                    |    2 +-
 source4/dsdb/dns/dns_update.c                      |    2 +-
 source4/dsdb/kcc/kcc_service.c                     |    2 +-
 source4/dsdb/repl/drepl_service.c                  |    2 +-
 source4/echo_server/echo_server.c                  |    2 +-
 source4/kdc/kdc.c                                  |    6 +++-
 source4/ldap_server/ldap_server.c                  |    2 +-
 source4/nbt_server/dgram/netlogon.c                |    2 +-
 source4/nbt_server/register.c                      |    2 +-
 source4/param/tests/loadparm.c                     |    2 +-
 source4/rpc_server/backupkey/dcesrv_backupkey.c    |    2 +-
 source4/rpc_server/common/server_info.c            |    2 +-
 source4/rpc_server/lsa/dcesrv_lsa.c                |    4 +-
 source4/rpc_server/samr/dcesrv_samr.c              |    8 ++--
 .../scripting/python/samba/provision/__init__.py   |   34 +++++++++--------
 source4/scripting/python/samba/tests/provision.py  |    7 +++-
 source4/smb_server/smb/signing.c                   |    2 +-
 source4/smb_server/smb2/negprot.c                  |    2 +-
 source4/smbd/server.c                              |    2 +-
 source4/winbind/wb_init_domain.c                   |    2 +-
 source4/winbind/wb_server.c                        |    7 +++-
 wscript_build                                      |    2 +-
 43 files changed, 189 insertions(+), 153 deletions(-)
 create mode 100644 source3/autoconf/lib/param/README
 create mode 100644 source3/autoconf/source3/param/README


Changeset truncated at 500 lines:

diff --git a/.gitignore b/.gitignore
index b18a6d1..7f2c590 100644
--- a/.gitignore
+++ b/.gitignore
@@ -90,13 +90,13 @@ source3/script/installbin.sh
 source3/script/uninstallbin.sh
 source3/smbadduser
 source3/smbd/build_options.c
-source3/param/param_global.h
-source3/param/param_local.h
+source3/autoconf/source3/param/param_global.h
+source3/autoconf/source3/param/param_local.h
 source3/setup
-lib/param/param_global.h
-lib/param/param_local.h
-lib/param/param_proto.h
-lib/param/s3_param.h
+source3/autoconf/lib/param/param_global.h
+source3/autoconf/lib/param/param_local.h
+source3/autoconf/lib/param/param_proto.h
+source3/autoconf/lib/param/s3_param.h
 pidl/blib
 pidl/cover_db
 pidl/Makefile
diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index b7004c5..6b71f70 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -447,7 +447,7 @@ static NTSTATUS dodomain_referral(struct loadparm_context *lp_ctx,
 	/* In the future this needs to be fetched from the ldb */
 	uint32_t found_domain = 2;
 
-	if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+	if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
 		DEBUG(10 ,("Received a domain referral request on a non DC\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -529,7 +529,7 @@ static NTSTATUS dodc_referral(struct loadparm_context *lp_ctx,
 	struct dfs_referral_type *referrals;
 	const char *referral_str;
 
-	if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+	if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
@@ -640,7 +640,7 @@ static NTSTATUS dosysvol_referral(struct loadparm_context *lp_ctx,
 	NTSTATUS status;
 	struct dfs_referral_type *referrals;
 
-	if (lpcfg_server_role(lp_ctx) != ROLE_DOMAIN_CONTROLLER) {
+	if (lpcfg_server_role(lp_ctx) != ROLE_ACTIVE_DIRECTORY_DC) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml
index e4e65c2..005b6e9 100644
--- a/docs-xml/smbdotconf/security/serverrole.xml
+++ b/docs-xml/smbdotconf/security/serverrole.xml
@@ -51,9 +51,31 @@
     exist as well as the account on the Domain Controller to allow 
     Samba to have a valid UNIX account to map file access to.  Winbind can provide this.</para>
 
-    <para><anchor id="DC"/><emphasis>SERVER ROLE = DOMAIN CONTROLLER</emphasis></para>
+    <para><anchor id="PDC"/><emphasis>SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER</emphasis></para>
 
-    <para>This mode of operation runs Samba as a domain controller, providing domain logon services to Windows and Samba clients of the domain.  Clients must be joined to the domain to create a secure, trusted path across the network.</para>
+    <para>This mode of operation runs a classic Samba primary domain
+    controller, providing domain logon services to Windows and Samba
+    clients of an NT4-like domain.  Clients must be joined to the domain to
+    create a secure, trusted path across the network.  There must be
+    only one PDC per NetBIOS scope (typcially a broadcast network or
+    clients served by a single WINS server).</para>
+
+    <para><anchor id="BDC"/><emphasis>SERVER ROLE = NETBIOS BACKUP DOMAIN CONTROLLER</emphasis></para>
+
+    <para>This mode of operation runs a classic Samba backup domain
+    controller, providing domain logon services to Windows and Samba
+    clients of an NT4-like domain.  As a BDC, this allows
+    multiple Samba servers to provide rudundent logon services to a
+    single NetBIOS scope.</para>
+
+    <para><anchor id="AD-DC"/><emphasis>SERVER ROLE = ACTIVE DIRECTORY DOMAIN CONTROLLER</emphasis></para>
+
+    <para>This mode of operation runs Samba as an active directory
+    domain controller, providing domain logon services to Windows and
+    Samba clients of the domain.  This role requires special
+    configuration, see the <ulink
+    url="http://wiki.samba.org/index.php/Samba4/HOWTO">Samba4
+    HOWTO</ulink></para>
 
 </description>
 
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 9f43ebb..46969f3 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -49,7 +49,6 @@ static const char *generate_smb_conf(struct task_server *task)
 	}
 
 	fdprintf(fd, "# auto-generated config for fileserver\n");
-	fdprintf(fd, "auth methods = samba4\n");
 	fdprintf(fd, "passdb backend = samba4\n");
         fdprintf(fd, "rpc_server:default = external\n");
 	fdprintf(fd, "rpc_server:svcctl = embedded\n");
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 520fc94..5749c34 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -62,7 +62,7 @@
 #include "lib/param/param.h"
 #include "lib/param/loadparm.h"
 #include "auth/gensec/gensec.h"
-#include "s3_param.h"
+#include "lib/param/s3_param.h"
 #include "lib/util/bitmap.h"
 #include "libcli/smb/smb_constants.h"
 #include "source4/dns_server/dns_update.h"
@@ -88,7 +88,7 @@ static bool defaults_saved = false;
 	int domain_logons;						\
 	int bPreferredMaster;
 
-#include "param_global.h"
+#include "lib/param/param_global.h"
 
 #define NUMPARAMETERS (sizeof(parm_table) / sizeof(struct parm_struct))
 
@@ -105,7 +105,7 @@ static bool handle_debuglevel(struct loadparm_context *lp_ctx, int unused,
 static bool handle_logfile(struct loadparm_context *lp_ctx, int unused,
 			   const char *pszParmValue, char **ptr);
 
-#include "param_enums.c"
+#include "lib/param/param_enums.c"
 
 #define GLOBAL_VAR(name) offsetof(struct loadparm_global, name)
 #define LOCAL_VAR(name) offsetof(struct loadparm_service, name)
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 5a1f498..c088343 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -41,6 +41,7 @@ static const struct srv_role_tab {
 	{ ROLE_DOMAIN_MEMBER, "ROLE_DOMAIN_MEMBER" },
 	{ ROLE_DOMAIN_BDC, "ROLE_DOMAIN_BDC" },
 	{ ROLE_DOMAIN_PDC, "ROLE_DOMAIN_PDC" },
+	{ ROLE_ACTIVE_DIRECTORY_DC, "ROLE_ACTIVE_DIRECTORY_DC" },
 	{ 0, NULL }
 };
 
@@ -74,18 +75,7 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
 
 	switch (security) {
 		case SEC_DOMAIN:
-			if (domain_logons) {
-				DEBUG(1, ("Server's Role (logon server) NOT ADVISED with domain-level security\n"));
-				role = ROLE_DOMAIN_BDC;
-				break;
-			}
-			role = ROLE_DOMAIN_MEMBER;
-			break;
 		case SEC_ADS:
-			if (domain_logons) {
-				role = ROLE_DOMAIN_CONTROLLER;
-				break;
-			}
 			role = ROLE_DOMAIN_MEMBER;
 			break;
 		case SEC_AUTO:
@@ -144,21 +134,17 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
 	case ROLE_AUTO:
 		valid = true;
 		break;
-	case ROLE_STANDALONE:
-		if (security == SEC_USER) {
-			valid = true;
-		}
-		break;
-
 	case ROLE_DOMAIN_MEMBER:
 		if (security == SEC_ADS || security == SEC_DOMAIN) {
 			valid = true;
 		}
 		break;
 
+	case ROLE_STANDALONE:
 	case ROLE_DOMAIN_PDC:
 	case ROLE_DOMAIN_BDC:
-		if (security == SEC_USER || security == SEC_ADS || security == SEC_DOMAIN) {
+	case ROLE_ACTIVE_DIRECTORY_DC:
+		if (security == SEC_USER) {
 			valid = true;
 		}
 		break;
diff --git a/lib/param/param.h b/lib/param/param.h
index 7842a84..d821fa3 100644
--- a/lib/param/param.h
+++ b/lib/param/param.h
@@ -48,7 +48,7 @@ struct smbcli_session_options;
 struct gensec_settings;
 
 #ifdef CONFIG_H_IS_FROM_SAMBA
-#include "param/param_proto.h"
+#include "lib/param/param_proto.h"
 #endif
 
 const char **lpcfg_interfaces(struct loadparm_context *);
diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c
index 5f4cd61..afcf2f0 100644
--- a/lib/param/param_enums.c
+++ b/lib/param/param_enums.c
@@ -75,13 +75,15 @@ static const struct enum_list enum_csc_policy[] = {
 /* Server role options */
 static const struct enum_list enum_server_role[] = {
 	{ROLE_AUTO, "auto"},
+	{ROLE_STANDALONE, "standalone server"},
 	{ROLE_STANDALONE, "standalone"},
 	{ROLE_DOMAIN_MEMBER, "member server"},
 	{ROLE_DOMAIN_MEMBER, "member"},
-	/* note that currently
-	   ROLE_DOMAIN_CONTROLLER == ROLE_DOMAIN_BDC */
-	{ROLE_DOMAIN_CONTROLLER, "domain controller"},
-	{ROLE_DOMAIN_CONTROLLER, "dc"},
+	{ROLE_DOMAIN_PDC, "classic primary domain controller"},
+	{ROLE_DOMAIN_BDC, "classic backup domain controller"},
+	{ROLE_ACTIVE_DIRECTORY_DC, "active directory domain controller"},
+	{ROLE_ACTIVE_DIRECTORY_DC, "domain controller"},
+	{ROLE_ACTIVE_DIRECTORY_DC, "dc"},
 	{-1, NULL}
 };
 
diff --git a/lib/param/util.c b/lib/param/util.c
index f60abb9..98894fc 100644
--- a/lib/param/util.c
+++ b/lib/param/util.c
@@ -260,6 +260,7 @@ const char *lpcfg_sam_name(struct loadparm_context *lp_ctx)
 	switch (lpcfg_server_role(lp_ctx)) {
 	case ROLE_DOMAIN_BDC:
 	case ROLE_DOMAIN_PDC:
+	case ROLE_ACTIVE_DIRECTORY_DC:
 		return lpcfg_workgroup(lp_ctx);
 	default:
 		return lpcfg_netbios_name(lp_ctx);
diff --git a/libds/common/roles.h b/libds/common/roles.h
index 9dc9a00..4772c8d 100644
--- a/libds/common/roles.h
+++ b/libds/common/roles.h
@@ -30,18 +30,14 @@ enum server_role {
 	ROLE_DOMAIN_MEMBER = 1,
 	ROLE_DOMAIN_BDC    = 2,
 	ROLE_DOMAIN_PDC    = 3,
+	
+	/* not in samr.idl */
+	ROLE_ACTIVE_DIRECTORY_DC = 4,
 
 	/* To determine the role automatically, this is not a valid role */
 	ROLE_AUTO          = 100
 };
 
-/* keep compatibility with the s4 'ROLE_DOMAIN_CONTROLLER' by mapping
- * it to ROLE_DOMAIN_BDC. The PDC/BDC split is really historical from
- * NT4 domains which were not multi-master, but even in AD there is
- * only one machine that has the PDC FSMO role in a domain.
-*/
-#define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC
-
 /* security levels for 'security =' option
 
                        --------------
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 9271baa..43dfb94 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -171,7 +171,7 @@ FLAGS = -I. \
 	-I$(srcdir)/lib \
 	-I.. \
 	-Iautoconf \
-	-Iautoconf/librpc \
+	-Iautoconf/source3 \
 	-I./../lib/ldb/include \
 	-D_SAMBA_BUILD_=3
 
@@ -1679,18 +1679,18 @@ idl_full::
 	@PIDL_OUTPUTDIR="autoconf/librpc/gen_ndr" PIDL_ARGS="$(PIDL_ARGS)" CPP="$(CPP)" PIDL="../pidl/pidl" \
 	 srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh --full $(IDL_FILES)
 
-mkparam: ../lib/param/param_local.h ../lib/param/param_global.h param/param_global.h ../lib/param/param_proto.h ../lib/param/s3_param.h
-
-../lib/param/param_local.h:
-	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c --file ../lib/param/param_local.h --generate-scope=LOCAL
-../lib/param/param_global.h:
-	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --file ../lib/param/param_global.h --generate-scope=GLOBAL
-param/param_global.h:
-	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/param/loadparm.c --file param/param_global.h --generate-scope=GLOBAL
-../lib/param/param_proto.h:
-	 $(PERL) ../source4/script/mkproto.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --public ../lib/param/param_proto.h  --private ../lib/param/param_proto.h
-../lib/param/s3_param.h:
-	 $(PERL) ../script/mks3param.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --file ../lib/param/s3_param.h
+mkparam: autoconf/lib/param/param_local.h autoconf/lib/param/param_global.h autoconf/source3/param/param_global.h autoconf/lib/param/param_proto.h autoconf/lib/param/s3_param.h
+
+autoconf/lib/param/param_local.h:
+	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c --file autoconf/lib/param/param_local.h --generate-scope=LOCAL
+autoconf/lib/param/param_global.h:
+	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --file autoconf/lib/param/param_global.h --generate-scope=GLOBAL
+autoconf/source3/param/param_global.h:
+	 $(PERL) ../script/mkparamdefs.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/param/loadparm.c --file autoconf/source3/param/param_global.h --generate-scope=GLOBAL
+autoconf/lib/param/param_proto.h:
+	 $(PERL) ../source4/script/mkproto.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --public autoconf/lib/param/param_proto.h  --private autoconf/lib/param/param_proto.h
+autoconf/lib/param/s3_param.h:
+	 $(PERL) ../script/mks3param.pl $(srcdir)/../lib/param/param_functions.c $(srcdir)/../lib/param/loadparm.c --file autoconf/lib/param/s3_param.h
 
 
 #####################################################################
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index c442a53..6713193 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -486,38 +486,39 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
 	}
 
 	if (auth_method_list == NULL) {
-		switch (lp_security()) 
+		switch (lp_server_role()) 
 		{
-		case SEC_DOMAIN:
-			DEBUG(5,("Making default auth method list for security=domain\n"));
+		case ROLE_DOMAIN_MEMBER:
+			DEBUG(5,("Making default auth method list for server role = 'domain member'\n"));
 			auth_method_list = str_list_make_v3(
 				talloc_tos(), "guest sam winbind:ntdomain",
 				NULL);
 			break;
-		case SEC_USER:
-			if (lp_encrypted_passwords()) {	
-				if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
-					DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
-					auth_method_list = str_list_make_v3(
-						talloc_tos(),
-						"guest sam winbind:trustdomain",
-						NULL);
-				} else {
-					DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
-					auth_method_list = str_list_make_v3(
+		case ROLE_DOMAIN_BDC:
+		case ROLE_DOMAIN_PDC:
+			DEBUG(5,("Making default auth method list for DC\n"));
+			auth_method_list = str_list_make_v3(
+				talloc_tos(),
+				"guest sam winbind:trustdomain",
+				NULL);
+			break;
+		case ROLE_STANDALONE:
+			DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = yes\n"));
+			if (lp_encrypted_passwords()) {
+				auth_method_list = str_list_make_v3(
 						talloc_tos(), "guest sam",
 						NULL);
-				}
 			} else {
-				DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
+				DEBUG(5,("Making default auth method list for server role = 'standalone server', encrypt passwords = no\n"));
 				auth_method_list = str_list_make_v3(
 					talloc_tos(), "guest unix", NULL);
 			}
 			break;
-		case SEC_ADS:
-			DEBUG(5,("Making default auth method list for security=ADS\n"));
+		case ROLE_ACTIVE_DIRECTORY_DC:
+			DEBUG(5,("Making default auth method list for server role = 'active directory domain controller'\n"));
 			auth_method_list = str_list_make_v3(
-				talloc_tos(), "guest sam winbind:ntdomain",
+				talloc_tos(),
+				"samba4",
 				NULL);
 			break;
 		default:
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index f270ccd..eb5961d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -775,7 +775,8 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
 				 struct passwd *pwd,
 				 struct netr_SamInfo3 *info3)
 {
-	struct dom_sid domain_sid;
+	NTSTATUS status;
+	struct dom_sid *system_sid;
 	const char *tmp;
 
 	/* Set account name */
@@ -792,19 +793,24 @@ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
 	}
 	init_lsa_StringLarge(&info3->base.logon_domain, tmp);
 
-	/* Domain sid */
-	sid_copy(&domain_sid, get_global_sam_sid());
 
-	info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid);
-	if (info3->base.domain_sid == NULL) {
+	/* The SID set here will be overwirtten anyway, but try and make it SID_NT_SYSTEM anyway */
+	/* Domain sid is NT_AUTHORITY */
+	
+	system_sid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
+	if (system_sid == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
-
-	/* Admin rid */
-	info3->base.rid = DOMAIN_RID_ADMINISTRATOR;
-
-	/* Primary gid */
-	info3->base.primary_gid = dom_sid_parse_talloc(mem_ctx, SID_NT_SYSTEM);
+	
+	status = dom_sid_split_rid(mem_ctx, system_sid, &info3->base.domain_sid, 
+				   &info3->base.rid);
+	TALLOC_FREE(system_sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+	
+	/* Primary gid is the same */
+	info3->base.primary_gid = info3->base.rid;
 
 	return NT_STATUS_OK;
 }
@@ -982,6 +988,10 @@ static NTSTATUS make_system_session_info_from_pw(TALLOC_CTX *mem_ctx,
 	}
 
 	talloc_free(server_info);
+
+	/* SYSTEM has all privilages */
+	(*session_info)->security_token->privilege_mask = ~0;
+	
 	talloc_steal(mem_ctx, *session_info);
 
 	status = NT_STATUS_OK;
diff --git a/source3/autoconf/lib/param/README b/source3/autoconf/lib/param/README
new file mode 100644
index 0000000..2d7cf01
--- /dev/null
+++ b/source3/autoconf/lib/param/README
@@ -0,0 +1,3 @@
+This file denoates the output location of perl-generated files that we need for loadparm.
+
+To ensure no conflict between waf and autoconf, we generate the files here.
\ No newline at end of file
diff --git a/source3/autoconf/source3/param/README b/source3/autoconf/source3/param/README
new file mode 100644
index 0000000..2d7cf01
--- /dev/null
+++ b/source3/autoconf/source3/param/README
@@ -0,0 +1,3 @@
+This file denoates the output location of perl-generated files that we need for loadparm.
+
+To ensure no conflict between waf and autoconf, we generate the files here.
\ No newline at end of file
diff --git a/source3/autogen.sh b/source3/autogen.sh
index 15689e0..bd0d99d 100755
--- a/source3/autogen.sh
+++ b/source3/autogen.sh
@@ -95,11 +95,11 @@ else
    echo "some autconf tests might not work properly"
 fi
 
-perl ../script/mkparamdefs.pl ../lib/param/param_functions.c --file ../lib/param/param_local.h --generate-scope=LOCAL
-perl ../script/mkparamdefs.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --file ../lib/param/param_global.h --generate-scope=GLOBAL
-perl ../script/mkparamdefs.pl param/loadparm.c ../lib/param/param_functions.c --file param/param_global.h --generate-scope=GLOBAL
-perl ../source4/script/mkproto.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --public ../lib/param/param_proto.h  --private ../lib/param/param_proto.h
-perl ../script/mks3param.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --file ../lib/param/s3_param.h
+perl ../script/mkparamdefs.pl ../lib/param/param_functions.c --file autoconf/lib/param/param_local.h --generate-scope=LOCAL
+perl ../script/mkparamdefs.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --file autoconf/lib/param/param_global.h --generate-scope=GLOBAL
+perl ../script/mkparamdefs.pl param/loadparm.c ../lib/param/param_functions.c --file autoconf/source3/param/param_global.h --generate-scope=GLOBAL
+perl ../source4/script/mkproto.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --public autoconf/lib/param/param_proto.h  --private ../lib/param/param_proto.h
+perl ../script/mks3param.pl ../lib/param/loadparm.c ../lib/param/param_functions.c --file autoconf/lib/param/s3_param.h
 
 echo "Now run ./configure (or ./configure.developer) and then make."
 exit 0
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 048e560..73f8fb3 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -190,7 +190,7 @@ copy an IP address from one buffer to another
  Check to see if we are a DC for this domain
 *****************************************************************************/
 
-#define IS_DC  (lp_server_role()==ROLE_DOMAIN_PDC || lp_server_role()==ROLE_DOMAIN_BDC) 
+#define IS_DC  (lp_server_role()==ROLE_DOMAIN_PDC || lp_server_role()==ROLE_DOMAIN_BDC || lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) 
 
 /*
  * If you add any entries to KERBEROS_VERIFY defines, please modify the below expressions
diff --git a/source3/lib/events.c b/source3/lib/events.c
index c71876c..64ea3ad 100644
--- a/source3/lib/events.c
+++ b/source3/lib/events.c
@@ -59,7 +59,7 @@ static void count_fds(struct tevent_context *ev,
 	int max_fd = 0;
 
 	for (fde = ev->fd_events; fde != NULL; fde = fde->next) {
-		if (fde->flags & (EVENT_FD_READ|EVENT_FD_WRITE)) {
+		if (fde->flags & (TEVENT_FD_READ|TEVENT_FD_WRITE)) {
 			num_fds += 1;
 			if (fde->fd > max_fd) {


-- 
Samba Shared Repository


More information about the samba-cvs mailing list