[SCM] Samba Shared Repository - branch v4-1-test updated
Karolin Seeger
kseeger at samba.org
Fri Sep 27 11:29:06 CEST 2013
The branch, v4-1-test has been updated
via 74cac5c dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs
via 2c98a54 dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
via 2c4f2c5 pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
via c3e5353 pydsdb: Give KeyError when we fail a schema lookup in python
via f0e374f dbcheck: Ensure to always increase the error_count
via e7eb397 selftst: add tests based on 4.1.0rc3 to check for zero invocationID in replPropertyMetaData
via 2fdacdd selftest: Add release-4-1-0rc3 saved provision
via bdab150 selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
via 476e03e selftest: Add script to assist in writing out a tree undump.sh can restore
via 3f2907f dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
via 80c3c30 dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
via f5c378e smb.conf: Fill out the ntvfs handler smb.conf page from source4/NEWS
via bb4d9a2 Remove NEWS file containing confusing information
via ee8a3ed Remove confusing TODO file
via 39efc6f dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
via b5b15ff dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
via 5c63561 dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
via 66f843e dsdb: Refuse to return an all-zero invocationID
via 8158673 dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
via 4ef85c7 python/drs: Ensure to pass in the local invocationID during the domain join
from b5866b1 WHATSNEW: Add changes since 4.1.0rc3.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test
- Log -----------------------------------------------------------------
commit 74cac5c5ac4f2a6e89353fd79f15ea31e8e2b1c3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 24 10:18:36 2013 -0700
dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Note that this doesn't fix the userParameters problem
completely, but it doesn't truncate the userParameters value
anymore.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Sep 26 22:05:12 CEST 2013 on sn-devel-104
(cherry picked from commit 89200c227f36a063612eb38927ac8dee18e044d5)
Autobuild-User(v4-1-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-1-test): Fri Sep 27 11:28:09 CEST 2013 on sn-devel-104
commit 2c98a5408ca44847badbea2e96e57ef518ee0d63
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 19:26:50 2013 -0700
dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
This is the final part of the fix for the issue in Samba 4.1
pre-release tree where we would wrongly delete the Deleted Objects
container during a join.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
(cherry picked from commit f4ff81f5797c5dd8f562aec2cfec789272e739fd)
The last 19 patches address bug #10157 - Regression causes replication failure
with Windows 2008R2 and deletes Deleted Objects.
commit 2c4f2c598f1bf5cedfe55e0b173bb88236da305f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 19:26:10 2013 -0700
pydsdb: Raise a more useful exception when dsdb_wellknown_dn fails.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d787f7af4979ed80aad07db928d1ae84eaaef35a)
commit c3e535362f6ad3c6940c96b061dd00d52d7bfb76
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 17:45:01 2013 -0700
pydsdb: Give KeyError when we fail a schema lookup in python
This allows sensible exception handling.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 51101b310adedb4eeb4c4382e631594ffa679ff2)
commit f0e374f6aa6cbdc0bec3c2af0edc92f3c56c35e6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Sep 22 17:07:22 2013 -0700
dbcheck: Ensure to always increase the error_count
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit bcd535e95c5e8f83f6b30264ab1f0de3c6ac2cda)
commit e7eb397013fcf11dfd5e44a2e247012556733b2d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 22:06:54 2013 -0700
selftst: add tests based on 4.1.0rc3 to check for zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Sep 23 01:29:10 CEST 2013 on sn-devel-104
(cherry picked from commit a3f25f25113d83a605638fa2806014ad9972f919)
commit 2fdacdd09a692a3dc8a22b77c2e6217be790bcd2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 22:52:01 2013 -0700
selftest: Add release-4-1-0rc3 saved provision
This version has the regression where we would, on join, write an
all-zero invocationID in the replPropertyMetaData attribute, on
Deleted Objects in particular.
To demonstrate this regression, this is based on the promoted_dc
environment from make test, with the domain altered to match the
pattern used in these trees.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 038a9a7c5ec964e5b42e1329eab0573e50a9d3b0)
commit bdab150a771836b79f999a40da0a9bc80c5edf01
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 23:36:46 2013 -0700
selftest: Only run referenceprovision and ldapcmp for the 4.0.0 test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 9c11ad25b211242cbe526f280688640658c4a365)
commit 476e03ebac0d1d7b969faab5c1fb49e844d6a9e9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 18:52:21 2013 -0700
selftest: Add script to assist in writing out a tree undump.sh can restore
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 9b8e174fe8cac61cfcfa1c76e8cab2450e4a0af5)
commit 3f2907f0eb947f2673b7c9fef5ef3de4154def20
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 18:03:43 2013 -0700
dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 9e1dde15f9d3a374747d163e37016b54f008bd9f)
commit 80c3c301a7c03a01550644b137b3595fc929de52
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 14:33:21 2013 -0700
dsdb: Refuse to replicate an all-zero invocationID GUID in replPropertyMetaData
This matches Windows 2008R2.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 25d4bafca7245e3f8291e5f0f304b1b4f8ce5600)
commit f5c378e16150efecd426382133cb5699a49de858
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 14:32:27 2013 -0700
smb.conf: Fill out the ntvfs handler smb.conf page from source4/NEWS
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 274b899095645550e263564ae4e03b4f0d6bdbea)
commit bb4d9a2892f7e00956c915decd39de9f593c1e02
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 14:31:31 2013 -0700
Remove NEWS file containing confusing information
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 334d83e4e7821b3f2ac54ef11f67aefaa564b00b)
commit ee8a3ed9b96d6848bc32fdc3cd83c52f4aba83ec
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 14:10:02 2013 -0700
Remove confusing TODO file
This makes no sense in the merged tree, and only confuses users.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8d9986a6e9cb8c633c57c84c4d6aefd21e181c40)
commit 39efc6f198adb25bffddd72470698499a9e81daf
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 21 13:55:00 2013 -0700
dsdb: Use WERR_DS_ATT_NOT_DEF_IN_SCHEMA for failed schema lookups
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 53c06d03a880319cf67a99250958cce16147f181)
commit b5b15ff9d5f66d776693920bd7bdcc8f0206f684
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 17 15:31:04 2013 -0700
dsdb-repl_meta_data: Make handling of Deleted Objects DN clearer in delete
This code no longer needs to handle not renaming Deleted Objects
during a re-delete, because it is no longer called in that case.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit aa07b5caf9ac13fc517c4c9d21f16ebff5415544)
commit 5c635611c0a194d6f683c9e8a5219b949a74dcf3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 17 15:28:32 2013 -0700
dsdb-repl_meta_data: Do not re-delete the Deleted Objects DN during replication
We need to ensure we do not re-delete the Deleted Objects DN during replication.
It itself not entirely a deleted object, but has isDeleted set.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit c42db8975f8f84ce576c97ad95ca59ba5170d596)
commit 66f843ec1fb6551de961d54c3d0364ef51a66432
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 17 15:20:48 2013 -0700
dsdb: Refuse to return an all-zero invocationID
This could cause an all-zero GUID to be entered into the
replPropertyMetaData, which will then fail to be replicated to other
DCs.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4022d8632cc092f4f43fae69cc3cfb58d0d000dd)
commit 815867367d2c1a75aef236ff1d9f1169b22828dd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Sep 17 15:31:51 2013 -0700
dsdb-repl_meta_data: Check for a NULL invocationID and do not proceed
This can happen if we do not find the invocationID, with later patches.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40f99625ee4447aa36c0fa5631ffa13b7003569f)
commit 4ef85c7bd9b94f14c03f07f521b53a8d3a26528b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Sep 18 14:27:26 2013 -0700
python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a623359fb8a54083b81436d14b7ba022c11efb18)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/vfs/ntvfshandler.xml | 13 +
python/samba/dbchecker.py | 135 +
python/samba/drs_utils.py | 8 +-
python/samba/join.py | 2 +-
python/samba/netcmd/drs.py | 4 +-
selftest/tests.py | 1 +
source4/NEWS | 496 -
source4/TODO | 276 -
source4/dsdb/common/util.c | 10 +
source4/dsdb/pydsdb.c | 26 +-
source4/dsdb/repl/replicated_objects.c | 9 +
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 27 +-
source4/dsdb/schema/schema_syntax.c | 58 +-
source4/libnet/py_net.c | 17 +-
source4/selftest/provisions/dump.sh | 48 +
.../release-4-1-0rc3/etc/smb.conf.template | 17 +
.../provisions/release-4-1-0rc3/private/dns.keytab | Bin 0 -> 1037 bytes
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump |29028 +++++++++++++
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump |43468 +++++++++++++++++++
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 928 +
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 488 +
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 12 +
.../private/dns/sam.ldb.d/metadata.tdb.dump | 8 +
.../release-4-1-0rc3/private/dns/sam.ldb.dump | 36 +
.../private/dns_update_list | 0
.../release-4-1-0rc3/private/hklm.ldb.dump | 80 +
.../release-4-1-0rc3/private/idmap.ldb.dump | 48 +
.../provisions/release-4-1-0rc3/private/named.conf | 18 +
.../release-4-1-0rc3/private/named.conf.update | 7 +
.../provisions/release-4-1-0rc3/private/named.txt | 45 +
.../release-4-1-0rc3/private/privilege.ldb.dump | 156 +
.../release-4-1-0rc3/private/randseed.tdb.dump | 0
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump |29104 +++++++++++++
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump |43812 ++++++++++++++++++++
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 928 +
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 488 +
...DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump | 6600 +++
.../private/sam.ldb.d/metadata.tdb.dump | 8 +
.../release-4-1-0rc3/private/sam.ldb.dump | 36 +
.../private/schannel_store.tdb.dump | 0
.../release-4-1-0rc3/private/secrets.keytab | Bin 0 -> 1482 bytes
.../release-4-1-0rc3/private/secrets.ldb.dump | 48 +
.../release-4-1-0rc3/private/secrets.tdb.dump | 16 +
.../release-4-1-0rc3/private/share.ldb.dump | 32 +
.../private/smbd.tmp/msg/names.tdb.dump | 52 +
.../private/spn_update_list | 0
.../release-4-1-0rc3/private/wins_config.ldb.dump | 4 +
testprogs/blackbox/dbcheck-oldrelease.sh | 18 +-
48 files changed, 155786 insertions(+), 829 deletions(-)
delete mode 100644 source4/NEWS
delete mode 100644 source4/TODO
create mode 100755 source4/selftest/provisions/dump.sh
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/etc/smb.conf.template
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns.keytab
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/CN%3DCONFIGURATION,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/DC%3DFORESTDNSZONES,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.d/metadata.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/dns/sam.ldb.dump
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-0rc3}/private/dns_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/hklm.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/idmap.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/named.conf
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/named.conf.update
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/named.txt
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/privilege.ldb.dump
copy buildtools/wafsamba/__init__.py => source4/selftest/provisions/release-4-1-0rc3/private/randseed.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/CN%3DCONFIGURATION,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/DC%3DFORESTDNSZONES,DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/DC%3DRELEASE-4-1-0RC3,DC%3DSAMBA,DC%3DCORP.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.d/metadata.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/sam.ldb.dump
copy buildtools/wafsamba/__init__.py => source4/selftest/provisions/release-4-1-0rc3/private/schannel_store.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/secrets.keytab
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/secrets.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/secrets.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/share.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/smbd.tmp/msg/names.tdb.dump
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-0rc3}/private/spn_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-0rc3/private/wins_config.ldb.dump
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/vfs/ntvfshandler.xml b/docs-xml/smbdotconf/vfs/ntvfshandler.xml
index aa3bce5..92b5c6d 100644
--- a/docs-xml/smbdotconf/vfs/ntvfshandler.xml
+++ b/docs-xml/smbdotconf/vfs/ntvfshandler.xml
@@ -6,6 +6,19 @@
<description>
<para>This specifies the NTVFS handlers for this share.</para>
+ <itemizedlist>
+ <listitem><para>posix: Maps POSIX FS semantics to NT semantics</para></listitem>
+ <listitem><para>unixuid: Sets up user credentials based on POSIX gid/uid.</para></listitem>
+ <listitem><para>cifs: Proxies a remote CIFS FS. Mainly useful for testing.</para></listitem>
+ <listitem><para>nbench: Filter module that saves data useful to the nbench benchmark suite.</para></listitem>
+ <listitem><para>ipc: Allows using SMB for inter process communication. Only used for the IPC$ share.</para></listitem>
+ <listitem><para>posix: Maps POSIX FS semantics to NT semantics</para></listitem>
+ <listitem><para>print: Allows printing over SMB. This is
+ LANMAN-style printing, not the be confused with the spoolss
+ DCE/RPC interface used by later versions of
+ Windows.</para></listitem>
+ </itemizedlist>
+
<para>Note that this option is only used when the NTVFS file server
is in use. It is not used with the (default)
s3fs file server.
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 8b175c2..4281e6b 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -18,6 +18,8 @@
#
import ldb
+import samba
+import time
from samba import dsdb
from samba import common
from samba.dcerpc import misc
@@ -59,6 +61,8 @@ class dbcheck(object):
self.seize_fsmo_role = False
self.move_to_lost_and_found = False
self.fix_instancetype = False
+ self.fix_replmetadata_zero_invocationid = False
+ self.fix_deleted_deleted_objects = False
self.reset_well_known_acls = reset_well_known_acls
self.reset_all_well_known_acls = False
self.in_transaction = in_transaction
@@ -97,6 +101,21 @@ class dbcheck(object):
else:
self.write_ncs = None
+ res = self.samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=['namingContexts'])
+ try:
+ ncs = res[0]["namingContexts"]
+ self.deleted_objects_containers = []
+ for nc in ncs:
+ try:
+ dn = self.samdb.get_wellknown_dn(ldb.Dn(self.samdb, nc),
+ dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER)
+ self.deleted_objects_containers.append(dn)
+ except KeyError:
+ pass
+ except KeyError:
+ pass
+ except IndexError:
+ pass
def check_database(self, DN=None, scope=ldb.SCOPE_SUBTREE, controls=[], attrs=['*']):
'''perform a database check, returning the number of errors found'''
@@ -816,6 +835,110 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
self.report("Fixed attribute '%s' of '%s'\n" % (sd_attr, dn))
self.samdb.set_session_info(self.system_session_info)
+
+ def has_replmetadata_zero_invocationid(self, dn, repl_meta_data):
+ repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ str(repl_meta_data))
+ ctr = repl.ctr
+ found = False
+ for o in ctr.array:
+ # Search for a zero invocationID
+ if o.originating_invocation_id != misc.GUID("00000000-0000-0000-0000-000000000000"):
+ continue
+
+ found = True
+ self.report('''ERROR: on replPropertyMetaData of %s, the instanceType on attribute 0x%08x,
+ version %d changed at %s is 00000000-0000-0000-0000-000000000000,
+ but should be non-zero. Proposed fix is to set to our invocationID (%s).'''
+ % (dn, o.attid, o.version,
+ time.ctime(samba.nttime2unix(o.originating_change_time)),
+ self.samdb.get_invocation_id()))
+
+ return found
+
+
+ def err_replmetadata_zero_invocationid(self, dn, attr, repl_meta_data):
+ repl = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
+ str(repl_meta_data))
+ ctr = repl.ctr
+ now = samba.unix2nttime(int(time.time()))
+ found = False
+ for o in ctr.array:
+ # Search for a zero invocationID
+ if o.originating_invocation_id != misc.GUID("00000000-0000-0000-0000-000000000000"):
+ continue
+
+ found = True
+ seq = self.samdb.sequence_number(ldb.SEQ_NEXT)
+ o.version = o.version + 1
+ o.originating_change_time = now
+ o.originating_invocation_id = misc.GUID(self.samdb.get_invocation_id())
+ o.originating_usn = seq
+ o.local_usn = seq
+
+ if found:
+ replBlob = ndr_pack(repl)
+ msg = ldb.Message()
+ msg.dn = dn
+
+ if not self.confirm_all('Fix %s on %s by setting originating_invocation_id on some elements to our invocationID %s?'
+ % (attr, dn, self.samdb.get_invocation_id()), 'fix_replmetadata_zero_invocationid'):
+ self.report('Not fixing %s on %s\n' % (attr, dn))
+ return
+
+ nmsg = ldb.Message()
+ nmsg.dn = dn
+ nmsg[attr] = ldb.MessageElement(replBlob, ldb.FLAG_MOD_REPLACE, attr)
+ if self.do_modify(nmsg, ["local_oid:1.3.6.1.4.1.7165.4.3.14:0"],
+ "Failed to fix attribute %s" % attr):
+ self.report("Fixed attribute '%s' of '%s'\n" % (attr, dn))
+
+
+ def is_deleted_deleted_objects(self, obj):
+ faulty = False
+ if "description" not in obj:
+ self.report("ERROR: description not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "showInAdvancedViewOnly" not in obj:
+ self.report("ERROR: showInAdvancedViewOnly not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "objectCategory" not in obj:
+ self.report("ERROR: objectCategory not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "isCriticalSystemObject" not in obj:
+ self.report("ERROR: isCriticalSystemObject not present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ if "isRecycled" in obj:
+ self.report("ERROR: isRecycled present on Deleted Objects container %s" % obj.dn)
+ faulty = True
+ return faulty
+
+
+ def err_deleted_deleted_objects(self, obj):
+ nmsg = ldb.Message()
+ nmsg.dn = dn = obj.dn
+
+ if "description" not in obj:
+ nmsg["description"] = ldb.MessageElement("Container for deleted objects", ldb.FLAG_MOD_REPLACE, "description")
+ if "showInAdvancedViewOnly" not in obj:
+ nmsg["showInAdvancedViewOnly"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "showInAdvancedViewOnly")
+ if "objectCategory" not in obj:
+ nmsg["objectCategory"] = ldb.MessageElement("CN=Container,%s" % self.schema_dn, ldb.FLAG_MOD_REPLACE, "objectCategory")
+ if "isCriticalSystemObject" not in obj:
+ nmsg["isCriticalSystemObject"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_REPLACE, "isCriticalSystemObject")
+ if "isRecycled" in obj:
+ nmsg["isRecycled"] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_DELETE, "isRecycled")
+
+ if not self.confirm_all('Fix Deleted Objects container %s by restoring default attributes?'
+ % (dn), 'fix_deleted_deleted_objects'):
+ self.report('Not fixing missing/incorrect attributes on %s\n' % (dn))
+ return
+
+ if self.do_modify(nmsg, ["relax:0"],
+ "Failed to fix Deleted Objects container %s" % dn):
+ self.report("Fixed Deleted Objects container '%s'\n" % (dn))
+
+
def is_fsmo_role(self, dn):
if dn == self.samdb.domain_dn:
return True
@@ -901,6 +1024,12 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
continue
if str(attrname).lower() == 'replpropertymetadata':
+ if self.has_replmetadata_zero_invocationid(dn, obj[attrname]):
+ error_count += 1
+ self.err_replmetadata_zero_invocationid(dn, attrname, obj[attrname])
+ # We don't continue, as we may also have other fixes for this attribute
+ # based on what other attributes we see.
+
list_attrs_from_md = self.process_metadata(obj[attrname])
got_repl_property_meta_data = True
continue
@@ -978,6 +1107,7 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
if str(attrname).lower() == "instancetype":
calculated_instancetype = self.calculate_instancetype(dn)
if len(obj["instanceType"]) != 1 or obj["instanceType"][0] != str(calculated_instancetype):
+ error_count += 1
self.err_wrong_instancetype(obj, calculated_instancetype)
show_dn = True
@@ -1027,6 +1157,11 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
else:
raise
+ if dn in self.deleted_objects_containers and '*' in attrs:
+ if self.is_deleted_deleted_objects(obj):
+ self.err_deleted_deleted_objects(obj)
+ error_count += 1
+
return error_count
################################################################
diff --git a/python/samba/drs_utils.py b/python/samba/drs_utils.py
index 6e2cfea..4983749 100644
--- a/python/samba/drs_utils.py
+++ b/python/samba/drs_utils.py
@@ -147,12 +147,16 @@ def drs_DsBind(drs):
class drs_Replicate(object):
'''DRS replication calls'''
- def __init__(self, binding_string, lp, creds, samdb):
+ def __init__(self, binding_string, lp, creds, samdb, invocation_id):
self.drs = drsuapi.drsuapi(binding_string, lp, creds)
(self.drs_handle, self.supported_extensions) = drs_DsBind(self.drs)
self.net = Net(creds=creds, lp=lp)
self.samdb = samdb
- self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs)
+ if not isinstance(invocation_id, misc.GUID):
+ raise RuntimeError("Must supply GUID for invocation_id")
+ if invocation_id == misc.GUID("00000000-0000-0000-0000-000000000000"):
+ raise RuntimeError("Must not set GUID 00000000-0000-0000-0000-000000000000 as invocation_id")
+ self.replication_state = self.net.replicate_init(self.samdb, lp, self.drs, invocation_id)
def drs_get_rodc_partial_attribute_set(self):
'''get a list of attributes for RODC replication'''
diff --git a/python/samba/join.py b/python/samba/join.py
index b2f4da4..fcdd4ec 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -790,7 +790,7 @@ class dc_join(object):
binding_options += ",print"
repl = drs_utils.drs_Replicate(
"ncacn_ip_tcp:%s[%s]" % (ctx.server, binding_options),
- ctx.lp, repl_creds, ctx.local_samdb)
+ ctx.lp, repl_creds, ctx.local_samdb, ctx.invocation_id)
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
destination_dsa_guid, schema=True, rodc=ctx.RODC,
diff --git a/python/samba/netcmd/drs.py b/python/samba/netcmd/drs.py
index de78ac7..36dc48e 100644
--- a/python/samba/netcmd/drs.py
+++ b/python/samba/netcmd/drs.py
@@ -258,11 +258,13 @@ def drs_local_replicate(self, SOURCE_DC, NC):
source_dsa_invocation_id = misc.GUID(self.samdb.get_invocation_id())
+ dest_dsa_invocation_id = misc.GUID(self.local_samdb.get_invocation_id())
destination_dsa_guid = self.ntds_guid
self.samdb.transaction_start()
repl = drs_utils.drs_Replicate("ncacn_ip_tcp:%s[seal]" % self.server, self.lp,
- self.creds, self.local_samdb)
+ self.creds, self.local_samdb, dest_dsa_invocation_id)
+
try:
repl.replicate(NC, source_dsa_invocation_id, destination_dsa_guid)
except Exception, e:
diff --git a/selftest/tests.py b/selftest/tests.py
index aebfc57..7b37111 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -61,6 +61,7 @@ planpythontestsuite("none", "samba.tests.samba3sam")
planpythontestsuite("none", "wafsamba.tests.test_suite", extra_path=[os.path.join(samba4srcdir, "..", "buildtools"), os.path.join(samba4srcdir, "..", "buildtools", "wafadmin")])
plantestsuite("samba4.blackbox.dbcheck.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
plantestsuite("samba4.blackbox.dbcheck.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
+plantestsuite("samba4.blackbox.dbcheck.release-4-1-0rc3", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "dbcheck-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-1-0rc3', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.alpha13", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'alpha13', configuration])
plantestsuite("samba4.blackbox.upgradeprovision.release-4-0-0", "none" , ["PYTHON=%s" % python, os.path.join(bbdir, "upgradeprovision-oldrelease.sh"), '$PREFIX_ABS/provision', 'release-4-0-0', configuration])
planpythontestsuite("none", "samba.tests.upgradeprovision")
diff --git a/source4/NEWS b/source4/NEWS
deleted file mode 100644
index f7c03c6..0000000
--- a/source4/NEWS
+++ /dev/null
@@ -1,496 +0,0 @@
-This file aims to document the major changes since the latest released version
-of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems
-and uses a different internal format for most data. Since this
-file is an initial draft, please update missing items.
-
-One of the main goals of Samba 4 was Active Directory Domain Controller
-support. This means Samba now implements several protocols that are required
-by AD such as Kerberos and DNS.
-
-An (experimental) upgrade script that performs a one-way upgrade
-from Samba 3 is available in source/setup/upgrade.
-
-Removal of nmbd and introduction of process models
-==================================================
-smbd now implements several network protocols other than just CIFS and
-DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports
-various 'process models' that specify how concurrent connections are
-handled (when to fork, use threads, etc).
-
-Introduction of LDB
-===================
-Samba now stores most of its persistent data in a LDAP-like database
-called LDB (see ldb(7) for more info).
-
-Removed SWAT
-==================
-Unlike previous versions, Samba4 does not provide a web interface at this time.
-
-Built-in KDC
-============
-Samba4 ships with an integrated KDC (Kerberos Key Distribution
-Center). Backed directly onto our main internal database, and
-integrated with custom code to handle the PAC, Samba4's KDC is an
-integral part of our support for AD logon protocols.
-
-Built-in LDAP Server
-====================
-Like the situation with the KDC, Samba4 ships with it's own LDAP
-server, included to provide simple, built-in LDAP services in an AD
-(rather than distinctly standards) matching manner. The database is
-LDB, and it shares that in common with the rest of Samba.
-
-Changed configuration options
-=============================
-Several configuration options have been removed in Samba4 while others have
-been introduced. This section contains a summary of changes to smb.conf and
-where these settings moved. Configuration options that have disappeared may be
-re-added later when the functionality that uses them gets reimplemented in
-Samba 4.
-
-The 'security' parameter has been split up. It is now only used to choose
-between the 'user' and 'share' security levels (the latter is not supported
-in Samba 4 yet). The other values of this option and the 'domain master' and
-'domain logons' parameters have been merged into a 'server role' parameter
-that can be either 'domain controller', 'member server' or 'standalone'. Note that
-member server support does not work yet.
-
-The following parameters have been removed:
-- passdb backend: accounts are now stored in a LDB-based SAM database
-- update encrypted
-- public
-- guest ok
-- client schannel
-- server schannel
-- allow trusted domains
-- hosts equiv
-- map to guest
-- smb passwd file
-- algorithmic rid base
-- root directory
-- root dir
-- root
-- guest account
-- enable privileges
-- pam password change
-- passwd program
-- passwd chat debug
-- passwd chat timeout
-- check password script
-- username map
-- username level
-- unix password sync
-- restrict anonymous
-- username
-- user
-- users
-- invalid users
-- valid users
-- admin users
-- read list
-- write list
-- printer admin
-- force user
-- force group
-- group
-- write ok
-- writeable
-- writable
-- acl check permissions
-- acl group control
-- acl map full control
-- create mask
-- create mode
-- force create mode
-- security mask
-- force security mode
-- directory mask
-- directory mode
-- force directory mode
-- directory security mask
-- force directory security mode
-- force unknown acl user
-- inherit permissions
-- inherit acls
-- inherit owner
-- guest only
-- only guest
-- only user
-- allow hosts
-- deny hosts
-- preload modules
-- use kerberos keytab
-- syslog
-- syslog only
-- max log size
-- debug timestamp
-- timestamp logs
-- debug hires timestamp
-- debug pid
-- debug uid
-- allocation roundup size
-- aio read size
-- aio write size
-- aio write behind
-- large readwrite
-- protocol
-- read bmpx
-- reset on zero vc
-- acl compatibility
-- defer sharing violations
-- ea support
-- nt acl support
-- nt pipe support
-- profile acls
-- map acl inherit
-- afs share
-- max ttl
-- client use spnego
-- enable asu support
-- svcctl list
-- block size
-- change notify timeout
-- deadtime
-- getwd cache
-- keepalive
-- kernel change notify
-- lpq cache time
-- max smbd processes
-- max disk size
-- max open files
-- min print space
-- strict allocate
-- sync always
-- use mmap
-- use sendfile
-- hostname lookups
-- write cache size
-- name cache timeout
-- max reported print jobs
-- load printers
-- printcap cache time
-- printcap name
-- printcap
-- printing
-- cups options
-- cups server
-- iprint server
-- print command
-- disable spoolss
-- enable spoolss
-- lpq command
-- lprm command
-- lppause command
-- lpresume command
-- queuepause command
-- queueresume command
-- enumports command
-- addprinter command
-- deleteprinter command
-- show add printer wizard
-- os2 driver map
-- use client driver
-- default devmode
-- force printername
-- mangling method
-- mangle prefix
-- default case
-- case sensitive
-- casesignames
-- preserve case
-- short preserve case
-- mangling char
-- hide dot files
-- hide special files
-- hide unreadable
-- hide unwriteable files
-- delete veto files
-- veto files
-- hide files
-- veto oplock files
-- map readonly
-- mangled names
-- mangled map
-- max stat cache size
-- stat cache
--
Samba Shared Repository
More information about the samba-cvs
mailing list