Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec

11 files changed, 225 insertions, 339 deletions

diff --git a/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py
new file mode 100755
index 0000000000..0e74456dac
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/tests/possibleinferiors.py
@@ -0,0 +1,155 @@
+#!/usr/bin/python
+
+# Unix SMB/CIFS implementation.
+# Copyright (C) Andrew Tridgell 2009
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#   
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#   
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests the possibleInferiors generation in the schema_fsmo ldb module"""
+
+import optparse
+import sys
+
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba
+from samba import getopt as options, Ldb
+import ldb
+
+parser = optparse.OptionParser("possibleinferiors.py <URL> [<CLASS>]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option_group(options.VersionOptions(parser))
+
+opts, args = parser.parse_args()
+
+if len(args) < 1:
+    parser.print_usage()
+    sys.exit(1)
+
+url = args[0]
+if (len(args) > 1):
+    objectclass = args[1]
+else:
+    objectclass = None
+
+def uniq_list(alist):
+    """return a unique list"""
+    set = {}
+    return [set.setdefault(e,e) for e in alist if e not in set]
+
+
+lp_ctx = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp_ctx)
+db = Ldb(url, credentials=creds, lp=lp_ctx, options=["modules:paged_searches"])
+
+# get the rootDSE
+res = db.search(base="", expression="",
+                scope=ldb.SCOPE_BASE,
+                attrs=["schemaNamingContext"])
+rootDse = res[0]
+
+schema_base = rootDse["schemaNamingContext"][0]
+
+def possible_inferiors_search(db, oc):
+    """return the possible inferiors via a search for the possibleInferiors attribute"""
+    res = db.search(base=schema_base,
+                    expression=("ldapdisplayname=%s" % oc),
+                    attrs=["possibleInferiors"])
+
+    poss=[]
+    if len(res) == 0 or res[0].get("possibleInferiors") is None:
+        return poss
+    for item in res[0]["possibleInferiors"]:
+        poss.append(str(item))
+    poss = uniq_list(poss)
+    poss.sort()
+    return poss;
+
+
+
+# see [MS-ADTS] section 3.1.1.4.5.21
+# for this algorithm
+
+# !systemOnly=TRUE
+# !objectClassCategory=2
+# !objectClassCategory=3
+
+def POSSINFERIORS(db, oc):
+    """returns a list of possible inferiors to a class. Returned list has the ldapdisplayname, systemOnly and objectClassCategory for each element"""
+    expanded = [oc]
+    res = db.search(base=schema_base,
+                    expression=("subclassof=%s" % str(oc["ldapdisplayname"][0])),
+                    attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"])
+    for r in res:
+        expanded.extend(POSSINFERIORS(db,r))
+    return expanded
+
+def possible_inferiors_constructed(db, oc):
+    """return the possbible inferiors via a recursive search and match"""
+    res = db.search(base=schema_base,
+                    expression=("(&(objectclass=classSchema)(|(posssuperiors=%s)(systemposssuperiors=%s)))" % (oc,oc)),
+                    attrs=["ldapdisplayname", "systemOnly", "objectClassCategory"])
+
+    poss = []
+    for r in res:
+        poss.extend(POSSINFERIORS(db,r))
+        
+    poss2 = []
+    for p in poss:
+        if (not (p["systemOnly"][0] == "TRUE" or
+                 int(p["objectClassCategory"][0]) == 2 or
+                 int(p["objectClassCategory"][0]) == 3)):
+            poss2.append(p["ldapdisplayname"][0])
+            
+    poss2 = uniq_list(poss2)
+    poss2.sort()
+    return poss2
+
+def test_class(db, oc):
+    """test to see if one objectclass returns the correct possibleInferiors"""
+    poss1 = possible_inferiors_search(db, oc)
+    poss2 = possible_inferiors_constructed(db, oc)
+    if poss1 != poss2:
+        print "Returned incorrect list for objectclass %s" % oc
+        print poss1
+        print poss2
+        for i in range(0,min(len(poss1),len(poss2))):
+            print "%30s %30s" % (poss1[i], poss2[i])
+        exit(1)
+
+def get_object_classes(db):
+    """return a list of all object classes"""
+    res = db.search(base=schema_base,
+                    expression="objectClass=classSchema",
+                    attrs=["ldapdisplayname"])
+    list=[]
+    for item in res:
+        list.append(item["ldapdisplayname"][0])
+    return list
+
+if objectclass is None:
+    for oc in get_object_classes(db):
+        print "testing objectClass %s" % oc
+        test_class(db,oc)
+else:
+    test_class(db,objectclass)
+
+print "Lists match OK"
diff --git a/source4/headermap.txt b/source4/headermap.txt
index 280d60beb2..1c86f9e934 100644
--- a/source4/headermap.txt
+++ b/source4/headermap.txt
@@ -86,6 +86,8 @@ librpc/gen_ndr/nbt.h: gen_ndr/nbt.h
 librpc/gen_ndr/svcctl.h: gen_ndr/svcctl.h
 librpc/gen_ndr/ndr_svcctl.h: gen_ndr/ndr_svcctl.h
 librpc/gen_ndr/ndr_svcctl_c.h: gen_ndr/ndr_svcctl_c.h
+../librpc/gen_ndr/dcerpc.h: gen_ndr/dcerpc.h
+../librpc/gen_ndr/ndr_dcerpc.h: gen_ndr/ndr_dcerpc.h
 ../librpc/gen_ndr/netlogon.h: gen_ndr/netlogon.h
 ../librpc/gen_ndr/ndr_misc.h: gen_ndr/ndr_misc.h
 ../librpc/gen_ndr/mgmt.h: gen_ndr/mgmt.h
diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c
index 7ff4bf4aad..bceda05e4f 100644
--- a/source4/lib/ldb/pyldb.c
+++ b/source4/lib/ldb/pyldb.c
@@ -5,7 +5,7 @@
 
    Copyright (C) 2005,2006 Tim Potter <tpot@samba.org>
    Copyright (C) 2006 Simo Sorce <idra@samba.org>
-   Copyright (C) 2007-2008 Jelmer Vernooij <jelmer@samba.org>
+   Copyright (C) 2007-2009 Jelmer Vernooij <jelmer@samba.org>
 
 	 ** NOTE! The following LGPL license applies to the ldb
 	 ** library. This does NOT imply that all of Samba is released
@@ -65,18 +65,7 @@ static PyObject *PyObject_FromLdbValue(struct ldb_context *ldb_ctx,
 	PyObject *ret;
 	
 	new_val = *val;
-	
-	if (ldb_ctx != NULL) {		
-		a = ldb_schema_attribute_by_name(ldb_ctx, el->name);
-	
-		if (a != NULL) {
-			if (a->syntax->ldif_write_fn(ldb_ctx, mem_ctx, val, &new_val) != 0) {
-				talloc_free(mem_ctx);
-				return NULL;
-			}
-		}
-	} 
-	
+
 	ret = PyString_FromStringAndSize((const char *)new_val.data, new_val.length);
 	
 	talloc_free(mem_ctx);
@@ -84,6 +73,14 @@ static PyObject *PyObject_FromLdbValue(struct ldb_context *ldb_ctx,
 	return ret;
 }
 
+/**
+ * Obtain a ldb DN from a Python object.
+ *
+ * @param mem_ctx Memory context
+ * @param object Python object
+ * @param ldb_ctx LDB context
+ * @return Whether or not the conversion succeeded
+ */
 bool PyObject_AsDn(TALLOC_CTX *mem_ctx, PyObject *object, 
 		   struct ldb_context *ldb_ctx, struct ldb_dn **dn)
 {
@@ -104,6 +101,12 @@ bool PyObject_AsDn(TALLOC_CTX *mem_ctx, PyObject *object,
 	return false;
 }
 
+/**
+ * Create a Python object from a ldb_result.
+ *
+ * @param result LDB result to convert
+ * @return Python object with converted result (a list object)
+ */
 static PyObject *PyLdbResult_FromResult(struct ldb_result *result)
 {
 	PyObject *ret;
@@ -119,7 +122,16 @@ static PyObject *PyLdbResult_FromResult(struct ldb_result *result)
 	return ret;
 }
 
-static struct ldb_result *PyLdbResult_AsResult(TALLOC_CTX *mem_ctx, PyObject *obj)
+/**
+ * Create a LDB Result from a Python object. 
+ * If conversion fails, NULL will be returned and a Python exception set.
+ *
+ * @param mem_ctx Memory context in which to allocate the LDB Result
+ * @param obj Python object to convert
+ * @return a ldb_result, or NULL if the conversion failed
+ */
+static struct ldb_result *PyLdbResult_AsResult(TALLOC_CTX *mem_ctx, 
+											   PyObject *obj)
 {
 	struct ldb_result *res;
 	int i;
@@ -451,7 +463,6 @@ static PyObject *py_ldb_get_schema_basedn(PyLdbObject *self)
 	return PyLdbDn_FromDn(dn);
 }
 
-
 static PyObject *py_ldb_get_config_basedn(PyLdbObject *self)
 {
 	struct ldb_dn *dn = ldb_get_config_basedn(PyLdb_AsLdbContext(self));
@@ -460,7 +471,6 @@ static PyObject *py_ldb_get_config_basedn(PyLdbObject *self)
 	return PyLdbDn_FromDn(dn);
 }
 
-
 static PyObject *py_ldb_get_default_basedn(PyLdbObject *self)
 {
 	struct ldb_dn *dn = ldb_get_default_basedn(PyLdb_AsLdbContext(self));
@@ -652,8 +662,6 @@ static PyObject *py_ldb_add(PyLdbObject *self, PyObject *args)
 	Py_RETURN_NONE;
 }
 
-
-
 static PyObject *py_ldb_delete(PyLdbObject *self, PyObject *args)
 {
 	PyObject *py_dn;
@@ -1257,6 +1265,21 @@ PyTypeObject PyLdbModule = {
 	.tp_flags = Py_TPFLAGS_DEFAULT,
 };
 
+
+/**
+ * Create a ldb_message_element from a Python object.
+ *
+ * This will accept any sequence objects that contains strings, or 
+ * a string object.
+ *
+ * A reference to set_obj will be borrowed. 
+ *
+ * @param mem_ctx Memory context
+ * @param set_obj Python object to convert
+ * @param flags ldb_message_element flags to set
+ * @param attr_name Name of the attribute
+ * @return New ldb_message_element, allocated as child of mem_ctx
+ */
 struct ldb_message_element *PyObject_AsMessageElement(TALLOC_CTX *mem_ctx,
 											   PyObject *set_obj, int flags,
 											   const char *attr_name)
@@ -1274,9 +1297,7 @@ struct ldb_message_element *PyObject_AsMessageElement(TALLOC_CTX *mem_ctx,
 		me->num_values = 1;
 		me->values = talloc_array(me, struct ldb_val, me->num_values);
 		me->values[0].length = PyString_Size(set_obj);
-		me->values[0].data = (uint8_t *)talloc_strndup(me->values,
-					PyString_AsString(set_obj),
-					me->values[0].length);
+		me->values[0].data = (uint8_t *)PyString_AsString(set_obj);
 	} else if (PySequence_Check(set_obj)) {
 		int i;
 		me->num_values = PySequence_Size(set_obj);
diff --git a/source4/lib/ldb/tests/python/api.py b/source4/lib/ldb/tests/python/api.py
index c372b8fa71..07500e2372 100755
--- a/source4/lib/ldb/tests/python/api.py
+++ b/source4/lib/ldb/tests/python/api.py
@@ -258,6 +258,19 @@ class SimpleLdb(unittest.TestCase):
         l = ldb.Ldb(filename())
         l.set_debug(my_report_fn)
 
+    def test_zero_byte_string(self):
+        """Testing we do not get trapped in the \0 byte in a property string."""
+        l = ldb.Ldb(filename())
+        l.add({
+            "dn" : "dc=somedn",
+            "objectclass" : "user",
+            "cN" : "LDAPtestUSER",
+            "givenname" : "ldap",
+            "displayname" : "foo\0bar",
+        })
+        res = l.search(expression="(dn=dc=somedn)")
+        self.assertEquals("foo\0bar", res[0]["displayname"][0])
+
 
 class DnTests(unittest.TestCase):
     def setUp(self):
diff --git a/source4/lib/smbreadline/smbreadline.c b/source4/lib/smbreadline/smbreadline.c
index 5fb3bf4fae..b07417357f 100644
--- a/source4/lib/smbreadline/smbreadline.c
+++ b/source4/lib/smbreadline/smbreadline.c
@@ -83,6 +83,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
 	char *ret;
 
 	printf("%s", prompt);
+	fflush(stdout);
 
 	line = (char *)malloc(BUFSIZ);
 	if (!line) {
diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index 2f1b14dc37..64a4750ab7 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -595,9 +595,9 @@ RPC_NDR_KEYSVC_OBJ_FILES = ../librpc/gen_ndr/ndr_keysvc_c.o
 [SUBSYSTEM::NDR_DCERPC]
 PUBLIC_DEPENDENCIES = LIBNDR
 
-NDR_DCERPC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dcerpc.o
+NDR_DCERPC_OBJ_FILES = ../librpc/gen_ndr/ndr_dcerpc.o
 
-PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, gen_ndr/dcerpc.h gen_ndr/ndr_dcerpc.h)
+PUBLIC_HEADERS += ../librpc/gen_ndr/dcerpc.h ../librpc/gen_ndr/ndr_dcerpc.h
 
 ################################################
 # Start SUBSYSTEM dcerpc
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
deleted file mode 100644
index 7c0abe6ab8..0000000000
--- a/source4/librpc/idl/dcerpc.idl
+++ /dev/null
@@ -1,306 +0,0 @@
-#include "idl_types.h"
-
-/*
-  the base dcerpc packet definitions - not traditionally coded as IDL,
-  but given that pidl can handle it nicely it simplifies things a lot
-  to do it this way
-
-  see http://www.opengroup.org/onlinepubs/9629399/chap12.htm for packet
-  layouts
-*/
-import "misc.idl";
-
-interface dcerpc
-{
-	typedef struct {
-		uint16 context_id;
-		uint8 num_transfer_syntaxes;
-		ndr_syntax_id abstract_syntax;
-		ndr_syntax_id transfer_syntaxes[num_transfer_syntaxes];
-	} dcerpc_ctx_list;
-
-	typedef struct {
-		uint16 max_xmit_frag;
-		uint16 max_recv_frag;
-		uint32 assoc_group_id;
-		uint8  num_contexts;
-		dcerpc_ctx_list ctx_list[num_contexts];
-		[flag(NDR_ALIGN4)]    DATA_BLOB _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
-	} dcerpc_bind;
-
-	const uint8 DCERPC_REQUEST_LENGTH = 24;
-
-	typedef struct {
-	} dcerpc_empty;
-	
-	typedef [nodiscriminant] union {
-		[default] dcerpc_empty empty;
-		[case(LIBNDR_FLAG_OBJECT_PRESENT)] GUID object;
-	} dcerpc_object;
-
-	typedef struct {
-		uint32 alloc_hint;
-		uint16 context_id;
-		uint16 opnum;
-		[switch_is(ndr->flags & LIBNDR_FLAG_OBJECT_PRESENT)] dcerpc_object object;
-		[flag(NDR_ALIGN8)]    DATA_BLOB _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
-	} dcerpc_request;
-
-	const int DCERPC_BIND_REASON_ASYNTAX                 = 1;
-	const int DCERPC_BIND_PROVIDER_REJECT                = 2;
-	const int DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED = 4;
-	const int DCERPC_BIND_REASON_INVALID_AUTH_TYPE       = 8;
-
-	typedef struct {
-		uint16 result;
-		uint16 reason;
-		ndr_syntax_id syntax;
-	} dcerpc_ack_ctx;
-
-	typedef struct {
-		uint16 max_xmit_frag;
-		uint16 max_recv_frag;
-		uint32 assoc_group_id;
-		[value(strlen(secondary_address)+1)] uint16 secondary_address_size;
-		[charset(DOS)] uint8 secondary_address[secondary_address_size];
-		[flag(NDR_ALIGN4)]    DATA_BLOB _pad1;
-		uint8 num_results;
-		dcerpc_ack_ctx ctx_list[num_results];
-		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
-	} dcerpc_bind_ack;
-
-	typedef struct {
-		uint32 num_versions;
-		uint32 versions[num_versions];
-	} dcerpc_bind_nak_versions;
-	
-	typedef [nodiscriminant] union {
-		[case(DECRPC_BIND_PROTOCOL_VERSION_NOT_SUPPORTED)] dcerpc_bind_nak_versions v;
-		[default] ;
-	} dcerpc_bind_nak_versions_ctr;
-
-	typedef struct {
-		uint16 reject_reason;
-		[switch_is(reject_reason)] dcerpc_bind_nak_versions_ctr versions;
-	} dcerpc_bind_nak;
-
-	const uint8 DCERPC_RESPONSE_LENGTH = 24;
-
-	typedef struct {
-		uint32 alloc_hint;
-		uint16 context_id;
-		uint8 cancel_count;
-		[flag(NDR_ALIGN8)]    DATA_BLOB _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
-	} dcerpc_response;
-
-
-	const int DCERPC_FAULT_OP_RNG_ERROR       = 0x1c010002;
-	const int DCERPC_FAULT_UNK_IF             = 0x1c010003;
-	const int DCERPC_FAULT_NDR                = 0x000006f7;
-	const int DCERPC_FAULT_INVALID_TAG        = 0x1c000006;
-	const int DCERPC_FAULT_CONTEXT_MISMATCH   = 0x1c00001a;
-	const int DCERPC_FAULT_OTHER              = 0x00000001;
-	const int DCERPC_FAULT_ACCESS_DENIED      = 0x00000005;
-	const int DCERPC_FAULT_CANT_PERFORM       = 0x000006d8;
-
-	/* we return this fault when we haven't yet run the test
-	   to see what fault w2k3 returns in this case */
-	const int DCERPC_FAULT_TODO         = 0x00000042;
-
-	typedef struct {
-		uint32 alloc_hint;
-		uint16 context_id;
-		uint8 cancel_count;
-		uint32 status;
-		[flag(NDR_REMAINING)] DATA_BLOB _pad;
-	} dcerpc_fault;
-
-	/* the auth types we know about */
-	typedef [enum8bit] enum {
-		DCERPC_AUTH_TYPE_NONE     = 0,
-		/* this seems to be not krb5! */
-		DCERPC_AUTH_TYPE_KRB5_1   = 1,
-		DCERPC_AUTH_TYPE_SPNEGO   = 9,
-		DCERPC_AUTH_TYPE_NTLMSSP  = 10,
-		DCERPC_AUTH_TYPE_KRB5     = 16,
-		DCERPC_AUTH_TYPE_DPA      = 17,
-		DCERPC_AUTH_TYPE_MSN      = 18,
-		DCERPC_AUTH_TYPE_DIGEST   = 21,
-		DCERPC_AUTH_TYPE_SCHANNEL = 68,
-		DCERPC_AUTH_TYPE_MSMQ     = 100
-	} dcerpc_AuthType;
-
-	typedef [enum8bit] enum {
-		DCERPC_AUTH_LEVEL_NONE      = 1,
-		DCERPC_AUTH_LEVEL_CONNECT   = 2,
-		DCERPC_AUTH_LEVEL_CALL      = 3,
-		DCERPC_AUTH_LEVEL_PACKET    = 4,
-		DCERPC_AUTH_LEVEL_INTEGRITY = 5,
-		DCERPC_AUTH_LEVEL_PRIVACY   = 6
-	} dcerpc_AuthLevel;
-
-	const uint8 DCERPC_AUTH_LEVEL_DEFAULT	= DCERPC_AUTH_LEVEL_CONNECT;
-
-	typedef [public] struct {
-		dcerpc_AuthType auth_type; 
-		dcerpc_AuthLevel auth_level;
-		uint8  auth_pad_length;
-		uint8  auth_reserved;
-		uint32 auth_context_id;
-		[flag(NDR_REMAINING)] DATA_BLOB credentials;
-	} dcerpc_auth;
-
-	const uint8 DCERPC_AUTH_TRAILER_LENGTH = 8;
-
-	typedef [public] struct {
-		uint32 _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
-	} dcerpc_auth3;
-
-	typedef [public] struct {
-		uint32 _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
-	} dcerpc_orphaned;
-
-	typedef [public] struct {
-		uint32 _pad;
-		[flag(NDR_REMAINING)] DATA_BLOB auth_info;
-	} dcerpc_co_cancel;
-
-	typedef [public] struct {
-		uint32 version;
-		uint32 id;
-	} dcerpc_cl_cancel;
-
-	typedef [public] struct {
-		uint32 version; 
-		uint32 id;
-		boolean32 server_is_accepting;
-	} dcerpc_cancel_ack;
-
-	typedef [public] struct {
-		uint32 version;
-		uint8 _pad1;
-		uint16 window_size;
-		uint32 max_tdsu;
-		uint32 max_frag_size;
-		uint16 serial_no;
-		uint16 selack_size;
-		uint32 selack[selack_size];
-	} dcerpc_fack;
-
-	typedef [public] struct {
-	} dcerpc_ack;
-
-	typedef [public] struct {
-	} dcerpc_ping;
-
-	typedef [public] struct {
-	} dcerpc_shutdown;
-	
-	typedef [public] struct {
-	} dcerpc_working;
-
-	typedef [enum8bit] enum {
-		DCERPC_PKT_REQUEST     =  0,	/* Ordinary request. */
-		DCERPC_PKT_PING        =  1,	/* Connectionless is server alive ? */
-		DCERPC_PKT_RESPONSE    =  2,	/* Ordinary reply. */
-		DCERPC_PKT_FAULT       =  3,	/* Fault in processing of call. */
-		DCERPC_PKT_WORKING     =  4,	/* Connectionless reply to a ping when server busy. */
-		DCERPC_PKT_NOCALL      =  5,	/* Connectionless reply to a ping when server has lost part of clients call. */
-		DCERPC_PKT_REJECT      =  6,	/* Refuse a request with a code. */
-		DCERPC_PKT_ACK         =  7,	/* Connectionless client to server code. */
-		DCERPC_PKT_CL_CANCEL   =  8,	/* Connectionless cancel. */
-		DCERPC_PKT_FACK        =  9,	/* Connectionless fragment ack. Both client and server send. */
-		DCERPC_PKT_CANCEL_ACK  = 10,	/* Server ACK to client cancel request. */
-		DCERPC_PKT_BIND        = 11,	/* Bind to interface. */
-		DCERPC_PKT_BIND_ACK    = 12,	/* Server ack of bind. */
-		DCERPC_PKT_BIND_NAK    = 13,	/* Server nack of bind. */
-		DCERPC_PKT_ALTER       = 14,	/* Alter auth. */
-		DCERPC_PKT_ALTER_RESP  = 15,	/* Reply to alter auth. */
-		DCERPC_PKT_AUTH3       = 16, 	/* not the real name!  this is undocumented! */
-		DCERPC_PKT_SHUTDOWN    = 17,	/* Server to client request to shutdown. */
-		DCERPC_PKT_CO_CANCEL   = 18,	/* Connection-oriented cancel request. */
-		DCERPC_PKT_ORPHANED    = 19	/* Client telling server it's aborting a partially sent request or telling server to stop sending replies. */
-	} dcerpc_pkt_type;
-
-	typedef [nodiscriminant] union {
-		[case(DCERPC_PKT_REQUEST)]    dcerpc_request  request;
-		[case(DCERPC_PKT_PING)] 	  dcerpc_ping ping;
-		[case(DCERPC_PKT_RESPONSE)]   dcerpc_response response;
-		[case(DCERPC_PKT_FAULT)]	  dcerpc_fault fault;
-		[case(DCERPC_PKT_WORKING)]	  dcerpc_working working;
-		[case(DCERPC_PKT_NOCALL)]     dcerpc_fack nocall;
-		[case(DCERPC_PKT_REJECT)]     dcerpc_fault reject;
-		[case(DCERPC_PKT_ACK)]        dcerpc_ack ack;
-		[case(DCERPC_PKT_CL_CANCEL)]  dcerpc_cl_cancel cl_cancel;
-		[case(DCERPC_PKT_FACK)]       dcerpc_fack fack;
-		[case(DCERPC_PKT_CANCEL_ACK)] dcerpc_cancel_ack cancel_ack;
-		[case(DCERPC_PKT_BIND)]       dcerpc_bind     bind;
-		[case(DCERPC_PKT_BIND_ACK)]   dcerpc_bind_ack bind_ack;
-		[case(DCERPC_PKT_BIND_NAK)]   dcerpc_bind_nak bind_nak;
-		[case(DCERPC_PKT_ALTER)]      dcerpc_bind     alter;
-		[case(DCERPC_PKT_ALTER_RESP)] dcerpc_bind_ack alter_resp;
-		[case(DCERPC_PKT_SHUTDOWN)]   dcerpc_shutdown shutdown;
-		[case(DCERPC_PKT_CO_CANCEL)]  dcerpc_co_cancel co_cancel;
-		[case(DCERPC_PKT_ORPHANED)]   dcerpc_orphaned orphaned;
-		[case(DCERPC_PKT_AUTH3)]      dcerpc_auth3    auth3;
-	} dcerpc_payload;
-
-	/* pfc_flags values */
-	const uint8 DCERPC_PFC_FLAG_FIRST		= 0x01; /* First fragment */
-	const uint8 DCERPC_PFC_FLAG_LAST		= 0x02; /* Last fragment */
-	const uint8 DCERPC_PFC_FLAG_PENDING_CANCEL	= 0x04; /* Cancel was pending at sender */
-	const uint8 DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN	= DCERPC_PFC_FLAG_PENDING_CANCEL; /* depends on the pdu type */
-	const uint8 DCERPC_PFC_FLAG_CONC_MPX		= 0x10; /* supports concurrent multiplexing of a single connection. */
-	const uint8 DCERPC_PFC_FLAG_DID_NOT_EXECUTE	= 0x20; /* on a fault it means the server hasn't done anything */
-	const uint8 DCERPC_PFC_FLAG_MAYBE		= 0x40; /* `maybe' call semantics requested */
-	const uint8 DCERPC_PFC_FLAG_OBJECT_UUID		= 0x80; /* on valid guid is in the optional object field */
-
-	/* these offsets are needed by the signing code */
-	const uint8 DCERPC_PFC_OFFSET      =  3;
-	const uint8 DCERPC_DREP_OFFSET     =  4;
-	const uint8 DCERPC_FRAG_LEN_OFFSET =  8;
-	const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
-
-	/* little-endian flag */
-	const uint8 DCERPC_DREP_LE  = 0x10;
-
-	typedef [public] struct {
-		uint8 rpc_vers;	        /* RPC version */
-		uint8 rpc_vers_minor;   /* Minor version */
-		dcerpc_pkt_type ptype;  /* Packet type */
-		uint8 pfc_flags;        /* Fragmentation flags */
-		uint8 drep[4];	        /* NDR data representation */
-		uint16 frag_length;     /* Total length of fragment */
-		uint16 auth_length;     /* authenticator length */
-		uint32 call_id;	        /* Call identifier */
-		[switch_is(ptype)] dcerpc_payload u;
-	} ncacn_packet;
-
-	typedef [public] struct {
-		uint8 rpc_vers;		/* RPC version (4) */
-		uint8 ptype;
-		uint8 pfc_flags;
-		uint8 ncadg_flags;
-		uint8 drep[3];
-		uint8 serial_high;
-		GUID object;
-		GUID iface;
-		GUID activity;
-		uint32 server_boot; /* Server boot time */
-		uint32 iface_version;
-		uint32 seq_num;
-		uint16 opnum;
-		uint16 ihint;
-		uint16 ahint;
-		uint16 len;
-		uint16 fragnum;
-		uint8 auth_proto;
-		uint8 serial_low;
-		[switch_is(ptype)] dcerpc_payload u;
-	} ncadg_packet;
-}
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d96857661e..896f237bd7 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1056,7 +1056,7 @@ def provision(setup_dir, message, session_info,
                         serverrole=serverrole, ldap_backend=ldap_backend, 
                         ldap_backend_type=ldap_backend_type)
 
-    if lp.get("server role") == "domain controller":
+    if serverrole == "domain controller":
         if paths.netlogon is None:
             message("Existing smb.conf does not have a [netlogon] share, but you are configuring a DC.")
             message("Please either remove %s or see the template at %s" % 
diff --git a/source4/selftest/config.mk b/source4/selftest/config.mk
index 324532c22a..1838a0bb38 100644
--- a/source4/selftest/config.mk
+++ b/source4/selftest/config.mk
@@ -59,31 +59,31 @@ test-%::
 valgrindtest:: valgrindtest-all
 
 valgrindtest-quick:: all
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
 	VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
 	$(SELFTEST) $(SELFTEST_QUICK_OPTS) --immediate --socket-wrapper $(TESTS)
 
 valgrindtest-all:: everything
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
 	VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
 	$(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --immediate --socket-wrapper $(TESTS)
 
 valgrindtest-env:: everything
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/valgrind_run $(LD_LIBPATH_OVERRIDE)" \
 	VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
 	$(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv
 
 gdbtest:: gdbtest-all
 
 gdbtest-quick:: all
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
 	$(SELFTEST) $(SELFTEST_QUICK_OPTS) --immediate --socket-wrapper $(TESTS)
 
 gdbtest-all:: everything
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
 	$(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --immediate --socket-wrapper $(TESTS)
 
 gdbtest-env:: everything
-	SMBD_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
+	SAMBA_VALGRIND="xterm -n server -e $(selftestdir)/gdb_run $(LD_LIBPATH_OVERRIDE)" \
 	$(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv
 
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index d576782ab1..635e84fafe 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -365,5 +365,5 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
 
  int main(int argc, const char *argv[])
 {
-	return binary_smbd_main("smbd", argc, argv);
+	return binary_smbd_main("samba", argc, argv);
 }
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 98669288a8..814c9ac86d 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -59,8 +59,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest)
 	CHECK_STATUS(status, NT_STATUS_OK);
 
 	ZERO_STRUCT(search);
-	search.in.dest_address = NULL;//dest;
-	search.in.dest_port = 0;//lp_cldap_port(tctx->lp_ctx);
+	search.in.dest_address = NULL;
+	search.in.dest_port = 0;
 	search.in.acct_control = -1;
 	search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX;
 	search.in.map_response = true;