summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_server.c9
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/libsmb/cliconnect.c168
-rw-r--r--source3/libsmb/clidfs.c7
-rw-r--r--source3/libsmb/libsmb_server.c4
-rw-r--r--source3/libsmb/passchange.c6
-rw-r--r--source3/modules/vfs_acl_tdb.c2
-rw-r--r--source3/modules/vfs_acl_xattr.c2
-rw-r--r--source3/nmbd/nmbd_synclists.c3
-rw-r--r--source3/smbd/oplock.c31
-rw-r--r--source3/torture/locktest.c6
-rw-r--r--source3/torture/masktest.c6
-rw-r--r--source3/torture/torture.c21
-rw-r--r--source3/utils/net_rpc.c3
-rw-r--r--source3/utils/net_time.c6
-rw-r--r--source3/winbindd/winbindd_cm.c7
-rw-r--r--source4/libcli/auth/smbencrypt.c2
-rw-r--r--source4/ntvfs/sysdep/sys_notify.c2
-rw-r--r--source4/scripting/python/samba/provision.py2
-rw-r--r--source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt39
-rw-r--r--source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt6
-rw-r--r--source4/setup/aggregate_schema.ldif3
-rw-r--r--source4/setup/prefixMap.txt11
-rw-r--r--source4/setup/schema.ldif3
24 files changed, 222 insertions, 135 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index e74e3f5b3b..466c4bf129 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -38,6 +38,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
char *pserver = NULL;
bool connected_ok = False;
struct named_mutex *mutex = NULL;
+ NTSTATUS status;
if (!(cli = cli_initialise()))
return NULL;
@@ -49,7 +50,6 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
p = pserver;
while(next_token_talloc(mem_ctx, &p, &desthost, LIST_SEP)) {
- NTSTATUS status;
desthost = talloc_sub_basic(mem_ctx,
current_user_info.smb_name,
@@ -112,9 +112,12 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
DEBUG(3,("got session\n"));
- if (!cli_negprot(cli)) {
+ status = cli_negprot(cli);
+
+ if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(mutex);
- DEBUG(1,("%s rejected the negprot\n",desthost));
+ DEBUG(1, ("%s rejected the negprot: %s\n",
+ desthost, nt_errstr(status)));
cli_shutdown(cli);
return NULL;
}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5e2b823d64..212bbf0df7 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2364,8 +2364,12 @@ bool cli_ulogoff(struct cli_state *cli);
bool cli_send_tconX(struct cli_state *cli,
const char *share, const char *dev, const char *pass, int passlen);
bool cli_tdis(struct cli_state *cli);
-void cli_negprot_send(struct cli_state *cli);
-bool cli_negprot(struct cli_state *cli);
+void cli_negprot_sendsync(struct cli_state *cli);
+NTSTATUS cli_negprot(struct cli_state *cli);
+struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct cli_state *cli);
+NTSTATUS cli_negprot_recv(struct async_req *req);
bool cli_session_request(struct cli_state *cli,
struct nmb_name *calling, struct nmb_name *called);
NTSTATUS cli_connect(struct cli_state *cli,
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 125345fccb..b5287774f5 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1206,7 +1206,7 @@ bool cli_tdis(struct cli_state *cli)
Send a negprot command.
****************************************************************************/
-void cli_negprot_send(struct cli_state *cli)
+void cli_negprot_sendsync(struct cli_state *cli)
{
char *p;
int numprots;
@@ -1241,75 +1241,89 @@ void cli_negprot_send(struct cli_state *cli)
Send a negprot command.
****************************************************************************/
-bool cli_negprot(struct cli_state *cli)
+struct async_req *cli_negprot_send(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct cli_state *cli)
{
- char *p;
+ struct async_req *result;
+ uint8_t *bytes = NULL;
int numprots;
- int plength;
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
- memset(cli->outbuf,'\0',smb_size);
-
- plength = 0;
-
/* setup the protocol strings */
for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
+ uint8_t c = 2;
if (prots[numprots].prot > cli->protocol) {
break;
}
- plength += strlen(prots[numprots].name)+2;
- }
-
- cli_set_message(cli->outbuf,0,plength,True);
-
- p = smb_buf(cli->outbuf);
- for (numprots=0; numprots < ARRAY_SIZE(prots); numprots++) {
- if (prots[numprots].prot > cli->protocol) {
- break;
+ bytes = (uint8_t *)talloc_append_blob(
+ talloc_tos(), bytes, data_blob_const(&c, sizeof(c)));
+ if (bytes == NULL) {
+ return NULL;
+ }
+ bytes = smb_bytes_push_str(bytes, false, prots[numprots].name);
+ if (bytes == NULL) {
+ return NULL;
}
- *p++ = 2;
- p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
}
- SCVAL(cli->outbuf,smb_com,SMBnegprot);
- cli_setup_packet(cli);
+ result = cli_request_send(mem_ctx, ev, cli, SMBnegprot, 0, 0, NULL,
+ talloc_get_size(bytes), bytes);
+ TALLOC_FREE(bytes);
+ return result;
+}
- SCVAL(smb_buf(cli->outbuf),0,2);
+NTSTATUS cli_negprot_recv(struct async_req *req)
+{
+ struct cli_request *cli_req = talloc_get_type_abort(
+ req->private_data, struct cli_request);
+ struct cli_state *cli = cli_req->cli;
+ uint8_t wct;
+ uint16_t *vwv;
+ uint16_t num_bytes;
+ uint8_t *bytes;
+ NTSTATUS status;
+ uint16_t protnum;
- cli_send_smb(cli);
- if (!cli_receive_smb(cli))
- return False;
+ if (async_req_is_error(req, &status)) {
+ return status;
+ }
- show_msg(cli->inbuf);
+ status = cli_pull_reply(req, &wct, &vwv, &num_bytes, &bytes);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ protnum = SVAL(vwv, 0);
- if (cli_is_error(cli) ||
- ((int)SVAL(cli->inbuf,smb_vwv0) >= numprots)) {
- return(False);
+ if ((protnum >= ARRAY_SIZE(prots))
+ || (prots[protnum].prot > cli_req->cli->protocol)) {
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- cli->protocol = prots[SVAL(cli->inbuf,smb_vwv0)].prot;
+ cli->protocol = prots[protnum].prot;
if ((cli->protocol < PROTOCOL_NT1) && cli->sign_info.mandatory_signing) {
DEBUG(0,("cli_negprot: SMB signing is mandatory and the selected protocol level doesn't support it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
if (cli->protocol >= PROTOCOL_NT1) {
struct timespec ts;
/* NT protocol */
- cli->sec_mode = CVAL(cli->inbuf,smb_vwv1);
- cli->max_mux = SVAL(cli->inbuf, smb_vwv1+1);
- cli->max_xmit = IVAL(cli->inbuf,smb_vwv3+1);
- cli->sesskey = IVAL(cli->inbuf,smb_vwv7+1);
- cli->serverzone = SVALS(cli->inbuf,smb_vwv15+1);
+ cli->sec_mode = CVAL(vwv + 1, 0);
+ cli->max_mux = SVAL(vwv + 1, 1);
+ cli->max_xmit = IVAL(vwv + 3, 1);
+ cli->sesskey = IVAL(vwv + 7, 1);
+ cli->serverzone = SVALS(vwv + 15, 1);
cli->serverzone *= 60;
/* this time arrives in real GMT */
- ts = interpret_long_date(cli->inbuf+smb_vwv11+1);
+ ts = interpret_long_date(((char *)(vwv+11))+1);
cli->servertime = ts.tv_sec;
- cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
- cli->capabilities = IVAL(cli->inbuf,smb_vwv9+1);
+ cli->secblob = data_blob(bytes, num_bytes);
+ cli->capabilities = IVAL(vwv + 9, 1);
if (cli->capabilities & CAP_RAW_MODE) {
cli->readbraw_supported = True;
cli->writebraw_supported = True;
@@ -1317,9 +1331,10 @@ bool cli_negprot(struct cli_state *cli)
/* work out if they sent us a workgroup */
if (!(cli->capabilities & CAP_EXTENDED_SECURITY) &&
smb_buflen(cli->inbuf) > 8) {
- clistr_pull(cli, cli->server_domain,
- smb_buf(cli->inbuf)+8, sizeof(cli->server_domain),
- smb_buflen(cli->inbuf)-8, STR_UNICODE|STR_NOALIGN);
+ clistr_pull(cli, cli->server_domain,
+ bytes+8, sizeof(cli->server_domain),
+ num_bytes-8,
+ STR_UNICODE|STR_NOALIGN);
}
/*
@@ -1331,7 +1346,7 @@ bool cli_negprot(struct cli_state *cli)
/* Fail if server says signing is mandatory and we don't want to support it. */
if (!cli->sign_info.allow_smb_signing) {
DEBUG(0,("cli_negprot: SMB signing is mandatory and we have disabled it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
@@ -1339,7 +1354,7 @@ bool cli_negprot(struct cli_state *cli)
/* Fail if client says signing is mandatory and the server doesn't support it. */
if (!(cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED)) {
DEBUG(1,("cli_negprot: SMB signing is mandatory and the server doesn't support it.\n"));
- return False;
+ return NT_STATUS_ACCESS_DENIED;
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
@@ -1357,17 +1372,18 @@ bool cli_negprot(struct cli_state *cli)
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
cli->use_spnego = False;
- cli->sec_mode = SVAL(cli->inbuf,smb_vwv1);
- cli->max_xmit = SVAL(cli->inbuf,smb_vwv2);
- cli->max_mux = SVAL(cli->inbuf, smb_vwv3);
- cli->sesskey = IVAL(cli->inbuf,smb_vwv6);
- cli->serverzone = SVALS(cli->inbuf,smb_vwv10);
+ cli->sec_mode = SVAL(vwv + 1, 0);
+ cli->max_xmit = SVAL(vwv + 2, 0);
+ cli->max_mux = SVAL(vwv + 3, 0);
+ cli->sesskey = IVAL(vwv + 6, 0);
+ cli->serverzone = SVALS(vwv + 10, 0);
cli->serverzone *= 60;
/* this time is converted to GMT by make_unix_date */
- cli->servertime = cli_make_unix_date(cli,cli->inbuf+smb_vwv8);
- cli->readbraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x1) != 0);
- cli->writebraw_supported = ((SVAL(cli->inbuf,smb_vwv5) & 0x2) != 0);
- cli->secblob = data_blob(smb_buf(cli->inbuf),smb_buflen(cli->inbuf));
+ cli->servertime = cli_make_unix_date(
+ cli, (char *)(vwv + 8));
+ cli->readbraw_supported = ((SVAL(vwv + 5, 0) & 0x1) != 0);
+ cli->writebraw_supported = ((SVAL(vwv + 5, 0) & 0x2) != 0);
+ cli->secblob = data_blob(bytes, num_bytes);
} else {
/* the old core protocol */
cli->use_spnego = False;
@@ -1381,7 +1397,42 @@ bool cli_negprot(struct cli_state *cli)
if (getenv("CLI_FORCE_ASCII"))
cli->capabilities &= ~CAP_UNICODE;
- return True;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS cli_negprot(struct cli_state *cli)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ struct event_context *ev;
+ struct async_req *req;
+ NTSTATUS status = NT_STATUS_NO_MEMORY;
+
+ if (cli->fd_event != NULL) {
+ /*
+ * Can't use sync call while an async call is in flight
+ */
+ cli_set_error(cli, NT_STATUS_INVALID_PARAMETER);
+ goto fail;
+ }
+
+ ev = event_context_init(frame);
+ if (ev == NULL) {
+ goto fail;
+ }
+
+ req = cli_negprot_send(frame, ev, cli);
+ if (req == NULL) {
+ goto fail;
+ }
+
+ while (req->state < ASYNC_REQ_DONE) {
+ event_loop_once(ev);
+ }
+
+ status = cli_negprot_recv(req);
+ fail:
+ TALLOC_FREE(frame);
+ return status;
}
/****************************************************************************
@@ -1667,12 +1718,9 @@ again:
cli->fallback_after_kerberos = true;
}
- if (!cli_negprot(cli)) {
- DEBUG(1,("failed negprot\n"));
- nt_status = cli_nt_error(cli);
- if (NT_STATUS_IS_OK(nt_status)) {
- nt_status = NT_STATUS_UNSUCCESSFUL;
- }
+ nt_status = cli_negprot(cli);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(1, ("failed negprot: %s\n", nt_errstr(nt_status)));
cli_shutdown(cli);
return nt_status;
}
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index f0ac39fed0..4597e63c98 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -195,8 +195,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx,
DEBUG(4,(" session request ok\n"));
- if (!cli_negprot(c)) {
- d_printf("protocol negotiation failed\n");
+ status = cli_negprot(c);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf("protocol negotiation failed: %s\n",
+ nt_errstr(status));
cli_shutdown(c);
return NULL;
}
diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 5e37871deb..f4714346d1 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -433,7 +433,9 @@ again:
DEBUG(4,(" session request ok\n"));
- if (!cli_negprot(c)) {
+ status = cli_negprot(c);
+
+ if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(c);
errno = ETIMEDOUT;
return NULL;
diff --git a/source3/libsmb/passchange.c b/source3/libsmb/passchange.c
index 4c76234e0c..2746a4681e 100644
--- a/source3/libsmb/passchange.c
+++ b/source3/libsmb/passchange.c
@@ -71,10 +71,12 @@ NTSTATUS remote_password_change(const char *remote_machine, const char *user_nam
cli->protocol = PROTOCOL_NT1;
- if (!cli_negprot(cli)) {
+ result = cli_negprot(cli);
+
+ if (!NT_STATUS_IS_OK(result)) {
asprintf(err_str, "machine %s rejected the negotiate "
"protocol. Error was : %s.\n",
- remote_machine, cli_errstr(cli) );
+ remote_machine, nt_errstr(result));
result = cli_nt_error(cli);
cli_shutdown(cli);
return result;
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index 915f73233d..9cb887ae51 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -740,6 +740,7 @@ static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp,
psd = nc_psd;
}
+#if 0
if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
psd->dacl != NULL &&
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
@@ -755,6 +756,7 @@ static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp,
}
psd = new_psd;
}
+#endif
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_tdb: storing tdb sd for file %s\n",
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 2edb441741..3c8f241ad9 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -579,6 +579,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
psd = nc_psd;
}
+#if 0
if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
psd->dacl != NULL &&
(psd->type & (SE_DESC_DACL_AUTO_INHERITED|
@@ -594,6 +595,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
}
psd = new_psd;
}
+#endif
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index 5a2f5c46b4..9e09060f27 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -100,7 +100,8 @@ static void sync_child(char *name, int nm_type,
return;
}
- if (!cli_negprot(cli)) {
+ status = cli_negprot(cli);
+ if (!NT_STATUS_IS_OK(status)) {
cli_shutdown(cli);
return;
}
diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index c98d11426d..261d8fd670 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -821,10 +821,33 @@ void release_level_2_oplocks_on_change(files_struct *fsp)
share_mode_entry_to_message(msg, share_entry);
- messaging_send_buf(smbd_messaging_context(), share_entry->pid,
- MSG_SMB_ASYNC_LEVEL2_BREAK,
- (uint8 *)msg,
- MSG_SMB_SHARE_MODE_ENTRY_SIZE);
+ /*
+ * Deal with a race condition when breaking level2
+ * oplocks. Don't send all the messages and release
+ * the lock, this allows someone else to come in and
+ * get a level2 lock before any of the messages are
+ * processed, and thus miss getting a break message.
+ * Ensure at least one entry (the one we're breaking)
+ * is processed immediately under the lock and becomes
+ * set as NO_OPLOCK to stop any waiter getting a level2.
+ * Bugid #5980.
+ */
+
+ if (procid_is_me(&share_entry->pid)) {
+ DATA_BLOB blob = data_blob_const(msg,
+ MSG_SMB_SHARE_MODE_ENTRY_SIZE);
+ process_oplock_async_level2_break_message(smbd_messaging_context(),
+ NULL,
+ MSG_SMB_ASYNC_LEVEL2_BREAK,
+ share_entry->pid,
+ &blob);
+ } else {
+ messaging_send_buf(smbd_messaging_context(),
+ share_entry->pid,
+ MSG_SMB_ASYNC_LEVEL2_BREAK,
+ (uint8 *)msg,
+ MSG_SMB_SHARE_MODE_ENTRY_SIZE);
+ }
}
/* We let the message receivers handle removing the oplock state
diff --git a/source3/torture/locktest.c b/source3/torture/locktest.c
index 247c9abcc1..1bff95f4f3 100644
--- a/source3/torture/locktest.c
+++ b/source3/torture/locktest.c
@@ -212,8 +212,10 @@ static struct cli_state *connect_one(char *share, int snum)
DEBUG(4,(" session request ok\n"));
- if (!cli_negprot(c)) {
- DEBUG(0,("protocol negotiation failed\n"));
+ status = cli_negprot(c);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("protocol negotiation failed: %s\n",
+ nt_errstr(status)));
cli_shutdown(c);
return NULL;
}
diff --git a/source3/torture/masktest.c b/source3/torture/masktest.c
index 8fea15877f..2c3bda1d43 100644
--- a/source3/torture/masktest.c
+++ b/source3/torture/masktest.c
@@ -212,8 +212,10 @@ static struct cli_state *connect_one(char *share)
DEBUG(4,(" session request ok\n"));
- if (!cli_negprot(c)) {
- DEBUG(0,("protocol negotiation failed\n"));
+ status = cli_negprot(c);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("protocol negotiation failed: %s\n",
+ nt_errstr(status)));
cli_shutdown(c);
return NULL;
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 382b3b65eb..5584c22a8f 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -2346,7 +2346,7 @@ static bool run_negprot_nowait(int dummy)
}
for (i=0;i<50000;i++) {
- cli_negprot_send(cli);
+ cli_negprot_sendsync(cli);
}
if (!torture_close_connection(cli)) {
@@ -4726,6 +4726,7 @@ static bool run_error_map_extract(int dummy) {
static struct cli_state *c_dos;
static struct cli_state *c_nt;
+ NTSTATUS status;
uint32 error;
@@ -4744,8 +4745,11 @@ static bool run_error_map_extract(int dummy) {
c_nt->use_spnego = False;
- if (!cli_negprot(c_nt)) {
- printf("%s rejected the NT-error negprot (%s)\n",host, cli_errstr(c_nt));
+ status = cli_negprot(c_nt);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("%s rejected the NT-error negprot (%s)\n", host,
+ nt_errstr(status));
cli_shutdown(c_nt);
return False;
}
@@ -4765,8 +4769,10 @@ static bool run_error_map_extract(int dummy) {
c_dos->use_spnego = False;
c_dos->force_dos_errors = True;
- if (!cli_negprot(c_dos)) {
- printf("%s rejected the DOS-error negprot (%s)\n",host, cli_errstr(c_dos));
+ status = cli_negprot(c_dos);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("%s rejected the DOS-error negprot (%s)\n", host,
+ nt_errstr(status));
cli_shutdown(c_dos);
return False;
}
@@ -4839,9 +4845,10 @@ static bool run_sesssetup_bench(int dummy)
return false;
}
- if (!cli_negprot(c)) {
+ status = cli_negprot(c);
+ if (!NT_STATUS_IS_OK(status)) {
printf("%s rejected the NT-error negprot (%s)\n", host,
- cli_errstr(c));
+ nt_errstr(status));
cli_shutdown(c);
return false;
}
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index f69d3f9012..5c83b590c1 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -6326,7 +6326,8 @@ bool net_rpc_check(struct net_context *c, unsigned flags)
if (!attempt_netbios_session_request(&cli, global_myname(),
server_name, &server_ss))
goto done;
- if (!cli_negprot(cli))
+ status = cli_negprot(cli);
+ if (!NT_STATUS_IS_OK(status))
goto done;
if (cli->protocol < PROTOCOL_NT1)
goto done;
diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
index f569538fac..8be9ed922c 100644
--- a/source3/utils/net_time.c
+++ b/source3/utils/net_time.c
@@ -51,8 +51,10 @@ static time_t cli_servertime(const char *host, struct sockaddr_storage *pss, int
fprintf(stderr,"Session request failed\n");
goto done;
}
- if (!cli_negprot(cli)) {
- fprintf(stderr,"Protocol negotiation failed\n");
+ status = cli_negprot(cli);
+ if (!NT_STATUS_IS_OK(status)) {
+ fprintf(stderr, "Protocol negotiation failed: %s\n",
+ nt_errstr(status));
goto done;
}
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 5f592fc6b7..3135b6a2a3 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -831,9 +831,10 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
cli_setup_signing_state(*cli, Undefined);
- if (!cli_negprot(*cli)) {
- DEBUG(1, ("cli_negprot failed\n"));
- result = NT_STATUS_UNSUCCESSFUL;
+ result = cli_negprot(*cli);
+
+ if (!NT_STATUS_IS_OK(result)) {
+ DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
goto done;
}
diff --git a/source4/libcli/auth/smbencrypt.c b/source4/libcli/auth/smbencrypt.c
index b902dddb0f..bbb363e0dd 100644
--- a/source4/libcli/auth/smbencrypt.c
+++ b/source4/libcli/auth/smbencrypt.c
@@ -585,7 +585,7 @@ bool extract_pw_from_buffer(TALLOC_CTX *mem_ctx,
*new_pass = data_blob_talloc(mem_ctx, &in_buffer[512 - byte_len], byte_len);
- if (!*new_pass->data) {
+ if (!new_pass->data) {
return false;
}
diff --git a/source4/ntvfs/sysdep/sys_notify.c b/source4/ntvfs/sysdep/sys_notify.c
index a27386bb13..117d16d20a 100644
--- a/source4/ntvfs/sysdep/sys_notify.c
+++ b/source4/ntvfs/sysdep/sys_notify.c
@@ -25,7 +25,7 @@
#include "includes.h"
#include "system/filesys.h"
#include "ntvfs/sysdep/sys_notify.h"
-#include "lib/events/events.h"
+#include "../lib/tevent/tevent.h"
#include "../lib/util/dlinklist.h"
#include "param/param.h"
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index b81f618a48..3711ed7bab 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -830,6 +830,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp,
message("Setting up sam.ldb AD schema")
setup_add_ldif(samdb, setup_path("schema.ldif"),
{"SCHEMADN": names.schemadn})
+ setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
+ {"SCHEMADN": names.schemadn})
message("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
diff --git a/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt
index 324a5bf3f9..743e1d0abe 100644
--- a/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt
+++ b/source4/setup/ad-schema/MS-AD_Schema_Attributes_v20080618.txt
@@ -1654,7 +1654,6 @@ searchFlags: 0
rangeLower: 1
rangeUpper: 512
mapiID: 35943
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Employee-Type
@@ -1669,7 +1668,6 @@ searchFlags: fCOPY
rangeLower: 1
rangeUpper: 256
mapiID: 35945
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Enabled
@@ -1756,7 +1754,6 @@ searchFlags: 0
mapiID: 32935
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-
systemOnly: TRUE
cn: Extended-Class-Info
@@ -2722,8 +2719,6 @@ mapiID: 14857
isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT
-systemFlags: 0
-
cn: Address-Home
ldapDisplayName: homePostalAddress
attributeId: 1.2.840.113556.1.2.617
@@ -2737,7 +2732,6 @@ rangeLower: 1
rangeUpper: 4096
attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
mapiID: 14941
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: host
@@ -2978,8 +2972,6 @@ mapiID: 32959
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-searchFlags: 0
-
cn: IpHostNumber
ldapDisplayName: ipHostNumber
attributeId: 1.3.6.1.1.1.1.19
@@ -6280,7 +6272,7 @@ isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
rangeLower: 0
-schemaIdGuid:: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
+schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
@@ -6294,7 +6286,7 @@ systemOnly: FALSE
searchFlags: 0
rangeLower: 0
rangeUpper: 65535
-schemaIdGuid:: b8c8c35e-4a19-4a95-99d0-69fe4446286f
+schemaIdGuid: b8c8c35e-4a19-4a95-99d0-69fe4446286f
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
@@ -6307,7 +6299,7 @@ isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
rangeLower: 0
-schemaIdGuid:: b05bda89-76af-468a-b892-1be55558ecc8
+schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
@@ -6717,7 +6709,7 @@ omSyntax: 1
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
-schemaIdGuid:: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
+schemaIdGuid: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
systemFlags: FLAG_SCHEMA_BASE_OBJECT
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
@@ -7032,6 +7024,7 @@ schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
cn: ms-DS-Resultant-PSO
ldapDisplayName: msDS-ResultantPSO
+attributeId: 1.2.840.113556.1.4.2022
attributeSyntax: 2.5.5.1
omSyntax: 127
isSingleValued: TRUE
@@ -7494,7 +7487,7 @@ attributeSyntax: 2.5.5.10
omSyntax: 4
isSingleValued: TRUE
rangeUpper: 102400
-schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa-97186a54
+schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54
searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
systemFlags: FLAG_SCHEMA_BASE_OBJECT
@@ -7522,7 +7515,6 @@ systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: ms-FVE-VolumeGuid
ldapDisplayName: msFVE-VolumeGuid
-attributeId: 1.2.840.113556.1.4.1965
attributeId: 1.2.840.113556.1.4.1998
attributeSyntax: 2.5.5.10
omSyntax: 4
@@ -8425,8 +8417,6 @@ rangeUpper: 128
isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
-systemFlags: FLAG_SCHEMA_BASE_OBJECT
-
cn: MSMQ-Version
ldapDisplayName: mSMQVersion
attributeId: 1.2.840.113556.1.4.942
@@ -12196,7 +12186,6 @@ systemOnly: TRUE
searchFlags: 0
linkID: 101
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
-
isSingleValued: TRUE
cn: Repl-Interval
@@ -12224,8 +12213,6 @@ isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
-
cn: Repl-Topology-Stay-Of-Execution
ldapDisplayName: replTopologyStayOfExecution
attributeId: 1.2.840.113556.1.4.677
@@ -12872,7 +12859,6 @@ searchFlags: 0
rangeLower: 1
rangeUpper: 64
mapiID: 33072
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Next-Level-Store
@@ -12929,7 +12915,6 @@ searchFlags: 0
linkID: 95
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-
isSingleValued: TRUE
cn: Server-Role
@@ -12942,7 +12927,6 @@ schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2
systemOnly: FALSE
searchFlags: 0
attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Server-State
@@ -13235,7 +13219,6 @@ attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-
systemOnly: TRUE
cn: Signature-Algorithms
@@ -13339,7 +13322,6 @@ isSingleValued: FALSE
schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9
systemOnly: FALSE
searchFlags: 0
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Surname
@@ -14442,7 +14424,6 @@ rangeUpper: 32768
attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
mapiID: 14960
isMemberOfPartialAttributeSet: TRUE
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: User-Workstations
@@ -14580,8 +14561,6 @@ isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
-
cn: Version-Number
ldapDisplayName: versionNumber
attributeId: 1.2.840.113556.1.4.141
@@ -14708,8 +14687,6 @@ isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-systemFlags: FLAG_SCHEMA_BASE_OBJECT
-
cn: Organization-Name
ldapDisplayName: o
attributeId: 2.5.4.10
@@ -14892,7 +14869,6 @@ mapiID: 32807
isMemberOfPartialAttributeSet: TRUE
systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
-
systemOnly: FALSE
cn: Object-Version
@@ -14971,7 +14947,6 @@ isSingleValued: TRUE
schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1
systemOnly: FALSE
searchFlags: 0
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: OMT-Indx-Guid
@@ -15099,7 +15074,6 @@ isSingleValued: TRUE
schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1
systemOnly: FALSE
searchFlags: 0
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: organizationalStatus
@@ -15244,7 +15218,6 @@ isSingleValued: TRUE
schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1
systemOnly: FALSE
searchFlags: 0
-
systemFlags: FLAG_SCHEMA_BASE_OBJECT
cn: Phone-Office-Other
diff --git a/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt b/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt
index cd784edfc3..e2655d57da 100644
--- a/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt
+++ b/source4/setup/ad-schema/MS-AD_Schema_Classes_v20080618.txt
@@ -277,20 +277,20 @@ subClassOf: top
systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength
systemMayContain: msDS-PSOAppliesTo
systemPossSuperiors: msDS-PasswordSettingsContainer
-schemaIdGuid:: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
+schemaIdGuid: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
systemOnly: FALSE
defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
systemFlags: FLAG_SCHEMA_BASE_OBJECT
-cn: ms-DS-Password-Settings
+cn: ms-DS-Password-Settings-Container
ldapDisplayName: msDS-PasswordSettingsContainer
governsId: 1.2.840.113556.1.5.256
objectClassCategory: 1
rdnAttId: cn
subClassOf: top
systemPossSuperiors: Container
-schemaIdGuid:: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
+schemaIdGuid: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
systemOnly: FALSE
defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,<RootDomainDN>
diff --git a/source4/setup/aggregate_schema.ldif b/source4/setup/aggregate_schema.ldif
new file mode 100644
index 0000000000..2726704719
--- /dev/null
+++ b/source4/setup/aggregate_schema.ldif
@@ -0,0 +1,3 @@
+dn: CN=Aggregate,${SCHEMADN}
+objectClass: top
+objectClass: subSchema
diff --git a/source4/setup/prefixMap.txt b/source4/setup/prefixMap.txt
index 8ba9b9531c..267098000b 100644
--- a/source4/setup/prefixMap.txt
+++ b/source4/setup/prefixMap.txt
@@ -30,5 +30,12 @@
29:1.3.6.1.4.1.250.1
30:1.2.840.113549.1.9
31:0.9.2342.19200300.100.4
-32:1.3.6.1.4.1.7165.4.1
-33:1.3.6.1.4.1.7165.4.2
+32:1.2.840.113556.1.6.23
+33:1.2.840.113556.1.6.18.1
+34:1.2.840.113556.1.6.18.2
+35:1.2.840.113556.1.6.13.3
+36:1.2.840.113556.1.6.13.4
+37:1.3.6.1.1.1.1
+38:1.3.6.1.1.1.2
+39:1.3.6.1.4.1.7165.4.1
+40:1.3.6.1.4.1.7165.4.2
diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif
index 40ef709ac3..56eb7ce0c0 100644
--- a/source4/setup/schema.ldif
+++ b/source4/setup/schema.ldif
@@ -10373,6 +10373,3 @@ systemFlags: 16
defaultHidingValue: TRUE
defaultObjectCategory: CN=Group-Policy-Container,${SCHEMADN}
-dn: CN=Aggregate,${SCHEMADN}
-objectClass: top
-objectClass: subSchema