Christian Ambach [Fri, 15 Jul 2011 14:14:33 +0000 (16:14 +0200)]
s3:afs make path argument to afs_syscall const
Christian Ambach [Fri, 15 Jul 2011 14:12:46 +0000 (16:12 +0200)]
s3:modules/vfs_afsacl fix a compiler warning
Christian Ambach [Fri, 15 Jul 2011 13:58:40 +0000 (15:58 +0200)]
s3:modules/vfs_afsacl use stdbool types
Christian Ambach [Fri, 15 Jul 2011 13:57:26 +0000 (15:57 +0200)]
s3:modules/vfs_afsacl remove some unnecessary whitespace
Christian Ambach [Fri, 15 Jul 2011 13:54:25 +0000 (15:54 +0200)]
s3:lib/afs fix the build with --with-vfs-afsacl
This fixes the second piece of Bug #8263
Christian Ambach [Fri, 15 Jul 2011 13:35:18 +0000 (15:35 +0200)]
s3:lib/afs use stdbool types
Christian Ambach [Fri, 15 Jul 2011 13:44:36 +0000 (15:44 +0200)]
s3:utils/net_afs fix compiler warnings
Christian Ambach [Fri, 15 Jul 2011 13:34:29 +0000 (15:34 +0200)]
s3:lib/afs_settoken fix some compiler warnings
Christian Ambach [Fri, 15 Jul 2011 13:30:14 +0000 (15:30 +0200)]
s3:lib/afs fix some compiler warnings
Christian Ambach [Fri, 15 Jul 2011 13:27:07 +0000 (15:27 +0200)]
s3:lib/afs fix the build with --with-fake-kaserver
This fixes one piece of Bug #8263
Björn Baumbach [Wed, 20 Jul 2011 11:02:22 +0000 (13:02 +0200)]
selftest: use "state directory" and "cache directory" options
instead of "state dir" and "cache dir"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jul 21 10:06:32 CEST 2011 on sn-devel-104
Björn Baumbach [Wed, 20 Jul 2011 10:56:22 +0000 (12:56 +0200)]
s4-param: use "state directory" and "cache directory" options
instead of "state dir" and "cache dir" in order be compatible
with the source3 code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Tridgell [Thu, 21 Jul 2011 00:29:21 +0000 (10:29 +1000)]
samba-tool: make sure we exit with an error on a bad command
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Jul 21 04:58:01 CEST 2011 on sn-devel-104
Andrew Tridgell [Tue, 19 Jul 2011 02:57:59 +0000 (12:57 +1000)]
dbcheck: mark the dbcheck as known-fail
this will fail till we correctly update backlinks to deleted objects
Andrew Tridgell [Tue, 19 Jul 2011 02:54:37 +0000 (12:54 +1000)]
samba-tool: fixed some more calls to samba_tool join to be 'domain join'
Andrew Tridgell [Thu, 14 Jul 2011 04:03:53 +0000 (14:03 +1000)]
s4-selftest: added undump.sh script
used to unpack a dumped set of provision files for selftest
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 04:03:15 +0000 (14:03 +1000)]
tdb: remove 'EOF' print from tdbrestore
the EOF message is pointless, and makes for noisy scripts
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 04:02:38 +0000 (14:02 +1000)]
dbcheck: use string DN in delete when fixing broken strings DNs
this prevents the extended_dn_in module from 'fixing' the DN for us
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 03:35:14 +0000 (13:35 +1000)]
s4-provision: run dbcheck on a minimal set of objects in provision
this speeds up the dbcheck in provision to fix only the objects that
we know will need fixing
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 03:18:48 +0000 (13:18 +1000)]
s4-kcc: use dsdb_delete() instead of ldb_delete()
this adds the DSDB_SEARCH_SHOW_DELETED flag, which fixes deletion of
deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 03:18:17 +0000 (13:18 +1000)]
s4-dsdb: added dsdb_delete() function
this gives us a delete function that takes the standard set of dsdb
flags
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 14 Jul 2011 03:17:49 +0000 (13:17 +1000)]
pyldb: use dn.is_child_of() instead of dn.compare_base()
the compare_base() C API doesn't really fit well in python, as it
returns 0 for true. Better to have a boolean function for the python
interface.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Matthieu Patou [Sat, 11 Jun 2011 20:40:31 +0000 (00:40 +0400)]
samba_backup: check that directory really exists
Matthieu Patou [Wed, 8 Jun 2011 21:01:25 +0000 (01:01 +0400)]
tests: Add alpha13 dumped provision
Matthieu Patou [Wed, 8 Jun 2011 08:20:32 +0000 (12:20 +0400)]
s4-dsdb: Use controls provided during the request while searching for object to delete
If the parent request specify the show_deleted control we must use it in
order to be able to see the deleted objects.
Also we just allow to trusted connections with the system account to
remove deleted objects, others receive an unwilling to perform.
Matthieu Patou [Sat, 4 Jun 2011 20:42:35 +0000 (00:42 +0400)]
s4-dsdb: check group membership only for non deleted objects
Group membership has been already removed on deleted objects so there is
no mean doing something on this kind of object.
Andrew Tridgell [Wed, 20 Jul 2011 05:31:42 +0000 (15:31 +1000)]
s4-dsdb: change the samba3sam test to add the show_deleted module
this is needed now that the samldb module adds the show deleted
control
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Matthieu Patou [Sat, 11 Jun 2011 14:31:28 +0000 (18:31 +0400)]
pyldb: add unit test for ldbDn.compare_base
Matthieu Patou [Mon, 23 May 2011 21:30:15 +0000 (01:30 +0400)]
ldb-python: add a function to Dn object to compare the Dn with a base DN
Matthieu Patou [Sun, 22 May 2011 19:41:56 +0000 (23:41 +0400)]
update/add my copyright
Matthieu Patou [Fri, 13 May 2011 09:31:13 +0000 (13:31 +0400)]
s4-dsdb: In rootdse add extended dn info on all values for a given attribute
And not only on the fist value as it was the case up to this changeset.
Matthieu Patou [Fri, 13 May 2011 20:26:26 +0000 (00:26 +0400)]
s4-dsdb: add dsdb_module_extended function similar to other dsdb_module_* functions
Matthieu Patou [Tue, 3 May 2011 16:38:13 +0000 (20:38 +0400)]
s4-schema: add systemFlags to dsdb classes objects
Andrew Tridgell [Wed, 13 Jul 2011 09:37:42 +0000 (19:37 +1000)]
s4-test: don't fix broken objects during dbcheck test
this leaves the database as-is, which makes it easier to examine the
problem
Andrew Tridgell [Wed, 13 Jul 2011 07:26:59 +0000 (17:26 +1000)]
dbcheck: test the --reindex option
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 13 Jul 2011 00:50:24 +0000 (10:50 +1000)]
s4-test: added dbcheck run to test suite
This should catch corruption that happens during a test run
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 19 Jul 2011 01:39:52 +0000 (11:39 +1000)]
samba-tool: nicer error in passwordsettings with no settings
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 19 Jul 2011 01:19:59 +0000 (11:19 +1000)]
samba-tool: testparm doesn't take any credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 19 Jul 2011 01:03:44 +0000 (11:03 +1000)]
samba-tool: use 'exportkeytab' instead of 'dumpkeys'
a 'keytab' is a particular format known to administrators, whereas
'keys' is a bit too vague
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 22:34:45 +0000 (18:34 -0400)]
samba-tool: Fix __doc_ in base classes
Changed prog to samba-tool as prog is only meaningful in Parser
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 21:46:02 +0000 (17:46 -0400)]
samba-tool: removed synopsis code in base class
As it is not always possible to determine the usage of a command solely based on the list of required and optional args, it is best
to have the subclasses always define it, rather than displaying an incorrect usage statement. Currently, all commands are subclassing the synopsis.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 20:48:03 +0000 (16:48 -0400)]
samba-tool: Fixed bugs to determine min and max # of allowed arguments
Fixed the bugs in the code to determine both the min and the max # of allowed arguments
Changed the argument suffix convention from "*" to "+" to represent one or more arguments as:
1. It follows the Regular expression convention ("*" means 0 or more)
2. It is what was missing in terms of functionality
NB Currently, no command is using the "*/+", but it is a good thing to have to help out the validation of the args if/when in the future
we have such need
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 19:45:39 +0000 (15:45 -0400)]
samba-tool: Improved --help functionality
Added a new --help msg
Return an error when no subcommand is specified
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 15:50:48 +0000 (11:50 -0400)]
samba-tool: fixed __doc__ in base classes
Replaced the "net" word with %prog in all instances
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 15:30:23 +0000 (11:30 -0400)]
samba-tool: Fix error handling in SuperCommand class
Created show_command_error method to handle errors in SuperCommand
Removed statement in SuperCommand to raise exception
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 18 Jul 2011 14:03:16 +0000 (10:03 -0400)]
samba-tool: improved Option list for all user commands
Added metavar values for -H and added some default values for other options
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 19:23:36 +0000 (15:23 -0400)]
samba-tool: added error handling for the user command
Caught exception whenever possible, added new check for newpassword to make sure it contains some chars
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 18:20:03 +0000 (14:20 -0400)]
samba-tool: fixed drs commands synopsis
Added [options] as needed
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Thu, 21 Jul 2011 00:29:40 +0000 (10:29 +1000)]
samba-tool: fixed samba-tool user syntax
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 17:58:00 +0000 (13:58 -0400)]
samba-tool: fixed synopsis on user commands
Fixed all synopsis to contain [options], filter, and username
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 17:46:27 +0000 (13:46 -0400)]
samba-tool: fixed synopsis on all "user" commands
Added [options] where needed, fixed others where filter or username was needed, renamed name to username
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 16:07:03 +0000 (12:07 -0400)]
samba-tool: moved takes_optiongroups definition to Command base class
The option groups should be defined at the Command base class level as they are in common across all samba-tool commands.
Major move advantages:
1. more OOP approach
2. enforcing consistency across commands
3. avoiding the need of declaring for every new command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 13:47:51 +0000 (09:47 -0400)]
samba-tool: removed the assignment to parser.prog
The prog should only be set if we want it to be different than the name of the program that executed it. I think that for better portability we should not set it and let it default to samba-tool.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Wed, 6 Jul 2011 18:13:39 +0000 (14:13 -0400)]
samba-tool: fixed prog name in samba-tool
Changed the prog name from net to samba-tool so that the usage statement is now correct
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:14:16 +0000 (15:14 -0400)]
samba-tool: update vampire.py message
The update was necessary to reflect the move from join to domain join as part of the object-action work
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:09:04 +0000 (15:09 -0400)]
samba-tool: removed join as it has been replaced by domain join
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:06:41 +0000 (15:06 -0400)]
samba-tool: moved join to domain join
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:29:09 +0000 (12:29 -0400)]
samba-tool: updated test suite for the new domain dumpkeys option
The test suite has been changed to reflect the move from export to "domain dumpkeys" to reflect the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:22:39 +0000 (12:22 -0400)]
samba-tool: removed export as it has been moved to domain dumpkeys
The functionality of export has been moved to domain dumpkeys to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:19:08 +0000 (12:19 -0400)]
samba-tool: moved export to domain dumpkeys
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:53:15 +0000 (11:53 -0400)]
samba-tool: updated test suite to reflect the move from domainlevel to domain level
The test suite needs to reflect the change from domailevel to "domain level" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:48:13 +0000 (11:48 -0400)]
samba-tool: removed domainlevel as it has been moved to domain level
The functionality of domainlevel has been moved the "domain level" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:41:39 +0000 (11:41 -0400)]
samba-tool: moved domainlevel to domain level
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 21:06:35 +0000 (17:06 -0400)]
samba-tool: removed machinepw as it has been moved to domain machinepassword
The functionality of machinepwd has been moved to "domain machinepassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 21:04:10 +0000 (17:04 -0400)]
samba-tool: moved machinepw to domain machinepassword
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:49:43 +0000 (16:49 -0400)]
samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:37:26 +0000 (16:37 -0400)]
samba-tool: removed pwsettings
pwsettings functionality has been moved to user passwordsettings to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:32:22 +0000 (16:32 -0400)]
samba-tool: created domain object, moved pwsettings to user passwordsettings
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 18:31:34 +0000 (14:31 -0400)]
samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 17:07:30 +0000 (13:07 -0400)]
samba-tool: removed setpassword.py
The functionality in setppasword has now been moved to "user setpassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 16:59:41 +0000 (12:59 -0400)]
samba-tool: added setpassword to user
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Wed, 15 Jun 2011 22:41:02 +0000 (18:41 -0400)]
samba-tool: fix summary of the fsmo command to be clearer
fsmo command is for general FSMO management
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 14:15:52 +0000 (16:15 +0200)]
s3-torture: run_simple_posix_open_test(): replace cli_read_old() with
cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 23:22:09 CEST 2011 on sn-devel-104
Björn Baumbach [Tue, 19 Jul 2011 14:01:42 +0000 (16:01 +0200)]
s3-torture: rw_torture2(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 13:49:03 +0000 (15:49 +0200)]
s3-torture: rw_torture3(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 13:29:14 +0000 (15:29 +0200)]
s3-torture: rw_torture(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 09:11:27 +0000 (11:11 +0200)]
s3-libsmb: introduce new NTSTATUS cli_read()
Replacement for cli_read_old()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 08:48:16 +0000 (10:48 +0200)]
s3-libsmb: replace cli_read() with cli_read_old()
Will introduce new cli_read() function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 19 Jul 2011 14:25:52 +0000 (16:25 +0200)]
s3:libsmb: move cli->cnum to cli->smb1.tid and hide it behind cli_state_[g|s]et_tid()
metze
Stefan Metzmacher [Tue, 19 Jul 2011 10:56:51 +0000 (12:56 +0200)]
s3:libsmb: move cli->pid to cli->smb1.pid and hide it behind cli_[g|s]etpid()
metze
Stefan Metzmacher [Tue, 19 Jul 2011 10:52:10 +0000 (12:52 +0200)]
s3:libsmb: add cli->smb1.vc_num and hide it behind cli_state_get_vc_num()
This makes it clearer, why we send the pid value in the session setup.
metze
Stefan Metzmacher [Tue, 19 Jul 2011 09:34:35 +0000 (11:34 +0200)]
s3:libsmb: move cli->mid to cli->smb1.mid
metze
Stefan Metzmacher [Tue, 19 Jul 2011 14:02:31 +0000 (16:02 +0200)]
s3:libsmb: smb_bytes_talloc_string() doesn't need a cli_state
metze
Stefan Metzmacher [Wed, 20 Jul 2011 08:22:10 +0000 (10:22 +0200)]
s4:kdc: restore the behavior before the last heimdal import
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
Andrew Bartlett [Wed, 20 Jul 2011 02:06:30 +0000 (12:06 +1000)]
s3-gse Work around the MIT 1.9 gss_krb5_import_cred
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error. When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
Andrew Bartlett [Wed, 20 Jul 2011 02:04:45 +0000 (12:04 +1000)]
s3-gse Allow printing the partial error string
We may not be able to obtain the full error string, so print what we can get.
This is required when the error is the the GSSAPI layer, not the mechanism.
Andrew Bartlett
Andrew Bartlett [Wed, 20 Jul 2011 01:40:02 +0000 (11:40 +1000)]
s3-auth fix dummy function in the not-with-kerberos case
Andrew Bartlett [Tue, 19 Jul 2011 10:15:45 +0000 (20:15 +1000)]
s3-auth Replace False with false in auth_util.c
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 02:31:15 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 19 Jul 2011 10:15:12 +0000 (20:15 +1000)]
s3-auth Replace True with true in auth_util.c
Andrew Bartlett [Tue, 19 Jul 2011 10:11:22 +0000 (20:11 +1000)]
s3-auth Fix spelling
Andrew Bartlett [Tue, 19 Jul 2011 06:05:32 +0000 (16:05 +1000)]
s3-auth Remove pointless destructor in make_server_info
All the callers allocate ->info3 as a talloc child already.
As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago. We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database. (NTLM and LM session keys are fixed
derivitives of the passwords however).
Andrew Bartlett
Andrew Bartlett [Tue, 19 Jul 2011 05:58:20 +0000 (15:58 +1000)]
s3-auth inline make_auth_session_info into only caller
Andrew Bartlett [Tue, 19 Jul 2011 05:50:49 +0000 (15:50 +1000)]
security.idl: Use gid_t for gid in security_unix_token
Andrew Bartlett [Tue, 19 Jul 2011 01:57:05 +0000 (11:57 +1000)]
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 19 Jul 2011 00:51:08 +0000 (10:51 +1000)]
auth: Set NETLOGON_GUEST and use it to determine guest status
These additional measures should help ensure we do not accidentily upgrade
a guest to an authenticated user in the future.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 10:26:26 +0000 (20:26 +1000)]
selftest: Add tests to verify that the named pipe proxy works.
This verifies that for NTLM authenticated connections, named pipe
forwarding works as expected, including the session keys.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 09:56:17 +0000 (19:56 +1000)]
selftest: Pass lsass and epmapper across the named pipe proxy to the AD server
Eventually we will have just one end point mapper, but for now we need
to use the source4 one for the AD tests.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 08:29:47 +0000 (18:29 +1000)]
auth: remove now unused auth3_session_info from auth.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 04:00:14 +0000 (14:00 +1000)]
auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory checking
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 03:55:20 +0000 (13:55 +1000)]
auth: Split out make_user_info_SamBaseInfo and add authenticated argument
This will allow the source3 auth code to call this without needing to
double-parse the SIDs
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>