Andrew Bartlett [Mon, 20 Apr 2009 14:53:02 +0000 (16:53 +0200)]
Merge commit 'origin/master' into libcli-auth-merge-without-netlogond
Andrew Bartlett [Mon, 20 Apr 2009 14:50:49 +0000 (16:50 +0200)]
Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()
Jelmer Vernooij [Mon, 20 Apr 2009 14:22:44 +0000 (16:22 +0200)]
Move syslog check out of m4 library file into configure.in
Jelmer Vernooij [Mon, 20 Apr 2009 13:54:02 +0000 (15:54 +0200)]
Error out at runtime when seteuid/setresuid or setegid/setresgid are not
available. This means it's possible to compile libreplace when these
functions are not available and use it, as long as this particular
function is not used.
Jelmer Vernooij [Mon, 20 Apr 2009 13:47:19 +0000 (15:47 +0200)]
Only define waitpid replacement if wait4 is available. (It isn't on
Windows.)
Jelmer Vernooij [Mon, 20 Apr 2009 13:39:48 +0000 (15:39 +0200)]
Cope with the fact that only _mkdir() exists on Windows and that it
doesn't take a mode argument.
Jelmer Vernooij [Mon, 20 Apr 2009 13:21:39 +0000 (15:21 +0200)]
Move check for syslog out of libreplace to source3/ and source4/.
This should help compiling talloc on Windows.
Volker Lendecke [Fri, 17 Apr 2009 13:08:40 +0000 (15:08 +0200)]
Reproduce a bug with a custom GET_REAL_FILENAME
Stefan Metzmacher [Mon, 20 Apr 2009 13:05:34 +0000 (15:05 +0200)]
s4:selftest: ignore smb2.lease test for now
metze
Jelmer Vernooij [Mon, 20 Apr 2009 13:10:17 +0000 (15:10 +0200)]
Add a unit test for security_descriptor.as_sddl() without arguments.
Jelmer Vernooij [Mon, 20 Apr 2009 13:03:21 +0000 (15:03 +0200)]
Make domain sid argument to as_sddl() optional.
Volker Lendecke [Wed, 15 Apr 2009 11:01:09 +0000 (13:01 +0200)]
Do not use the file system GET_REAL_FILENAME for mangled names
Andrew Bartlett [Mon, 20 Apr 2009 11:55:04 +0000 (13:55 +0200)]
libcli/auth Ensure we cancel the transaction when schannel not detected
(found by jra on code review)
Andrew Bartlett
Jeremy Allison [Mon, 20 Apr 2009 11:25:26 +0000 (04:25 -0700)]
Ensure we have all the definitions needed in both threaded and non-threaded versions.
Jeremy.
Jeremy Allison [Mon, 20 Apr 2009 11:05:12 +0000 (04:05 -0700)]
Fix warning in use of talloc_set_name.
Jeremy.
Jeremy Allison [Mon, 20 Apr 2009 11:00:06 +0000 (04:00 -0700)]
Attempt to fix build farm on platforms where pthread_once_t is a struct.
Jeremy.
Jeremy Allison [Mon, 20 Apr 2009 10:04:42 +0000 (03:04 -0700)]
Fix the pthread_once initialization issue. Make talloc_stackframe use
this.
Jeremy.
Andrew Bartlett [Mon, 20 Apr 2009 09:55:49 +0000 (11:55 +0200)]
s3:ntlmssp Remove use of talloc(NULL) in NTLMSSP code
Jelmer Vernooij [Mon, 20 Apr 2009 09:11:25 +0000 (11:11 +0200)]
Fix the valid NetBIOS name tests.
Andrew Bartlett [Mon, 20 Apr 2009 08:54:57 +0000 (10:54 +0200)]
libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key
This ensures that a talloc_free() of both pointers won't double-free
(sharing pointers like this is evil anyway).
Andrew Bartlett
Volker Lendecke [Sun, 19 Apr 2009 20:58:09 +0000 (22:58 +0200)]
Convert the domain handles to type-safe policy handles
Günther Deschner [Fri, 17 Apr 2009 22:58:12 +0000 (00:58 +0200)]
s3-printing: use ARRAY_SIZE() macro in forms functions.
Guenther
Günther Deschner [Sun, 19 Apr 2009 22:57:53 +0000 (00:57 +0200)]
s3-printing: use sec_initial_uid() instead "0" in print_access_check().
Another babystep in order to make us pass RPC-SPOOLSS.
Guenther
Günther Deschner [Mon, 13 Apr 2009 21:56:59 +0000 (23:56 +0200)]
s4-smbtorture: test all levels in test_GetJob().
Guenther
Volker Lendecke [Sun, 19 Apr 2009 20:01:16 +0000 (22:01 +0200)]
Make force_flush_samr_cache use a dom_sid to find what to flush
Andrew Bartlett [Sun, 19 Apr 2009 19:50:46 +0000 (21:50 +0200)]
Remove unused headers
Andrew Bartlett [Sun, 19 Apr 2009 19:50:13 +0000 (21:50 +0200)]
s3:auth Fix segfault: Always initialise returned session keys
Andrew Bartlett [Sun, 19 Apr 2009 19:19:48 +0000 (05:19 +1000)]
s3:ntlmssp Fix segfault: msrpc_gen now uses talloc()
Volker Lendecke [Sat, 18 Apr 2009 20:23:02 +0000 (22:23 +0200)]
Remove flag "builtin_domain" from disp_info
Volker Lendecke [Sat, 18 Apr 2009 14:58:24 +0000 (16:58 +0200)]
Remove flag "builtin_domain" from samr_info
Volker Lendecke [Sat, 18 Apr 2009 14:54:13 +0000 (16:54 +0200)]
Make get_samr_info_by_sid use recent coding conventions
Volker Lendecke [Sat, 18 Apr 2009 14:46:53 +0000 (16:46 +0200)]
Add "uint32_t access_granted" to policy handles
All policy handles have a mask of allowed operations attached that were
calculated at creation time, so they should carry this mask. This is the basis
for consolidating all our policy handle access checks.
If you want to do your own more complicated access checks further down, just
pass "0" to policy_handle_find.
Volker Lendecke [Sat, 18 Apr 2009 14:10:57 +0000 (16:10 +0200)]
Make "struct policy" private to srv_lsa_hnd.c
Volker Lendecke [Sat, 18 Apr 2009 11:38:22 +0000 (13:38 +0200)]
Convert the samr connect_handles to type-safe calls
Volker Lendecke [Sat, 18 Apr 2009 11:31:20 +0000 (13:31 +0200)]
Add type-safe policy_handle_create/find
Volker Lendecke [Sat, 18 Apr 2009 11:30:38 +0000 (13:30 +0200)]
Add some const
Günther Deschner [Fri, 17 Apr 2009 21:18:24 +0000 (23:18 +0200)]
s3-spoolss: remove some direct checks for 0 uid in AddForm,SetForm,DelForm.
Also add some become_root()/unbecome_root() pairs which were missing IMHO.
Guenther
Stefan Metzmacher [Fri, 3 Apr 2009 10:21:17 +0000 (12:21 +0200)]
s3:docs: document the --request-timeout option of net
metze
Stefan Metzmacher [Thu, 26 Mar 2009 19:32:55 +0000 (20:32 +0100)]
s3:net: add --request-timeout option
metze
Stefan Metzmacher [Thu, 26 Mar 2009 19:29:24 +0000 (20:29 +0100)]
s3:net_rpc: don't shutdown a cli_state passed from the caller
This fixes a crash bug if we timeout in net rpc trustdom list.
metze
Günther Deschner [Mon, 13 Apr 2009 22:01:21 +0000 (00:01 +0200)]
s3-selftest: enable RPC-SPOOLSS.
Guenther
Günther Deschner [Fri, 17 Apr 2009 15:21:19 +0000 (17:21 +0200)]
s4-smbtorture: Skip Job pause and resume on paused printers for Samba 3 for now.
Guenther
Günther Deschner [Mon, 13 Apr 2009 22:01:03 +0000 (00:01 +0200)]
s3-spoolss: add support for _spoolss_EnumPrinterDrivers() level 6.
Guenther
Günther Deschner [Mon, 13 Apr 2009 22:00:37 +0000 (00:00 +0200)]
s3-spoolss: add support for _spoolss_EnumPrinterDrivers() level 5.
Guenther
Günther Deschner [Mon, 13 Apr 2009 21:58:59 +0000 (23:58 +0200)]
s3-spoolss: add support for _spoolss_EnumPrinterDrivers() level 4.
Guenther
Günther Deschner [Fri, 17 Apr 2009 15:19:38 +0000 (17:19 +0200)]
s4-smbtorture: rework test_EnumPrinterDrivers() a little to succeed with s3.
Yes, I feel dirty for this but promise to come back and fix appropriately.
Guenther
Günther Deschner [Fri, 17 Apr 2009 15:14:20 +0000 (17:14 +0200)]
s4-smbtorture: Fix RPC-SPOOLSS-WIN for printers with a lot of jobs in the queue.
Guenther
Michael Adam [Fri, 17 Apr 2009 13:53:38 +0000 (15:53 +0200)]
s3: make installmo and uninstallmo scripts executable
Michael
Michael Adam [Fri, 17 Apr 2009 13:29:10 +0000 (15:29 +0200)]
s3: Fix uninstallmo
Michael
Günther Deschner [Fri, 17 Apr 2009 13:13:33 +0000 (15:13 +0200)]
s3-selftest: samba 3 also passes RPC-JOIN so enable it.
Guenther
Michael Adam [Fri, 17 Apr 2009 09:40:17 +0000 (11:40 +0200)]
s3:registry: Prevent creation of keys containing the '/' character.
This creates a broken registry that can only be fixed with
tdbtool, since the '/' sign is used as a key separator after
normalization at a lower level.
This makes e.g. "net conf setparm abc/def comment xyz" fail with
WERR_INVALID_PARAM, which is much more desirable than a broken
registry.tdb.
Michael
Günther Deschner [Fri, 17 Apr 2009 09:21:20 +0000 (11:21 +0200)]
s3-samr: set the builtin_domain bool flag in get_samr_dispinfo_by_sid().
Volker, please check.
Found by torture test RPC-SAMR-PASSWORDS-PWDLASTSET (which we pass with
this fix).
Guenther
Günther Deschner [Fri, 17 Apr 2009 09:14:14 +0000 (11:14 +0200)]
s3-selftest: enable RPC-SAMR-PASSWORDS-PWDLASTSET whilte testing Samba3.
Guenther
Günther Deschner [Fri, 17 Apr 2009 09:04:44 +0000 (11:04 +0200)]
s4-smbtorture: disable CreateUser2 tests when running RPC-SAMR-PASSWORDS-PWDLAST
against Samba3.
Samba 3 does not (yet) get all the ACB_flag settings right upon creation.
Guenther
Jim McDonough [Fri, 17 Apr 2009 07:28:01 +0000 (09:28 +0200)]
Merge branch 'master' of /home/jmcd/samba/git.samba.org/samba-master into mymaster
Günther Deschner [Thu, 16 Apr 2009 23:30:54 +0000 (01:30 +0200)]
s3-docs: fix typo in smb.conf.5.
Guenther
Günther Deschner [Thu, 16 Apr 2009 23:30:16 +0000 (01:30 +0200)]
s3-selftest: enable RPC-LSA-LOOKUPSIDS against samba 3.
Guenther
Günther Deschner [Thu, 16 Apr 2009 23:28:41 +0000 (01:28 +0200)]
s4-smbtorture: add LSA-LOOKUPSIDS to verify bug #6263.
Guenther
Günther Deschner [Thu, 16 Apr 2009 23:26:40 +0000 (01:26 +0200)]
s4-smbtorture: Fix crash in RPC-LSA-LOOKUP
Guenther
Günther Deschner [Thu, 16 Apr 2009 11:03:35 +0000 (13:03 +0200)]
s3-docs: document warn_pwd_expire pam_winbind option in manpage.
Andreas, please check.
Guenther
Jeremy Allison [Thu, 16 Apr 2009 23:21:31 +0000 (16:21 -0700)]
Add torture tester to ensure we don't regress the ulogoff bug.
Jeremy.
Jeremy Allison [Thu, 16 Apr 2009 23:19:10 +0000 (16:19 -0700)]
Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause smbd to
access a freed structure.
Jeremy.
Jeremy Allison [Thu, 16 Apr 2009 22:15:10 +0000 (15:15 -0700)]
When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid.
Jeremy.
Jeremy Allison [Thu, 16 Apr 2009 19:09:16 +0000 (12:09 -0700)]
Fix IDL licensing file that got missed when IDL files were moved.
Jeremy.
Jim McDonough [Thu, 16 Apr 2009 15:14:29 +0000 (17:14 +0200)]
Don't look up local user for remote changes, even when root.
Volker Lendecke [Tue, 14 Apr 2009 18:39:14 +0000 (20:39 +0200)]
Add notify_onelevel.tdb
This optimizes non-recursive notifys. For non-recursive notifies we can use a
per-directory file-id indexed notify record. This matters for the Windows
Explorer and IIS cases which do not use recursive notifies. In these cases, we
do not have to shuffle around the whole notify record on every change.
For the cluster case, this improves correctness of the notifies, ctdb only
distributes the tdb seqnum once a second, so we can lose notifies.
Volker Lendecke [Tue, 14 Apr 2009 12:56:35 +0000 (14:56 +0200)]
Rename notify_context->db to db_recursive
Martin Schwenke [Thu, 16 Apr 2009 00:25:29 +0000 (10:25 +1000)]
In net_conf_import, start a transaction when importing a single share.
Commit
d69c3db9d44ad5d9fd1f5d7a9499f3bd79ecfb47 caused the transaction
start to be conditional but the commit is still unconditional, so an
error occurs when importing a single share.
An alternate fix would be to return the transaction start to be
unconditional but then it would occur before other error checking.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 16 Apr 2009 05:51:01 +0000 (07:51 +0200)]
tsocket: fix the build without ipv6 support
metze
Andrew Bartlett [Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)]
Fix crash bug in NTLMSSP caused by msrpc_parse() moving to talloc
Andrew Bartlett [Thu, 16 Apr 2009 02:06:35 +0000 (12:06 +1000)]
Use an absolute path to ensure that we can always regenerate tables.c
I had trouble building Samba3 in a merged build, perhaps because I was
also building Samba4 in that tree.
Andrew Bartlett
Andrew Bartlett [Thu, 16 Apr 2009 00:17:57 +0000 (10:17 +1000)]
Fix building the now common msrpc_parse code
Andrew Bartlett [Thu, 16 Apr 2009 00:17:34 +0000 (10:17 +1000)]
Fix building the common libcli/samsync code
Andrew Bartlett [Thu, 16 Apr 2009 00:17:17 +0000 (10:17 +1000)]
Fix Samba4 build errors with common libcli/samsync
Günther Deschner [Wed, 15 Apr 2009 23:42:35 +0000 (01:42 +0200)]
s3-lsa: Fix Bug #6263. Unexpected LookupSids reply crashes XP pre-SP3.
LookupSids needs to bounce back string sids in case of NT_STATUS_NONE_MAPPED.
Guenther
(cherry picked from commit
1c9266c8caa59e287b993393b6050732a0b33547)
Jeremy Allison [Wed, 15 Apr 2009 22:40:00 +0000 (15:40 -0700)]
Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
Günther Deschner [Wed, 15 Apr 2009 20:47:15 +0000 (22:47 +0200)]
s4-smbtorture: Fix crash bugs in RPC-SAMR_ACCESSMASK.
Also disable security descriptor based tests while testing samba3.
Guenther
Günther Deschner [Wed, 15 Apr 2009 15:07:48 +0000 (17:07 +0200)]
s3-examples: make sure to match correct key name in adssearch.
Guenther
Günther Deschner [Tue, 14 Apr 2009 21:30:13 +0000 (23:30 +0200)]
s4-smbtorture: define TORTURE_DEFAULT_SERVICE and set to netlogon.
Guenther
Andrew Bartlett [Wed, 15 Apr 2009 04:36:13 +0000 (14:36 +1000)]
Merge branch 'master' of ssh://git.samba.org/data/git/samba into libcli-auth-merge-without-netlogond
Andrew Bartlett [Wed, 15 Apr 2009 04:23:33 +0000 (14:23 +1000)]
Add missing header, remove generated header
(This isn't a rename, honest :-)
Andrew Bartlett [Wed, 15 Apr 2009 04:00:24 +0000 (14:00 +1000)]
common:libcli/auth Add missing samsync config.mk
Matthias Dieter Wallnöfer [Tue, 14 Apr 2009 00:08:42 +0000 (10:08 +1000)]
Enable software rollout through AD
This enables the sofware rollout feature in Samba4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Tue, 14 Apr 2009 22:19:39 +0000 (15:19 -0700)]
Ensure a tls key is only generated once - wrap create & destroy in a mutex.
Change the function names to add _once to the tls_create & tls_destroy to
make this obvious.
Jeremy.
Günther Deschner [Tue, 14 Apr 2009 21:19:25 +0000 (23:19 +0200)]
s3-spoolss: Fix format of description string in spoolss_PrinterInfo1.
This is what windows does and should get us closer to show the appropriate
printer location string in explorer.
Guenther
Günther Deschner [Tue, 14 Apr 2009 20:39:36 +0000 (22:39 +0200)]
netdomjoin-gui: make sure to grey out change fields when not running as root.
Guenther
Jeremy Allison [Tue, 14 Apr 2009 20:02:29 +0000 (13:02 -0700)]
Try and fix the S4 build - include thread includes.
Jeremy.
Jeremy Allison [Tue, 14 Apr 2009 19:23:22 +0000 (12:23 -0700)]
Make talloc_stack threadsafe using TLS. Volker please
check. Passes make test and basic valgrind testing.
Jeremy.
Günther Deschner [Tue, 14 Apr 2009 14:27:05 +0000 (16:27 +0200)]
libwbclient: Fix undocumented arguments doxygen warnings.
Guenther
(cherry picked from commit
f2b3fbf0c04a6f9484853da263174a472eb6bb6d)
Günther Deschner [Tue, 14 Apr 2009 12:55:24 +0000 (14:55 +0200)]
s3-nsswitch: fix make test_wbpad.
Guenther
Stefan Metzmacher [Tue, 14 Apr 2009 10:45:48 +0000 (12:45 +0200)]
socket_wrapper: fix the build on systems without ipv6 support
metze
Günther Deschner [Tue, 14 Apr 2009 10:10:22 +0000 (12:10 +0200)]
s4-smbtorture: make sure samba3 does not regress in EnumServicesStatusW call.
Guenther
Günther Deschner [Tue, 14 Apr 2009 10:08:55 +0000 (12:08 +0200)]
s3-svcctl: fix memcpy in _svcctl_EnumServicesStatusW().
Make sure we are not copying more than what we have as valid data.
Fix from Jeremy. Thanks a lot for watching this so closely!
Guenther
Günther Deschner [Tue, 14 Apr 2009 10:00:39 +0000 (12:00 +0200)]
s3-spoolss: remove unused dup_nt_devicemode().
Guenther
Günther Deschner [Mon, 13 Apr 2009 23:08:23 +0000 (01:08 +0200)]
s4-smbtorture: print SPOOLSS_JOB_CONTROL flags in RPC-SPOOLSS test.
Guenther
Andrew Bartlett [Tue, 14 Apr 2009 09:33:04 +0000 (19:33 +1000)]
s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIs
Andrew Bartlett [Thu, 9 Apr 2009 04:26:04 +0000 (14:26 +1000)]
Rework to use new API for common netlogon credential chaining
Andrew Bartlett [Thu, 9 Apr 2009 04:25:50 +0000 (14:25 +1000)]
Link in the common samsync decryption code
Andrew Bartlett [Thu, 9 Apr 2009 04:22:04 +0000 (14:22 +1000)]
libcli/auth Push schannel check into common libcli/auth
This means we have a single choke point to ensure the remote client is
using schannel.
Andrew Bartlett
Andrew Bartlett [Mon, 6 Apr 2009 12:56:13 +0000 (22:56 +1000)]
Make Samba3 use the new common libcli/auth code
This is particuarly in the netlogon client (but not server at this
stage)