Stefan Metzmacher [Thu, 6 Dec 2012 13:04:47 +0000 (14:04 +0100)]
s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction
This is a regression test for bug #9470.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 14:56:26 +0000 (15:56 +0100)]
s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute
If the sd_flags control is specified, we should return nTSecurityDescriptor
only if the client asked for all attributes.
If there's a list of only explicit attribute names, we should ignore
the sd_flags control.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 11:36:09 +0000 (12:36 +0100)]
s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470)
Not returning the nTSecurityDescriptor causes a lot of problems.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 6 Dec 2012 11:29:49 +0000 (12:29 +0100)]
s4:dsdb/acl_read: give some variables a better name
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 17:40:25 +0000 (18:40 +0100)]
s4:dsdb/acl_read: fix the calculation of the attribute array for the sub search
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 17:39:29 +0000 (18:39 +0100)]
s4:dsdb/acl_read: check the ldb_attr_list_copy_add() result
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 18:02:10 +0000 (19:02 +0100)]
s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Günther Deschner [Fri, 7 Dec 2012 11:51:10 +0000 (12:51 +0100)]
s4-torture: call the s4u2self tests with arcfour and aes.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
Günther Deschner [Fri, 7 Dec 2012 11:57:18 +0000 (12:57 +0100)]
s4-torture: precalculate expected session keys from samlogon in schannel test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 7 Dec 2012 11:38:16 +0000 (12:38 +0100)]
libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 7 Dec 2012 00:05:00 +0000 (01:05 +0100)]
libcli/auth: remove trailing whitespace.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 14:21:02 +0000 (15:21 +0100)]
s3-auth: remove crypto from serverinfo_to_SamInfoX calls.
All crypto is dealt with within the netlogon samlogon server now.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 13:54:25 +0000 (14:54 +0100)]
s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 6 Dec 2012 13:31:32 +0000 (14:31 +0100)]
s3-auth: session keys in validation level 6 samlogon replies are *not* encrypted.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 18:49:52 +0000 (19:49 +0100)]
s3-rpc_server: support AES for interactive netlogon samlogon password decryption.
Still need to fix AES support for the returned validation info.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:24:24 +0000 (16:24 +0100)]
s4-rpc_server: support AES encryption in interactive and generic samlogon.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 18:52:54 +0000 (19:52 +0100)]
s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().
Sumit, please check.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 17:06:54 +0000 (18:06 +0100)]
s4-torture: validate owf password hash and negotiate AES in forest trust test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 16:59:12 +0000 (17:59 +0100)]
s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:37:02 +0000 (16:37 +0100)]
s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 17:38:01 +0000 (18:38 +0100)]
s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:21:59 +0000 (16:21 +0100)]
s4-torture: exit early when join fails in samba3rpc tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:20:14 +0000 (16:20 +0100)]
s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:23:34 +0000 (16:23 +0100)]
s4-torture: support AES encryption in pac_verify/generic samlogon netlogon tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 5 Dec 2012 15:11:19 +0000 (16:11 +0100)]
s4-torture: use names for r.in.logon_level of netlogon samlogon requests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 4 Dec 2012 22:11:10 +0000 (23:11 +0100)]
s4-torture: remove trailing whitespace in smbtorture remote_pac test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 30 Nov 2012 23:59:44 +0000 (00:59 +0100)]
s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 21:47:40 +0000 (22:47 +0100)]
s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 21:47:19 +0000 (22:47 +0100)]
s4-torture: add AES support for netr_ServerPasswordSet2 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 21:44:33 +0000 (22:44 +0100)]
s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 21:24:37 +0000 (22:24 +0100)]
s4-torture: remove trailing whitespace from netlogon test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 20:35:04 +0000 (21:35 +0100)]
s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 20:34:36 +0000 (21:34 +0100)]
s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 20:30:24 +0000 (21:30 +0100)]
s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 29 Nov 2012 20:23:30 +0000 (21:23 +0100)]
libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Alexander Bokovoy [Sat, 8 Dec 2012 15:57:20 +0000 (17:57 +0200)]
wafsamba: replace try:except: case with explicit comment about FIPS mode
Since exceptions will be caught be outer try:except: pair anyway, mark
the test of MD5 code by the comment that explains why we need to really
test it.
Do it for both hashlib.md5 and md5 modules.
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
Alexander Bokovoy [Fri, 7 Dec 2012 15:36:02 +0000 (17:36 +0200)]
wafsamba: Make sure md5 is really work before using it or overriding the hash function
In FIPS mode importing md5 Python module will not cause any error but calling md5.md5()
function will throw ValueError since md5 is not available.
Make sure md5.md5() actually works and if not, fall back to use hash replacement that
we already have in wafsamba.
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Dec 8 13:30:07 CET 2012 on sn-devel-104
Ricky Nance [Sat, 8 Dec 2012 00:43:16 +0000 (18:43 -0600)]
samba-tool processes: Make the output a bit neater
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
Andreas Schneider [Thu, 6 Dec 2012 13:31:45 +0000 (14:31 +0100)]
winbind: Make the code more readable in trustdom_list_done().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Fri Dec 7 22:38:43 CET 2012 on sn-devel-104
Tsukasa Hamano [Thu, 6 Dec 2012 21:01:33 +0000 (13:01 -0800)]
Fix bug #9471 - SEGV when using second vfs module.
Don't use default_classname_table when we obviously shoud be using
classname_table.
Reviewed by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Dec 7 17:51:50 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 7 Dec 2012 12:56:21 +0000 (12:56 +0000)]
s4:dsdb/descriptor: fix replication of NC heads
The sub NC heads maybe replicated with the parent partition,
if we don't need to recalculate the nTSecurityDescriptor attribute in that
case, the replication of the of the sub partition should handle that.
This fixes error messages like this:
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=s40dom,DC=base not found under DC=s40dom,DC=base
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 12:39:31 +0000 (13:39 +0100)]
s4:dsdb/acl_read: improve debugging for fatal error
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 10:02:49 +0000 (11:02 +0100)]
s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470)
Some modules might not allocate values on the correct memory context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 10:08:14 +0000 (10:08 +0000)]
s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to msg->elements[i].values (bug #9470)
We should keep the talloc hierarchy sane.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Fri, 7 Dec 2012 09:34:58 +0000 (10:34 +0100)]
s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470)
We should always update the ts_last_change.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Thu, 6 Dec 2012 14:51:55 +0000 (15:51 +0100)]
s3: Fix clear_if_first for the async echo handler
A worker smbd is as not long-lived as the main smbd, but as the async
echo handler exits when the worker smbd does, passing "true" here is the
right thing to do and fixes our clear_if_first handling when the async
echo handler is active.
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 23 Nov 2012 10:49:05 +0000 (11:49 +0100)]
s4:dsdb/password_hash: Honor password complexity settings.
Honor password complexity settings when creating new users.
Without this patch, you could set simple passwords although the complexity
settings were enabled. This was an issue with 'samba-tool user add' and also
when adding new users via Windows' "Active Directory Users and Computers"
MMC Snap-In.
The following scenarios were tested successfully after applying the patch:
-'samba-tool user add' against s4
-'samba-tool user add -H' against a Windows DC
-Adding a new user on a s4 DC using Windows' "Active Directory Users and
Computers" MMC Snap-In.
Please note that this bug was caused by a mistake in the documentation.
Fix bug #9414 - 'samba-tool user add' ignores password complexity settings.
Pair-programmed-with: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 6 05:11:43 CET 2012 on sn-devel-104
Andrew Bartlett [Wed, 5 Dec 2012 01:52:22 +0000 (12:52 +1100)]
build: Install .po files for SWAT intl support
Andrew Bartlett [Tue, 4 Dec 2012 23:35:50 +0000 (10:35 +1100)]
scripting: Handle missing LDAP entries in samba-tool domain classicupgrade
Reported-by: Thomas Simmons <twsnnva@gmail.com>
Scott Lovenberg [Tue, 4 Dec 2012 14:15:38 +0000 (09:15 -0500)]
Clean up client timeout definitions [rev. 2]
The definitions for default client timeout values have been moved to client.h. When initializing a client struct we use this value instead of the old hardcoded value. The timeout value remains 20 seconds.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 6 03:25:58 CET 2012 on sn-devel-104
Michael Adam [Tue, 4 Dec 2012 15:26:36 +0000 (16:26 +0100)]
s3:smbd: fix a cut and paste error in a debug message
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 4 Dec 2012 23:47:06 +0000 (15:47 -0800)]
Documentation fixes for bug #9462 - Users can not be given write permissions any more by default
Ensure we don't apply the masks + force modes on security setting
changes, only on create.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 5 Dec 2012 14:04:01 +0000 (15:04 +0100)]
s3:smbd: don't apply create/directory mask and modes in apply_default_perms()
The mask/mode parameters should only apply to a situation with only
pure posix permissions.
Once we are dealing with ACLs and inheritance, we need to do it correctly.
This fixes bug #9462: Users can not be given write permissions any more by default
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Wed, 5 Dec 2012 01:21:29 +0000 (17:21 -0800)]
Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests.
Ensure we check the buffer size correctly.
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
Jelmer Vernooij [Sat, 24 Nov 2012 19:44:23 +0000 (20:44 +0100)]
wsgi: Serve '500 Internal Server Error' page when errors occur.
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Dec 5 18:40:25 CET 2012 on sn-devel-104
Jelmer Vernooij [Sat, 24 Nov 2012 19:44:08 +0000 (20:44 +0100)]
web_server: Make second argument to websrv_output const.
Jelmer Vernooij [Sat, 24 Nov 2012 18:35:33 +0000 (19:35 +0100)]
wsgi: When encountering error in Python code, print traceback to logs.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Tue, 4 Dec 2012 14:03:40 +0000 (15:03 +0100)]
BUG 9459: Install manpages only if we install the target.
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Dec 4 18:07:47 CET 2012 on sn-devel-104
Jeremy Allison [Mon, 3 Dec 2012 23:07:16 +0000 (15:07 -0800)]
Remove unused append_parent_acl().
Get rid of a large chunk of unused code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
Michael Adam [Tue, 4 Dec 2012 01:02:07 +0000 (02:02 +0100)]
s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED
Omission to free the talloc frame causes a panic (at least in developer mode)
in the next main event loop due to "Frame not freed in order."
(Freed frame ../source3/smbd/process.c:3617, expected ../source3/modules/vfs_acl_common.c:534.)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 4 09:03:25 CET 2012 on sn-devel-104
Michael Adam [Mon, 3 Dec 2012 15:52:12 +0000 (16:52 +0100)]
s3:passdb: fix building pdb_ldap as shared module
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 3 19:12:29 CET 2012 on sn-devel-104
Karolin Seeger [Fri, 30 Nov 2012 10:33:04 +0000 (11:33 +0100)]
docs: Merge both samba.8 manpages.
Remove source4/smbd/samba.8.xml and add the additional content to
docs-xml/samba.8.xml to be able to build this manpage with the autoconf build
also.
Karolin
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 3 16:28:32 CET 2012 on sn-devel-104
Karolin Seeger [Fri, 30 Nov 2012 09:39:06 +0000 (10:39 +0100)]
docs: Add samba.8 and samba-tool manpage to waf build.
Karolin
Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Fri, 30 Nov 2012 10:37:33 +0000 (11:37 +0100)]
docs: Update man 7 samba.
Update man 7 samba. Still incomplete, but at least a bit more up to date.
Karolin
Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Fri, 30 Nov 2012 08:43:33 +0000 (09:43 +0100)]
lib/talloc: Move manpage to man/.
Trying to be more consistent.
Karolin
Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Fri, 30 Nov 2012 08:39:22 +0000 (09:39 +0100)]
lib/tdb: Rename manpages/ to man/.
Trying to be more consistent.
Karolin
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:58:38 +0000 (14:58 +0100)]
replace: Remove deprecated getpass() support.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:55:48 +0000 (14:55 +0100)]
ntlm_auth4: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:48:00 +0000 (14:48 +0100)]
cmdline: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:38:14 +0000 (14:38 +0100)]
smbget: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:34:39 +0000 (14:34 +0100)]
util: Use new samba_getpass() function for passwd util.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 13:29:38 +0000 (14:29 +0100)]
ntlm_auth: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 12:17:13 +0000 (13:17 +0100)]
net: Use samba_getpass() function in net util.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Fri, 23 Nov 2012 14:05:51 +0000 (15:05 +0100)]
net: Use new samba_getpass() function for 'net rpc'.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:51:33 +0000 (15:51 +0100)]
net: Use new samba_getpass() function for 'net ads'.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:46:20 +0000 (15:46 +0100)]
torture: Use new samba_getpass() in masktest.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:46:06 +0000 (15:46 +0100)]
torture: Use new samba_getpass() in smbtorture3.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:39:34 +0000 (15:39 +0100)]
torture: Use new samba_getpass() in locktest2.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:34:06 +0000 (15:34 +0100)]
util: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:33:52 +0000 (15:33 +0100)]
smbclient: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:33:10 +0000 (15:33 +0100)]
wbinfo: Use new samba_getpass() function.
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andreas Schneider [Thu, 22 Nov 2012 14:22:40 +0000 (15:22 +0100)]
util: Add a UNIX platform independent samba_getpass().
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Karolin Seeger [Mon, 3 Dec 2012 08:08:47 +0000 (09:08 +0100)]
docs: Fix typo in the howto collection.
Thanks to Hermann Gausterer <git-samba-2012@mrq1.org> for reporting!
Karolin
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Dec 3 12:36:14 CET 2012 on sn-devel-104
Michael Adam [Mon, 3 Dec 2012 01:25:40 +0000 (02:25 +0100)]
s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Dec 3 10:47:17 CET 2012 on sn-devel-104
Michael Adam [Mon, 3 Dec 2012 07:34:43 +0000 (08:34 +0100)]
s3:passdb: don't look into group mappings in legacy_sid_to_unixid()
The backends (tdbsam and ldapsam) do this.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 3 Dec 2012 00:44:49 +0000 (01:44 +0100)]
s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 3 Dec 2012 00:42:38 +0000 (01:42 +0100)]
s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()
instead of sid_check_sid_is_in_our_sam). This allows for builtin sids,
wellknown sids and "Unix User" and "Unix Group" domains.
This broadens up the check moved here in commit
02e25b2a43ae02205a3412f862a1482d24b70aa4.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 3 Dec 2012 00:40:37 +0000 (01:40 +0100)]
s3:passdb: add sid_check_object_is_for_passdb()
Variant of sid_check_is_for_passdb() that only checks for objects
in the various domains, not for the domain sids themselves.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 3 Dec 2012 00:34:32 +0000 (01:34 +0100)]
s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
The special treatment of the "Unix User" and "Unix Group" pseudo domains
can be reused.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 22 Nov 2012 22:12:19 +0000 (23:12 +0100)]
s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam
This code treats the own sam, builtin, wellknown, and sids from the
"Unix User" and "Unix Group" pseudo-domains.
This reverts part of commit
02e25b2a43ae02205a3412f862a1482d24b70aa4.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 30 Nov 2012 15:27:59 +0000 (16:27 +0100)]
s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid()
This is more correct than the original one:
It also hands the wellknown and "Unix Users" and "Unix Groups" sids to passdb
for id mapping.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 30 Nov 2012 15:26:28 +0000 (16:26 +0100)]
build the new sid_check_is_for_passdb() function into passdb
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 30 Nov 2012 11:27:00 +0000 (12:27 +0100)]
s3:lib: add utility function sid_check_is_for_passdb()
This function checks whether the given sid should be treated
by passdb (e.g. for id mapping).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 30 Nov 2012 14:27:15 +0000 (15:27 +0100)]
s3:winbindd: remove unused function idmap_backends_sid_to_unixid()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 27 Nov 2012 11:08:33 +0000 (12:08 +0100)]
s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 27 Nov 2012 21:43:04 +0000 (22:43 +0100)]
s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 15 Oct 2012 14:34:02 +0000 (16:34 +0200)]
s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The autorid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the autorid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 15 Oct 2012 14:32:25 +0000 (16:32 +0200)]
s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
This is to remove problems with the same unix-id being used both
as a uid and a gid.
The rid backend will map a given number to the same SID, no matter whether this
is a uid or a gid. This will prime the idmap cache with mappings.
The sid-to-u/gid mapping, when not going through the cache, instead checks for
the type of the sid and only allows unix ids of the corresponding type.
Hence the rid backend will give different results, depending on whether the
cache is filled or not.
This patch lets the rid backend always create sid->id mappings of type both.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 23 Nov 2012 16:53:39 +0000 (17:53 +0100)]
s3:winbindd: remove unused idmap_sid_to_gid()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 23 Nov 2012 16:53:04 +0000 (17:53 +0100)]
s3:winbindd: remove unused idmap_sid_to_uid()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>