Giampaolo Lauria [Fri, 15 Jul 2011 19:23:36 +0000 (15:23 -0400)]
samba-tool: added error handling for the user command
Caught exception whenever possible, added new check for newpassword to make sure it contains some chars
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 18:20:03 +0000 (14:20 -0400)]
samba-tool: fixed drs commands synopsis
Added [options] as needed
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Tridgell [Thu, 21 Jul 2011 00:29:40 +0000 (10:29 +1000)]
samba-tool: fixed samba-tool user syntax
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 17:58:00 +0000 (13:58 -0400)]
samba-tool: fixed synopsis on user commands
Fixed all synopsis to contain [options], filter, and username
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 17:46:27 +0000 (13:46 -0400)]
samba-tool: fixed synopsis on all "user" commands
Added [options] where needed, fixed others where filter or username was needed, renamed name to username
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 16:07:03 +0000 (12:07 -0400)]
samba-tool: moved takes_optiongroups definition to Command base class
The option groups should be defined at the Command base class level as they are in common across all samba-tool commands.
Major move advantages:
1. more OOP approach
2. enforcing consistency across commands
3. avoiding the need of declaring for every new command
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Fri, 15 Jul 2011 13:47:51 +0000 (09:47 -0400)]
samba-tool: removed the assignment to parser.prog
The prog should only be set if we want it to be different than the name of the program that executed it. I think that for better portability we should not set it and let it default to samba-tool.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Wed, 6 Jul 2011 18:13:39 +0000 (14:13 -0400)]
samba-tool: fixed prog name in samba-tool
Changed the prog name from net to samba-tool so that the usage statement is now correct
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:14:16 +0000 (15:14 -0400)]
samba-tool: update vampire.py message
The update was necessary to reflect the move from join to domain join as part of the object-action work
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:09:04 +0000 (15:09 -0400)]
samba-tool: removed join as it has been replaced by domain join
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 19:06:41 +0000 (15:06 -0400)]
samba-tool: moved join to domain join
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:29:09 +0000 (12:29 -0400)]
samba-tool: updated test suite for the new domain dumpkeys option
The test suite has been changed to reflect the move from export to "domain dumpkeys" to reflect the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:22:39 +0000 (12:22 -0400)]
samba-tool: removed export as it has been moved to domain dumpkeys
The functionality of export has been moved to domain dumpkeys to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 16:19:08 +0000 (12:19 -0400)]
samba-tool: moved export to domain dumpkeys
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:53:15 +0000 (11:53 -0400)]
samba-tool: updated test suite to reflect the move from domainlevel to domain level
The test suite needs to reflect the change from domailevel to "domain level" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:48:13 +0000 (11:48 -0400)]
samba-tool: removed domainlevel as it has been moved to domain level
The functionality of domainlevel has been moved the "domain level" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Tue, 28 Jun 2011 15:41:39 +0000 (11:41 -0400)]
samba-tool: moved domainlevel to domain level
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 21:06:35 +0000 (17:06 -0400)]
samba-tool: removed machinepw as it has been moved to domain machinepassword
The functionality of machinepwd has been moved to "domain machinepassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 21:04:10 +0000 (17:04 -0400)]
samba-tool: moved machinepw to domain machinepassword
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:49:43 +0000 (16:49 -0400)]
samba-tool: update test suite for the new domain object
Changed test suite to reflect the changes from setpassword to "domain setpassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:37:26 +0000 (16:37 -0400)]
samba-tool: removed pwsettings
pwsettings functionality has been moved to user passwordsettings to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 20:32:22 +0000 (16:32 -0400)]
samba-tool: created domain object, moved pwsettings to user passwordsettings
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 18:31:34 +0000 (14:31 -0400)]
samba-tool: update test suite for add setpassword
The test suite needs to change from setpassword to "user setpassword" to reflect the new cmd syntax
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 17:07:30 +0000 (13:07 -0400)]
samba-tool: removed setpassword.py
The functionality in setppasword has now been moved to "user setpassword" to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Mon, 27 Jun 2011 16:59:41 +0000 (12:59 -0400)]
samba-tool: added setpassword to user
This is part of the samba-tool work to fit the object-action model
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Giampaolo Lauria [Wed, 15 Jun 2011 22:41:02 +0000 (18:41 -0400)]
samba-tool: fix summary of the fsmo command to be clearer
fsmo command is for general FSMO management
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 14:15:52 +0000 (16:15 +0200)]
s3-torture: run_simple_posix_open_test(): replace cli_read_old() with
cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 23:22:09 CEST 2011 on sn-devel-104
Björn Baumbach [Tue, 19 Jul 2011 14:01:42 +0000 (16:01 +0200)]
s3-torture: rw_torture2(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 13:49:03 +0000 (15:49 +0200)]
s3-torture: rw_torture3(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 13:29:14 +0000 (15:29 +0200)]
s3-torture: rw_torture(): replace cli_read_old() with cli_read()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 09:11:27 +0000 (11:11 +0200)]
s3-libsmb: introduce new NTSTATUS cli_read()
Replacement for cli_read_old()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Tue, 19 Jul 2011 08:48:16 +0000 (10:48 +0200)]
s3-libsmb: replace cli_read() with cli_read_old()
Will introduce new cli_read() function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 19 Jul 2011 14:25:52 +0000 (16:25 +0200)]
s3:libsmb: move cli->cnum to cli->smb1.tid and hide it behind cli_state_[g|s]et_tid()
metze
Stefan Metzmacher [Tue, 19 Jul 2011 10:56:51 +0000 (12:56 +0200)]
s3:libsmb: move cli->pid to cli->smb1.pid and hide it behind cli_[g|s]etpid()
metze
Stefan Metzmacher [Tue, 19 Jul 2011 10:52:10 +0000 (12:52 +0200)]
s3:libsmb: add cli->smb1.vc_num and hide it behind cli_state_get_vc_num()
This makes it clearer, why we send the pid value in the session setup.
metze
Stefan Metzmacher [Tue, 19 Jul 2011 09:34:35 +0000 (11:34 +0200)]
s3:libsmb: move cli->mid to cli->smb1.mid
metze
Stefan Metzmacher [Tue, 19 Jul 2011 14:02:31 +0000 (16:02 +0200)]
s3:libsmb: smb_bytes_talloc_string() doesn't need a cli_state
metze
Stefan Metzmacher [Wed, 20 Jul 2011 08:22:10 +0000 (10:22 +0200)]
s4:kdc: restore the behavior before the last heimdal import
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
Andrew Bartlett [Wed, 20 Jul 2011 02:06:30 +0000 (12:06 +1000)]
s3-gse Work around the MIT 1.9 gss_krb5_import_cred
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error. When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
Andrew Bartlett [Wed, 20 Jul 2011 02:04:45 +0000 (12:04 +1000)]
s3-gse Allow printing the partial error string
We may not be able to obtain the full error string, so print what we can get.
This is required when the error is the the GSSAPI layer, not the mechanism.
Andrew Bartlett
Andrew Bartlett [Wed, 20 Jul 2011 01:40:02 +0000 (11:40 +1000)]
s3-auth fix dummy function in the not-with-kerberos case
Andrew Bartlett [Tue, 19 Jul 2011 10:15:45 +0000 (20:15 +1000)]
s3-auth Replace False with false in auth_util.c
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 02:31:15 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 19 Jul 2011 10:15:12 +0000 (20:15 +1000)]
s3-auth Replace True with true in auth_util.c
Andrew Bartlett [Tue, 19 Jul 2011 10:11:22 +0000 (20:11 +1000)]
s3-auth Fix spelling
Andrew Bartlett [Tue, 19 Jul 2011 06:05:32 +0000 (16:05 +1000)]
s3-auth Remove pointless destructor in make_server_info
All the callers allocate ->info3 as a talloc child already.
As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago. We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database. (NTLM and LM session keys are fixed
derivitives of the passwords however).
Andrew Bartlett
Andrew Bartlett [Tue, 19 Jul 2011 05:58:20 +0000 (15:58 +1000)]
s3-auth inline make_auth_session_info into only caller
Andrew Bartlett [Tue, 19 Jul 2011 05:50:49 +0000 (15:50 +1000)]
security.idl: Use gid_t for gid in security_unix_token
Andrew Bartlett [Tue, 19 Jul 2011 01:57:05 +0000 (11:57 +1000)]
s3-auth Remove seperate guest boolean
Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 19 Jul 2011 00:51:08 +0000 (10:51 +1000)]
auth: Set NETLOGON_GUEST and use it to determine guest status
These additional measures should help ensure we do not accidentily upgrade
a guest to an authenticated user in the future.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 10:26:26 +0000 (20:26 +1000)]
selftest: Add tests to verify that the named pipe proxy works.
This verifies that for NTLM authenticated connections, named pipe
forwarding works as expected, including the session keys.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 09:56:17 +0000 (19:56 +1000)]
selftest: Pass lsass and epmapper across the named pipe proxy to the AD server
Eventually we will have just one end point mapper, but for now we need
to use the source4 one for the AD tests.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 08:29:47 +0000 (18:29 +1000)]
auth: remove now unused auth3_session_info from auth.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 04:00:14 +0000 (14:00 +1000)]
auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory checking
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 03:55:20 +0000 (13:55 +1000)]
auth: Split out make_user_info_SamBaseInfo and add authenticated argument
This will allow the source3 auth code to call this without needing to
double-parse the SIDs
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 03:10:30 +0000 (13:10 +1000)]
s3-rpc_server remove per-element copies of auth_session_info
This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.
In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 03:06:47 +0000 (13:06 +1000)]
s3-auth Use the common auth_session_info
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 02:58:25 +0000 (12:58 +1000)]
s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 02:23:04 +0000 (12:23 +1000)]
s3-rpc_server read and write the unix_token and unix_info across named_pipe_auth
This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).
If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token(). (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 02:38:05 +0000 (12:38 +1000)]
s3-auth reimplement copy_session_info via NDR pull/push
This ensures we do not miss elements. Pattern copied from auth_netlogond.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 08:04:12 +0000 (18:04 +1000)]
auth: use char * pointers in auth.idl
We need to use this, and not utf8string because we need to
transport NULL pointers correctly.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 02:29:50 +0000 (12:29 +1000)]
s3-auth Remove pointless destructor
All the users of this structure allocate info3 on the session_info
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 02:28:50 +0000 (12:28 +1000)]
s3-auth import auth3_session_info into IDL
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 01:40:36 +0000 (11:40 +1000)]
s3-auth Avoid redundant copies in create_local_token()
These values were not read before being overwritten again.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 01:31:49 +0000 (11:31 +1000)]
s3-auth Add comments to copy_session_info_serverinfo_guest()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 01:30:55 +0000 (11:30 +1000)]
s3-auth inline copy_serverinfo_session_info into only caller
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 01:22:50 +0000 (11:22 +1000)]
s3-auth use a cached auth_serversupplied_info in make_server_info_guest()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 00:20:25 +0000 (10:20 +1000)]
s3-auth remove extra from auth3_session_info
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 00:14:19 +0000 (10:14 +1000)]
s3-auth Clarify inputs and ouptuts by using elements from server_info
This allows us not the put all of these elements into the auth3_session_info
if they are only used as inputs to these functions.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 08:05:42 +0000 (18:05 +1000)]
s3-auth assert that security_token is present in the copy, and explain why nss_token can be skipped
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 07:57:55 +0000 (17:57 +1000)]
s3-auth Remove unused nss_token variable
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 07:45:48 +0000 (17:45 +1000)]
s3-auth: Remove unused lm_session_key from auth3_session_info
The long term authorization state needs only the final, negotiated
session key, and not the original LM key that may possibly have been
an input.
The special case of the guest account simply needs both values filled
back in with the zeros to avoid changing behaviour in the cached
server_info.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 06:49:21 +0000 (16:49 +1000)]
s3-auth remove unused copy_serverinfo
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 06:12:41 +0000 (16:12 +1000)]
s3-auth Use system boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 06:09:52 +0000 (16:09 +1000)]
s3-auth Use guest boolean in auth_user_info_unix
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 05:10:03 +0000 (15:10 +1000)]
auth: Put 'guest' and 'system' booleans into auth_user_info_unix
This will allow a transformation of auth3_session_info into
auth_session_info by substitution.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 05:55:31 +0000 (15:55 +1000)]
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 05:22:41 +0000 (15:22 +1000)]
auth: include auth.idl structures into common_auth.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 04:59:14 +0000 (14:59 +1000)]
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 02:45:17 +0000 (12:45 +1000)]
s3-auth Use struct auth3_session_info outside the auth subsystem
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 01:38:49 +0000 (11:38 +1000)]
s3-auth Add struct auth3_session_info to aid transition to auth_session info
This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.
This commit adds the structure definition and some helper functions to
copy between the two structures.
At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code. The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.
By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.
By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 00:19:27 +0000 (10:19 +1000)]
s3-auth Add const to indicate input elements
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 19 Jul 2011 00:43:23 +0000 (10:43 +1000)]
auth: Preserve guest flag on transition via netr_SamInfo3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 07:57:35 +0000 (17:57 +1000)]
s3-auth Restore nss_token behaviour by reading from server_info
The implementation of copy_serverinfo(), used to copy server_info into
session_info never copied the nss_token variable, and so
17d8f0ad30847bb940f645ee1817d782ddaaee74 introduced this regression.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 12:26:31 +0000 (22:26 +1000)]
Add my copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 15 Jul 2011 01:37:39 +0000 (11:37 +1000)]
s4-param Handle P_CHAR and P_BOOLREV in pyparam
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 07:07:25 +0000 (17:07 +1000)]
debug: log early messages to stdout, and keep it open
The --log-stdout option was compromised by the log file descriptors being
closed once the file process forked.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Mon, 18 Jul 2011 06:00:16 +0000 (16:00 +1000)]
lib/util Change debug priority order: DEBUG_STDOUT now overrides DEBUG_FILE
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Jeremy Allison [Tue, 19 Jul 2011 20:35:45 +0000 (13:35 -0700)]
Second part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems.
Re-add:
smb_ucs2_t toupper_w(smb_ucs2_t v);
and ensure it is called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 19 23:48:05 CEST 2011 on sn-devel-104
Jeremy Allison [Tue, 19 Jul 2011 20:19:29 +0000 (13:19 -0700)]
First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);
and replace with their _m equivalents, as they are identical.
Björn Baumbach [Mon, 18 Jul 2011 12:14:01 +0000 (14:14 +0200)]
s3-libsmb: remove unused cli_lock()
Replaced with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 19 00:43:03 CEST 2011 on sn-devel-104
Björn Baumbach [Mon, 18 Jul 2011 12:09:50 +0000 (14:09 +0200)]
s3-torture: run_locktest5(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 12:03:55 +0000 (14:03 +0200)]
s3-torture: run_locktest4(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 11:19:12 +0000 (13:19 +0200)]
s3-torture: run_oplock2(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 11:15:49 +0000 (13:15 +0200)]
s3-torture: run_locktest9(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 11:09:52 +0000 (13:09 +0200)]
s3-torture: run_locktest8(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 10:51:19 +0000 (12:51 +0200)]
s3-torture: run_locktest7(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Baumbach [Mon, 18 Jul 2011 10:39:35 +0000 (12:39 +0200)]
s3-torture: run_locktest3(): replace cli_lock() with cli_lock32()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 18 Jul 2011 09:42:43 +0000 (11:42 +0200)]
s3-rpc_server: Fixed segfaults in rpc daemons.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Jul 18 14:01:02 CEST 2011 on sn-devel-104
Jeremy Allison [Fri, 15 Jul 2011 23:11:07 +0000 (16:11 -0700)]
Fix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks
Reported by herb@samba.org. Remove the (premature) optimization
on file close.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 16 02:32:02 CEST 2011 on sn-devel-104
Günther Deschner [Fri, 15 Jul 2011 16:38:21 +0000 (18:38 +0200)]
s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth info.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104