Günther Deschner [Mon, 27 Sep 2010 23:10:57 +0000 (01:10 +0200)]
samr: add three new ACB flags to IDL.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:54 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcDataTypes error handling
Günther Deschner [Mon, 27 Sep 2010 22:10:31 +0000 (00:10 +0200)]
s4-smbtorture: rework spoolss_EnumPrintProcDataTypes test.
Guenther
Günther Deschner [Mon, 27 Sep 2010 22:10:17 +0000 (00:10 +0200)]
s3-spoolss: Fix _spoolss_EnumPrintProcessors error handling
Günther Deschner [Mon, 27 Sep 2010 21:33:52 +0000 (23:33 +0200)]
s4-smbtorture: rework test_EnumPrintProcessors to let it test more combinations.
Guenther
Günther Deschner [Mon, 27 Sep 2010 06:10:58 +0000 (08:10 +0200)]
s3-waf: add NDR_PERFCOUNT subsystem.
Guenther
Andrew Tridgell [Mon, 27 Sep 2010 19:54:26 +0000 (12:54 -0700)]
s4-ildap: fixed a talloc_steal with references error
We need talloc_reparent() instead
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 20:38:00 UTC 2010 on sn-devel-104
Nadezhda Ivanova [Mon, 27 Sep 2010 17:01:09 +0000 (10:01 -0700)]
s4-ldb: Added ldb_request_replace_control
It is the same as ldb_request_add_control, except it will replace
an existing control.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 19:00:38 UTC 2010 on sn-devel-104
Anatoliy Atanasov [Mon, 27 Sep 2010 00:05:13 +0000 (17:05 -0700)]
s4/irpc: Add security token to the binding handle when doing irp call forwarding
Anatoliy Atanasov [Mon, 27 Sep 2010 00:04:43 +0000 (17:04 -0700)]
s4/irpc: Add function to add security token to the binding handle
Stefan Metzmacher [Sun, 26 Sep 2010 23:42:26 +0000 (01:42 +0200)]
s4:irpc: optionaly pass the security_token via IRPC requests.
metze
Volker Lendecke [Mon, 27 Sep 2010 00:32:50 +0000 (02:32 +0200)]
s3: Make file_fnum static
Volker Lendecke [Sun, 26 Sep 2010 23:49:01 +0000 (01:49 +0200)]
s3: Remove some unused code
Volker Lendecke [Mon, 27 Sep 2010 00:32:27 +0000 (02:32 +0200)]
s3: Fix some comments
Volker Lendecke [Mon, 27 Sep 2010 05:16:14 +0000 (22:16 -0700)]
Remove talloc_autofree_context() from pm_process
This would be a classic for talloc_tos(), InFile is freed a few lines down. But
unfortunately S4 does not support talloc_tos().
Volker Lendecke [Mon, 27 Sep 2010 05:15:40 +0000 (22:15 -0700)]
Lift talloc_autofree_context() from OpenConfFile()
Michael Adam [Mon, 27 Sep 2010 10:43:39 +0000 (12:43 +0200)]
libsmbconf: parse an empty share as empty share, not as NULL.
This fixes a segfault in net conf import:
Importing a text file with an empty share resulted in a segfault.
Now this creates an empty share in registry config, just as it
should.
Thanks to Gregor Beck <gbeck@sernet.de> for reporting.
Gregor Beck [Fri, 24 Sep 2010 09:29:09 +0000 (11:29 +0200)]
s3:registry: proposed aix build fix for reg_parse_internal
Signed-off-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Mon, 27 Sep 2010 06:14:54 +0000 (08:14 +0200)]
s4:torture/ldap: close connections with an UnbindRequest
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 07:14:23 UTC 2010 on sn-devel-104
Stefan Metzmacher [Mon, 27 Sep 2010 06:13:50 +0000 (08:13 +0200)]
LDAP-BASIC: test AbandonRequest
metze
Stefan Metzmacher [Sun, 26 Sep 2010 20:34:37 +0000 (22:34 +0200)]
s4:libcli/ldap: fix sending oneway requests
metze
Stefan Metzmacher [Mon, 27 Sep 2010 04:46:33 +0000 (06:46 +0200)]
libcli/ldap: correctly marshall LDAP Unbind PDUs
metze
Günther Deschner [Mon, 27 Sep 2010 05:46:52 +0000 (07:46 +0200)]
s3-waf: fix dependencies to NDR_XATTR.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:33:09 +0000 (07:33 +0200)]
s3-waf: link PReg parser only in registry client side extension.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:18:16 +0000 (07:18 +0200)]
s3-waf: NDR_SRVSVC is defined now from the main librpc wscript_build.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:55:40 +0000 (03:55 +0200)]
waf: add more NDR subsystems for shared IDL files.
Guenther
Günther Deschner [Mon, 27 Sep 2010 05:07:24 +0000 (07:07 +0200)]
s4-waf: remove NDR-SRVSVC alias.
Thanks tridge, this was driving me nuts...
Guenther
Günther Deschner [Mon, 27 Sep 2010 04:57:36 +0000 (06:57 +0200)]
s4-smbtorture: remove unneeded dcerpc_mgmt alias.
Guenther
Andrew Tridgell [Mon, 27 Sep 2010 04:12:02 +0000 (21:12 -0700)]
s4-drs: fixed comment in getncchanges code
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 04:54:43 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 04:11:42 +0000 (21:11 -0700)]
s4-gensec: fixed a valgrind error in gensec
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 26 Sep 2010 09:14:19 +0000 (11:14 +0200)]
lib/util: change tevent_req_nterror() to a macro
This way we can record where a tevent_req was finished by
tevent_req_nterror().
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 27 03:18:14 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 00:40:05 +0000 (17:40 -0700)]
s4-dns: use the generated krb5.conf in samba_dnsupdate
this gives one less thing that an admin can get wrong
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
Andrew Tridgell [Mon, 27 Sep 2010 00:39:33 +0000 (17:39 -0700)]
s4-provision: fixed the generation of the krb5.conf for vampire
we need a correct krb5.conf for nsupdate from bind9
Günther Deschner [Mon, 27 Sep 2010 01:47:15 +0000 (03:47 +0200)]
s3-waf: move SERVICES into a subsystem.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:39:41 +0000 (03:39 +0200)]
s3-waf: add PRINTING subsystems.
Guenther
Günther Deschner [Mon, 27 Sep 2010 01:31:19 +0000 (03:31 +0200)]
s3-waf: add two more REGF based subsystems.
Guenther
Rusty Russell [Mon, 27 Sep 2010 01:36:51 +0000 (11:06 +0930)]
tdb: fix non-WAF build, commit 1.2.6 ABI file.
Sorry Jeremy.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:15:11 +0000 (15:45 +0930)]
tdb: TDB_INCOMPATIBLE_HASH, to allow safe changing of default hash.
This flag to tdb_open/tdb_open_ex effects creation of a new database:
1) Uses the Jenkins lookup3 hash instead of the old gdbm hash if none is
specified,
2) Places a non-zero field in header->rwlocks, so older versions of TDB will
refuse to open it.
This means that the caller (ie Samba) can set this flag to safely
change the hash function. Versions of TDB from this one on will either
use the correct hash or refuse to open (if a different hash is specified).
Older TDB versions will see the nonzero rwlocks field and refuse to open
it under any conditions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:09:43 +0000 (15:39 +0930)]
tdb: automatically identify Jenkins hash tdbs
If the caller to tdb_open_ex() doesn't specify a hash, and tdb_old_hash
doesn't match, try tdb_jenkins_hash.
This was Metze's idea: it makes life simpler, especially with the upcoming
TDB_INCOMPATIBLE_HASH flag.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Fri, 24 Sep 2010 06:04:06 +0000 (15:34 +0930)]
tdb: add Bob Jenkins lookup3 hash as helper hash.
This is a better hash than the default: shipping it with tdb makes it easy
for callers to use it as the hash by passing it to tdb_open_ex().
This version taken from CCAN and modified, which took it from
http://www.burtleburtle.net/bob/c/lookup3.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Günther Deschner [Sun, 26 Sep 2010 22:24:47 +0000 (00:24 +0200)]
s3-waf: rework static and shared list handling a little.
Guenther
Günther Deschner [Sun, 26 Sep 2010 22:24:04 +0000 (00:24 +0200)]
waf: add delimiter argument to TO_LIST.
Guenther
Günther Deschner [Sun, 26 Sep 2010 21:38:36 +0000 (23:38 +0200)]
s3-waf: add missing IDMAP modules.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:58:58 +0000 (21:58 +0200)]
s3-waf: rework CLDAP and LIBCLI_LDAP subsystems.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:30:36 +0000 (20:30 +0200)]
s3-waf: move gpext subsystem to libgpo/gpext/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:10:49 +0000 (20:10 +0200)]
s3-waf: move perfcount subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 18:07:03 +0000 (20:07 +0200)]
s3-waf: move charset subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:59:18 +0000 (19:59 +0200)]
s3-waf: move idmap subsystem to winbindd/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:51:40 +0000 (19:51 +0200)]
s3-waf: move pdb subsystem to pdb/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:43:43 +0000 (19:43 +0200)]
s3-waf: move auth subsystem to auth/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 08:56:09 +0000 (10:56 +0200)]
s3-waf: support --with-acl-support, at least for posix acls.
Guenther
Günther Deschner [Sun, 26 Sep 2010 01:11:01 +0000 (03:11 +0200)]
s3-waf: move VFS subsystem to modules/wscript_build.
Guenther
Günther Deschner [Sun, 26 Sep 2010 08:44:27 +0000 (10:44 +0200)]
s3-waf: add some module specific functions for s3 waf build.
Thanks to Kai.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:28:36 +0000 (21:28 +0200)]
s3-waf: convert VFS into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:27:22 +0000 (21:27 +0200)]
s3-waf: convert GPEXT into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:26:23 +0000 (21:26 +0200)]
s3-waf: convert PERFCOUNT into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:25:16 +0000 (21:25 +0200)]
s3-waf: convert CHARSET into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:23:40 +0000 (21:23 +0200)]
s3-waf: convert IDMAP into subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:22:02 +0000 (21:22 +0200)]
s3-waf: convert PDB into subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:21:38 +0000 (21:21 +0200)]
s3-waf: convert AUTH into subsystem.
Guenther
Nadezhda Ivanova [Sun, 26 Sep 2010 18:47:47 +0000 (11:47 -0700)]
s4-ldbmodules: Added new module aclread to handle access checks on LDAP search
It is currently enabled only if the request comes from the LDAP server, and is
disabled by default. Use acl:search=true in smb.conf to enable it.
It filters out all objects the user is not allowed to see, and all attributes
the user does not have RP on. Extended access not supported yet.
Nadezhda Ivanova [Sun, 26 Sep 2010 18:39:36 +0000 (11:39 -0700)]
s4-tests: Added tests for search checks on attributes
The ACL reach tests are in the knowfail because aclread module is not
enabled by default
Nadezhda Ivanova [Sun, 26 Sep 2010 18:37:00 +0000 (11:37 -0700)]
s4-tests: Removed search tests with anonymous credentials as they fail againts Windows
These tests will fail in make test as well if the acl_read module is enabled.
Nadezhda Ivanova [Sun, 26 Sep 2010 18:32:22 +0000 (11:32 -0700)]
s4-dsdb: Added a function to check access on a particular object by its guid
Similar to dsdb_check_access_on_dn, only it searches by guid.
Nadezhda Ivanova [Wed, 22 Sep 2010 19:50:51 +0000 (12:50 -0700)]
s4-dsdb: A helper to determine if an attribute is part of the search filter
Nadezhda Ivanova [Wed, 22 Sep 2010 19:41:44 +0000 (12:41 -0700)]
s4-dsdb: Moved some helper functions to a separate file
We need these to be accessible to the aclread module as well.
Nadezhda Ivanova [Tue, 14 Sep 2010 07:51:14 +0000 (10:51 +0300)]
s4-ldap: Added a control to apply the access checks on read via LDAP
Andrew Tridgell [Sun, 26 Sep 2010 19:50:06 +0000 (12:50 -0700)]
autobuild: use killbysubdir if available
this will reduce the spurious test output while processes are being
killed
Andrew Tridgell [Sun, 26 Sep 2010 18:46:01 +0000 (11:46 -0700)]
autobuild: exit immediately if no changes from master
we don't need to test master in autobuild
Günther Deschner [Sun, 26 Sep 2010 18:25:15 +0000 (20:25 +0200)]
s3-waf: convert LIBGPO into a subsystem.
Guenther
Günther Deschner [Sun, 26 Sep 2010 17:44:53 +0000 (19:44 +0200)]
s3-waf: convert PLAINTEXT_AUTH, SLCACHE and DCUTIL into subsystems.
Guenther
Günther Deschner [Sun, 26 Sep 2010 19:04:39 +0000 (21:04 +0200)]
s3-vfs: fix the build of nfs4_acls.c
Guenther
Andreas Schneider [Sun, 26 Sep 2010 17:28:07 +0000 (19:28 +0200)]
s3-waf: Link smbd against RPCECHO.
Volker Lendecke [Sun, 26 Sep 2010 02:21:56 +0000 (19:21 -0700)]
s3: Remove talloc_autofree_context() from nametouid()
pass is freed a few lines down
Volker Lendecke [Sun, 26 Sep 2010 02:18:46 +0000 (19:18 -0700)]
s3: Remove talloc_autofree_context() from guest_user_info()
pwd is freed a few lines down
Volker Lendecke [Sun, 26 Sep 2010 02:16:53 +0000 (19:16 -0700)]
s3: Remove talloc_autofree_context() from getpwnam_alloc()
This is given to the memcache a few lines down
Volker Lendecke [Sun, 26 Sep 2010 01:34:03 +0000 (18:34 -0700)]
s3: Remove talloc_autofree_context() from notify_internal_parent_init()
Jeremy Allison [Sun, 26 Sep 2010 09:59:32 +0000 (02:59 -0700)]
Fix bug #7698 - Assert causes smbd to panic on invalid NetBIOS session request.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
Jeremy.
Stefan Metzmacher [Wed, 22 Sep 2010 04:23:17 +0000 (06:23 +0200)]
s4:schannel: handle move flag combinations in the server
This fixes some testsuites in the CIFS plugfest.
metze
Andrew Tridgell [Sun, 26 Sep 2010 02:14:42 +0000 (19:14 -0700)]
s4-auth: fixed the SID list for DCs in the PAC
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that
receives the PAC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104
Andrew Tridgell [Sun, 26 Sep 2010 02:43:13 +0000 (19:43 -0700)]
autobuild: fixed detection of master changes
Andrew Tridgell [Sun, 26 Sep 2010 02:23:02 +0000 (19:23 -0700)]
s3-selftest: added samba3.posix_s3.rap.printing as a knownfail
this fails intermittently on sn-devel, Günther suggests adding this to
knownfail for now
Andrew Tridgell [Sun, 26 Sep 2010 02:13:28 +0000 (19:13 -0700)]
idl-pac: add a decoder for the pac info ctr
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Sun, 26 Sep 2010 00:53:14 +0000 (17:53 -0700)]
s4-drs: use the system sam_ctx for updaterefs
this is needed for RODC clients calling updaterefs
Andrew Tridgell [Sun, 26 Sep 2010 00:52:43 +0000 (17:52 -0700)]
s4-spn: don't try to do SPN updates as a RODC
we don't have the permissions to do it
Stefan Metzmacher [Fri, 24 Sep 2010 03:09:15 +0000 (05:09 +0200)]
libcli/ldap: let ldap_full_packet() use asn1_peek_tag_needed_size()
This allows us to read a full packet without read byte after byte
or possible read to much.
metze
Stefan Metzmacher [Thu, 23 Sep 2010 16:10:28 +0000 (18:10 +0200)]
lib/util/asn1: add asn1_peek_tag_needed_size() and asn1_peek_full_tag()
We need a way to ask for the length of a tag without having the full
buffer yet.
metze
Stefan Metzmacher [Wed, 22 Sep 2010 18:31:06 +0000 (20:31 +0200)]
libcli/util: let tstream_read_pdu_blob_* cope with variable length headers
metze
Andrew Bartlett [Sun, 26 Sep 2010 02:34:58 +0000 (12:34 +1000)]
s4-kerberos Don't segfault if the password isn't specified in keytab generation
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
Matthieu Patou [Sun, 26 Sep 2010 00:58:37 +0000 (04:58 +0400)]
upgradeprovision: fix a typo
Matthieu Patou [Sun, 26 Sep 2010 00:57:04 +0000 (04:57 +0400)]
upgradeprovision: Fix a bug with renamed entries
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
Matthieu Patou [Sat, 25 Sep 2010 03:36:12 +0000 (07:36 +0400)]
upgradeprovision: fix a bug with not updated links
Matthieu Patou [Tue, 7 Sep 2010 13:57:52 +0000 (17:57 +0400)]
s4 provision: start with gpo of version 0 and be consistent between different policies
Matthieu Patou [Sat, 18 Sep 2010 04:15:36 +0000 (08:15 +0400)]
s4 upgradeprovision: fix a bug with empty reference objects
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
Matthieu Patou [Tue, 7 Sep 2010 13:50:39 +0000 (17:50 +0400)]
s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid
Matthieu Patou [Tue, 7 Sep 2010 13:45:55 +0000 (17:45 +0400)]
s4 provision: Make GPO folder group writable
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
Volker Lendecke [Sat, 25 Sep 2010 23:31:18 +0000 (16:31 -0700)]
s3: Remove talloc_autofree_context() from change_to_guest()
pass is freed at the exit of this routine
Volker Lendecke [Sat, 25 Sep 2010 23:30:06 +0000 (16:30 -0700)]
s3: Remove talloc_autofree_context() from swat
In both cases, pass is freed immediately
Volker Lendecke [Sat, 25 Sep 2010 23:28:21 +0000 (16:28 -0700)]
s3: Remove talloc_autofree_context() from smbpasswd
In both cases, pwd is freed immediately
Volker Lendecke [Sat, 25 Sep 2010 23:27:04 +0000 (16:27 -0700)]
s3: Remove talloc_autofree_context() from net_sam_provision()