samba.git
9 years agos3-docs: fix rpc_server manpage type.
Günther Deschner [Wed, 15 Sep 2010 12:16:45 +0000 (14:16 +0200)]
s3-docs: fix rpc_server manpage type.

Guenther

9 years agos3-rpc_server: fix some uninitalized variables and c++ build warnings.
Günther Deschner [Wed, 15 Sep 2010 11:24:44 +0000 (13:24 +0200)]
s3-rpc_server: fix some uninitalized variables and c++ build warnings.

Guenther

9 years agos3-printing: fix print_spool_terminate().
Günther Deschner [Wed, 15 Sep 2010 11:18:27 +0000 (13:18 +0200)]
s3-printing: fix print_spool_terminate().

Simo, Andreas, please check.

Guenther

9 years agos4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles
Anatoliy Atanasov [Tue, 14 Sep 2010 15:07:09 +0000 (18:07 +0300)]
s4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles

9 years agos4/fsmo: Handle infrastructure, pdc and rid extended ops
Anatoliy Atanasov [Wed, 15 Sep 2010 07:17:55 +0000 (10:17 +0300)]
s4/fsmo: Handle infrastructure, pdc and rid extended ops

With this change we can transfer all roles back and forward, except
for the naming master. Also this commit fixes the naming of
fsmo_role_dn - used to point to the DN from which we read fSMORoleOwner
role_owner_dn - used to point to the NTDSDSA who owns the role
Now we always pass fsmo_role_dn, role_owner_dn to the extended operation
and to drepl_create_role_owner_source_dsa

Conflicts:

source4/dsdb/repl/drepl_ridalloc.c

9 years agos4/fsmo: Remove empty new lines
Anatoliy Atanasov [Tue, 14 Sep 2010 14:59:32 +0000 (17:59 +0300)]
s4/fsmo: Remove empty new lines

9 years agos3-winbindd: Use rpc_open_pipe_interface in winbindd.
Simo Sorce [Tue, 6 Jul 2010 19:29:32 +0000 (15:29 -0400)]
s3-winbindd: Use rpc_open_pipe_interface in winbindd.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Use talloc_stackframe.
Andreas Schneider [Wed, 15 Sep 2010 09:38:53 +0000 (11:38 +0200)]
s3-rpc_server: Use talloc_stackframe.

9 years agos3-rpc_server: Moved ncacn_np declarations in common header file.
Simo Sorce [Wed, 7 Jul 2010 19:24:30 +0000 (15:24 -0400)]
s3-rpc_server: Moved ncacn_np declarations in common header file.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Moved "external" pipe functions to rpc_ncacn_np.c.
Simo Sorce [Wed, 7 Jul 2010 19:24:00 +0000 (15:24 -0400)]
s3-rpc_server: Moved "external" pipe functions to rpc_ncacn_np.c.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Added new parametric option 'rpc_server'
Andreas Schneider [Tue, 14 Sep 2010 11:37:46 +0000 (13:37 +0200)]
s3-rpc_server: Added new parametric option 'rpc_server'

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Renamed rpc_ncacn_np_internal.c.
Simo Sorce [Tue, 6 Jul 2010 17:03:35 +0000 (13:03 -0400)]
s3-rpc_server: Renamed rpc_ncacn_np_internal.c.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Convert rpc_connect_spoolss_pipe into a generic interface.
Simo Sorce [Tue, 6 Jul 2010 15:33:15 +0000 (11:33 -0400)]
s3-rpc_server: Convert rpc_connect_spoolss_pipe into a generic interface.

This way we have one common way to open internal pipes whether they
are shortcircuited or piped to an external process.

9 years agos3-rpc_server: Added support for internal connections to external daemons.
Simo Sorce [Tue, 22 Jun 2010 22:03:55 +0000 (18:03 -0400)]
s3-rpc_server: Added support for internal connections to external daemons.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-rpc_server: Accept connections and process requests.
Simo Sorce [Fri, 18 Jun 2010 14:56:58 +0000 (10:56 -0400)]
s3-rpc_server: Accept connections and process requests.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Added helper functions to read data from a ncacn socket.
Simo Sorce [Fri, 18 Jun 2010 14:55:44 +0000 (10:55 -0400)]
s3-rpc_server: Added helper functions to read data from a ncacn socket.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_client: Added a tstream based transport.
Simo Sorce [Tue, 22 Jun 2010 22:01:45 +0000 (18:01 -0400)]
s3-rpc_client: Added a tstream based transport.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Addded function to create custom pipes_struct.
Simo Sorce [Fri, 18 Jun 2010 14:40:19 +0000 (10:40 -0400)]
s3-rpc_server: Addded function to create custom pipes_struct.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Add generic listener callback.
Simo Sorce [Thu, 20 May 2010 13:16:29 +0000 (09:16 -0400)]
s3-rpc_server: Add generic listener callback.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Added initial generic RPC server infrastructure.
Simo Sorce [Fri, 18 Jun 2010 15:00:38 +0000 (11:00 -0400)]
s3-rpc_server: Added initial generic RPC server infrastructure.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Added debug to see how much data has been read out.
Simo Sorce [Wed, 16 Jun 2010 13:03:37 +0000 (09:03 -0400)]
s3-rpc_server: Added debug to see how much data has been read out.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Make process_incoming_data() public.
Simo Sorce [Tue, 15 Jun 2010 01:11:10 +0000 (21:11 -0400)]
s3-rpc_server: Make process_incoming_data() public.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Make pipe destructor public.
Simo Sorce [Mon, 7 Jun 2010 19:18:31 +0000 (15:18 -0400)]
s3-rpc_server: Make pipe destructor public.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-rpc_server: Fixed unhandled error condition.
Simo Sorce [Tue, 22 Jun 2010 22:03:17 +0000 (18:03 -0400)]
s3-rpc_server: Fixed unhandled error condition.

Signed-off-by: Andreas Schneider <asn@samba.org>
9 years agos3-misc: Introduce lp_ncalrpc_dir() in S3, like we have in S4.
Simo Sorce [Thu, 20 May 2010 12:39:10 +0000 (08:39 -0400)]
s3-misc: Introduce lp_ncalrpc_dir() in S3, like we have in S4.

9 years agos3-printing: Document the printer list functions.
Andreas Schneider [Mon, 13 Sep 2010 09:29:31 +0000 (11:29 +0200)]
s3-printing: Document the printer list functions.

9 years agos3-printing: Add method to skip refresh if just happned.
Simo Sorce [Fri, 14 May 2010 19:49:29 +0000 (15:49 -0400)]
s3-printing: Add method to skip refresh if just happned.

This way if multiple process try to refresh at the same time we don't do it
over and over again.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-printing: Use printer list tdb in pcap.
Simo Sorce [Thu, 13 May 2010 22:42:55 +0000 (18:42 -0400)]
s3-printing: Use printer list tdb in pcap.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-printing: Added a printer list database.
Simo Sorce [Thu, 13 May 2010 15:35:59 +0000 (11:35 -0400)]
s3-printing: Added a printer list database.

Signed-off-by: Andreas Schneider <asn@cynapses.org>
9 years agos3-nltest: add dsgetdc command.
Günther Deschner [Fri, 10 Sep 2010 07:56:36 +0000 (09:56 +0200)]
s3-nltest: add dsgetdc command.

Guenther

9 years agos3-libnetapi: try using netr_DsRGetDCNameEx() in DsGetDcName().
Günther Deschner [Wed, 15 Sep 2010 08:11:38 +0000 (10:11 +0200)]
s3-libnetapi: try using netr_DsRGetDCNameEx() in DsGetDcName().

Guenther

9 years agos3-libnetapi: add DS request flags to public header.
Günther Deschner [Fri, 10 Sep 2010 23:23:01 +0000 (01:23 +0200)]
s3-libnetapi: add DS request flags to public header.

Guenther

9 years agos3-libnetapi: add DS_X_FLAGs to public header.
Günther Deschner [Fri, 10 Sep 2010 23:19:07 +0000 (01:19 +0200)]
s3-libnetapi: add DS_X_FLAGs to public header.

Guenther

9 years agolibnetapi: add DOMAIN_CONTROLLER_INFO_FLAGS.
Günther Deschner [Fri, 10 Sep 2010 23:18:04 +0000 (01:18 +0200)]
libnetapi: add DOMAIN_CONTROLLER_INFO_FLAGS.

Guenther

9 years agos3-nltest: convert server input argument into --server.
Günther Deschner [Tue, 14 Sep 2010 15:39:45 +0000 (17:39 +0200)]
s3-nltest: convert server input argument into --server.

Guenther

9 years agos3-nltest: rename print_result to print_netlogon_info_result.
Günther Deschner [Fri, 10 Sep 2010 07:56:02 +0000 (09:56 +0200)]
s3-nltest: rename print_result to print_netlogon_info_result.

Guenther

9 years agos3-build: only link in prs parser where needed.
Günther Deschner [Tue, 14 Sep 2010 21:58:10 +0000 (23:58 +0200)]
s3-build: only link in prs parser where needed.

Guenther

9 years agos3-waf: only link in prs parser where needed.
Günther Deschner [Wed, 15 Sep 2010 06:22:37 +0000 (08:22 +0200)]
s3-waf: only link in prs parser where needed.

Guenther

9 years agocldap: prevent crashes when freeing cldap socket
Andrew Tridgell [Wed, 15 Sep 2010 04:24:51 +0000 (14:24 +1000)]
cldap: prevent crashes when freeing cldap socket

As a callback may destroy the cldap socket we need to ensure we don't
reference the cldap structure after the callback

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-server: check the return of irpc_binding_handle_by_name
Andrew Tridgell [Wed, 15 Sep 2010 03:14:42 +0000 (13:14 +1000)]
s4-server: check the return of irpc_binding_handle_by_name

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-finddcs: ensure we free previous cldap requests before starting a new one
Andrew Tridgell [Wed, 15 Sep 2010 02:22:48 +0000 (12:22 +1000)]
s4-finddcs: ensure we free previous cldap requests before starting a new one

9 years agos4-selftest: enable logging in valgrind server xterm
Andrew Tridgell [Wed, 15 Sep 2010 02:16:00 +0000 (12:16 +1000)]
s4-selftest: enable logging in valgrind server xterm

when running with valgrind on the server, enable logging in the xterm
so you get a permanent record of any errors

9 years agos4-rpc: fixed double free in RPC proxy
Andrew Tridgell [Wed, 15 Sep 2010 01:23:15 +0000 (11:23 +1000)]
s4-rpc: fixed double free in RPC proxy

the unbind method is only called when the dcesrv_connection_context is
being destroyed (its called from the destructor). That means that priv
is either already free, or is about to be freed, so don't free it
again

9 years agotsocket: we return -1 on error, not fd
Andrew Tridgell [Wed, 15 Sep 2010 01:21:43 +0000 (11:21 +1000)]
tsocket: we return -1 on error, not fd

the code used this pattent:

 if (fd < 0) {
   ...various cleanups...
   return fd;
 }

it is much clearer to do this:

 if (fd < 0) {
   ...various cleanups...
   return -1;
 }

as otherwise when reading the code you think this function may return
a fd.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-libnet: print the domain name on domain open failure
Andrew Tridgell [Tue, 14 Sep 2010 23:53:49 +0000 (09:53 +1000)]
s4-libnet: print the domain name on domain open failure

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-libnet: force IDL printing for high debug levels
Andrew Tridgell [Tue, 14 Sep 2010 23:53:29 +0000 (09:53 +1000)]
s4-libnet: force IDL printing for high debug levels

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-resolve: the file backend should not look at the name type
Andrew Tridgell [Tue, 14 Sep 2010 23:52:56 +0000 (09:52 +1000)]
s4-resolve: the file backend should not look at the name type

this matches the behaviour of our DNS resolver

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-finddcs: show required server type bits on failure
Andrew Tridgell [Tue, 14 Sep 2010 23:20:59 +0000 (09:20 +1000)]
s4-finddcs: show required server type bits on failure

when we skip a DC because it doesn't have the required server type
bits, show what bits we wanted

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-repl: use consistent API calls for getting DN GUID
Andrew Tridgell [Tue, 14 Sep 2010 23:20:14 +0000 (09:20 +1000)]
s4-repl: use consistent API calls for getting DN GUID

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-netlogon: fixed logic for setting DS_SERVER_WRITABLE
Andrew Tridgell [Tue, 14 Sep 2010 23:19:47 +0000 (09:19 +1000)]
s4-netlogon: fixed logic for setting DS_SERVER_WRITABLE

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-finddc: use NBT lookup for a 1C name if joining a short domain name
Andrew Tridgell [Tue, 14 Sep 2010 10:10:51 +0000 (20:10 +1000)]
s4-finddc: use NBT lookup for a 1C name if joining a short domain name

once we get the 1C lookup reply, use a CLDAP query to find the details
for the server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-selftest: use the full domain name in joins
Andrew Tridgell [Tue, 14 Sep 2010 08:28:44 +0000 (18:28 +1000)]
s4-selftest: use the full domain name in joins

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-join: give a clear error when using short domain form
Andrew Tridgell [Tue, 14 Sep 2010 08:28:27 +0000 (18:28 +1000)]
s4-join: give a clear error when using short domain form

we now require the full domain name, for the DNS/CLDAP lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-rodc: use python finddc code to avoid the need for --server
Andrew Tridgell [Tue, 14 Sep 2010 08:22:13 +0000 (18:22 +1000)]
s4-rodc: use python finddc code to avoid the need for --server

The DC is now found via DNS/CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-pynet: added finddc call
Andrew Tridgell [Tue, 14 Sep 2010 08:21:38 +0000 (18:21 +1000)]
s4-pynet: added finddc call

this gives access to the CLDAP/DNS finddc code from python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-libcli: change finddcs.h -> finddc.h
Andrew Tridgell [Tue, 14 Sep 2010 07:48:52 +0000 (17:48 +1000)]
s4-libcli: change finddcs.h -> finddc.h

this prevents conflicts with old generated files and we can only even
return one DC with this interface.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-finddcs: rename finddcs to finddcs_nbt
Andrew Tridgell [Tue, 14 Sep 2010 07:37:01 +0000 (17:37 +1000)]
s4-finddcs: rename finddcs to finddcs_nbt

finddcs_nbt is currently unused, but will later be a fallback is a
cldap DC find fails.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-winbind: use finddcs_cldap() in winbind
Andrew Tridgell [Tue, 14 Sep 2010 07:36:23 +0000 (17:36 +1000)]
s4-winbind: use finddcs_cldap() in winbind

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-libnet: use finddcs_cldap() in libnet_lookup
Andrew Tridgell [Tue, 14 Sep 2010 07:34:55 +0000 (17:34 +1000)]
s4-libnet: use finddcs_cldap() in libnet_lookup

this may later be changed to do fallback to NBT as well, but for now
cldap is sufficient

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-cldap: don't set the writable bit when we are a RODC
Andrew Tridgell [Tue, 14 Sep 2010 05:48:19 +0000 (15:48 +1000)]
s4-cldap: don't set the writable bit when we are a RODC

when we are a RODC, don't respond with the writable bit in the server
type response of netlogon requests

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-finddcs: added finddcs_cldap()
Andrew Tridgell [Tue, 14 Sep 2010 05:46:31 +0000 (15:46 +1000)]
s4-finddcs: added finddcs_cldap()

this finds DCs with a specified set of server_type bit using SRV
lookups and CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-secrets: fixed shadowed variable warning
Andrew Tridgell [Tue, 14 Sep 2010 03:12:00 +0000 (13:12 +1000)]
s4-secrets: fixed shadowed variable warning

we already have a 'v' in scope

9 years agocldap: use ipv4 not up for unbound cldap sockets
Andrew Tridgell [Mon, 13 Sep 2010 21:49:12 +0000 (07:49 +1000)]
cldap: use ipv4 not up for unbound cldap sockets

If we use "ip" we end up with a PF_INET6 socket which breaks sendto()
for v4 addresses.

9 years agos4-resolve: added resolve_name_multiple_recv()
Andrew Tridgell [Mon, 13 Sep 2010 13:08:28 +0000 (23:08 +1000)]
s4-resolve: added resolve_name_multiple_recv()

this allows for multiple replies to a SRV lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-dns: fixed lookup of SRV records using dns_ex
Andrew Tridgell [Mon, 13 Sep 2010 13:07:44 +0000 (23:07 +1000)]
s4-dns: fixed lookup of SRV records using dns_ex

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4: fixed some printf format errors
Andrew Tridgell [Mon, 13 Sep 2010 13:07:10 +0000 (23:07 +1000)]
s4: fixed some printf format errors

9 years agos4-libnet: converted finddcs call to tevent_req
Andrew Tridgell [Mon, 13 Sep 2010 06:37:10 +0000 (16:37 +1000)]
s4-libnet: converted finddcs call to tevent_req

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-secrets: fetch secure channel type with domain SID
Andrew Tridgell [Mon, 13 Sep 2010 02:15:52 +0000 (12:15 +1000)]
s4-secrets: fetch secure channel type with domain SID

The secure channel type is needed to work out what DC to connect to

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-auth: when we are a DC enable winbind auth
Andrew Tridgell [Mon, 13 Sep 2010 01:38:12 +0000 (11:38 +1000)]
s4-auth: when we are a DC enable winbind auth

As a RODC we need to forward some auth requests to a writable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-auth: set the RODC bit for RODC schannel
Andrew Tridgell [Mon, 13 Sep 2010 01:36:43 +0000 (11:36 +1000)]
s4-auth: set the RODC bit for RODC schannel

When we are using SEC_CHAN_RODC we need to set the
NETLOGON_NEG_RODC_PASSTHROUGH bit in the negotiated flags in
ServerAuthenticate2

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-schannel: fixed reference to context after free
Andrew Tridgell [Sun, 12 Sep 2010 21:44:06 +0000 (07:44 +1000)]
s4-schannel: fixed reference to context after free

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-auth: allow multiple active auth backends
Andrew Tridgell [Sun, 12 Sep 2010 21:41:56 +0000 (07:41 +1000)]
s4-auth: allow multiple active auth backends

when we are an RODC we need to be able to allow multiple auth backends
to process a single auth request. First the sam backend will try to
authenticate, using locally stored passwords. If this backend can't
find local passwords then it will try the winbind backend and
authenticate via a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-smb: serialise session setup operations
Andrew Tridgell [Sun, 12 Sep 2010 12:24:46 +0000 (22:24 +1000)]
s4-smb: serialise session setup operations

the mixture of async and sync code in gensec makes a EOF on a socket
during a session setup cause a crash. The simplest solution is to
stop processing events on the socket until the session setup is
complete.

9 years agotalloc: fixed spelling errors in comment
Andrew Tridgell [Sun, 12 Sep 2010 12:17:01 +0000 (22:17 +1000)]
talloc: fixed spelling errors in comment

9 years agos4-rodc: add a trigger message for REPL_SECRET to auth_sam
Andrew Tridgell [Sun, 12 Sep 2010 00:06:39 +0000 (10:06 +1000)]
s4-rodc: add a trigger message for REPL_SECRET to auth_sam

when an RODC tries to authenticate against an account and the account
has no password information it needs to send a message to the drepl
server to tell it to try and replicate the secret information from
a writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-messaging: add support for no_reply in irpc messages
Andrew Tridgell [Sun, 12 Sep 2010 00:02:02 +0000 (10:02 +1000)]
s4-messaging: add support for no_reply in irpc messages

It can be useful for a irpc message to be one-way, where the client
sends a messages and the server does not reply. This will be used for
things like a triger message from an auth context to the drepl server
to tell it to try a REPL_SECRET on a user in a RODC.

Previously we've used raw messaging for messages that have no reply,
but that doesn't allow us to use messages described by IDL

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

9 years agos4-kcc: removed redundent loop check
Andrew Tridgell [Fri, 10 Sep 2010 10:18:11 +0000 (20:18 +1000)]
s4-kcc: removed redundent loop check

el has already been checked for NULL

9 years agos4-smb: smbsrv_blob_push_string() can return -1
Andrew Tridgell [Fri, 10 Sep 2010 10:17:39 +0000 (20:17 +1000)]
s4-smb: smbsrv_blob_push_string() can return -1

need to use ssize_t, not size_t for error handling

9 years agos4-dsdb: check for invalid backend type
Andrew Tridgell [Fri, 10 Sep 2010 10:16:29 +0000 (20:16 +1000)]
s4-dsdb: check for invalid backend type

9 years agos4-rootdse: setup length after NULL check
Andrew Tridgell [Fri, 10 Sep 2010 10:16:14 +0000 (20:16 +1000)]
s4-rootdse: setup length after NULL check

9 years agos4-dsdb: fixed use after free for RODC
Andrew Tridgell [Fri, 10 Sep 2010 10:15:51 +0000 (20:15 +1000)]
s4-dsdb: fixed use after free for RODC

9 years agos4-dsdb: free right context on failure
Andrew Tridgell [Fri, 10 Sep 2010 10:15:27 +0000 (20:15 +1000)]
s4-dsdb: free right context on failure

down_req is not initialised yet

9 years agos4-dsdb: defer ac->msg after check for NULL ac
Andrew Tridgell [Fri, 10 Sep 2010 10:15:00 +0000 (20:15 +1000)]
s4-dsdb: defer ac->msg after check for NULL ac

9 years agos4-anr: check for allocation failure before use
Andrew Tridgell [Fri, 10 Sep 2010 10:14:29 +0000 (20:14 +1000)]
s4-anr: check for allocation failure before use

9 years agos4: Fix two typos
Volker Lendecke [Tue, 14 Sep 2010 16:20:08 +0000 (18:20 +0200)]
s4: Fix two typos

9 years agoAllows changing the maximum number of simultaneous clients in winbindd through an...
Pierre Carrier [Tue, 14 Sep 2010 23:43:39 +0000 (16:43 -0700)]
Allows changing the maximum number of simultaneous clients in winbindd through an smb.conf option.

Signed-off-by: Jeremy Allison <jra@samba.org>
9 years agoEnsure incoming timespec values correctly wrap at nsecs.
Jeremy Allison [Tue, 14 Sep 2010 21:53:17 +0000 (14:53 -0700)]
Ensure incoming timespec values correctly wrap at nsecs.

Jeremy.

9 years agoFix string_to_sid() to allow non '\0' termination of the string - allows
Jeremy Allison [Tue, 14 Sep 2010 21:45:45 +0000 (14:45 -0700)]
Fix string_to_sid() to allow non '\0' termination of the string - allows
string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.

Jeremy.

9 years agos3-torture Add tests to show that the dom_sid parsing was faulty.
Andrew Bartlett [Sat, 4 Sep 2010 04:13:31 +0000 (14:13 +1000)]
s3-torture Add tests to show that the dom_sid parsing was faulty.

Andrew Bartlett

9 years agos3-util_sid Use the NDR parser to parse struct dom_sid
Andrew Bartlett [Sat, 4 Sep 2010 04:11:46 +0000 (14:11 +1000)]
s3-util_sid Use the NDR parser to parse struct dom_sid

The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.

Andrew Bartlett

9 years agolibcli/security Use sid_append_rid() in dom_sid_append_rid()
Andrew Bartlett [Sat, 4 Sep 2010 04:10:31 +0000 (14:10 +1000)]
libcli/security Use sid_append_rid() in dom_sid_append_rid()

This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett

9 years agolibcli/security Merge source3/ string_to_sid() to common code
Andrew Bartlett [Sat, 4 Sep 2010 04:09:17 +0000 (14:09 +1000)]
libcli/security Merge source3/ string_to_sid() to common code

The source3 code repsects the limit of a maximum of 15 subauths,
while the source4 code does not, creating a security issue as
we parse string-form SIDs from clients.

Andrew Bartlett

9 years agos3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
Andrew Bartlett [Sat, 4 Sep 2010 04:05:59 +0000 (14:05 +1000)]
s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid

This ensures that this, unlike the MAXSUBAUTHS macro, can't get
out of sync with the structure.

Andrew Bartlett

9 years agos3-util_sid Accept S-1-5 as a SID
Andrew Bartlett [Sat, 4 Sep 2010 04:05:30 +0000 (14:05 +1000)]
s3-util_sid Accept S-1-5 as a SID

9 years agos3-dom_sid Use C99 types in dom_sid handling
Andrew Bartlett [Sat, 4 Sep 2010 04:04:55 +0000 (14:04 +1000)]
s3-dom_sid Use C99 types in dom_sid handling

Andrew Bartlett

9 years agos3/profile: remove the magical clock initialization from the profile code
Björn Jacke [Tue, 14 Sep 2010 20:40:51 +0000 (22:40 +0200)]
s3/profile: remove the magical clock initialization from the profile code

there's no point in not profiling times if no monotonic clock is found -
monotonic and realtime clock are equally fast. Just use clock_gettime_mono
instead.

9 years agos3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID
Björn Jacke [Tue, 14 Sep 2010 20:17:47 +0000 (22:17 +0200)]
s3/profiling: don't use CLOCK_PROCESS_CPUTIME_ID

that clock is a CPU burnometer but we need a chronometer for profiling.

9 years agolibreplace: use CLOCK_HIGHRES when available
Björn Jacke [Tue, 14 Sep 2010 12:08:44 +0000 (14:08 +0200)]
libreplace: use CLOCK_HIGHRES when available

in Solaris 8 CLOCK_HIGHRES was the (only) name for CLOCK_MONOTONIC

9 years agontlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings.
Günther Deschner [Tue, 14 Sep 2010 15:57:23 +0000 (17:57 +0200)]
ntlmssp: when pushing an ntlmssp NEGOTIATE_MESSAGE deal with NULL strings.

Guenther

9 years agorpc_server: Remove unnecessary dependency on server modules, build
Jelmer Vernooij [Tue, 14 Sep 2010 13:15:43 +0000 (15:15 +0200)]
rpc_server: Remove unnecessary dependency on server modules, build
system will take care of that.