Andrew Bartlett [Mon, 19 Sep 2005 11:55:34 +0000 (11:55 +0000)]
r10314: Apply the controvertial 'server role =' patch after discussion on the list:
This patch removes the 'domain logon' and 'domain master' controls from
Samba4, in favour of a 'server role =' that users can actually
understand.
We can expand the list of roles as needed, and nobody has to figure out
what a 'domain master' actually means.
Andrew Bartlett
Stefan Metzmacher [Mon, 19 Sep 2005 09:57:39 +0000 (09:57 +0000)]
r10312: fix compiler warning
metze
Simo Sorce [Sun, 18 Sep 2005 18:50:02 +0000 (18:50 +0000)]
r10306: change these modules to use new error API
Simo Sorce [Sun, 18 Sep 2005 18:49:06 +0000 (18:49 +0000)]
r10305: start implementing better error handling
changed the prioivate modules API
error string are now not spread over all
modules but are kept in a single place.
This allows a better control of memory
and error reporting.
Simo Sorce [Sun, 18 Sep 2005 10:47:03 +0000 (10:47 +0000)]
r10304: check for basic ldb_message sanity and return appropriate
LDB_ERR_ value
Simo Sorce [Sun, 18 Sep 2005 10:46:21 +0000 (10:46 +0000)]
r10303: check no attribute is given empty
Simo Sorce [Sun, 18 Sep 2005 10:45:28 +0000 (10:45 +0000)]
r10302: Introduce ldap like error codes
Simo Sorce [Sun, 18 Sep 2005 10:45:03 +0000 (10:45 +0000)]
r10301: fix standalone compiple after tdb changes
Simo Sorce [Sat, 17 Sep 2005 19:29:45 +0000 (19:29 +0000)]
r10300: forgot to change the dsdb modules function names
Simo Sorce [Sat, 17 Sep 2005 19:25:50 +0000 (19:25 +0000)]
r10299: remove the public (un)lock functions and introduce a transaction based
private ldb API
ldb_sqlite3 is already working with this model and ldb_tdb will do
as soon as tridge finishes the tdb transaction code.
currently the transactions are always implicit and wrap any single
ldb API call except searching, the transaction functions are
currently not made public on purpose.
Simo.
Jelmer Vernooij [Sat, 17 Sep 2005 14:36:35 +0000 (14:36 +0000)]
r10296: Fix function pointer handling for older perl versions
Jelmer Vernooij [Sat, 17 Sep 2005 14:13:36 +0000 (14:13 +0000)]
r10295: Remove dependency on Data::Dumper
Jelmer Vernooij [Sat, 17 Sep 2005 13:08:49 +0000 (13:08 +0000)]
r10294: Generate Makefile directly rather then thru Makefile.in. Autoconf
substitution variables are now no longer used.
This is one more step towards a (hopefully) perl-based configure
Andrew Bartlett [Sat, 17 Sep 2005 11:06:14 +0000 (11:06 +0000)]
r10292: This is set below from lp_server_role().
Andrew Bartlett
Andrew Bartlett [Sat, 17 Sep 2005 09:46:20 +0000 (09:46 +0000)]
r10291: The patch optionally (off by default, not available in all cases) allows
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
Jelmer Vernooij [Sat, 17 Sep 2005 02:10:15 +0000 (02:10 +0000)]
r10287: Compile compilers for build host. This fixes some bits of
the mingw32 build (it now fails on missing inet_aton / in_addr definitions).
Find sane default for HOSTCC
Andrew Bartlett [Sat, 17 Sep 2005 01:11:50 +0000 (01:11 +0000)]
r10286: This patch is ugly and disgusting, but for now it works better than the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
Jelmer Vernooij [Sat, 17 Sep 2005 00:42:05 +0000 (00:42 +0000)]
r10283: Eliminate some more use of autoconf substitution variables.
Add makefile rule for '.ho' files (compiled with host compiler). This
does not allow for cross-compiling yet as that requires a HOSTLD as well.
Simo Sorce [Fri, 16 Sep 2005 20:54:57 +0000 (20:54 +0000)]
r10277: do not ovverride LIKE, thanks to derrel I found out how to do
the same thing with a harmless user function
Tim Potter [Fri, 16 Sep 2005 07:24:36 +0000 (07:24 +0000)]
r10258: Fix an unused/duplicate local variable.
Tim Potter [Fri, 16 Sep 2005 07:19:37 +0000 (07:19 +0000)]
r10257: strlen returns a size_t which can be 64 bits long.
Tim Potter [Fri, 16 Sep 2005 07:15:40 +0000 (07:15 +0000)]
r10256: Fix some unhandled enumeration warnings. There's one still left,
RAW_SEARCH_UNIX_INFO find_fill_info(), which I think is a bug.
Tim Potter [Fri, 16 Sep 2005 07:10:11 +0000 (07:10 +0000)]
r10255: Fix some more 64-bit warnings.
Andrew Tridgell [Fri, 16 Sep 2005 03:52:42 +0000 (03:52 +0000)]
r10253: a fairly large tdb cleanup and re-organise. Nearly all of this change
just involves splitting up the core tdb.c code into separate files on
logical boundaries, but there are some minor functional changes as well:
- move the 'struct tdb_context' into tdb_private.h, hiding it from
users. This was done to allow the structure to change without
breaking code that uses tdb.
- added accessor functions tdb_fd(), tdb_name(), and tdb_log_fn() to
access the elements of struct tdb_context that were used by
external code but are no longer visible
- simplied tdb_append() to use tdb_fetch()/tdb_store(), which is just
as good due to the way tdb locks work
- changed some of the types (such as tdb_off to tdb_off_t) to make
syntax highlighting work better
- removed the old optional spinlock code. It was a bad idea.
- fixed a bug in tdb_reopen_all() that caused tdbtorture to sometimes
fail or report nasty looking errors. This is the only real bug
fixed in this commit. Jeremy/Jerry, you might like to pickup this
change for Samba3, as that could definately affect smbd in
Samba3.
The aim of all of these changes is to make the tdb
transactions/journaling code I am working on easier to write. I
started to write it on top of the existing tdb.c code and it got very
messy. Splitting up the code makes it much easier to follow.
There are more cleanups we could do in tdb, such as using uint32_t
instead of u32 (suggested by metze). I'll leave those for another day.
Andrew Tridgell [Fri, 16 Sep 2005 03:18:49 +0000 (03:18 +0000)]
r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
searches in ldb to be more ldap compliant, but broke the wins server
and the ejs ldb code. This fixes those up so 'make test' passes again.
Simo Sorce [Thu, 15 Sep 2005 23:10:07 +0000 (23:10 +0000)]
r10251: some more work on ldb_sqlite3
I must say that writing a new module is a very good way
to find lot of subtle bugs laying in the code
We need more tests!
commit oLschema2ldif.c to keep it safe from data losses (rm -fr :-)
update test generic to reflect the fix made on comparsion functions
Simo Sorce [Thu, 15 Sep 2005 23:06:57 +0000 (23:06 +0000)]
r10250: the comparison is caseless so we must caseless subtract
otherwise we get the wrong result when comparing upper
case chars with lower case chars
Jelmer Vernooij [Thu, 15 Sep 2005 20:03:35 +0000 (20:03 +0000)]
r10246: Remove unused function
Move auth-specific file to auth/
Jelmer Vernooij [Thu, 15 Sep 2005 19:52:13 +0000 (19:52 +0000)]
r10245: Get rid of XFILE in a few places.
Add fdprintf() and vfdprintf() helper functions.
Tim Potter [Thu, 15 Sep 2005 10:20:08 +0000 (10:20 +0000)]
r10238: Add a entry for sec_info to treat it as a uint32 for now.
Stefan Metzmacher [Thu, 15 Sep 2005 09:55:16 +0000 (09:55 +0000)]
r10237: fix parameter, how have I missed this...?
metze
Simo Sorce [Thu, 15 Sep 2005 07:23:15 +0000 (07:23 +0000)]
r10236: fix (C) note
Simo Sorce [Wed, 14 Sep 2005 23:14:42 +0000 (23:14 +0000)]
r10233: add commented PRAGMA to avoid fsyncs
Simo Sorce [Wed, 14 Sep 2005 22:45:49 +0000 (22:45 +0000)]
r10232: Some work on ldb_sqlite3.
It is still far from being usable in samba4 but I want to commit
so that the work does not get lost by mistake.
This is also a good way to get comments if somebody is interested.
Sorry Derrell I ended up rewriting large parts of the code but I find
this style much more readable. Thanks for the hard work done. Your
work was a good reference for me.
ah the current code also shows some good numbers
sqlite3 generic test:
uid search took 0.05 seconds
real 0m12.492s
user 0m0.492s
sys 0m0.345s
with tdb we still get better numbers:
uid search took 0.46 seconds
real 0m0.892s
user 0m0.360s
sys 0m0.468s
but most of the time is spent in adding operations and I think
there's still a lot of space for improvement.
Simo.
Simo Sorce [Wed, 14 Sep 2005 22:39:24 +0000 (22:39 +0000)]
r10231: seem I flipped these, fix.
Deryck Hodge [Wed, 14 Sep 2005 21:48:03 +0000 (21:48 +0000)]
r10228: Reorganizing a bit, trying to simplify. This is an attempt
to find what's going wrong in IE formatting.
This is some better, but still IE needs help.
deryck
Deryck Hodge [Wed, 14 Sep 2005 15:08:46 +0000 (15:08 +0000)]
r10225: Adding back a style rule to qooxdoo that was originally
removed. This is a cross browser hack that makes for
better performance amone differing browsers.
deryck
Andrew Tridgell [Tue, 13 Sep 2005 22:58:38 +0000 (22:58 +0000)]
r10216: Chris Samuel pointed out that we should note the need to run provision
as a user with write permission on the install directory
Andrew Tridgell [Tue, 13 Sep 2005 22:05:45 +0000 (22:05 +0000)]
r10213: fixed a memory leak in the ldap client and server code spotted by Karl
Melcher. ldap_encode() now takes a memory context to use for the data
blob
Deryck Hodge [Tue, 13 Sep 2005 21:31:40 +0000 (21:31 +0000)]
r10212: An IE fix. Must set initial values in the onload function.
deryck
Jelmer Vernooij [Tue, 13 Sep 2005 17:28:18 +0000 (17:28 +0000)]
r10207: Add some const
Andrew Tridgell [Tue, 13 Sep 2005 12:46:03 +0000 (12:46 +0000)]
r10200: added a composite_trigger_done() call that allows a composite function
to cause an event to happen immediately. This allows metzes patch for
recognising IPs in resolve_name() to work, and also allows us to
remove some of the other code where we currently do specific checks
for is_ipaddress().
Andrew Tridgell [Tue, 13 Sep 2005 12:44:33 +0000 (12:44 +0000)]
r10199: added a LOCAL-RESOLVE torture test, useful for measuring the overhead of
the async name resolution mechanisms
Tim Potter [Tue, 13 Sep 2005 06:39:40 +0000 (06:39 +0000)]
r10197: Assume that external dissectors are structs which I think is always the
case.
Andrew Tridgell [Tue, 13 Sep 2005 01:02:06 +0000 (01:02 +0000)]
r10193: r11632@blu: tridge | 2005-08-30 23:08:27 +1000
if we fail to erase a ldb during provision by traversing
and deleting records (an in-place erase) then just unlink it
and start it again. This makes provisioning much more robust
to changes in ldb that make it not backward compatible with
old DBs.
Andrew Tridgell [Tue, 13 Sep 2005 01:01:55 +0000 (01:01 +0000)]
r10192: r11631@blu: tridge | 2005-08-30 23:06:37 +1000
added a ldb.close() method in js. Useful for re-opening the db
Jelmer Vernooij [Tue, 13 Sep 2005 00:01:24 +0000 (00:01 +0000)]
r10191: Return the right error code in the case of a time skew. Windows will now
ignore Kerberos and fallback to NTLMSSP when joining. Thanks to Andrew Bartlett
for the assistence.
Jelmer Vernooij [Mon, 12 Sep 2005 23:52:25 +0000 (23:52 +0000)]
r10190: Do some very basic input checking when provisioning.
Tim Potter [Mon, 12 Sep 2005 21:40:40 +0000 (21:40 +0000)]
r10185: Fix another two sets of unhandled enumeration warnings, plus correct some awful indentation. (-:
Tim Potter [Mon, 12 Sep 2005 21:37:18 +0000 (21:37 +0000)]
r10184: Fix a stack of unhandled enumeration warnings.
Jelmer Vernooij [Mon, 12 Sep 2005 21:10:40 +0000 (21:10 +0000)]
r10181: Fix the build
Andrew Bartlett [Mon, 12 Sep 2005 14:19:05 +0000 (14:19 +0000)]
r10174: This patch implements generic PAC verification, without assumptions
about the size of the signature. In particular, this works with AES,
which was previously broken Samba4/Samba4.
Reviewed by metze (and thanks for help with the previous IDL commit).
Jelmer Vernooij [Mon, 12 Sep 2005 13:52:15 +0000 (13:52 +0000)]
r10173: Document new option
Jelmer Vernooij [Mon, 12 Sep 2005 13:49:51 +0000 (13:49 +0000)]
r10172: Add --dump-ndr-tree argument
Andrew Bartlett [Mon, 12 Sep 2005 13:16:56 +0000 (13:16 +0000)]
r10171: This seems to work for encoding/decoding a PAC at the buffers only
level (required for signature verification).
Andrew Bartlett
Stefan Metzmacher [Mon, 12 Sep 2005 11:42:48 +0000 (11:42 +0000)]
r10167: add a test to check if we always get the same assoc_ctx, on one connection.
metze
Stefan Metzmacher [Mon, 12 Sep 2005 10:06:22 +0000 (10:06 +0000)]
r10164: - add first assoc_ctx test
- handle the case where we're no valid pull partner of the tested server
metze
James Peach [Mon, 12 Sep 2005 02:34:22 +0000 (02:34 +0000)]
r10161: Check for alloca.h to prevent incorrect local declaration.
James Peach [Mon, 12 Sep 2005 01:34:51 +0000 (01:34 +0000)]
r10159: Dereference padsize before comparing to an int.
James Peach [Mon, 12 Sep 2005 01:32:57 +0000 (01:32 +0000)]
r10157: Remove the last traces of heimdal/include.
Andrew Bartlett [Mon, 12 Sep 2005 00:29:37 +0000 (00:29 +0000)]
r10155: Add more notes on required gsskrb5 functions.
Andrew Bartlett
Andrew Bartlett [Sun, 11 Sep 2005 11:19:02 +0000 (11:19 +0000)]
r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 22:25:13 +0000 (22:25 +0000)]
r10149: Update Samba4 to current lorikeet-heimdal.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 22:13:50 +0000 (22:13 +0000)]
r10148: Use samdb_base_dn() to find the local domain.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 10:59:49 +0000 (10:59 +0000)]
r10146: Clarify which test is failing in error messages.
Don't dump the pac to x.dat (accidental commit).
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 10:39:45 +0000 (10:39 +0000)]
r10145: Allow a variable length signature, so we can support signing with
other than arcfour-hmac-md5. Currently we still fail to verify other
signatures however.
Andrew Bartlett
Stefan Metzmacher [Sat, 10 Sep 2005 09:30:23 +0000 (09:30 +0000)]
r10144: dump the whole data blob
metze
Stefan Metzmacher [Sat, 10 Sep 2005 09:16:29 +0000 (09:16 +0000)]
r10143: don't exit when the not all bytes are consumed,
(this happens with relative pointers)
metze
Stefan Metzmacher [Sat, 10 Sep 2005 08:46:28 +0000 (08:46 +0000)]
r10141: if some of the LIBNDR_ALIGN_* flags and LIBNDR_FLAG_REMAINING are set,
ndr_pull_data_blob() doesn't work correct. so make them exclute each other.
jelmer, tridge: does that look correct? it fixes a problem, abartlet had
with krb5pac.idl, where the align flags are inherited from the parent, and we want to get the
[flag(NDR_REMAINING)] DATA_BLOB signature;
metze
Stefan Metzmacher [Sat, 10 Sep 2005 08:41:57 +0000 (08:41 +0000)]
r10140: reorder some stuff, for nicer output
metze
Jeremy Allison [Sat, 10 Sep 2005 02:21:44 +0000 (02:21 +0000)]
r10138: Fix the mapping table (as tested in smbtorture). EXEC_ACCESS
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE.
Jeremy.
Jeremy Allison [Fri, 9 Sep 2005 21:45:36 +0000 (21:45 +0000)]
r10132: Confirm that openX with OPEN_EXEC implies read only.
Jeremy.
Stefan Metzmacher [Fri, 9 Sep 2005 19:55:34 +0000 (19:55 +0000)]
r10129: fix sinple ip's in wins replication, packets
metze
Stefan Metzmacher [Fri, 9 Sep 2005 19:08:36 +0000 (19:08 +0000)]
r10126: WREPL_REPL_UPDATE also takes a wrepl_table
metze
Jelmer Vernooij [Fri, 9 Sep 2005 18:21:59 +0000 (18:21 +0000)]
r10123: Add more warnings. Support quotes in conformance command arguments
Jelmer Vernooij [Fri, 9 Sep 2005 16:23:50 +0000 (16:23 +0000)]
r10116: Print out a couple more warnings.
Stefan Metzmacher [Fri, 9 Sep 2005 16:01:49 +0000 (16:01 +0000)]
r10115: bind client connection to the best interface, to the partner
metze
Stefan Metzmacher [Fri, 9 Sep 2005 16:00:02 +0000 (16:00 +0000)]
r10113: rename libcli/wins to libcli/wrepl
metze
Stefan Metzmacher [Fri, 9 Sep 2005 11:03:53 +0000 (11:03 +0000)]
r10112: - check attributes depending on the section type
metze
Jelmer Vernooij [Fri, 9 Sep 2005 10:59:54 +0000 (10:59 +0000)]
r10111: Make pidl by default assume the input file is an IDL file rather
then a .pidl file.
Jelmer Vernooij [Fri, 9 Sep 2005 10:30:19 +0000 (10:30 +0000)]
r10110: Add some more warnings, implement FIELD_DESCRIPTION
Tim Potter [Fri, 9 Sep 2005 04:22:58 +0000 (04:22 +0000)]
r10104: Fix code before declaration.
Tim Potter [Fri, 9 Sep 2005 04:21:19 +0000 (04:21 +0000)]
r10103: Put an #ifdef guard around ENOTSUP to fix systems that don't have it
(OpenBSD 3.7).
James Peach [Fri, 9 Sep 2005 01:19:32 +0000 (01:19 +0000)]
r10100: Check for more networking headers so the resolv.h test can succeed.
James Peach [Fri, 9 Sep 2005 00:42:18 +0000 (00:42 +0000)]
r10097: Remove extraneous include patch heimdal/include. Add configure
checks for getipnodeby*().
Jelmer Vernooij [Thu, 8 Sep 2005 22:33:48 +0000 (22:33 +0000)]
r10094: Support quoted arguments in conformance files
Update pidl manpage
Jelmer Vernooij [Thu, 8 Sep 2005 21:59:40 +0000 (21:59 +0000)]
r10093: Fix the HF_FIELD conformance file command
Jelmer Vernooij [Thu, 8 Sep 2005 20:34:35 +0000 (20:34 +0000)]
r10091: Fix perl warnings
Rafal Szczesniak [Thu, 8 Sep 2005 19:58:59 +0000 (19:58 +0000)]
r10089: Fix a typo breaking the Makefile generator and therefore - the build.
rafal
Stefan Metzmacher [Thu, 8 Sep 2005 15:05:29 +0000 (15:05 +0000)]
r10085: decode level 5 and 9 too
(this is taken from the ethereal dissector)
metze
Stefan Metzmacher [Thu, 8 Sep 2005 14:43:15 +0000 (14:43 +0000)]
r10081: - create a seperate WINSDB subsystem
- use LIBCLI_WREPL for the winsreplication client code
- fix some dependencies
metze
Stefan Metzmacher [Thu, 8 Sep 2005 11:26:05 +0000 (11:26 +0000)]
r10078: - add a 'struct data_blob_list_item'
- use this for the send_queue's of the different stream_servers
to not redefine the same struct so often, and it maybe will be used
in other places too
metze
Stefan Metzmacher [Thu, 8 Sep 2005 11:01:39 +0000 (11:01 +0000)]
r10077: - move gcc option checks to check_cc.m4
- only use -g if supported
- don't allow AC_PROG_C and friends to autoset the CFLAGS
(we don't want -g -02 by default..., maybe a configure option
for -OX could be useful...)
metze
Stefan Metzmacher [Thu, 8 Sep 2005 10:55:05 +0000 (10:55 +0000)]
r10076: this macro was moved to build/m4/smb_cc_featues.m4
metze
Stefan Metzmacher [Thu, 8 Sep 2005 10:49:21 +0000 (10:49 +0000)]
r10075: fix warning with autoconf 2.59 on SuSE 9.3
(don't use m4_regexp: use regexp or m4_bregexp)
metze
Jelmer Vernooij [Thu, 8 Sep 2005 10:35:55 +0000 (10:35 +0000)]
r10074: Pass CPP to pidl via environment variables rather then config.pm. This fixes the
standalone pidl build (as used for ethereal)
Andrew Bartlett [Thu, 8 Sep 2005 09:08:13 +0000 (09:08 +0000)]
r10072: Fix mismerge weridness in error handling.
Andrew Bartlett
James Peach [Thu, 8 Sep 2005 08:18:08 +0000 (08:18 +0000)]
r10071: Configure checks for IRIX build environment. Test whether we can
use the MIPSPro 7.4 -c99 option to get C99 support. Try to find
a common perl that is more modern than /usr/bin/perl.
Andrew Bartlett [Wed, 7 Sep 2005 21:52:50 +0000 (21:52 +0000)]
r10066: This is the second in my patches to work on Samba4's kerberos support,
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
Jelmer Vernooij [Tue, 6 Sep 2005 15:44:08 +0000 (15:44 +0000)]
r10052: Add 'print' command