Jelmer Vernooij [Wed, 21 Sep 2005 00:38:23 +0000 (00:38 +0000)]
r10374: Add HAVE_* defines (on command-line or in config.h file) for scons +
some other minor updates
Andrew Bartlett [Wed, 21 Sep 2005 00:27:10 +0000 (00:27 +0000)]
r10373: Fix segfault in LookupSids.
Andrew Bartlett
Andrew Bartlett [Wed, 21 Sep 2005 00:15:56 +0000 (00:15 +0000)]
r10372: Having gone to all the effort to uppercase the realm, actually set the
upper-case realm.
Andrew Bartlett
Andrew Tridgell [Tue, 20 Sep 2005 23:23:03 +0000 (23:23 +0000)]
r10370: only validate the re-generated binding string for hostnames with IPs
Jelmer, can you see a better approach to this? As far as I am aware
protocol towers don't use hostnames, they always use IP addresses
Tim Potter [Tue, 20 Sep 2005 23:00:45 +0000 (23:00 +0000)]
r10369: You don't need to put leading or trailing spaces on variables. It's
a make-ism.
Use consistent (single) quoting.
Andrew Tridgell [Tue, 20 Sep 2005 22:52:54 +0000 (22:52 +0000)]
r10368: when building the epm tower, don't put host names in the ip address
field, instead put a zero address. Note that zero is correct (ie. we
shouldn't do the lookup) as in the client we want to send a zero for
the server to fill in. When we make this call from the server we fill
in a real IP.
Jelmer Vernooij [Tue, 20 Sep 2005 22:10:40 +0000 (22:10 +0000)]
r10366: More scons fixes. Building et, asn1, lex and yacc files sort-of works now
Volker Lendecke [Tue, 20 Sep 2005 21:37:10 +0000 (21:37 +0000)]
r10365: Use nsswitch/winbindd_nss.h in winbind/, update that file to the current 3_0
interface.
Volker
Andrew Bartlett [Tue, 20 Sep 2005 21:29:29 +0000 (21:29 +0000)]
r10364: Turn gensec:gssapi on by default, except for a login of the form
-Udomain\\user.
This will probably break in a few configurations, so please let me
know. I'll also work to have a way to inhibit kerberos/ntlmssp, as
this removes -k.
Andrew Bartlett
Volker Lendecke [Tue, 20 Sep 2005 20:54:25 +0000 (20:54 +0000)]
r10363: Nobody loudly screamed "noo", so commit the samba3 winbind interface to
samba4. Ok, maybe the silence is due to timezones, but what can you do... ;-)
Volker
Jelmer Vernooij [Tue, 20 Sep 2005 17:49:19 +0000 (17:49 +0000)]
r10356: Make the proto generator work with scons
Volker Lendecke [Tue, 20 Sep 2005 15:43:58 +0000 (15:43 +0000)]
r10353: Fix typo
Jelmer Vernooij [Tue, 20 Sep 2005 11:59:03 +0000 (11:59 +0000)]
r10348: Add scons scripts for remaining subsystems. Most subsystems build now,
but final linking still fails (as does generating files asn1, et, idl and proto
files)
Stefan Metzmacher [Tue, 20 Sep 2005 11:39:40 +0000 (11:39 +0000)]
r10346: here are only real ip-addresses valid, prevent dns lookups,
when the input is invalid
metze
Andrew Bartlett [Tue, 20 Sep 2005 09:57:30 +0000 (09:57 +0000)]
r10345: Add more add-hock tests.
Andrew Bartlett
Stefan Metzmacher [Tue, 20 Sep 2005 08:30:30 +0000 (08:30 +0000)]
r10341: remove unused libads/ code, we'll never use this in samba4,
and have replacements for the most stuff already in the tree
discussed with abartlet
metze
Stefan Metzmacher [Tue, 20 Sep 2005 07:56:54 +0000 (07:56 +0000)]
r10339: fix ndr_push_udlongr
metze
Andrew Bartlett [Tue, 20 Sep 2005 07:03:47 +0000 (07:03 +0000)]
r10337: This grubby little hack is the implementation of a concept discussed
on the kerberos mailing lists a couple of weeks ago: Don't use DNS at
all for expanding short names into long names.
Using the 'override krb5_init_context' code already in the tree, this
removes the DNS lag on a kerberos session setup/connection.
Andrew Bartlett
Jelmer Vernooij [Tue, 20 Sep 2005 00:39:19 +0000 (00:39 +0000)]
r10336: Add sconscript for a couple more subsystems.
Tim Potter [Mon, 19 Sep 2005 23:39:23 +0000 (23:39 +0000)]
r10335: Build tdb tools into bin directory.
Tim Potter [Mon, 19 Sep 2005 23:37:01 +0000 (23:37 +0000)]
r10334: Use CPPDEFINES instead of CCFLAGS for adding preprocessor symbols.
Jelmer Vernooij [Mon, 19 Sep 2005 23:10:28 +0000 (23:10 +0000)]
r10332: Fix the build - messaging uses UNIX_PRIVS
Jelmer Vernooij [Mon, 19 Sep 2005 22:01:57 +0000 (22:01 +0000)]
r10330: Add SConscript to more subsystems. Some of the tdb tools build now.
Start on custom Samba scons tools (for handling proto generation, pidl, etc)
Tim Potter [Mon, 19 Sep 2005 21:50:53 +0000 (21:50 +0000)]
r10329: Perhaps we shouldn't get too ahead of ourselves just yet.
Tim Potter [Mon, 19 Sep 2005 21:44:36 +0000 (21:44 +0000)]
r10328: Add more emacs python-mode markers.
Tim Potter [Mon, 19 Sep 2005 21:37:38 +0000 (21:37 +0000)]
r10327: Use CPPPATH instead of appending -Idir to CCFLAGS.
Use a list comprehension instead of a for loop.
Add a emacs thingy to kick in python mode. (-:
Jelmer Vernooij [Mon, 19 Sep 2005 19:19:10 +0000 (19:19 +0000)]
r10323: Add first bits required for getting compile with scons working. This does
not work yet and can exist parallel with the existing build system.
Jelmer Vernooij [Mon, 19 Sep 2005 13:26:07 +0000 (13:26 +0000)]
r10316: More dynconfig fixes
Jelmer Vernooij [Mon, 19 Sep 2005 12:58:43 +0000 (12:58 +0000)]
r10315: Remove use of fstring and pstring in dynconfig.c
Remove unused includes of dynconfig.h
Andrew Bartlett [Mon, 19 Sep 2005 11:55:34 +0000 (11:55 +0000)]
r10314: Apply the controvertial 'server role =' patch after discussion on the list:
This patch removes the 'domain logon' and 'domain master' controls from
Samba4, in favour of a 'server role =' that users can actually
understand.
We can expand the list of roles as needed, and nobody has to figure out
what a 'domain master' actually means.
Andrew Bartlett
Stefan Metzmacher [Mon, 19 Sep 2005 09:57:39 +0000 (09:57 +0000)]
r10312: fix compiler warning
metze
Simo Sorce [Sun, 18 Sep 2005 18:50:02 +0000 (18:50 +0000)]
r10306: change these modules to use new error API
Simo Sorce [Sun, 18 Sep 2005 18:49:06 +0000 (18:49 +0000)]
r10305: start implementing better error handling
changed the prioivate modules API
error string are now not spread over all
modules but are kept in a single place.
This allows a better control of memory
and error reporting.
Simo Sorce [Sun, 18 Sep 2005 10:47:03 +0000 (10:47 +0000)]
r10304: check for basic ldb_message sanity and return appropriate
LDB_ERR_ value
Simo Sorce [Sun, 18 Sep 2005 10:46:21 +0000 (10:46 +0000)]
r10303: check no attribute is given empty
Simo Sorce [Sun, 18 Sep 2005 10:45:28 +0000 (10:45 +0000)]
r10302: Introduce ldap like error codes
Simo Sorce [Sun, 18 Sep 2005 10:45:03 +0000 (10:45 +0000)]
r10301: fix standalone compiple after tdb changes
Simo Sorce [Sat, 17 Sep 2005 19:29:45 +0000 (19:29 +0000)]
r10300: forgot to change the dsdb modules function names
Simo Sorce [Sat, 17 Sep 2005 19:25:50 +0000 (19:25 +0000)]
r10299: remove the public (un)lock functions and introduce a transaction based
private ldb API
ldb_sqlite3 is already working with this model and ldb_tdb will do
as soon as tridge finishes the tdb transaction code.
currently the transactions are always implicit and wrap any single
ldb API call except searching, the transaction functions are
currently not made public on purpose.
Simo.
Jelmer Vernooij [Sat, 17 Sep 2005 14:36:35 +0000 (14:36 +0000)]
r10296: Fix function pointer handling for older perl versions
Jelmer Vernooij [Sat, 17 Sep 2005 14:13:36 +0000 (14:13 +0000)]
r10295: Remove dependency on Data::Dumper
Jelmer Vernooij [Sat, 17 Sep 2005 13:08:49 +0000 (13:08 +0000)]
r10294: Generate Makefile directly rather then thru Makefile.in. Autoconf
substitution variables are now no longer used.
This is one more step towards a (hopefully) perl-based configure
Andrew Bartlett [Sat, 17 Sep 2005 11:06:14 +0000 (11:06 +0000)]
r10292: This is set below from lp_server_role().
Andrew Bartlett
Andrew Bartlett [Sat, 17 Sep 2005 09:46:20 +0000 (09:46 +0000)]
r10291: The patch optionally (off by default, not available in all cases) allows
Samba to use the target principal name supplied in the mechTokenMIC of
an SPNEGO negTokenInit.
This isn't a great idea for security reasons, but is how Samba3 behaves,
and allows kerberos to function more often in some environments. It is
only available for CIFS session setups, due to the ordering of the
exchange.
Andrew Bartlett
Jelmer Vernooij [Sat, 17 Sep 2005 02:10:15 +0000 (02:10 +0000)]
r10287: Compile compilers for build host. This fixes some bits of
the mingw32 build (it now fails on missing inet_aton / in_addr definitions).
Find sane default for HOSTCC
Andrew Bartlett [Sat, 17 Sep 2005 01:11:50 +0000 (01:11 +0000)]
r10286: This patch is ugly and disgusting, but for now it works better than the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
Jelmer Vernooij [Sat, 17 Sep 2005 00:42:05 +0000 (00:42 +0000)]
r10283: Eliminate some more use of autoconf substitution variables.
Add makefile rule for '.ho' files (compiled with host compiler). This
does not allow for cross-compiling yet as that requires a HOSTLD as well.
Simo Sorce [Fri, 16 Sep 2005 20:54:57 +0000 (20:54 +0000)]
r10277: do not ovverride LIKE, thanks to derrel I found out how to do
the same thing with a harmless user function
Tim Potter [Fri, 16 Sep 2005 07:24:36 +0000 (07:24 +0000)]
r10258: Fix an unused/duplicate local variable.
Tim Potter [Fri, 16 Sep 2005 07:19:37 +0000 (07:19 +0000)]
r10257: strlen returns a size_t which can be 64 bits long.
Tim Potter [Fri, 16 Sep 2005 07:15:40 +0000 (07:15 +0000)]
r10256: Fix some unhandled enumeration warnings. There's one still left,
RAW_SEARCH_UNIX_INFO find_fill_info(), which I think is a bug.
Tim Potter [Fri, 16 Sep 2005 07:10:11 +0000 (07:10 +0000)]
r10255: Fix some more 64-bit warnings.
Andrew Tridgell [Fri, 16 Sep 2005 03:52:42 +0000 (03:52 +0000)]
r10253: a fairly large tdb cleanup and re-organise. Nearly all of this change
just involves splitting up the core tdb.c code into separate files on
logical boundaries, but there are some minor functional changes as well:
- move the 'struct tdb_context' into tdb_private.h, hiding it from
users. This was done to allow the structure to change without
breaking code that uses tdb.
- added accessor functions tdb_fd(), tdb_name(), and tdb_log_fn() to
access the elements of struct tdb_context that were used by
external code but are no longer visible
- simplied tdb_append() to use tdb_fetch()/tdb_store(), which is just
as good due to the way tdb locks work
- changed some of the types (such as tdb_off to tdb_off_t) to make
syntax highlighting work better
- removed the old optional spinlock code. It was a bad idea.
- fixed a bug in tdb_reopen_all() that caused tdbtorture to sometimes
fail or report nasty looking errors. This is the only real bug
fixed in this commit. Jeremy/Jerry, you might like to pickup this
change for Samba3, as that could definately affect smbd in
Samba3.
The aim of all of these changes is to make the tdb
transactions/journaling code I am working on easier to write. I
started to write it on top of the existing tdb.c code and it got very
messy. Splitting up the code makes it much easier to follow.
There are more cleanups we could do in tdb, such as using uint32_t
instead of u32 (suggested by metze). I'll leave those for another day.
Andrew Tridgell [Fri, 16 Sep 2005 03:18:49 +0000 (03:18 +0000)]
r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
searches in ldb to be more ldap compliant, but broke the wins server
and the ejs ldb code. This fixes those up so 'make test' passes again.
Simo Sorce [Thu, 15 Sep 2005 23:10:07 +0000 (23:10 +0000)]
r10251: some more work on ldb_sqlite3
I must say that writing a new module is a very good way
to find lot of subtle bugs laying in the code
We need more tests!
commit oLschema2ldif.c to keep it safe from data losses (rm -fr :-)
update test generic to reflect the fix made on comparsion functions
Simo Sorce [Thu, 15 Sep 2005 23:06:57 +0000 (23:06 +0000)]
r10250: the comparison is caseless so we must caseless subtract
otherwise we get the wrong result when comparing upper
case chars with lower case chars
Jelmer Vernooij [Thu, 15 Sep 2005 20:03:35 +0000 (20:03 +0000)]
r10246: Remove unused function
Move auth-specific file to auth/
Jelmer Vernooij [Thu, 15 Sep 2005 19:52:13 +0000 (19:52 +0000)]
r10245: Get rid of XFILE in a few places.
Add fdprintf() and vfdprintf() helper functions.
Tim Potter [Thu, 15 Sep 2005 10:20:08 +0000 (10:20 +0000)]
r10238: Add a entry for sec_info to treat it as a uint32 for now.
Stefan Metzmacher [Thu, 15 Sep 2005 09:55:16 +0000 (09:55 +0000)]
r10237: fix parameter, how have I missed this...?
metze
Simo Sorce [Thu, 15 Sep 2005 07:23:15 +0000 (07:23 +0000)]
r10236: fix (C) note
Simo Sorce [Wed, 14 Sep 2005 23:14:42 +0000 (23:14 +0000)]
r10233: add commented PRAGMA to avoid fsyncs
Simo Sorce [Wed, 14 Sep 2005 22:45:49 +0000 (22:45 +0000)]
r10232: Some work on ldb_sqlite3.
It is still far from being usable in samba4 but I want to commit
so that the work does not get lost by mistake.
This is also a good way to get comments if somebody is interested.
Sorry Derrell I ended up rewriting large parts of the code but I find
this style much more readable. Thanks for the hard work done. Your
work was a good reference for me.
ah the current code also shows some good numbers
sqlite3 generic test:
uid search took 0.05 seconds
real 0m12.492s
user 0m0.492s
sys 0m0.345s
with tdb we still get better numbers:
uid search took 0.46 seconds
real 0m0.892s
user 0m0.360s
sys 0m0.468s
but most of the time is spent in adding operations and I think
there's still a lot of space for improvement.
Simo.
Simo Sorce [Wed, 14 Sep 2005 22:39:24 +0000 (22:39 +0000)]
r10231: seem I flipped these, fix.
Deryck Hodge [Wed, 14 Sep 2005 21:48:03 +0000 (21:48 +0000)]
r10228: Reorganizing a bit, trying to simplify. This is an attempt
to find what's going wrong in IE formatting.
This is some better, but still IE needs help.
deryck
Deryck Hodge [Wed, 14 Sep 2005 15:08:46 +0000 (15:08 +0000)]
r10225: Adding back a style rule to qooxdoo that was originally
removed. This is a cross browser hack that makes for
better performance amone differing browsers.
deryck
Andrew Tridgell [Tue, 13 Sep 2005 22:58:38 +0000 (22:58 +0000)]
r10216: Chris Samuel pointed out that we should note the need to run provision
as a user with write permission on the install directory
Andrew Tridgell [Tue, 13 Sep 2005 22:05:45 +0000 (22:05 +0000)]
r10213: fixed a memory leak in the ldap client and server code spotted by Karl
Melcher. ldap_encode() now takes a memory context to use for the data
blob
Deryck Hodge [Tue, 13 Sep 2005 21:31:40 +0000 (21:31 +0000)]
r10212: An IE fix. Must set initial values in the onload function.
deryck
Jelmer Vernooij [Tue, 13 Sep 2005 17:28:18 +0000 (17:28 +0000)]
r10207: Add some const
Andrew Tridgell [Tue, 13 Sep 2005 12:46:03 +0000 (12:46 +0000)]
r10200: added a composite_trigger_done() call that allows a composite function
to cause an event to happen immediately. This allows metzes patch for
recognising IPs in resolve_name() to work, and also allows us to
remove some of the other code where we currently do specific checks
for is_ipaddress().
Andrew Tridgell [Tue, 13 Sep 2005 12:44:33 +0000 (12:44 +0000)]
r10199: added a LOCAL-RESOLVE torture test, useful for measuring the overhead of
the async name resolution mechanisms
Tim Potter [Tue, 13 Sep 2005 06:39:40 +0000 (06:39 +0000)]
r10197: Assume that external dissectors are structs which I think is always the
case.
Andrew Tridgell [Tue, 13 Sep 2005 01:02:06 +0000 (01:02 +0000)]
r10193: r11632@blu: tridge | 2005-08-30 23:08:27 +1000
if we fail to erase a ldb during provision by traversing
and deleting records (an in-place erase) then just unlink it
and start it again. This makes provisioning much more robust
to changes in ldb that make it not backward compatible with
old DBs.
Andrew Tridgell [Tue, 13 Sep 2005 01:01:55 +0000 (01:01 +0000)]
r10192: r11631@blu: tridge | 2005-08-30 23:06:37 +1000
added a ldb.close() method in js. Useful for re-opening the db
Jelmer Vernooij [Tue, 13 Sep 2005 00:01:24 +0000 (00:01 +0000)]
r10191: Return the right error code in the case of a time skew. Windows will now
ignore Kerberos and fallback to NTLMSSP when joining. Thanks to Andrew Bartlett
for the assistence.
Jelmer Vernooij [Mon, 12 Sep 2005 23:52:25 +0000 (23:52 +0000)]
r10190: Do some very basic input checking when provisioning.
Tim Potter [Mon, 12 Sep 2005 21:40:40 +0000 (21:40 +0000)]
r10185: Fix another two sets of unhandled enumeration warnings, plus correct some awful indentation. (-:
Tim Potter [Mon, 12 Sep 2005 21:37:18 +0000 (21:37 +0000)]
r10184: Fix a stack of unhandled enumeration warnings.
Jelmer Vernooij [Mon, 12 Sep 2005 21:10:40 +0000 (21:10 +0000)]
r10181: Fix the build
Andrew Bartlett [Mon, 12 Sep 2005 14:19:05 +0000 (14:19 +0000)]
r10174: This patch implements generic PAC verification, without assumptions
about the size of the signature. In particular, this works with AES,
which was previously broken Samba4/Samba4.
Reviewed by metze (and thanks for help with the previous IDL commit).
Jelmer Vernooij [Mon, 12 Sep 2005 13:52:15 +0000 (13:52 +0000)]
r10173: Document new option
Jelmer Vernooij [Mon, 12 Sep 2005 13:49:51 +0000 (13:49 +0000)]
r10172: Add --dump-ndr-tree argument
Andrew Bartlett [Mon, 12 Sep 2005 13:16:56 +0000 (13:16 +0000)]
r10171: This seems to work for encoding/decoding a PAC at the buffers only
level (required for signature verification).
Andrew Bartlett
Stefan Metzmacher [Mon, 12 Sep 2005 11:42:48 +0000 (11:42 +0000)]
r10167: add a test to check if we always get the same assoc_ctx, on one connection.
metze
Stefan Metzmacher [Mon, 12 Sep 2005 10:06:22 +0000 (10:06 +0000)]
r10164: - add first assoc_ctx test
- handle the case where we're no valid pull partner of the tested server
metze
James Peach [Mon, 12 Sep 2005 02:34:22 +0000 (02:34 +0000)]
r10161: Check for alloca.h to prevent incorrect local declaration.
James Peach [Mon, 12 Sep 2005 01:34:51 +0000 (01:34 +0000)]
r10159: Dereference padsize before comparing to an int.
James Peach [Mon, 12 Sep 2005 01:32:57 +0000 (01:32 +0000)]
r10157: Remove the last traces of heimdal/include.
Andrew Bartlett [Mon, 12 Sep 2005 00:29:37 +0000 (00:29 +0000)]
r10155: Add more notes on required gsskrb5 functions.
Andrew Bartlett
Andrew Bartlett [Sun, 11 Sep 2005 11:19:02 +0000 (11:19 +0000)]
r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 22:25:13 +0000 (22:25 +0000)]
r10149: Update Samba4 to current lorikeet-heimdal.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 22:13:50 +0000 (22:13 +0000)]
r10148: Use samdb_base_dn() to find the local domain.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 10:59:49 +0000 (10:59 +0000)]
r10146: Clarify which test is failing in error messages.
Don't dump the pac to x.dat (accidental commit).
Andrew Bartlett
Andrew Bartlett [Sat, 10 Sep 2005 10:39:45 +0000 (10:39 +0000)]
r10145: Allow a variable length signature, so we can support signing with
other than arcfour-hmac-md5. Currently we still fail to verify other
signatures however.
Andrew Bartlett
Stefan Metzmacher [Sat, 10 Sep 2005 09:30:23 +0000 (09:30 +0000)]
r10144: dump the whole data blob
metze
Stefan Metzmacher [Sat, 10 Sep 2005 09:16:29 +0000 (09:16 +0000)]
r10143: don't exit when the not all bytes are consumed,
(this happens with relative pointers)
metze
Stefan Metzmacher [Sat, 10 Sep 2005 08:46:28 +0000 (08:46 +0000)]
r10141: if some of the LIBNDR_ALIGN_* flags and LIBNDR_FLAG_REMAINING are set,
ndr_pull_data_blob() doesn't work correct. so make them exclute each other.
jelmer, tridge: does that look correct? it fixes a problem, abartlet had
with krb5pac.idl, where the align flags are inherited from the parent, and we want to get the
[flag(NDR_REMAINING)] DATA_BLOB signature;
metze
Stefan Metzmacher [Sat, 10 Sep 2005 08:41:57 +0000 (08:41 +0000)]
r10140: reorder some stuff, for nicer output
metze
Jeremy Allison [Sat, 10 Sep 2005 02:21:44 +0000 (02:21 +0000)]
r10138: Fix the mapping table (as tested in smbtorture). EXEC_ACCESS
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE.
Jeremy.