Andrew Bartlett [Mon, 2 Jan 2012 09:30:41 +0000 (20:30 +1100)]
s3-librpc Remove unused dcesrv_gssapi.[ch] functions
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:50:07 +0000 (15:50 +1100)]
s3-librpc Remove layer around struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:48:09 +0000 (15:48 +1100)]
s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:38:38 +0000 (15:38 +1100)]
s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:26:15 +0000 (15:26 +1100)]
s3-librpc Allow spnego_generic_init_client to handle kerberos too
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 02:06:29 +0000 (13:06 +1100)]
s3-librpc Call GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:22:38 +0000 (20:22 +1100)]
s3-libsmb Use the gse_krb5 gensec module as client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:22:38 +0000 (20:22 +1100)]
s3-gse Make gse available as a gensec client module
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 23:52:06 +0000 (00:52 +0100)]
s3-build: Rework object lists to allow gse gensec module
This also allows the spnego_parse_krb5_wrap() function to be shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 27 Dec 2011 22:55:55 +0000 (09:55 +1100)]
s3-gse: Add gensec wrapper for gse GSSAPI client
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 11:01:44 +0000 (22:01 +1100)]
s3-auth Match session setup handling of krb5, store the PAC
This will allow non-krb5 services to get the full user groups
without need to do an online s4u2self.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 11:57:18 +0000 (22:57 +1100)]
s3-auth Add auth hook for PAC parsing
This will allow gensec_gse to parse the PAC.
This is a copy from source3/rpc_server/dcesrv_generic.c to preserve
behaviour. A future commit will enable the samlogon cache.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 16 Jan 2012 12:42:52 +0000 (13:42 +0100)]
s3: Use lock_order for setting the db priority
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 18 16:21:52 CET 2012 on sn-devel-104
Volker Lendecke [Mon, 16 Jan 2012 11:50:44 +0000 (12:50 +0100)]
s3: Pass down lock_order to db_open_ctdb
Volker Lendecke [Fri, 13 Jan 2012 13:10:44 +0000 (14:10 +0100)]
Revert "Fix bug #8175 - smbd deadlock."
This reverts commit
5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
Volker Lendecke [Fri, 13 Jan 2012 12:26:41 +0000 (13:26 +0100)]
s3: Change locking order between brlock and locking
But 8175 was fixed in a way that brlock.tdb was always locked before
locking.tdb. This patch fixes the bug in a different way. locking.tdb
is the central tdb for files and should always be locked first.
This patch solves the problem by postponing the level2 break messages,
which are async anyway.
Volker Lendecke [Sun, 8 Jan 2012 18:04:39 +0000 (19:04 +0100)]
s3: Enforce a lock order in dbwrap
This makes sure we do not deadlock from doing two dbwrap_fetch_locked in two
processes in different orders. At open time, we assign a strict order to all
databases. lock_order 1 will be locked first, lock_order 2 second. No two
records of the same lock order may be locked at the same time.
Volker Lendecke [Fri, 6 Jan 2012 16:19:54 +0000 (17:19 +0100)]
s3: Add a "lock_order" argument to db_open
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
Günther Deschner [Mon, 17 Oct 2011 20:00:45 +0000 (22:00 +0200)]
s3-passdb: trying to decouple passdb and secrets a little.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 17 Jan 2012 16:14:38 +0000 (17:14 +0100)]
s3: Fix bug 8695
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: *.msg files moved
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: *.dat files moved
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: CP*so are no more
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: --with-mandir -> --mandir
Stefan Metzmacher [Tue, 17 Jan 2012 11:51:57 +0000 (12:51 +0100)]
dynconfig: overwrite --with-privatelibdir as a Samba option
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 17:17:56 CET 2012 on sn-devel-104
Stefan Metzmacher [Tue, 17 Jan 2012 11:32:47 +0000 (12:32 +0100)]
dynconfig: --with-modulesdir should be a Samba option
This also restores the defaults from Samba 3.6.x:
"${libdir}" or "${libdir}/samba" in FHS mode.
metze
Stefan Metzmacher [Tue, 17 Jan 2012 11:29:53 +0000 (12:29 +0100)]
dynconfig/config.m4: expand prefix, exec_prefix, sysconfdir, localstatedir and datarootdir in Makefile
Otherwise $prefix is "NONE" without explicit --prefix
metze
Stefan Metzmacher [Mon, 16 Jan 2012 15:15:59 +0000 (16:15 +0100)]
s3:lib/messages: remove unused messaging_event_context()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 09:45:30 CET 2012 on sn-devel-104
Stefan Metzmacher [Mon, 16 Jan 2012 15:14:35 +0000 (16:14 +0100)]
s3:smbcontrol: avoid using messaging_event_context()
metze
Stefan Metzmacher [Mon, 16 Jan 2012 15:11:42 +0000 (16:11 +0100)]
s3:smbcontrol: pass tevent_context down to wait_replies()
metze
Stefan Metzmacher [Mon, 16 Jan 2012 15:08:48 +0000 (16:08 +0100)]
s3:smbcontrol: pass tevent_context down to subcommands
metze
Stefan Metzmacher [Mon, 16 Jan 2012 14:54:41 +0000 (15:54 +0100)]
s3:printing: avoid messaging_event_context() in print_queue_housekeeping()
metze
Volker Lendecke [Mon, 16 Jan 2012 15:43:10 +0000 (16:43 +0100)]
s3-install: Don't let MANDIR and SRCDIR be overwritten
In installman.sh, we get them via cmd line args
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 16 18:55:40 CET 2012 on sn-devel-104
Stefan Metzmacher [Mon, 16 Jan 2012 14:32:21 +0000 (15:32 +0100)]
s4:dsdb/password_hash: require a "Primary:Kerberos" blob in supplementalCredentials
If this is missing a w2k8r2 server will reboot, when someone tries to
change a password.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
Stefan Metzmacher [Sat, 14 Jan 2012 10:17:33 +0000 (11:17 +0100)]
s3:selftest: rpcclient doesn't support smb2
metze
Volker Lendecke [Sat, 14 Jan 2012 12:47:08 +0000 (13:47 +0100)]
s3: ADS support is needed for dns updates
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jan 14 15:32:15 CET 2012 on sn-devel-104
Dave Craft [Wed, 11 Jan 2012 14:11:35 +0000 (08:11 -0600)]
KCC importldif/exportldif and intersite topology
Add options for extracting an LDIF file from a database
and reimporting the LDIF into a schema-less database for
subsequent topology test/debug. Add intersite topology
generation with computation of ISTG and bridgehead servers
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Jan 14 07:45:11 CET 2012 on sn-devel-104
Dave Craft [Wed, 11 Jan 2012 14:10:27 +0000 (08:10 -0600)]
Intersite KCC flags for python
Add NTDSSITELINK options to dsdb class for use
in python samba_kcc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Dave Craft [Wed, 11 Jan 2012 14:08:52 +0000 (08:08 -0600)]
Intersite KCC flags
NTDSSITELINK option flags added
Signed-off-by: Andrew Tridgell <tridge@samba.org>
David Disseldorp [Fri, 13 Jan 2012 21:51:22 +0000 (13:51 -0800)]
idl: add to_null property
to_null specifies that character conversion should only occur until the
null pointer in an array based string.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jan 14 00:51:54 CET 2012 on sn-devel-104
David Disseldorp [Wed, 23 Nov 2011 01:03:48 +0000 (02:03 +0100)]
idl: add to_null attribute to the spoolss devicename array
OpenPrinterEx requests have also been observed in the wild carrying
non-utf16 garbage after the device mode devicename field null
terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 13 Nov 2011 19:40:56 +0000 (20:40 +0100)]
idl: add to_null attribute to the spoolss formname array
OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.
This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.
https://bugzilla.samba.org/show_bug.cgi?id=8606
Signed-off-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 13 Nov 2011 19:01:43 +0000 (20:01 +0100)]
ndr: add ndr_pull_charset_to_null()
The same as ndr_pull_charset(), however only perform character
conversion on bytes prior to and including the null terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 13 Nov 2011 19:39:58 +0000 (20:39 +0100)]
idl: add parser for the to_null property
Compile into a ndr_pull_charset_to_null call.
Signed-off-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 15 Nov 2011 17:08:43 +0000 (18:08 +0100)]
s4-smbtorture: tweak spoolss_OpenPrinterEx devmode
Flip some bits after the null terminator in the spoolss device mode
character arrays to trigger bug 8606.
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Jan 2012 18:51:53 +0000 (19:51 +0100)]
s3: Fix the talloc hierarchy in fetch_share_mode_unlocked
Thanks, metze for noticing!
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 13 13:16:44 CET 2012 on sn-devel-104
Günther Deschner [Thu, 12 Jan 2012 15:29:39 +0000 (16:29 +0100)]
s3-waf: check for KRB5_PDU_NONE as in the autoconf build.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jan 13 11:15:35 CET 2012 on sn-devel-104
Günther Deschner [Thu, 12 Jan 2012 14:08:34 +0000 (15:08 +0100)]
s3-autoconf: fix the build of the pdb_ldap shared module in autoconf build as well.
Guenther
Günther Deschner [Thu, 12 Jan 2012 14:06:25 +0000 (15:06 +0100)]
s3-waf: fix compile of pdb_ldap as shared module by moving ldap schema helpers to libpdb.so
These helpers are used in other parts of Samba as well (like in idmap and in the
net provision code).
Guenther
Günther Deschner [Thu, 12 Jan 2012 13:27:10 +0000 (14:27 +0100)]
s3-waf: also check for gsskrb5_extract_authz_data_from_sec_context() during
configure.
Guenther
Stefan Metzmacher [Thu, 12 Jan 2012 14:42:08 +0000 (15:42 +0100)]
s3:build: add auth/gensec/spnego.o
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
Stefan Metzmacher [Thu, 12 Jan 2012 11:21:21 +0000 (12:21 +0100)]
auth/gensec: move spnego.c to the toplevel
metze
Stefan Metzmacher [Thu, 12 Jan 2012 21:03:07 +0000 (22:03 +0100)]
auth/gensec: common helper functions should be in gensec_util.c
This makes the dependencies easier to handle.
metze
Stefan Metzmacher [Thu, 12 Jan 2012 21:56:03 +0000 (22:56 +0100)]
s4:auth/gensec: inline packet_full_request_u32()
This removes the dependency to s4 specific code.
metze
Stefan Metzmacher [Thu, 12 Jan 2012 15:18:38 +0000 (16:18 +0100)]
auth/gensec: add some more functions from gensec_start.c to gensec.h
metze
Stefan Metzmacher [Thu, 12 Jan 2012 15:18:38 +0000 (16:18 +0100)]
auth/gensec: make sure functions from gensec.c are in gensec.h
metze
Stefan Metzmacher [Thu, 12 Jan 2012 16:07:41 +0000 (17:07 +0100)]
s4:auth/gensec: fix compiler warnings in spnego.c
metze
Andrew Bartlett [Fri, 13 Jan 2012 01:42:43 +0000 (12:42 +1100)]
s3-selftest The krb5 encrypted CIFS test was wrong
Sadly this fails in the test environement for now. It needs a /etc/krb5.keytab
which we do not provide.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jan 13 04:57:22 CET 2012 on sn-devel-104
Amitay Isaacs [Thu, 12 Jan 2012 04:34:16 +0000 (15:34 +1100)]
selftest: Do not run symbol check if setting up testenv
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 13 03:11:20 CET 2012 on sn-devel-104
Jeremy Allison [Thu, 12 Jan 2012 22:46:45 +0000 (14:46 -0800)]
Add comments to all functions (to help me understand it better).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 13 01:35:03 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 10 Jan 2012 16:07:29 +0000 (17:07 +0100)]
s3: Fix nested get_share_mode_lock calls
This forces us to only do one real get_share_mode_lock call and
share the data between the nested get_share_mode_lock calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Jan 2012 13:13:49 +0000 (14:13 +0100)]
s3: Move the share_mode_lock handling to its own file
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Jan 2012 12:56:37 +0000 (13:56 +0100)]
s3: Put an indirection layer into share_mode_lock
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jan 2012 13:30:53 +0000 (14:30 +0100)]
s3: Introduce get_share_mode_lock_fresh()
This slightly simplifies the code path for all callers which assume
that a share mode exists already. Only the callers in open_file_ntcreate
and open_directory will ever create new share modes.
Signed-off-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Jan 2012 13:09:28 +0000 (14:09 +0100)]
s3: Replace fill_share_mode_lock()
This replaces fill_share_mode_lock() with the two routines
fresh_share_mode_lock() and parse_share_modes(). This lifts the
decision whether a share mode already existed on level up.
Signed-off-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Jan 2012 14:14:08 +0000 (15:14 +0100)]
s4:repl_cleartext_pwd.py: add optional 'clear_utf16_name' parameter
Not all cleartext password (machine passwords) can be converted to utf8,
let's export the raw uint16_t array.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104
Stefan Metzmacher [Tue, 10 Jan 2012 14:15:19 +0000 (15:15 +0100)]
s4:repl_cleartext_pwd.py: add 'attmode' parameter to convert the attname to utf8
metze
Stefan Metzmacher [Tue, 10 Jan 2012 14:12:00 +0000 (15:12 +0100)]
s4:repl_cleartext_pwd.py: correctly compare attids as uint32_t values
metze
Andreas Schneider [Thu, 12 Jan 2012 13:50:40 +0000 (14:50 +0100)]
s3-waf: auth_netlogond depends on tldap.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
Andreas Schneider [Thu, 12 Jan 2012 12:39:39 +0000 (13:39 +0100)]
s3-waf: link SECRETS3 only against samba3util.
Andreas Schneider [Thu, 12 Jan 2012 12:39:17 +0000 (13:39 +0100)]
s3-waf: Create a smaller samba3util subsystem.
Stefan Metzmacher [Wed, 11 Jan 2012 15:00:59 +0000 (16:00 +0100)]
s4:pygensec/tests: add test for gensec_set_max_update_size()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 14:47:05 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 23 Dec 2011 23:27:45 +0000 (00:27 +0100)]
s4:auth/gensec/spnego: add support for fragmented spnego messages
metze
Stefan Metzmacher [Wed, 11 Jan 2012 13:53:52 +0000 (14:53 +0100)]
s4:pygensec: add set_max_update_size() and max_update_size() functions
metze
Stefan Metzmacher [Sat, 24 Dec 2011 00:14:26 +0000 (01:14 +0100)]
auth/gensec: add gensec_*max_update_size()
This is only a hint for the backend, which may want to fragment
update tokens.
metze
Volker Lendecke [Thu, 12 Jan 2012 10:36:02 +0000 (11:36 +0100)]
s3: Split a line with 1 statements
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 12 13:10:19 CET 2012 on sn-devel-104
Stefan Metzmacher [Wed, 11 Jan 2012 21:25:38 +0000 (22:25 +0100)]
s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKEN
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 15 Dec 2011 01:29:01 +0000 (12:29 +1100)]
Revert "make paranoia check less paranoid" - check that key types strictly match
This reverts commit
c25af51232616061bb08eea86aae595b4f029490 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 15 Dec 2011 05:36:03 +0000 (16:36 +1100)]
make hmac-md5 the keyed checksum type for arcfour-hmac-md5
Andrew Bartlett [Thu, 15 Dec 2011 05:17:09 +0000 (16:17 +1100)]
use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 07:19:14 +0000 (18:19 +1100)]
heimdal: remove checking of KDC PAC signature, delegate to wdc plugin
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 07:07:41 +0000 (18:07 +1100)]
auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksum
Andrew Bartlett [Wed, 11 Jan 2012 07:06:55 +0000 (18:06 +1100)]
s4-kdc Do the KDC PAC checksum validation in the Samba plugin
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that
we know. We cannot check the KDC signature on incoming trusts.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 05:13:37 +0000 (16:13 +1100)]
s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATE
Amitay Isaacs [Thu, 12 Jan 2012 04:11:12 +0000 (15:11 +1100)]
samba-tool:dns: DNS names are case insensitive
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
Amitay Isaacs [Thu, 12 Jan 2012 04:10:42 +0000 (15:10 +1100)]
s4-rpc:dnsserver: DNS names are case insensitive
Jeremy Allison [Thu, 12 Jan 2012 00:37:48 +0000 (16:37 -0800)]
Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE
call out of smbd_aio_complete_aio_ex() and into the caller.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104
Jeremy Allison [Tue, 10 Jan 2012 20:58:13 +0000 (12:58 -0800)]
Second part of fix for bug #8673 - NT ACL issue.
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
Jeremy Allison [Tue, 10 Jan 2012 20:52:01 +0000 (12:52 -0800)]
First part of fix for bug #8673 - NT ACL issue.
Simplify the logic in the unlink/rmdir calls - makes it readable
(and correct).
Stefan Metzmacher [Wed, 11 Jan 2012 12:47:08 +0000 (13:47 +0100)]
lib/param: avoid talloc_reference() in copy_service()
The memory reduction compared of talloc_reference() over talloc_strdup()
is typically very low. As the strings are typically short compared
to the talloc header overhead.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104
David Disseldorp [Wed, 11 Jan 2012 11:29:58 +0000 (12:29 +0100)]
s3-rpcclient: add deldriverex flags argument
The spoolss DeletePrinterDriverEx command offers three flags for
controlling how associated files and other versions of the driver are
effected: DPD_DELETE_UNUSED_FILES (1), DPD_DELETE_SPECIFIC_VERSION (2)
and DPD_DELETE_ALL_FILES (4).
This commit adds an optional numeric flags argument to the rpcclient
deldriverex command.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Wed Jan 11 14:39:35 CET 2012 on sn-devel-104
David Disseldorp [Tue, 10 Jan 2012 17:21:42 +0000 (18:21 +0100)]
spoolss: fix DPD_DELETE_ALL_FILES error return
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files
assigned to the to-be-deleted driver overlap with other drivers then an
error is returned. Change the error code here to match Windows 2k8r2.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 08:00:34 +0000 (19:00 +1100)]
s4:auth: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
Andrew Bartlett [Wed, 11 Jan 2012 08:00:34 +0000 (19:00 +1100)]
gensec: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:26:31 +0000 (11:26 +1100)]
gensec: Rename want_flags and got_flags in gensec_gssapi
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:14:54 +0000 (11:14 +1100)]
gensec: make gensec_gssapi.h common
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:21:05 +0000 (15:21 +1100)]
s3-librpc Supply target service and server to spnego_generic_init_client()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 03:29:51 +0000 (14:29 +1100)]
s3-librpc: Rename spnego_ntlmssp_init_client and make generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 5 Jan 2012 16:15:14 +0000 (17:15 +0100)]
s3-libsmb: split out auth_generic client functions into auth_generic.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 02:11:38 +0000 (13:11 +1100)]
s3-librpc: rename get_ntlmssp_auth_footer to be more generic
This can handle any gensec auth type now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
git.samba.org / gd / samba-autobuild / .git / log