gd/samba-autobuild/.git
7 years agos4 dns: Allow configuring signed updates
Kai Blin [Tue, 4 Sep 2012 23:27:00 +0000 (01:27 +0200)]
s4 dns: Allow configuring signed updates

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 20:42:46 CEST 2012 on sn-devel-104

7 years agos4 dns: Make sure to remember incoming tkey name
Kai Blin [Tue, 4 Sep 2012 23:26:16 +0000 (01:26 +0200)]
s4 dns: Make sure to remember incoming tkey name

7 years agos4 dns: Verify incoming TSIG signatures
Kai Blin [Wed, 5 Sep 2012 06:34:49 +0000 (08:34 +0200)]
s4 dns: Verify incoming TSIG signatures

7 years agos4 dns: Handle GSS-TSIG signature creation
Kai Blin [Wed, 5 Sep 2012 06:34:04 +0000 (08:34 +0200)]
s4 dns: Handle GSS-TSIG signature creation

7 years agos4 dns: When we got a TKEY, we need to remember which key to use for signing
Kai Blin [Wed, 5 Sep 2012 06:29:38 +0000 (08:29 +0200)]
s4 dns: When we got a TKEY, we need to remember which key to use for signing

7 years agos4 dns: TKEY record needs to remember incoming algorithm
Kai Blin [Wed, 5 Sep 2012 06:27:28 +0000 (08:27 +0200)]
s4 dns: TKEY record needs to remember incoming algorithm

Samba3 (and older windows versions) use gss.microsoft.com, win7 (and the RFC) use gss-tsig

7 years agos4 dns: Move dns_find_tkey to an extra file
Kai Blin [Wed, 5 Sep 2012 06:24:52 +0000 (08:24 +0200)]
s4 dns: Move dns_find_tkey to an extra file

7 years agos4 dns: Create IDL entry for TSIG-like record needed for signature check
Kai Blin [Wed, 5 Sep 2012 06:16:43 +0000 (08:16 +0200)]
s4 dns: Create IDL entry for TSIG-like record needed for signature check

7 years agos4-dns: Fix linking the dns service.
Andreas Schneider [Wed, 5 Sep 2012 14:54:47 +0000 (16:54 +0200)]
s4-dns: Fix linking the dns service.

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep  5 18:40:00 CEST 2012 on sn-devel-104

7 years agoselftest: Add python blackbox tests for samba-tool ntacl get/set
Andrew Bartlett [Wed, 5 Sep 2012 08:13:53 +0000 (18:13 +1000)]
selftest: Add python blackbox tests for samba-tool ntacl get/set

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 15:47:55 CEST 2012 on sn-devel-104

7 years agosamba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SID
Andrew Bartlett [Wed, 5 Sep 2012 08:12:52 +0000 (18:12 +1000)]
samba_tool: Improve samba-tool ntacl get/set to use the local sam.ldb SID

This gets the SID for the local machine correctly.

We also add options for --use-ntvfs and --use-s3fs to help control
exactly which database is being read and written.

Andrew Bartlett

7 years agosamba_tool: Fix ntacl get to correctly output in sddl
Andrew Bartlett [Wed, 5 Sep 2012 07:06:33 +0000 (17:06 +1000)]
samba_tool: Fix ntacl get to correctly output in sddl

7 years agos4-provision: Fix error message to contain the string SSDL of the failed-to-match ACL
Andrew Bartlett [Wed, 5 Sep 2012 05:16:40 +0000 (15:16 +1000)]
s4-provision: Fix error message to contain the string SSDL of the failed-to-match ACL

7 years agos4 dns: Revert erroneous push from wrong branch
Kai Blin [Wed, 5 Sep 2012 09:07:55 +0000 (11:07 +0200)]
s4 dns: Revert erroneous push from wrong branch

I've pushed the wrong branch for this, sorry about that.

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 14:10:54 CEST 2012 on sn-devel-104

7 years agos3:smb2_create: check for SMB2_CREATE_TAG_DHNC first
Stefan Metzmacher [Tue, 28 Aug 2012 07:33:51 +0000 (09:33 +0200)]
s3:smb2_create: check for SMB2_CREATE_TAG_DHNC first

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep  5 12:27:25 CEST 2012 on sn-devel-104

7 years agos3:locking: fix trailing space in brl_close_fnum()
Michael Adam [Tue, 4 Sep 2012 09:56:15 +0000 (11:56 +0200)]
s3:locking: fix trailing space in brl_close_fnum()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos4 dns: Allow configuring signed updates
Kai Blin [Tue, 4 Sep 2012 23:27:00 +0000 (01:27 +0200)]
s4 dns: Allow configuring signed updates

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed Sep  5 10:45:22 CEST 2012 on sn-devel-104

7 years agos4 dns: Make sure to remember incoming tkey name
Kai Blin [Tue, 4 Sep 2012 23:26:16 +0000 (01:26 +0200)]
s4 dns: Make sure to remember incoming tkey name

7 years agomore tsig_verify stuff
Kai Blin [Wed, 5 Sep 2012 06:09:22 +0000 (08:09 +0200)]
more tsig_verify stuff

7 years agodrop me
Kai Blin [Wed, 5 Sep 2012 06:08:49 +0000 (08:08 +0200)]
drop me

7 years agohack: dns_sign_tsig correct memcpy
Kai Blin [Wed, 5 Sep 2012 06:08:24 +0000 (08:08 +0200)]
hack: dns_sign_tsig correct memcpy

7 years agoHACK remove debug statement
Kai Blin [Wed, 5 Sep 2012 06:07:45 +0000 (08:07 +0200)]
HACK remove debug statement

7 years agos4 dns: Verify incoming TSIG signatures
Kai Blin [Mon, 3 Sep 2012 06:06:55 +0000 (08:06 +0200)]
s4 dns: Verify incoming TSIG signatures

7 years agos4 dns: Handle GSS-TSIG signatures
Kai Blin [Sun, 2 Sep 2012 19:43:52 +0000 (21:43 +0200)]
s4 dns: Handle GSS-TSIG signatures

7 years agobuild: Remove unused deps from vfs modules
Andrew Bartlett [Tue, 4 Sep 2012 22:55:41 +0000 (08:55 +1000)]
build: Remove unused deps from vfs modules

Both these modules are just implemented in terms of other modules.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep  5 03:34:08 CEST 2012 on sn-devel-104

7 years agos3: Slightly simplify fd_open_atomic
Volker Lendecke [Mon, 3 Sep 2012 10:57:18 +0000 (12:57 +0200)]
s3: Slightly simplify fd_open_atomic

Replace an if-statement by a direct assignment

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  5 01:56:46 CEST 2012 on sn-devel-104

7 years agos3: Put a comment into the right place
Volker Lendecke [Sun, 2 Sep 2012 10:42:59 +0000 (12:42 +0200)]
s3: Put a comment into the right place

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Fix a typo
Volker Lendecke [Wed, 29 Aug 2012 15:19:04 +0000 (17:19 +0200)]
s3: Fix a typo

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Factor out disposition_to_open_flags
Volker Lendecke [Sun, 2 Sep 2012 18:47:46 +0000 (20:47 +0200)]
s3: Factor out disposition_to_open_flags

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Factor out calculation of clear_ads
Volker Lendecke [Sun, 2 Sep 2012 11:06:22 +0000 (13:06 +0200)]
s3: Factor out calculation of clear_ads

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Slightly simplify open_file_ntcreate
Volker Lendecke [Sun, 2 Sep 2012 10:53:04 +0000 (12:53 +0200)]
s3: Slightly simplify open_file_ntcreate

We have not set flags2 before, so do direct assignment and not |=

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Fix a comment
Volker Lendecke [Sun, 2 Sep 2012 05:35:43 +0000 (07:35 +0200)]
s3: Fix a comment

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Make "open_match_attributes" static
Volker Lendecke [Fri, 31 Aug 2012 12:52:21 +0000 (14:52 +0200)]
s3: Make "open_match_attributes" static

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Fix some nonempty blank lines
Volker Lendecke [Fri, 31 Aug 2012 12:41:44 +0000 (14:41 +0200)]
s3: Fix some nonempty blank lines

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: Fix memleaks in pylibsmb.c
Volker Lendecke [Mon, 20 Aug 2012 11:43:41 +0000 (13:43 +0200)]
s3: Fix memleaks in pylibsmb.c

Cut&Paste errors from the read&x routine

Signed-off-by: Jeremy Allison <jra@samba.org>
7 years agos3: in sys_popen(), add a debug message for failed fork
Michael Adam [Tue, 4 Sep 2012 13:25:42 +0000 (15:25 +0200)]
s3: in sys_popen(), add a debug message for failed fork

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep  4 22:17:30 CEST 2012 on sn-devel-104

7 years agos3: in sys_popen(), add a debug message for failed extract_args()
Michael Adam [Tue, 4 Sep 2012 13:24:46 +0000 (15:24 +0200)]
s3: in sys_popen(), add a debug message for failed extract_args()

7 years agos3: in sys_popen(), untangle function call from result check
Michael Adam [Tue, 4 Sep 2012 13:23:01 +0000 (15:23 +0200)]
s3: in sys_popen(), untangle function call from result check

7 years agos3: in sys_popen(), untangle assigment from check and add a debug message in failure...
Michael Adam [Tue, 4 Sep 2012 13:19:46 +0000 (15:19 +0200)]
s3: in sys_popen(), untangle assigment from check and add a debug message in failure case

7 years agos3: in sys_popen(), improve call to pipe and report error to debug
Michael Adam [Tue, 4 Sep 2012 13:17:37 +0000 (15:17 +0200)]
s3: in sys_popen(), improve call to pipe and report error to debug

7 years agos3: in sys_popen(), validate input before opening the pipe.
Michael Adam [Tue, 4 Sep 2012 13:15:42 +0000 (15:15 +0200)]
s3: in sys_popen(), validate input before opening the pipe.

7 years agos3: in sys_popen(), fix a debug message
Michael Adam [Tue, 4 Sep 2012 12:21:37 +0000 (14:21 +0200)]
s3: in sys_popen(), fix a debug message

7 years agos3:smbd: in sys_disk_free(), improve a debug message
Michael Adam [Tue, 4 Sep 2012 13:02:40 +0000 (15:02 +0200)]
s3:smbd: in sys_disk_free(), improve a debug message

7 years agos3:smbd: in sys_disk_free(), improve a debug message
Michael Adam [Tue, 4 Sep 2012 13:01:18 +0000 (15:01 +0200)]
s3:smbd: in sys_disk_free(), improve a debug message

7 years agos3:smbd: in sys_disk_free(), fix line length and indentation of debug statement
Michael Adam [Tue, 4 Sep 2012 12:50:53 +0000 (14:50 +0200)]
s3:smbd: in sys_disk_free(), fix line length and indentation of debug statement

7 years agos3:smbd: in sys_disk_free(), fix a debug message
Michael Adam [Tue, 4 Sep 2012 12:50:15 +0000 (14:50 +0200)]
s3:smbd: in sys_disk_free(), fix a debug message

7 years agos3-winbind: DON'T PANIC if we couldn't find the domain.
Andreas Schneider [Tue, 4 Sep 2012 12:30:38 +0000 (14:30 +0200)]
s3-winbind: DON'T PANIC if we couldn't find the domain.

If we don't have a connection to a trusted domain but still try to do a
lookup we shouldn't segfault.

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep  4 18:16:06 CEST 2012 on sn-devel-104

7 years agofile_server: Remove explicit set of passdb backend in fileserver.conf
Andrew Bartlett [Tue, 4 Sep 2012 10:31:03 +0000 (20:31 +1000)]
file_server: Remove explicit set of passdb backend in fileserver.conf

The default is now set during smb.conf loading based on the server role
or during provision.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  4 14:05:34 CEST 2012 on sn-devel-104

7 years agobuild: sync the waf ACL checks with configure.in
Andrew Bartlett [Tue, 4 Sep 2012 10:15:28 +0000 (20:15 +1000)]
build: sync the waf ACL checks with configure.in

This should give us full ACLs on the same set of hosts that the autoconf build supports.

Andrew Bartlett

7 years agobuild: Remove references to charset modules - we no longer have these
Andrew Bartlett [Tue, 4 Sep 2012 10:06:12 +0000 (20:06 +1000)]
build: Remove references to charset modules - we no longer have these

7 years agobuild: vfs_fake_acls does not need the acl lib
Andrew Bartlett [Tue, 4 Sep 2012 09:41:38 +0000 (19:41 +1000)]
build: vfs_fake_acls does not need the acl lib

7 years agofile_server: Run task_server_terminate when smbd exists
Andrew Bartlett [Tue, 4 Sep 2012 09:06:15 +0000 (11:06 +0200)]
file_server: Run task_server_terminate when smbd exists

This will help us shut down when smbd cannot bind to ports or perform
some other critical startup operation.

Based on a patch by Stefan Metzmacher <metze@samba.org>

Andrew Bartlett

7 years agofile_server: use 'subreq' as variable instead of 'req'
Stefan Metzmacher [Tue, 4 Sep 2012 09:04:16 +0000 (11:04 +0200)]
file_server: use 'subreq' as variable instead of 'req'

This matches the style of all other tevent_req users.

metze

7 years agobuild: remove unused HAVE_NO_ACLS define
Andrew Bartlett [Tue, 4 Sep 2012 08:58:53 +0000 (18:58 +1000)]
build: remove unused HAVE_NO_ACLS define

7 years agos4-selftest: Try a more complex ACL - this example from a GPO
Andrew Bartlett [Tue, 4 Sep 2012 07:56:38 +0000 (17:56 +1000)]
s4-selftest: Try a more complex ACL - this example from a GPO

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  4 11:30:17 CEST 2012 on sn-devel-104

7 years agos4-selftest: Try to make ntacl unit tests better match their names
Andrew Bartlett [Tue, 4 Sep 2012 07:54:34 +0000 (17:54 +1000)]
s4-selftest: Try to make ntacl unit tests better match their names

We are trying to test combinations of setting and getting via the VFS
and directly to the underlying DB.

Andrew Bartlett

7 years agofile_server: Clarify code by avoiding a goto
Andrew Bartlett [Tue, 4 Sep 2012 07:18:45 +0000 (17:18 +1000)]
file_server: Clarify code by avoiding a goto

As suggested by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>

Andrew Bartlett

7 years agos4-samba-tool: Ensure we also sync the SACL as well as the DACL during sysvolreset
Andrew Bartlett [Tue, 4 Sep 2012 07:17:34 +0000 (17:17 +1000)]
s4-samba-tool: Ensure we also sync the SACL as well as the DACL during sysvolreset

7 years agos3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC
Andrew Bartlett [Tue, 4 Sep 2012 00:27:50 +0000 (10:27 +1000)]
s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DC

The name samba_dsdb is not ideal, but it matches the primary ldb
module we use, and more importantly it avoids having '4' in the name.
We should slowly avoid using the term samba4 in long-term places like
the smb.conf because it is confusing to users given we are shipping
Samba 4.0 as an AD DC as well as all the other supported roles (domain
member/standalone server/classic DC)

Additionally, samba4 will be an odd name when we eventually release
Samba 5.0!

samba4 remains accepted as an alias to ensure existing smb.conf files
load, but to allow changes here in the future, we set the value during
the smb.conf load, and not during the provision when we are an AD DC.

This simplifies the default smb.conf for the vast majority of our
users and reduces the number of things listed in smb.conf files that
we later have to work around if we wish to change the
name/implementation of the passdb glue module again.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  4 04:45:16 CEST 2012 on sn-devel-104

7 years agodocs: Move Samba4 HOWTO link into README
Andrew Bartlett [Mon, 3 Sep 2012 23:31:27 +0000 (09:31 +1000)]
docs: Move Samba4 HOWTO link into README

This allows us to make clear that it applies to the AD DC deployment.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  4 03:05:02 CEST 2012 on sn-devel-104

7 years agodocs: Update Roadmap
Andrew Bartlett [Mon, 3 Sep 2012 23:24:52 +0000 (09:24 +1000)]
docs: Update Roadmap

7 years agodocs: Remove merged-branches.txt
Andrew Bartlett [Mon, 3 Sep 2012 23:20:19 +0000 (09:20 +1000)]
docs: Remove merged-branches.txt

We are now well past simply having two projects in once tree, and each
continued reference to 'samba3' and 'samba4' causes user confusion.

Andrew Bartlett

7 years agodocs: Remove docs for removed parameter 'display charset'
Andrew Bartlett [Mon, 3 Sep 2012 23:12:17 +0000 (09:12 +1000)]
docs: Remove docs for removed parameter 'display charset'

7 years agoremove extra tab from Makefile
Andrew Bartlett [Mon, 3 Sep 2012 23:10:59 +0000 (09:10 +1000)]
remove extra tab from Makefile

7 years agodocs: Fix undocumented target to find smb.conf directives in the right place
Andrew Bartlett [Mon, 3 Sep 2012 23:09:38 +0000 (09:09 +1000)]
docs: Fix undocumented target to find smb.conf directives in the right place

The manpages target needs to be reworked to know about waf.

Andrew Bartlett

7 years agodocs: Remove references to security=share and security=server from the smb.conf docs
Andrew Bartlett [Mon, 3 Sep 2012 22:46:06 +0000 (08:46 +1000)]
docs: Remove references to security=share and security=server from the smb.conf docs

7 years agodocs: Remove docs for removed parameter 'parinoid server security'
Andrew Bartlett [Mon, 3 Sep 2012 22:27:23 +0000 (08:27 +1000)]
docs: Remove docs for removed parameter 'parinoid server security'

7 years agodocs: Rename manpages-3 -> manpages.
Karolin Seeger [Mon, 3 Sep 2012 19:49:25 +0000 (21:49 +0200)]
docs: Rename manpages-3 -> manpages.

This change was suggested by Andrew Bartlett on the samba-technical mailing
list.

Karolin

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Sep  3 23:35:38 CEST 2012 on sn-devel-104

7 years agos4-docs: Remove empty s4 HOWTO Collection.
Karolin Seeger [Mon, 3 Sep 2012 19:05:22 +0000 (21:05 +0200)]
s4-docs: Remove empty s4 HOWTO Collection.

This change was proposed by Andrew Bartlett on the samba-technical mailing list.

Karolin

7 years agobuild: skip shipping the alpha13 provision in the release tarballs
Andrew Bartlett [Mon, 3 Sep 2012 08:55:06 +0000 (18:55 +1000)]
build: skip shipping the alpha13 provision in the release tarballs

This test is important, but it is not important enough to include this volume of data
in every tarball.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep  3 13:01:58 CEST 2012 on sn-devel-104

7 years agos4-classicupgrade: Show more clearly what is wrong with the Adminstrator SID
Andrew Bartlett [Mon, 3 Sep 2012 08:50:16 +0000 (18:50 +1000)]
s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SID

7 years agobuild: Only make bin/ if it does not exist
Andrew Bartlett [Mon, 3 Sep 2012 08:43:33 +0000 (18:43 +1000)]
build: Only make bin/ if it does not exist

7 years agoselftest: skip tests if the tarball did not include the alpha13 provision
Andrew Bartlett [Mon, 3 Sep 2012 08:42:55 +0000 (18:42 +1000)]
selftest: skip tests if the tarball did not include the alpha13 provision

7 years agowaf: add new quota header checks and sysquota_4B source file
Björn Jacke [Sun, 2 Sep 2012 19:45:53 +0000 (21:45 +0200)]
waf: add new quota header checks and sysquota_4B source file

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Sep  2 23:21:22 CEST 2012 on sn-devel-104

7 years agos3: remove some duplicate quota code
Björn Jacke [Sun, 2 Sep 2012 19:44:54 +0000 (21:44 +0200)]
s3: remove some duplicate quota code

7 years agos3: adopt the new sysquotas_4B support for BSD
Björn Jacke [Sun, 2 Sep 2012 14:08:58 +0000 (16:08 +0200)]
s3: adopt the new sysquotas_4B support for BSD

most BSD systems have ufs/ufs/quota.h and they count the quota in blocks, not
bytes and have slightly different dqblk struct members.

7 years agos3: add sysquotas_4B support
Björn Jacke [Sun, 1 Jul 2012 12:35:55 +0000 (14:35 +0200)]
s3: add sysquotas_4B support

this is from James Peach's darwin patch, that exists since a couple of years
already.

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Sep  2 01:00:41 CEST 2012 on sn-devel-104

7 years agos3: Make an if statement a bit easier to read
Volker Lendecke [Fri, 31 Aug 2012 12:11:45 +0000 (14:11 +0200)]
s3: Make an if statement a bit easier to read

Fix indentation a bit

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep  1 07:07:12 CEST 2012 on sn-devel-104

7 years agoNow SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP don't include any generic...
Jeremy Allison [Fri, 31 Aug 2012 21:42:21 +0000 (14:42 -0700)]
Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP don't include any generic bits (they're used directly in the fileserver where the generic bits have already been mapped into file specific bits) we need to add the generic bits to the test when we have these privileges.

Mark samba4.base.maximum_allowed knownfail until we implement NTCREATEX_OPTIONS_BACKUP_INTENT.

7 years agoRewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share security...
Jeremy Allison [Fri, 31 Aug 2012 19:42:16 +0000 (12:42 -0700)]
Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share security descriptor testing.

7 years agoAdd a comment showing where to set log level in tests.
Jeremy Allison [Fri, 31 Aug 2012 19:41:48 +0000 (12:41 -0700)]
Add a comment showing where to set log level in tests.

7 years agoChange the S3 fileserver over to se_file_access_check().
Jeremy Allison [Mon, 27 Aug 2012 23:07:32 +0000 (16:07 -0700)]
Change the S3 fileserver over to se_file_access_check().

Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.

7 years agoFactor out privilege checking code into se_file_access_check() which takes a bool...
Jeremy Allison [Mon, 27 Aug 2012 22:41:18 +0000 (15:41 -0700)]
Factor out privilege checking code into se_file_access_check() which takes a bool priv_open_requested parameter.

7 years agoSEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used anywhere....
Jeremy Allison [Mon, 27 Aug 2012 21:15:35 +0000 (14:15 -0700)]
SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used anywhere. Remove (can re-add if needed).

Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.

7 years agos4-dsdb: Remove unused variables
Andrew Bartlett [Sat, 1 Sep 2012 01:36:36 +0000 (11:36 +1000)]
s4-dsdb: Remove unused variables

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep  1 05:10:47 CEST 2012 on sn-devel-104

7 years agos4-kdc: Improve grammer and clarity of password change failure messages.
Andrew Bartlett [Sat, 1 Sep 2012 01:34:33 +0000 (11:34 +1000)]
s4-kdc: Improve grammer and clarity of password change failure messages.

This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.

Andrew Bartlett

7 years agos3: Fix warnings in aio_fork.c
Volker Lendecke [Fri, 31 Aug 2012 12:45:08 +0000 (14:45 +0200)]
s3: Fix warnings in aio_fork.c

7 years agos3: Remove a shadowing variable declaration
Volker Lendecke [Fri, 31 Aug 2012 12:17:49 +0000 (14:17 +0200)]
s3: Remove a shadowing variable declaration

7 years agos4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context
Andrew Bartlett [Sat, 1 Sep 2012 01:29:46 +0000 (11:29 +1000)]
s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context

This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.  Thanks Ricky!

Andrew Bartlett

7 years agos4 dns: Store TKEYs in a ringbuffer
Kai Blin [Fri, 31 Aug 2012 11:41:19 +0000 (13:41 +0200)]
s4 dns: Store TKEYs in a ringbuffer

This stops us from potentially being DoSed by tons of TKEYs

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104

7 years agotdb: return unpack error on strdup failure
David Disseldorp [Fri, 31 Aug 2012 15:41:31 +0000 (17:41 +0200)]
tdb: return unpack error on strdup failure

Signed-off-by: Lars Müller <lars@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 31 21:05:21 CEST 2012 on sn-devel-104

7 years agos3: Fix a few "warning: ISO C90 forbids mixed declarations and code"
Volker Lendecke [Fri, 31 Aug 2012 12:10:02 +0000 (14:10 +0200)]
s3: Fix a few "warning: ISO C90 forbids mixed declarations and code"

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 31 19:24:47 CEST 2012 on sn-devel-104

7 years agos3:build fix autoconf build on RHEL5
Christian Ambach [Fri, 31 Aug 2012 09:00:23 +0000 (11:00 +0200)]
s3:build fix autoconf build on RHEL5

RHEL5 only has autoconf 2.59, so autogen.sh still needs to find autoconf-2.60.m4
somewhere, but it was removed with 5f58359

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Aug 31 12:50:03 CEST 2012 on sn-devel-104

7 years agos3:doc Fix name of timeout parameter in documentation
Christof Schmitt [Thu, 30 Aug 2012 22:42:51 +0000 (15:42 -0700)]
s3:doc Fix name of timeout parameter in documentation

The name is time_audit:timeout, not time_audit:audit_timeout.

Signed-off-by: Christian Ambach <ambi@samba.org>
7 years agos3:dbwrap_ctdb: Add DB name and key to warning message
Christof Schmitt [Thu, 30 Aug 2012 20:16:24 +0000 (13:16 -0700)]
s3:dbwrap_ctdb: Add DB name and key to warning message

When a operation takes too long, it is useful for debugging to know the
DB and the key.

Signed-off-by: Christian Ambach <ambi@samba.org>
7 years agos4 dns: Negotiate GSSAPI-based TKEYs
Kai Blin [Thu, 30 Aug 2012 07:04:07 +0000 (09:04 +0200)]
s4 dns: Negotiate GSSAPI-based TKEYs

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104

7 years agos4-kdc: Give information on how long the password history is
Andrew Bartlett [Fri, 31 Aug 2012 04:02:28 +0000 (14:02 +1000)]
s4-kdc: Give information on how long the password history is

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104

7 years agos4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx
Andrew Bartlett [Fri, 31 Aug 2012 02:38:41 +0000 (12:38 +1000)]
s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx

These are only needed for as long as the call, and should be children of the
private context.

This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.  Thanks Ricky!

Andrew Bartlett

7 years agoauth/credentials: Do not print passwords in a talloc memory dump
Andrew Bartlett [Fri, 31 Aug 2012 01:19:54 +0000 (11:19 +1000)]
auth/credentials: Do not print passwords in a talloc memory dump

The fact that a password was created here is enough information, so
overwrite with the function name and line.

Andrew Bartlett

7 years agoVERSION: Move on to beta9
Andrew Bartlett [Thu, 30 Aug 2012 22:34:03 +0000 (08:34 +1000)]
VERSION: Move on to beta9

We home beta8 will be the last beta, but to avoid confusion and allow
more releases if required I won't mark it as rc1 until the actual
release candidate.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104