Andrew Bartlett [Wed, 28 Dec 2011 06:48:45 +0000 (17:48 +1100)]
s4-gensec: Move parsing of the PAC blob and creating the session_info into auth
This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.
This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
Andrew Bartlett [Wed, 28 Dec 2011 06:31:03 +0000 (17:31 +1100)]
s4-gensec: fix cyrus sasl module after update() protype change
Andrew Bartlett [Wed, 28 Dec 2011 05:01:38 +0000 (16:01 +1100)]
auth/kerberos: Make pac_data_out in kerberos_decode_pac() optional
Andrew Bartlett [Tue, 27 Dec 2011 23:38:52 +0000 (10:38 +1100)]
s4-auth Remove unused auth_context_create_from_ldb()
Andrew Bartlett [Tue, 27 Dec 2011 11:02:16 +0000 (22:02 +1100)]
s4-gensec: Allow a PAC to be obtained from any GSS mech
This may allow Luke Howard's moonshot to work with a little less effort
at some point in the future.
Andrew Bartlett
Andrew Bartlett [Tue, 27 Dec 2011 11:00:22 +0000 (22:00 +1100)]
auth/kerberos: Move gssapi_parse.c to the top level
This will help with writing a gensec module for the s3 gse layer.
Andrew Bartlett
Andrew Bartlett [Tue, 27 Dec 2011 10:30:49 +0000 (21:30 +1100)]
credentials: Always honour the return value of E_deshash()
When this returns false, the hash value is not correct as the password
could not be converted into an uppercase, 14 char or less ASCII string.
Andrew Bartlett
Andrew Bartlett [Tue, 27 Dec 2011 08:50:36 +0000 (19:50 +1100)]
s4-ntlmssp Do not allow LM key without a LM password
Andrew Bartlett [Mon, 26 Dec 2011 11:59:17 +0000 (22:59 +1100)]
s3-auth Fix talloc parent for s4 event context in auth_samba4
Andrew Bartlett [Mon, 26 Dec 2011 00:51:08 +0000 (11:51 +1100)]
s3-auth: Remove protype for already-removed auth_ntlmssp_start
Andrew Bartlett [Sun, 25 Dec 2011 23:53:56 +0000 (10:53 +1100)]
gensec: Allow an alternate set of modules to be specified
This will allow s3 to specify modules to use as a list, rather than
needing to start the individual module with gensec_start_mech_by_ops()
Andrew Bartlett
Volker Lendecke [Sun, 25 Dec 2011 10:49:04 +0000 (11:49 +0100)]
lib/charset: Remove an unused variable
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Dec 25 15:07:56 CET 2011 on sn-devel-104
Volker Lendecke [Sun, 25 Dec 2011 10:43:43 +0000 (11:43 +0100)]
s3: Fix fn signatures in charset_macosx.c
Volker Lendecke [Sun, 25 Dec 2011 10:35:07 +0000 (11:35 +0100)]
s3: Fix a 64-bit warning
Volker Lendecke [Sun, 25 Dec 2011 10:00:11 +0000 (11:00 +0100)]
s3: Fix linking on Lion
We are using CoreFoundation functions in charset_macosx.c. We need to link
against that.
Volker Lendecke [Mon, 19 Dec 2011 12:39:04 +0000 (13:39 +0100)]
tdb: Use tdb_parse_record in tdb_update_hash
This avoids a tdb_fetch, thus a malloc/memcpy/free in the tdb_store path
Volker Lendecke [Mon, 19 Dec 2011 12:39:04 +0000 (13:39 +0100)]
tdb: Use tdb_parse_record in tdb_update_hash
This avoids a tdb_fetch, thus a malloc/memcpy/free in the tdb_store path
Volker Lendecke [Fri, 23 Dec 2011 20:37:57 +0000 (21:37 +0100)]
libreplace: Don't check for standards.h on darwin (Lion)
standards.h on Lion holds a #warning that standards.h will be removed. This is
annoying during the build.
Jeremy Allison [Sun, 25 Dec 2011 05:12:09 +0000 (21:12 -0800)]
Fix bug #8679 - recvfile code path using splice() on Linux leaves data in the pipe on short write
Bug found and fix suggested by Andrew Bartlett.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Dec 25 07:46:38 CET 2011 on sn-devel-104
Volker Lendecke [Fri, 23 Dec 2011 20:41:03 +0000 (21:41 +0100)]
lib: Fix NT_STATUS_ALL_SIDS_FILTERED definition
This seems to be more in line with all the other NT_STATUS definitions.
Metze, please check.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Dec 23 23:19:17 CET 2011 on sn-devel-104
Stefan Metzmacher [Fri, 23 Dec 2011 13:45:45 +0000 (14:45 +0100)]
s3:lib/ctdbd_conn: try ctdbd_init_connection() as root
ctdbd_traverse is only called if the main db_context is already
open. So if we could get to information via dbwrap_fetch,
we should also be able to traverse.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 23 18:19:14 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Thu, 24 Nov 2011 16:38:14 +0000 (17:38 +0100)]
s4:torture/rpc/netlogon.c - factor out the computer name check in an own test
This check is by no ways specific to "DsRGetSiteName" and hence it should
be factored out in an own function.
Samba at the moment does not implement the expected behaviour so I have
added the "torture_skip" action.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 23 12:17:48 CET 2011 on sn-devel-104
Matthias Dieter Wallnöfer [Thu, 24 Nov 2011 16:03:00 +0000 (17:03 +0100)]
s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explaination
NETLOGON pipe is only thought for DCs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Thu, 22 Dec 2011 15:49:48 +0000 (16:49 +0100)]
s4:libcli/finddcs_nbt.c - free "req" consistently with "finddcs_cldap.c"
It is more obvious to free where the context for the first time appears.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthias Dieter Wallnöfer [Thu, 22 Dec 2011 10:50:49 +0000 (11:50 +0100)]
ldb:ldb_tdb.c - fix warnings in "ltdb_init_rootdse"
We should ignore the LDB result.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 15 Nov 2011 11:42:22 +0000 (12:42 +0100)]
s4:drsuapi/getncchanges: the default for isRecycled is FALSE
metze
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
Matthieu Patou [Mon, 14 Nov 2011 17:32:41 +0000 (18:32 +0100)]
s4-drsuapi: we store boolean in upppercase so we need to test them in uppercase
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 15 Nov 2011 11:38:51 +0000 (12:38 +0100)]
s4-kcc: Remove also deleted objects that are not in the Deleted Object container
For the configuration container we do a full scan at every run of the
kcc-delete service. For the base DN we introduce a new parameter that
avoid the full scan to kick just when samba starts.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 1 Nov 2011 22:12:47 +0000 (23:12 +0100)]
s4-ldb: Add isRecycled when is defined in the schema
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Amitay Isaacs [Fri, 23 Dec 2011 05:15:26 +0000 (16:15 +1100)]
s4:rpc-dnsserver: Set the rank for the new DNS record correctly
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Dec 23 07:56:34 CET 2011 on sn-devel-104
Amitay Isaacs [Tue, 20 Dec 2011 03:41:43 +0000 (14:41 +1100)]
test:dnsserver: Add zone creation and deletion test
Amitay Isaacs [Tue, 20 Dec 2011 01:07:11 +0000 (12:07 +1100)]
samba-tool:dns: Fix a typo
Amitay Isaacs [Tue, 20 Dec 2011 01:06:47 +0000 (12:06 +1100)]
samba-tool:dns: Add zone create/delete commands
Amitay Isaacs [Tue, 20 Dec 2011 01:05:49 +0000 (12:05 +1100)]
ldif-handler: Fix the case for attribute dnsproperty
Amitay Isaacs [Mon, 19 Dec 2011 01:16:45 +0000 (12:16 +1100)]
s4:rpc-dnsserver: Add comments
Amitay Isaacs [Fri, 16 Dec 2011 06:59:59 +0000 (17:59 +1100)]
s4:rpc-dnsserver: Make sure that zone information is filled in
This fixes the problem of NULL zone in zone operations when specific
zone is specified and no zone filter is specified.
Amitay Isaacs [Fri, 16 Dec 2011 04:41:15 +0000 (15:41 +1100)]
s4:rpc-dnsserver: Implement zone management RPC operations
- ZoneCreate operation to create zone.
- DeleteZoneFromDs operation to delete zone
When a zone is deleted, all the records in that zone are also deleted.
Amitay Isaacs [Mon, 19 Dec 2011 01:13:46 +0000 (12:13 +1100)]
s4:rpc-dnsserver: Add multiple DNS records in a single operation
This allows to add dnsNode objectclass with multiple DNS records in a
single operation. Useful for creating @ record which has NS and SOA
records.
Amitay Isaacs [Fri, 16 Dec 2011 01:20:43 +0000 (12:20 +1100)]
s4:rpc-dnsserver: Use handy macros for error checking
Amitay Isaacs [Fri, 16 Dec 2011 01:11:42 +0000 (12:11 +1100)]
s4:rpc-dnsserver: Implement DirectoryPartitionInfo RPC operation
Amitay Isaacs [Thu, 15 Dec 2011 08:45:22 +0000 (19:45 +1100)]
s4:rpc-dnsserver: Fix the enumeration of DNS records
If a node has data and children, do not return the children unless
the node is the top level node.
Amitay Isaacs [Thu, 15 Dec 2011 08:45:10 +0000 (19:45 +1100)]
s4:rpc-dnsserver: Use cached zone information to get rootservers
This removes the hardcoded search for DC=RootDNSServers, and uses
the cached zone information.
Amitay Isaacs [Thu, 15 Dec 2011 07:52:21 +0000 (18:52 +1100)]
idl:dnsserver: Add DNS_DP_STATE enumeration for diretory partition state
Amitay Isaacs [Thu, 15 Dec 2011 07:27:39 +0000 (18:27 +1100)]
s4:rpc-dnsserver: Implement EnumDirectoryPartition operation
Amitay Isaacs [Thu, 15 Dec 2011 06:44:32 +0000 (17:44 +1100)]
s4:rpc-dnsserver: Cache DNS partition information
This information will be used for the RPC calls for partition
information.
Amitay Isaacs [Wed, 14 Dec 2011 05:17:31 +0000 (16:17 +1100)]
s4:rpc-dnsserver: If a zone is reverse zone, set the fReverse flag
And use fReverse flag in the enumeration of zones.
Amitay Isaacs [Wed, 14 Dec 2011 05:16:23 +0000 (16:16 +1100)]
s4:rpc-dnsserver: For PTR records, use dns_name_equal instead of strcmp to compare
Amitay Isaacs [Wed, 14 Dec 2011 04:54:31 +0000 (15:54 +1100)]
samba-tool:dns: Add support for reverse names (PTR records)
Amitay Isaacs [Wed, 14 Dec 2011 03:47:05 +0000 (14:47 +1100)]
s4-provision: Set dNSProperty attribute for dns zones
Andrew Bartlett [Wed, 21 Dec 2011 04:54:20 +0000 (15:54 +1100)]
s3-librpc Use gensec_sig_size() instead of a fixed NTLMSSP_SIG_SIZE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
Andrew Bartlett [Wed, 21 Dec 2011 04:34:17 +0000 (15:34 +1100)]
s3-rpc_server: Rework pipe_ntlmssp_auth_bind() to be generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Dec 2011 04:28:26 +0000 (15:28 +1100)]
s3-rpc_server: Allow gensec mechanisms to return NT_STATUS_OK
If a kerberos mechanism is added, then it can return OK after just one packet.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Dec 2011 04:17:45 +0000 (15:17 +1100)]
s3-rpc_server: rename pipe_ntlmssp_verify_final() to pipe_auth_generic_verify_final()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Dec 2011 04:09:29 +0000 (15:09 +1100)]
s3-rpc_server: Rename dcesrv_ntlmssp.[ch] to dcesrv_auth_generic.[ch]
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Dec 2011 03:40:04 +0000 (14:40 +1100)]
s3-rpc_server rename NTLMSSP functions to auth_generic..()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 21 Dec 2011 03:32:43 +0000 (14:32 +1100)]
s3-rpc_server rename ntlmssp_server_auth_start() -> auth_generic_server_start()
By adding an OID parameter we can make this routine generic to any
gensec module that may be made available.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 06:05:12 +0000 (17:05 +1100)]
s3-rpc_server remove unused header
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 05:55:36 +0000 (16:55 +1100)]
s3-auth split the auth_generic functions into a seperate file
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 05:44:17 +0000 (16:44 +1100)]
s3-rpc_server request both sign and seal for clarity
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 05:38:53 +0000 (16:38 +1100)]
s3-auth remove auth_ntlmssp_start(), call auth_generic_start() directly
This makes it clear that this can support more than just NTLMSSP.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 05:08:56 +0000 (16:08 +1100)]
s3-auth rename auth_ntlmssp_prepare() -> auth_generic_prepare()
This function handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 05:07:24 +0000 (16:07 +1100)]
s3-auth rename auth_ntlmssp_state -> auth_generic_state
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Dec 2011 04:55:08 +0000 (15:55 +1100)]
s3-rpc_server request the DCE_STYLE feature in ntlmssp_server_auth_start
This is not used or honoured by NTLMSSP, but I hope to make this routine
more generic in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Sumit Bose [Thu, 24 Nov 2011 17:22:57 +0000 (12:22 -0500)]
s3-netlogon: use dsgetdcname() instead of get_dc_name()
Sometimes the domain parameter might not contain the NetBIOS name of the remote
domain but the DNS name.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 22 19:21:21 CET 2011 on sn-devel-104
Sumit Bose [Tue, 22 Nov 2011 13:02:20 +0000 (08:02 -0500)]
s3-netlogon: Add support to authenticate trusted domains.
Stefan Metzmacher [Sat, 19 Sep 2009 19:14:17 +0000 (21:14 +0200)]
s4-torture: Test rpc schannel netr_LogonGetCapability.
metze
Stefan Metzmacher [Tue, 29 Sep 2009 07:16:13 +0000 (09:16 +0200)]
s3-rpc_server: Pass in our flags to netlogon_creds_server_init().
metze
Stefan Metzmacher [Sat, 19 Sep 2009 19:07:20 +0000 (21:07 +0200)]
s3-netlogon: Add support for LogonGetCapabilities.
This is also needed to support AES.
metze
Andreas Schneider [Thu, 22 Dec 2011 15:32:31 +0000 (16:32 +0100)]
s4-librpc: Fix netlogon schannel client connect.
As a client we request as much flags as possible. The server checks
which flags it supports and returns the same negotiation flags or less.
So we need to store the negotiate flags from the server. We need them
later if we have to call netr_LogonGetCapabilities.
Stefan Metzmacher [Thu, 22 Dec 2011 12:14:21 +0000 (13:14 +0100)]
s3:torture/test_smb2: also try PROTOCOL_SMB2_24
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 17:47:17 CET 2011 on sn-devel-104
Stefan Metzmacher [Thu, 22 Dec 2011 12:12:24 +0000 (13:12 +0100)]
lib/param: add support for "SMB2_24" in smb.conf options
metze
Stefan Metzmacher [Thu, 22 Dec 2011 12:11:57 +0000 (13:11 +0100)]
s3:smb2_negprot: add support for PROTOCOL_SMB2_24
metze
Stefan Metzmacher [Thu, 22 Dec 2011 12:08:44 +0000 (13:08 +0100)]
libcli/smb: add PROTOCOL_SMB2_24 support
metze
Stefan Metzmacher [Thu, 22 Dec 2011 12:07:48 +0000 (13:07 +0100)]
libcli/smb: add SMB2_DIALECT_REVISION_224
This is specified in the new [MS-SMB2] preview document.
metze
Andrew Bartlett [Wed, 21 Dec 2011 06:26:23 +0000 (17:26 +1100)]
s3-auth Restore shortcut for guest security token
This was lost when the server_info and session_info structures were split.
This helps avoid doing lookups for the guest account to determine the
uid/gid and SID values.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 15:51:09 CET 2011 on sn-devel-104
Andrew Tridgell [Wed, 30 Nov 2011 04:18:29 +0000 (15:18 +1100)]
runcmd: use set_close_on_exec()
this prevents a fd leak to child processes
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 22 14:00:06 CET 2011 on sn-devel-104
Andrew Tridgell [Wed, 30 Nov 2011 03:07:51 +0000 (14:07 +1100)]
runcmd: use a pipe for stdin to child processes
this allows child processes to detect the exit of the parent by
looking for EOF on stdin
Jeremy Allison [Thu, 22 Dec 2011 04:38:32 +0000 (20:38 -0800)]
Change the signature of pthreadpool_finished_job() to return 0
on success, errno on fail and return the jobid in a separate variable.
I need this fix for my vfs_aio_pthread.c module.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 22 12:12:33 CET 2011 on sn-devel-104
Amitay Isaacs [Thu, 22 Dec 2011 05:40:10 +0000 (16:40 +1100)]
param: domain_logons and domain_master are of type enum_bool_auto
These parameters should be defined as int and not bool. This fixes
the test failures on big endian machines.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 10:37:42 CET 2011 on sn-devel-104
Andrew Bartlett [Fri, 16 Dec 2011 02:19:06 +0000 (13:19 +1100)]
s3-rpc_server: Add my copyright for my previous work here
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 22 09:02:57 CET 2011 on sn-devel-104
Andrew Bartlett [Fri, 16 Dec 2011 02:18:50 +0000 (13:18 +1100)]
s3-rpc_server: Remove old comment
Andrew Tridgell [Tue, 6 Dec 2011 01:15:40 +0000 (12:15 +1100)]
s3-rpc: added "rpc_server:default" config option
this allows the config to specify a default behaviour (embedded,
external or disabled) for unknown pipes. This is needed to allow the
s3 smbd server to redirect unknown pipes to the s4 RPC server when
using s3 smbd as a file server for a s4 DC. If rpc_server:default is
not specified then this change preserves the old behaviour
Andrew Tridgell [Wed, 30 Nov 2011 06:29:10 +0000 (17:29 +1100)]
s3-loadparm: mark a few parameters as having P_BYTES type
this fixes a problem with "max xmit = 32K" resulting in a maximum SMB
transmit size of 32 bytes, which makes for some very interesting
network traces!
This is what was causing smbtorture to consume gigabytes of memory in
the rpc.schannel test
Amitay Isaacs [Wed, 21 Dec 2011 03:08:02 +0000 (14:08 +1100)]
param: Fix the data type for bAvailable
This causes the copy_service() to not copy bAvailable boolean on
big endian machines causing tests to fail.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Dec 22 05:30:49 CET 2011 on sn-devel-104
Volker Lendecke [Wed, 21 Dec 2011 21:38:00 +0000 (22:38 +0100)]
s3: There's no reason not to at least build winbind on darwin
It does not necessarily do nsswitch services, but as a NETLOGON proxy
it should work fine
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Dec 22 00:16:44 CET 2011 on sn-devel-104
Günther Deschner [Wed, 21 Dec 2011 14:47:35 +0000 (15:47 +0100)]
s3-dns: prevent from potentially doing wrong SRV DNS lookups.
With an empty sitename we asked for e.g.
_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Dec 21 17:23:25 CET 2011 on sn-devel-104
Volker Lendecke [Wed, 21 Dec 2011 10:29:38 +0000 (11:29 +0100)]
idl: Avoid c++ style comments
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Dec 21 13:36:01 CET 2011 on sn-devel-104
Rusty Russell [Wed, 21 Dec 2011 03:47:25 +0000 (14:17 +1030)]
tdb: don't free old recovery area when expanding if already at EOF.
We allocate a new recovery area by expanding the file. But if the
recovery area is already at the end of file (as shown in at least one
client case), we can simply expand the record, rather than freeing it
and creating a new one.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Wed Dec 21 06:25:40 CET 2011 on sn-devel-104
Rusty Russell [Wed, 21 Dec 2011 03:47:16 +0000 (14:17 +1030)]
tdb: use same expansion factor logic when expanding for new recovery area.
If we're expanding because the current recovery area is too small, we
expand only the amount we need. This can quickly lead to exponential
growth when we have a slowly-expanding record (hence a
slowly-expanding transaction size).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Jeremy Allison [Tue, 20 Dec 2011 19:38:37 +0000 (11:38 -0800)]
Allow an object to be deleted from a directory if the caller has DELETE_CHILD access
even if we don't have access to read the ACL on the object. Fixes bug #8673 - NT ACL issue.
Different fix needed for 3.6.x.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 20 22:13:51 CET 2011 on sn-devel-104
Volker Lendecke [Tue, 20 Dec 2011 09:25:05 +0000 (10:25 +0100)]
s3: Fix some False/NULL hickups
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
Amitay Isaacs [Wed, 14 Dec 2011 01:18:57 +0000 (12:18 +1100)]
samba-tool: Add transaction wrapper for creating GPO
This ensures that if the GPT files are not copied via SMB,
AD changes are rolled back.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Dec 20 09:12:41 CET 2011 on sn-devel-104
Volker Lendecke [Thu, 15 Dec 2011 09:50:34 +0000 (10:50 +0100)]
tdb2: Avoid a malloc/memcpy in _tdb1_store
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Dec 19 16:53:40 CET 2011 on sn-devel-104
Volker Lendecke [Thu, 15 Dec 2011 09:50:34 +0000 (10:50 +0100)]
tdb: Avoid a malloc/memcpy in _tdb_store
Matthieu Patou [Tue, 15 Nov 2011 10:32:33 +0000 (11:32 +0100)]
s4-dsdb: Relax the conditions where we can't do a subtree delete
If the parent object is a SAM object (as defined in 3.1.1.5.2.3
Special Classes and Attributes of MS-ADTS) then we can use the subtree
delete control even if the object is a critical one.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 19 14:32:19 CET 2011 on sn-devel-104
Stefan Metzmacher [Tue, 15 Nov 2011 10:47:42 +0000 (11:47 +0100)]
s4:drsuapi/getncchanges: return WERR_NOMEM if talloc_array() fails
metze
Matthieu Patou [Thu, 10 Nov 2011 10:23:40 +0000 (11:23 +0100)]
s4-drs: introduce a timeout in the getncchanges processing to always return something in less than x seconds
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Mon, 14 Nov 2011 17:53:30 +0000 (18:53 +0100)]
s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in unefficient
Current implementation of ldb_msg_find_attr_as_* iterate on the list of
attributes returned by the search and make a string comparison. As we
sorting the array of messages / guids we tend to call this function many
times. By storing the GUID and the USN in a separate structure we are
sure to call this function only once per attribute and object.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Matthieu Patou [Fri, 4 Nov 2011 23:22:47 +0000 (00:22 +0100)]
s4-becomedc: replicate first with DRS_CRITICAL_ONLY and DRS_GET_ANC objects for the base dn partition
Windows dcpromo do the same: getncchanges with DRS_GET_ANC and
DRS_CRITICAL_ONLY, then it does a getncchanges without those flags for
the rest.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 25 Oct 2011 18:13:00 +0000 (20:13 +0200)]
s4-join: replicate first with DRS_CRITICAL_ONLY and DRS_GET_ANC objects for the base dn partition
Windows dcpromo do the same: getncchanges with DRS_GET_ANC and
DRS_CRITICAL_ONLY, then it does a getncchanges without those flags for
the rest.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
git.samba.org / kai / samba.git / log