kai/samba.git
10 years agomount.cifs: update the mount.cifs manpage
Jeff Layton [Sun, 7 Jun 2009 12:38:25 +0000 (08:38 -0400)]
mount.cifs: update the mount.cifs manpage

Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS
that attempts to cover information about this topic. Change the uid=
and gid= options to refer to that section. Add new varlistentries for
forceuid, forcegid and dynperm.

Also update the information about how the program behaves when installed
as a setuid binary.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
10 years agoMake "net sam list" work for groups, aliases and builtins
Volker Lendecke [Sun, 7 Jun 2009 10:30:26 +0000 (12:30 +0200)]
Make "net sam list" work for groups, aliases and builtins

10 years agoReturn full info in pdb_ads_search_users()
Volker Lendecke [Sun, 7 Jun 2009 10:04:56 +0000 (12:04 +0200)]
Return full info in pdb_ads_search_users()

10 years agoFix syntax of sending a delete request
Volker Lendecke [Sun, 7 Jun 2009 09:45:01 +0000 (11:45 +0200)]
Fix syntax of sending a delete request

10 years agoreq_del and req_abandon are ASN1_APPLICATION_SIMPLE
Volker Lendecke [Sun, 7 Jun 2009 09:44:37 +0000 (11:44 +0200)]
req_del and req_abandon are ASN1_APPLICATION_SIMPLE

Ok, ASN1_APPLICATION everywhere was too easy :-)

10 years agoFix after making tldap independent of ldap.h
Volker Lendecke [Sun, 7 Jun 2009 09:26:25 +0000 (11:26 +0200)]
Fix after making tldap independent of ldap.h

10 years agos3-groupdb: fix enum_aliasmem in ldb branch.
Günther Deschner [Sun, 7 Jun 2009 09:23:09 +0000 (11:23 +0200)]
s3-groupdb: fix enum_aliasmem in ldb branch.

It is totally valid to have an alias with no members.

Tridge, please check.

Found by RPC-SAMR torture test.

Guenther

10 years agos3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.
Günther Deschner [Sun, 7 Jun 2009 00:02:26 +0000 (02:02 +0200)]
s3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.

when _samr_LookupRids is called with no rids, it needs to return
NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY).

Found by RPC-SAMR torture test.

Guenther

10 years agos3-samr: SetGroupInfo level 1 should not return NT_STATUS_INVALID_INFO_CLASS.
Günther Deschner [Sun, 7 Jun 2009 00:01:13 +0000 (02:01 +0200)]
s3-samr: SetGroupInfo level 1 should not return NT_STATUS_INVALID_INFO_CLASS.

Found by RPC-SAMR torture test.

Guenther

10 years agomount.cifs: properly check for mount being in fstab when running setuid root (try#3)
Jeff Layton [Sat, 6 Jun 2009 23:46:24 +0000 (19:46 -0400)]
mount.cifs: properly check for mount being in fstab when running setuid root (try#3)

This is the third attempt to clean up the checks when a setuid
mount.cifs is run by an unprivileged user. The main difference in this
patch from the last one is that it fixes a bug where the mount might
have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set.

When mount.cifs is installed setuid root and run as an unprivileged
user, it does some checks to limit how the mount is used. It checks that
the mountpoint is owned by the user doing the mount.

These checks however do not match those that /bin/mount does when it is
called by an unprivileged user. When /bin/mount is called by an
unprivileged user to do a mount, it checks that the mount in question is
in /etc/fstab, that it has the "user" option set, etc.

This means that it's currently not possible to set up user mounts the
standard way (by the admin, in /etc/fstab) and simultaneously protect
from an unprivileged user calling mount.cifs directly to mount a share
on any directory that that user owns.

Fix this by making the checks in mount.cifs match those of /bin/mount
itself. This is a necessary step to make mount.cifs safe to be installed
as a setuid binary, but not sufficient. For that, we'd need to give
mount.cifs a proper security audit.

Since some users may be depending on the legacy behavior, this patch
also adds the ability to build mount.cifs with the older behavior.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
10 years agos3-samr: fix _QueryDisplayInformation r->out.returned_size.
Günther Deschner [Sat, 6 Jun 2009 22:47:03 +0000 (00:47 +0200)]
s3-samr: fix _QueryDisplayInformation r->out.returned_size.

*r->out.returned_size needs to be 0 if nothing was enumerated.

Found by RPC-SAMR torture test.

Guenther

10 years agos3-samr: remove total_data_size variable in _samr_QueryDisplayInfo.
Günther Deschner [Sat, 6 Jun 2009 22:44:51 +0000 (00:44 +0200)]
s3-samr: remove total_data_size variable in _samr_QueryDisplayInfo.

Guenther

10 years agos3-samr: let _samr_SetGroupInfo level 3 just pass with success.
Günther Deschner [Sat, 6 Jun 2009 22:42:06 +0000 (00:42 +0200)]
s3-samr: let _samr_SetGroupInfo level 3 just pass with success.

Guenther

10 years agos3-samr: _samr_EnumDomain{Users,Groups} need to return an emtpy array even for builti...
Günther Deschner [Sat, 6 Jun 2009 22:40:46 +0000 (00:40 +0200)]
s3-samr: _samr_EnumDomain{Users,Groups} need to return an emtpy array even for builtin domain.

Found by RPC-SAMR torture test.

Guenther

10 years agos4-smbtorture: skip samr MultipleMember alias tests for 3 as well as we do already...
Günther Deschner [Sat, 6 Jun 2009 22:39:32 +0000 (00:39 +0200)]
s4-smbtorture: skip samr MultipleMember alias tests for 3 as well as we do already for s4.

Guenther

10 years agos3-samr: cosmetic fixes for _samr_QueryDisplayInfo.
Günther Deschner [Sat, 6 Jun 2009 21:40:22 +0000 (23:40 +0200)]
s3-samr: cosmetic fixes for _samr_QueryDisplayInfo.

use the variables of the struct samr_QueryDisplayInfo directly to make
it easier to track where variables are defined from.

Guenther

10 years agotestsuite/nsswitch/get{gr,pw}ent_r.c(dump_{gr,pw}ent): fixed wrong condition.
Slava Semushin [Sat, 6 Jun 2009 14:53:38 +0000 (21:53 +0700)]
testsuite/nsswitch/get{gr,pw}ent_r.c(dump_{gr,pw}ent): fixed wrong condition.

When fopen() fails it return NULL, so condition where return value
less than zero never evaluated to truth.

Found by cppcheck.

10 years agolib/tdb/tools/tdbtorture.c: fixed memory leak.
Slava Semushin [Sat, 6 Jun 2009 17:06:04 +0000 (00:06 +0700)]
lib/tdb/tools/tdbtorture.c: fixed memory leak.

Found by cppcheck:
[lib/tdb/tools/tdbtorture.c:326]: (error) Memory leak: pids

10 years agos3/docs: Fix example.
Karolin Seeger [Sat, 6 Jun 2009 13:56:47 +0000 (15:56 +0200)]
s3/docs: Fix example.

The 'ldap suffix' is not added automatically to the 'ldap admin dn'.
This fixes bug #5584.
Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting!

Karolin

10 years agoAttempt to fix the build without system-ldap.
Volker Lendecke [Sat, 6 Jun 2009 13:32:22 +0000 (15:32 +0200)]
Attempt to fix the build without system-ldap.

I really tried, but I knew I would miss something... :-)

10 years agos3/passdb: Fix debug message: 'net setmaxrid' does not exist.
Karolin Seeger [Sat, 6 Jun 2009 13:10:08 +0000 (15:10 +0200)]
s3/passdb: Fix debug message: 'net setmaxrid' does not exist.

This is aiming bug #6351.

Karolin

10 years agoAdd an early prototyp of pdb_ads.c.
Volker Lendecke [Sat, 6 Jun 2009 09:25:02 +0000 (11:25 +0200)]
Add an early prototyp of pdb_ads.c.

The purpose of this module is to connect to a locally running samba4 ldap
server for an alternative "Franky" setup. Right now it contains a couple of
gross hacks: For example it just takes the s4-chosed RID directly as uid/gid...

Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a
start...

10 years agoAllow access as SYSTEM on a privileged ldapi connection
Volker Lendecke [Fri, 29 May 2009 08:48:54 +0000 (10:48 +0200)]
Allow access as SYSTEM on a privileged ldapi connection

This patch creates ldap_priv/ as a subdirectory under the private dir with the
appropriate permissions to only allow the same access as the privileged winbind
socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap
database.

10 years agoAdd some samba-style tldap utility functions
Volker Lendecke [Sat, 6 Jun 2009 10:32:46 +0000 (12:32 +0200)]
Add some samba-style tldap utility functions

10 years agoAdd the early start of an async ldap library
Volker Lendecke [Sat, 6 Jun 2009 10:30:57 +0000 (12:30 +0200)]
Add the early start of an async ldap library

There's a lot of things this does not do yet: For example it does not parse the
reply blob in the sasl bind, it does not do anything with controls yet, a lot
of the ldap requests are not covered yet. But it provides a basis for me to
play with a pdb_ads passdb module.

10 years agos3:smbd: FSCTL_PIPE_TRANSCEIVE on a none IPC$ share should give NOT_SUPPORTED
Stefan Metzmacher [Sat, 6 Jun 2009 08:36:42 +0000 (10:36 +0200)]
s3:smbd: FSCTL_PIPE_TRANSCEIVE on a none IPC$ share should give NOT_SUPPORTED

metze

10 years agos3:smbd: return the same things as Windows 7 for SMB2 Ioctl responses
Stefan Metzmacher [Sat, 6 Jun 2009 08:25:10 +0000 (10:25 +0200)]
s3:smbd: return the same things as Windows 7 for SMB2 Ioctl responses

metze

10 years agoFix some nonempty blank lines
Volker Lendecke [Sun, 31 May 2009 14:19:11 +0000 (16:19 +0200)]
Fix some nonempty blank lines

10 years agoUse data_blob_null instead of data_blob(NULL, 0)
Volker Lendecke [Mon, 1 Jun 2009 22:20:48 +0000 (00:20 +0200)]
Use data_blob_null instead of data_blob(NULL, 0)

10 years agoFix an uninitialized variable read in async_connect_send
Volker Lendecke [Fri, 5 Jun 2009 22:46:38 +0000 (00:46 +0200)]
Fix an uninitialized variable read in async_connect_send

10 years agoAllow AF_UNIX for open_socket_out
Volker Lendecke [Fri, 5 Jun 2009 22:47:53 +0000 (00:47 +0200)]
Allow AF_UNIX for open_socket_out

10 years agos3-winbindd: add some debug statements while tracking down a bug.
Günther Deschner [Fri, 5 Jun 2009 23:50:17 +0000 (01:50 +0200)]
s3-winbindd: add some debug statements while tracking down a bug.

Guenther

10 years agonss_wrapper: rename nwrap_cache_{re,un}load as per metzes request.
Günther Deschner [Fri, 5 Jun 2009 23:14:04 +0000 (01:14 +0200)]
nss_wrapper: rename nwrap_cache_{re,un}load as per metzes request.

Guenther

10 years agoMake cli_ftruncate async. Also add a simple test.
Jeremy Allison [Fri, 5 Jun 2009 23:06:05 +0000 (16:06 -0700)]
Make cli_ftruncate async. Also add a simple test.
Jeremy.

10 years agonss_wrapper: add support for loading nss_winbind.so via WINBIND_SO_PATH env.
Günther Deschner [Thu, 4 Jun 2009 10:26:55 +0000 (12:26 +0200)]
nss_wrapper: add support for loading nss_winbind.so via WINBIND_SO_PATH env.

Guenther

10 years agonss_wrapper: fill in module nwrap_backend.
Günther Deschner [Thu, 4 Jun 2009 10:25:14 +0000 (12:25 +0200)]
nss_wrapper: fill in module nwrap_backend.

Guenther

10 years agonss_wrapper: add missing return in nwrap_module_init().
Günther Deschner [Fri, 5 Jun 2009 21:10:58 +0000 (23:10 +0200)]
nss_wrapper: add missing return in nwrap_module_init().

Guenther

10 years agonss_wrapper: add skeleton for module nwrap_backend.
Günther Deschner [Thu, 4 Jun 2009 10:17:39 +0000 (12:17 +0200)]
nss_wrapper: add skeleton for module nwrap_backend.

Guenther

10 years agonss_wrapper: add capability to load nss modules.
Günther Deschner [Thu, 4 Jun 2009 09:59:32 +0000 (11:59 +0200)]
nss_wrapper: add capability to load nss modules.

Guenther

10 years agonss_wrapper: add struct nwrap_backend.
Günther Deschner [Wed, 3 Jun 2009 09:10:13 +0000 (11:10 +0200)]
nss_wrapper: add struct nwrap_backend.

Guenther

10 years agos3:smbd: split smbd_smb2_flush() into a tevent_req based _send()/_recv() pair
Stefan Metzmacher [Fri, 5 Jun 2009 19:38:10 +0000 (21:38 +0200)]
s3:smbd: split smbd_smb2_flush() into a tevent_req based _send()/_recv() pair

metze

10 years agos3:smbd: split smbd_smb2_create() into a tevent_req based _send()/_recv() pair
Stefan Metzmacher [Fri, 5 Jun 2009 19:06:27 +0000 (21:06 +0200)]
s3:smbd: split smbd_smb2_create() into a tevent_req based _send()/_recv() pair

metze

10 years agos3:smbd: fix the build in smb2_ioctl.c
Stefan Metzmacher [Fri, 5 Jun 2009 19:04:37 +0000 (21:04 +0200)]
s3:smbd: fix the build in smb2_ioctl.c

metze

10 years agos3:smbd: add support for SMB2 Ioctl FSCTL_DFS_GET_REFERRALS
Stefan Metzmacher [Fri, 5 Jun 2009 16:38:20 +0000 (18:38 +0200)]
s3:smbd: add support for SMB2 Ioctl FSCTL_DFS_GET_REFERRALS

metze

10 years agos3:smbd: add support for STATUS_BUFFER_OVERFLOW to SMB2 Ioctl
Stefan Metzmacher [Fri, 5 Jun 2009 18:14:17 +0000 (20:14 +0200)]
s3:smbd: add support for STATUS_BUFFER_OVERFLOW to SMB2 Ioctl

metze

10 years agos3:smbd: keep the chain_fsp for SMB2 requests
Stefan Metzmacher [Fri, 5 Jun 2009 18:02:21 +0000 (20:02 +0200)]
s3:smbd: keep the chain_fsp for SMB2 requests

metze

10 years agos3:smbd: fix the logic for compounded requests
Stefan Metzmacher [Fri, 5 Jun 2009 17:49:40 +0000 (19:49 +0200)]
s3:smbd: fix the logic for compounded requests

metze

10 years agos3:smbd: only setup the dyn iovec if a a dyn blob is given
Stefan Metzmacher [Fri, 5 Jun 2009 17:46:27 +0000 (19:46 +0200)]
s3:smbd: only setup the dyn iovec if a a dyn blob is given

Otherwise leave the default in there, which takes care of
padding for compounded requests.

metze

10 years agos3:smbd: add support for SMB2 Ioctl FSCTL_PIPE_TRANSCEIVE on IPC$
Stefan Metzmacher [Fri, 5 Jun 2009 15:48:28 +0000 (17:48 +0200)]
s3:smbd: add support for SMB2 Ioctl FSCTL_PIPE_TRANSCEIVE on IPC$

metze

10 years agos3:smbd: add support for SMB2 Read on IPC$
Stefan Metzmacher [Fri, 5 Jun 2009 10:58:26 +0000 (12:58 +0200)]
s3:smbd: add support for SMB2 Read on IPC$

metze

10 years agos3:smbd: add support for SMB2 Write on IPC$
Stefan Metzmacher [Fri, 5 Jun 2009 10:54:22 +0000 (12:54 +0200)]
s3:smbd: add support for SMB2 Write on IPC$

metze

10 years agos3:smbd: add support for SMB2 Create on IPC$
Stefan Metzmacher [Fri, 5 Jun 2009 08:46:30 +0000 (10:46 +0200)]
s3:smbd: add support for SMB2 Create on IPC$

metze

10 years agos3:smbd: add support for SMB2 Ioctl
Stefan Metzmacher [Fri, 5 Jun 2009 15:32:58 +0000 (17:32 +0200)]
s3:smbd: add support for SMB2 Ioctl

We don't implement any level yet.

metze

10 years agonss_wrapper: add cross checking test to testsuite.
Günther Deschner [Thu, 4 Jun 2009 22:33:14 +0000 (00:33 +0200)]
nss_wrapper: add cross checking test to testsuite.

Guenther

10 years agonss_wrapper: add tests for getgrent_r to testsuite.
Günther Deschner [Thu, 4 Jun 2009 21:57:43 +0000 (23:57 +0200)]
nss_wrapper: add tests for getgrent_r to testsuite.

Guenther

10 years agonss_wrapper: add tests for getpwent_r to testsuite.
Günther Deschner [Thu, 4 Jun 2009 20:52:03 +0000 (22:52 +0200)]
nss_wrapper: add tests for getpwent_r to testsuite.

Guenther

10 years agonss_wrapper: fix segfault in nwrap_gr_copy_r()
Stefan Metzmacher [Fri, 5 Jun 2009 13:41:46 +0000 (15:41 +0200)]
nss_wrapper: fix segfault in nwrap_gr_copy_r()

metze

10 years agos3/docs: Fix typo.
Karolin Seeger [Fri, 5 Jun 2009 13:35:05 +0000 (15:35 +0200)]
s3/docs: Fix typo.

Karolin

10 years agos3:smbd: add missing return statements to the SMB2 write error cases
Stefan Metzmacher [Fri, 5 Jun 2009 12:32:27 +0000 (14:32 +0200)]
s3:smbd: add missing return statements to the SMB2 write error cases

metze

10 years agos3:smbd: add missing return statements to the SMB2 read error cases
Stefan Metzmacher [Fri, 5 Jun 2009 12:31:41 +0000 (14:31 +0200)]
s3:smbd: add missing return statements to the SMB2 read error cases

metze

10 years agonss_wrapper: rename test_nwrap_env to test_nwrap_enumeration in testsuite.
Günther Deschner [Fri, 5 Jun 2009 10:13:25 +0000 (12:13 +0200)]
nss_wrapper: rename test_nwrap_env to test_nwrap_enumeration in testsuite.

Guenther

10 years agonss_wrapper: add more coherency checks for user and group enumeration.
Günther Deschner [Thu, 4 Jun 2009 21:49:02 +0000 (23:49 +0200)]
nss_wrapper: add more coherency checks for user and group enumeration.

Guenther

10 years agos3:smbd: split smbd_smb2_write() into tevent_req based *_send()/_recv() functions
Stefan Metzmacher [Tue, 2 Jun 2009 15:34:46 +0000 (17:34 +0200)]
s3:smbd: split smbd_smb2_write() into tevent_req based *_send()/_recv() functions

metze

10 years agos3:smbd: split smbd_smb2_read() into tevent_req based *_send()/_recv() functions
Stefan Metzmacher [Fri, 5 Jun 2009 10:26:19 +0000 (12:26 +0200)]
s3:smbd: split smbd_smb2_read() into tevent_req based *_send()/_recv() functions

metze

10 years agos3:smbd: make smbd_server_connection_terminate() a macro
Stefan Metzmacher [Tue, 2 Jun 2009 14:07:08 +0000 (16:07 +0200)]
s3:smbd: make smbd_server_connection_terminate() a macro

metze

10 years agos3:smbd: implement smbd_smb2_request_error/done() as macros on top of the _ex() function
Stefan Metzmacher [Fri, 5 Jun 2009 09:05:03 +0000 (11:05 +0200)]
s3:smbd: implement smbd_smb2_request_error/done() as macros on top of the _ex() function

metze

10 years agos3:smbd: add support for printers to SMB2 Create
Stefan Metzmacher [Tue, 2 Jun 2009 14:07:53 +0000 (16:07 +0200)]
s3:smbd: add support for printers to SMB2 Create

This is not tested, but the code looks like the
for SMB1, so it's likely to work:-)

metze

10 years agosource3/torture/vfstest.c(process_file): fixed file descriptor leak.
Slava Semushin [Mon, 25 May 2009 16:59:05 +0000 (23:59 +0700)]
source3/torture/vfstest.c(process_file): fixed file descriptor leak.

Found by cppcheck:
[./source3/torture/vfstest.c:400]: (error) Resource leak: file

10 years agoFix a couple of warnings in log2pcaphex.c
Volker Lendecke [Fri, 5 Jun 2009 08:11:35 +0000 (10:11 +0200)]
Fix a couple of warnings in log2pcaphex.c

10 years agoFix bug 6392: Exit log2pcaphex if a requested output file can't be opened
Volker Lendecke [Fri, 5 Jun 2009 08:07:17 +0000 (10:07 +0200)]
Fix bug 6392: Exit log2pcaphex if a requested output file can't be opened

Thanks to Slava Semushin <php-coder@altlinux.org> for reporting!

10 years agofixed handling of change notify buffer overruns
Andrew Tridgell [Fri, 5 Jun 2009 06:25:44 +0000 (16:25 +1000)]
fixed handling of change notify buffer overruns

When the notify buffer overruns and there are no pending notify
requests, the notify buffer doesn't actually get destroyed, it just
gets put in a state where new notifies are discarded and the next
notify change request will return 0 changes.

10 years agopidl Fix samba4.pidl.typelist test after addition of 'double'
Andrew Bartlett [Fri, 5 Jun 2009 00:27:30 +0000 (10:27 +1000)]
pidl Fix samba4.pidl.typelist test after addition of 'double'

10 years agoclikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.
Jelmer Vernooij [Thu, 4 Jun 2009 21:43:31 +0000 (23:43 +0200)]
clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.

Both functions exist in MIT Kerberos >= 1.7, but only
krb5_free_keytab_entry_contents has a prototype.

10 years agos3:smbd: ignore NTCREATEX_OPTIONS_SYNC_ALERT and NTCREATEX_OPTIONS_ASYNC_ALERT for...
Stefan Metzmacher [Thu, 4 Jun 2009 10:17:37 +0000 (12:17 +0200)]
s3:smbd: ignore NTCREATEX_OPTIONS_SYNC_ALERT and NTCREATEX_OPTIONS_ASYNC_ALERT for SMB2 Create

This should make the Windows Explorer happier.

metze

10 years agos3:smbd: call set_current_service() when a SMB2 tcon will be used
Stefan Metzmacher [Thu, 4 Jun 2009 10:17:01 +0000 (12:17 +0200)]
s3:smbd: call set_current_service() when a SMB2 tcon will be used

metze

10 years agos3:smbd: fix potential fsp leak if print_fsp_open() fails
Stefan Metzmacher [Thu, 4 Jun 2009 10:46:30 +0000 (12:46 +0200)]
s3:smbd: fix potential fsp leak if print_fsp_open() fails

metze

10 years agolibwbclient: Attempt to fix build on AIX
Kai Blin [Thu, 4 Jun 2009 20:32:21 +0000 (22:32 +0200)]
libwbclient: Attempt to fix build on AIX

10 years agos3: map NetBSD's errno on posix open calls for symlinks
Björn Jacke [Thu, 4 Jun 2009 16:56:58 +0000 (18:56 +0200)]
s3: map NetBSD's errno on posix open calls for symlinks

This is well undocumented but NetBSD returns EFTYPE on O_NOFOLLOW open calls on
symlinks.

10 years agoChange smbd_smb2_request_error() to add a __location__.
Jeremy Allison [Thu, 4 Jun 2009 19:47:17 +0000 (12:47 -0700)]
Change smbd_smb2_request_error() to add a __location__.
This allows quick identification of smb2 parsing errors.
Jeremy.

10 years agonss_wrapper: remove getgrouplist from nwrap_ops table.
Günther Deschner [Thu, 4 Jun 2009 18:12:27 +0000 (20:12 +0200)]
nss_wrapper: remove getgrouplist from nwrap_ops table.

Guenther

10 years agogitignore: remove traces of source4/libcli/auth.
Günther Deschner [Thu, 4 Jun 2009 19:15:41 +0000 (21:15 +0200)]
gitignore: remove traces of source4/libcli/auth.

This makes it possible clean up a master checkout with git clean -x -f -d and
build samba4 afterwards.

Guenther

10 years agos4-smbtorture: fix comment in RPC-SAMR-LARGE-DC test.
Günther Deschner [Thu, 4 Jun 2009 19:14:25 +0000 (21:14 +0200)]
s4-smbtorture: fix comment in RPC-SAMR-LARGE-DC test.

Andrew, I think you wanted to print this instead.

Guenther

10 years agonsstest: Relicense header file to LGPLv3+
Kai Blin [Thu, 4 Jun 2009 18:14:28 +0000 (20:14 +0200)]
nsstest: Relicense header file to LGPLv3+

10 years agoAdd NTLMSSP SPNEGO to smb2 auth. Tested with Win7.
Jeremy Allison [Thu, 4 Jun 2009 18:14:20 +0000 (11:14 -0700)]
Add NTLMSSP SPNEGO to smb2 auth. Tested with Win7.
Jeremy.

10 years agoIncrease tevent version for tevent_req_notify_callback()
Volker Lendecke [Thu, 4 Jun 2009 15:48:17 +0000 (17:48 +0200)]
Increase tevent version for tevent_req_notify_callback()

10 years agoAdd tevent_req_notify_callback
Volker Lendecke [Thu, 4 Jun 2009 15:26:23 +0000 (17:26 +0200)]
Add tevent_req_notify_callback

This is necessary for requests that have multiple results. Examples would be
SMBEcho and ldap_search.

10 years agonss_wrapper: call the nwrap_files_*() from nwrap_files_*_r()
Stefan Metzmacher [Thu, 4 Jun 2009 15:12:40 +0000 (17:12 +0200)]
nss_wrapper: call the nwrap_files_*() from nwrap_files_*_r()

We should not call the public functions, as this could lead
to a recursive loop when we have multiple nwrap backends
in future.

This also fixes the build if --enable-nss-wrapper was not
given to ./configure.

metze

10 years agoOnly err on readability if writev_send was explicitly asked to do so
Volker Lendecke [Thu, 4 Jun 2009 10:02:38 +0000 (12:02 +0200)]
Only err on readability if writev_send was explicitly asked to do so

A socket might be readable for other reasons

10 years agonss_wrapper: more coherence tests for group membership.
Günther Deschner [Wed, 3 Jun 2009 19:09:52 +0000 (21:09 +0200)]
nss_wrapper: more coherence tests for group membership.

Guenther

10 years agonss_wrapper: add coherency tests for get{gr,pw}{nam,id}.
Günther Deschner [Wed, 3 Jun 2009 12:31:20 +0000 (14:31 +0200)]
nss_wrapper: add coherency tests for get{gr,pw}{nam,id}.

Guenther

10 years agonss_wrapper: refactor test_nwrap_membership_user() in testsuite.
Günther Deschner [Tue, 2 Jun 2009 10:24:43 +0000 (12:24 +0200)]
nss_wrapper: refactor test_nwrap_membership_user() in testsuite.

Guenther

10 years agonss_wrapper: make full talloced copies of struct passwd and group in testsuite.
Günther Deschner [Tue, 2 Jun 2009 10:20:54 +0000 (12:20 +0200)]
nss_wrapper: make full talloced copies of struct passwd and group in testsuite.

Guenther

10 years agos4:torture Cut the RPC-SAMR-LARGE-DC test down to size
Andrew Bartlett [Thu, 4 Jun 2009 08:12:59 +0000 (18:12 +1000)]
s4:torture Cut the RPC-SAMR-LARGE-DC test down to size

This removes the validation of the estimated number of accounts,
because MS-SAMR 3.1.5.5.1.1 makes clear the number returned cannot be
relied apon.

I've also converted a bit more of the test to use torture_assert(),
and where that is impractical, to print error messages when things
fail.

Andrew Bartlett

10 years agos4:torture assert that we get a Mailslot allocated before we dereference
Andrew Bartlett [Thu, 4 Jun 2009 05:10:36 +0000 (15:10 +1000)]
s4:torture assert that we get a Mailslot allocated before we dereference

10 years agosocket_wrapper Cope with SOCK_CLOEXEC and SOCK_NONBLOCK flags
Andrew Bartlett [Thu, 4 Jun 2009 04:14:14 +0000 (14:14 +1000)]
socket_wrapper Cope with SOCK_CLOEXEC and SOCK_NONBLOCK flags

Heimdal will, on supporting systems, set these flags in the type
argument of socket(), causing breakage when combined with
socket_wrapper.

For background on these flags, see http://lwn.net/Articles/281965/

Andrew Bartlett

10 years agochanged the auth path to use extended DN ops to avoid non-indexed searches
Andrew Tridgell [Thu, 4 Jun 2009 04:07:35 +0000 (14:07 +1000)]
changed the auth path to use extended DN ops to avoid non-indexed searches

Logs showed that every SAM authentication was causing a non-indexed
ldb search for member=XXX. This was previously indexed in Samba4, but
since we switched to using the indexes from the full AD schema it now
isn't.

The fix is to use the extended DN operations to allow us to ask the
server for the memberOf attribute instead, with with the SIDs attached
to the result. This also means one less search on every
authentication.

The patch is made more complex by the fact that some common routines
use the result of these user searches, so we had to update all
searches that uses user_attrs and those common routines to make sure
they all returned a ldb_message with a memberOf filled in and the SIDs
attached.

10 years agofixed ldb rename now that we have unique indexes
Andrew Tridgell [Thu, 4 Jun 2009 03:52:40 +0000 (13:52 +1000)]
fixed ldb rename now that we have unique indexes

With unique indexes, any rename of a record that has an attribute that
is uniquely indexed needs to be done as a delete followed by an add,
otherwse you'll get an error that the attribute value already exists.

10 years agoadd gendb_search_single_extended_dn()
Andrew Tridgell [Tue, 2 Jun 2009 07:27:37 +0000 (17:27 +1000)]
add gendb_search_single_extended_dn()

This function searches for a single record using a given filter,
adding the extended-dn control so that any returned DNs will have the
GUID and SID fields returned. This will be used in the sam auth code
to prevent us doing a member= search for the groups, which invokes an
unindexed search.

10 years agoadd NT_STATUS_HAVE_NO_MEMORY_AND_FREE()
Andrew Tridgell [Tue, 2 Jun 2009 07:25:47 +0000 (17:25 +1000)]
add NT_STATUS_HAVE_NO_MEMORY_AND_FREE()

In many places we use NT_STATUS_HAVE_NO_MEMORY() to auto-return when a
memory allocation fails. In quite a few places where we use this, we
end up leaving a tmp_ctx behind, which creates a memory leak.

This macro takes a memory context to free when returning the error

10 years agoDon't run the RPC-SAMR-LARGE-DC test multiple times
Andrew Bartlett [Tue, 2 Jun 2009 02:09:05 +0000 (12:09 +1000)]
Don't run the RPC-SAMR-LARGE-DC test multiple times