Jelmer Vernooij [Thu, 23 Feb 2006 09:33:44 +0000 (09:33 +0000)]
r13649: Move the general introduction to Samba4 to README and
prepare WHATSNEW.txt for release notes (similar as we do for Samba3).
(This used to be commit
b4e9f0c99510413e851495bce5f02081beef38c3)
Günther Deschner [Wed, 22 Feb 2006 16:25:31 +0000 (16:25 +0000)]
r13637: Adding more netr_UserFlags.
Guenther
(This used to be commit
3ad84a844c612104592ddee07c9512eddb3467ae)
Günther Deschner [Wed, 22 Feb 2006 14:07:04 +0000 (14:07 +0000)]
r13634: Fix typo.
Guenther
(This used to be commit
cd569446a1bbfca08ff16a06b3af7bb94986a5ad)
Günther Deschner [Wed, 22 Feb 2006 14:05:49 +0000 (14:05 +0000)]
r13633: Adding more SE_GROUP bits and make it a bitmask as well.
Guenther
(This used to be commit
8e939896822e9727919a49638c818a7d7faabb78)
Günther Deschner [Wed, 22 Feb 2006 13:56:46 +0000 (13:56 +0000)]
r13632: The "password_properties" is a bitmask as well.
Guenther
(This used to be commit
0d918764b1f0c1aa65f826b9a845746c914f87df)
Günther Deschner [Wed, 22 Feb 2006 13:53:33 +0000 (13:53 +0000)]
r13631: Add DOMAIN_PASSWORD_LOCKOUT_ADMINS (this bit only allows to lockout
Administrator, not Domain Admins in general).
Guenther
(This used to be commit
abad44a57dfdf492f548c05a897af341ba0f5e68)
Günther Deschner [Wed, 22 Feb 2006 13:52:00 +0000 (13:52 +0000)]
r13630: Add new ACB-bits as seen in acct_flags in the PAC info3
(merge from Samba 3).
Guenther
(This used to be commit
fa1127c5456fd112568e929e409953dcd3cb2e21)
Stefan Metzmacher [Wed, 22 Feb 2006 13:42:54 +0000 (13:42 +0000)]
r13629: export env-vars
metze
(This used to be commit
fbd78b6272eaca4b89071139e4b34cbdd15ed644)
Stefan Metzmacher [Wed, 22 Feb 2006 13:37:21 +0000 (13:37 +0000)]
r13628: fix the logic:-)
metze
(This used to be commit
7f1de54c84f86c292833c7e66ab2699ee4f83c52)
Stefan Metzmacher [Wed, 22 Feb 2006 12:10:29 +0000 (12:10 +0000)]
r13627: split the NBT-WINSREPLICATION tests into multiple tests
metze
(This used to be commit
ae559920e1d227e4e787fe34d908a965b922b284)
Stefan Metzmacher [Wed, 22 Feb 2006 11:53:04 +0000 (11:53 +0000)]
r13626: fix make test
metze
(This used to be commit
2acf203949998f3ca2423a8535302a777accacb7)
Stefan Metzmacher [Wed, 22 Feb 2006 11:19:46 +0000 (11:19 +0000)]
r13624: as abartlet requested, move the saslauthd parsing stuff to a seperate file
metze
(This used to be commit
3c8bc98c1bc654287a3a16277c7c63c476ddfff4)
Stefan Metzmacher [Wed, 22 Feb 2006 11:11:16 +0000 (11:11 +0000)]
r13623: - make sure ntvfs_map_qfileinfo isn't used for async replies
- add some comments
metze
(This used to be commit
e1611b622184b48d2cef1eff2646a09f9e691f9b)
Stefan Metzmacher [Wed, 22 Feb 2006 10:23:14 +0000 (10:23 +0000)]
r13621: add an idl structure to parse saslauthd requests
metze
(This used to be commit
d003654b1c1cbc00602e994b83f40fcfcf349596)
Stefan Metzmacher [Wed, 22 Feb 2006 09:50:07 +0000 (09:50 +0000)]
r13620: initialize the CMD with 0 too
metze
(This used to be commit
7cf1423bc850aca93453d337b49ba593a034000d)
Stefan Metzmacher [Wed, 22 Feb 2006 09:49:07 +0000 (09:49 +0000)]
r13619: fix compiler warning
metze
(This used to be commit
7b284174aa36fdd5d6841dab4934f1f6ecfba4ce)
Stefan Metzmacher [Wed, 22 Feb 2006 09:48:35 +0000 (09:48 +0000)]
r13618: fix compiler warning
metze
(This used to be commit
252d5edfb5b4c2a32f943e881f19b61698e9662f)
Stefan Metzmacher [Wed, 22 Feb 2006 09:48:13 +0000 (09:48 +0000)]
r13617: fix compiler warning
metze
(This used to be commit
082f418fab867e1ca5ab9418514d5578a069eebb)
Andrew Bartlett [Wed, 22 Feb 2006 09:28:58 +0000 (09:28 +0000)]
r13616: Add new ldb functions: ldb_msg_add_steal_string() and
ldb_msg_add_steal_value().
These try to maintain the talloc heirachy, which must be correct
otherwise talloc_steal operations of entire attribute lists fails.
This fixes the currentTime value, found by using Microsoft's dcdiag
tool (before this commit, it pointed to invalid memory, due to the
changes in -r 13606)
Andrew Bartlett
(This used to be commit
424df1bb369fddcfd358cf26dd0da9d3851d181e)
Simo Sorce [Wed, 22 Feb 2006 05:21:43 +0000 (05:21 +0000)]
r13615: Make ldb_set_errstring get ldb instead of module as parameter.
The module was just used to get to the ldb so it was meningless.
Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c
(This used to be commit
d5b467b7c132b0bd4d23918ba7bf3370b1afcce8)
Simo Sorce [Wed, 22 Feb 2006 01:31:35 +0000 (01:31 +0000)]
r13609: Get in the initial work on making ldb async
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.
Modules will need to be transformed along the way.
Simo
(This used to be commit
1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
Andrew Bartlett [Wed, 22 Feb 2006 00:26:56 +0000 (00:26 +0000)]
r13606: An attempt to fix #3525.
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed. This caused them to
be invalid on the next rootDSE query.
This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).
Andrew BARtlett
(This used to be commit
d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)
Andrew Bartlett [Wed, 22 Feb 2006 00:18:07 +0000 (00:18 +0000)]
r13605: Use $BASEDN to ensure this works outside of the 'make test' rig.
Andrew Bartlett
(This used to be commit
b0e7a58cc9e513240c117ad5464c613c7b62410d)
Simo Sorce [Tue, 21 Feb 2006 16:03:58 +0000 (16:03 +0000)]
r13592: Incredible how bugs like this can sweep in even after peer review and testing ...
(This used to be commit
8483f61a1df0c80f3385b1ab5a2628c2a97d41a2)
Andrew Bartlett [Tue, 21 Feb 2006 00:17:52 +0000 (00:17 +0000)]
r13584: Another try at SPNEGO stuff. I need to write a better testsuite for this.
This tries to ensure that when we are a client, we cope with mechs
(like GSSAPI) that only abort (unknown server) at first runtime.
Andrew Bartlett
(This used to be commit
cb5d18c6190fa1809478aeb60e352cb93c4214f6)
Andrew Bartlett [Tue, 21 Feb 2006 00:07:59 +0000 (00:07 +0000)]
r13583: Realise that the member server name appears in all calls that use the
credentials.
Consistantly rename these elements in the IDL to computer_name.
Fix the server-side code to always lookup by this name.
Add new, even nastier tests to RPC-SCHANNEL to prove this.
Andrew Bartlett
(This used to be commit
341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
Andrew Bartlett [Tue, 21 Feb 2006 00:05:01 +0000 (00:05 +0000)]
r13582: Indent
(This used to be commit
06ddac2bb1899937b79e3bf89cb84c750c3ce4c5)
Simo Sorce [Mon, 20 Feb 2006 22:21:21 +0000 (22:21 +0000)]
r13580: fix broken client side sort
(This used to be commit
cbbc0d7cc4f589235d209011bdb0a0401b492d9e)
Jelmer Vernooij [Mon, 20 Feb 2006 20:40:51 +0000 (20:40 +0000)]
r13577: Move some (possibly system-defined) defines to replace.h
(This used to be commit
2b3d56e153b229119fddfa7b378f4d671ee0092c)
Rafal Szczesniak [Mon, 20 Feb 2006 18:03:58 +0000 (18:03 +0000)]
r13572: Comments to async pipe open functions and copyright note.
rafal
(This used to be commit
7dde77942bfcb73dfdd7a9840d3ba2a984c05064)
Rafal Szczesniak [Mon, 20 Feb 2006 17:30:15 +0000 (17:30 +0000)]
r13568: Comments to async rpc connect functions.
rafal
(This used to be commit
9ef2275f6179869f2683e96c6f91d9569a6360c8)
Rafal Szczesniak [Sun, 19 Feb 2006 16:58:48 +0000 (16:58 +0000)]
r13561: Turn all dcerpc connect and socket functions to async version.
Now, each rpc interface (named pipe, tcp/ip, lrpc and unix
socket) works asynchronously.
Comments to follow.
rafal
(This used to be commit
789f9d43db7ea59e79d5aa498e2e9fd077448825)
Andrew Bartlett [Fri, 17 Feb 2006 23:51:43 +0000 (23:51 +0000)]
r13551: Add an accessor function for the user sid.
Andrew Bartlett
(This used to be commit
273cb8fd4288f7bf15e0bcad9f6a4cbf4f142b24)
Andrew Bartlett [Wed, 15 Feb 2006 21:08:10 +0000 (21:08 +0000)]
r13516: We can't bind to both 0.0.0.0 and specific network interfaces at the
same time.
This was causing the kdc to shut itself down if 'bind interfaces only = no'.
Andrew Bartlett
(This used to be commit
02ff22a25050687478cfcca4dce35c2346cc2241)
Stefan Metzmacher [Wed, 15 Feb 2006 15:19:10 +0000 (15:19 +0000)]
r13508: some ASN.1 element in LDAP are optional,
make it possible to code the difference between a zero length and a NULL DATA_BLOB...
metze
(This used to be commit
54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
Stefan Metzmacher [Wed, 15 Feb 2006 15:13:05 +0000 (15:13 +0000)]
r13507: the 'data' element of LDAP controls is optional.
(prepare the next commit)
metze
(This used to be commit
a1bbf7f2982185cb6cd544b65b4709ab33a850c5)
Stefan Metzmacher [Wed, 15 Feb 2006 13:33:33 +0000 (13:33 +0000)]
r13506: zero memory as some ASN.1 elements are optional, and we should initialize
them for the internal use...
found by 'make valgrindtest'
metze
(This used to be commit
1db9501c5261a974c6da1938537c7991ff6cfefd)
Andrew Tridgell [Wed, 15 Feb 2006 04:18:11 +0000 (04:18 +0000)]
r13505: allow servers to bind to non-broadcast interfaces. Servers now
specifically ask for iface_n_bcast() and have to check if it returns
NULL, in which case it is a non-broadcast interface
(This used to be commit
d004e250b6710251ea089ac242775481f13b5c2b)
Andrew Tridgell [Wed, 15 Feb 2006 02:56:31 +0000 (02:56 +0000)]
r13504: add back in a comment noting fred as the contributor of the address
calculation code. This was originally done in 1997, and has been
morphed a lot since then, but fred should still get credit
(This used to be commit
172e41596fb3b4d2768d6885aea43295cc2f81c1)
Andrew Bartlett [Mon, 13 Feb 2006 00:08:16 +0000 (00:08 +0000)]
r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.
We do need the gsskrb5_get_initiator_subkey() routine. But we should
ensure that we do always get a valid key, to prevent any segfaults.
Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.
Andrew Bartlett
(This used to be commit
cfd0df16b74b0432670b33c7bf26316b741b1bde)
Andrew Bartlett [Mon, 13 Feb 2006 00:04:28 +0000 (00:04 +0000)]
r13480: Explain a little about how these credentials structures should be used.
Andrew Bartlett
(This used to be commit
b90959f7968ebbfc82ac55d4775d5574b1fc6925)
Andrew Bartlett [Mon, 13 Feb 2006 00:02:31 +0000 (00:02 +0000)]
r13479: Return the joined domain SID and user SID as structures, not strings.
Andrew Bartlett
(This used to be commit
e1de45bce47292eef1f9c56ea5576c0436e6151d)
Andrew Bartlett [Sun, 12 Feb 2006 14:19:31 +0000 (14:19 +0000)]
r13472: After Volker's advise, try every combination of parameters. This
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
(This used to be commit
990da31b5f63f1e707651af8bf1a3241a8309811)
Andrew Bartlett [Sun, 12 Feb 2006 13:53:42 +0000 (13:53 +0000)]
r13471: With more 'try all options' testing, I found this 'simple' but in the
NTLM2 signing code.
Andrew Bartlett
(This used to be commit
16e5c968756c40b8595503da47a1adb9cb09c447)
Andrew Bartlett [Sun, 12 Feb 2006 12:42:37 +0000 (12:42 +0000)]
r13470: Thanks to a report from VL:
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit
3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
Andrew Bartlett [Sun, 12 Feb 2006 12:06:08 +0000 (12:06 +0000)]
r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bit
encryption behaviour.
Andrew Bartlett
(This used to be commit
2b3b2f33a4c531f2b0f65521cc352e6d762e95bd)
Andrew Bartlett [Sun, 12 Feb 2006 12:04:41 +0000 (12:04 +0000)]
r13466: Make it easier to understand what this function actually does.
Andrew Bartlett
(This used to be commit
f075497926f3b8131bf8427ee3a3d5c9e5ee77d7)
Andrew Bartlett [Thu, 9 Feb 2006 03:06:02 +0000 (03:06 +0000)]
r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP.
Andrew Bartlett
(This used to be commit
3e96975d910496db87e8e34e310f0f6d283210bf)
Andrew Bartlett [Thu, 9 Feb 2006 03:05:22 +0000 (03:05 +0000)]
r13404: Comments, whitespace.
Andrew Bartlett
(This used to be commit
04e2fe8b6d293092af86a54215c1fa037bbb20e9)
Andrew Bartlett [Thu, 9 Feb 2006 03:04:48 +0000 (03:04 +0000)]
r13403: Try to better handle a case where SPNEGO isn't available (allow us to
emulate the behaviour of XP standalone if required).
Andrew Bartlett
(This used to be commit
7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
Andrew Bartlett [Thu, 9 Feb 2006 02:30:43 +0000 (02:30 +0000)]
r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.
The new RPC-SCHANNEL test shows that the full credentials state must
be kept in some shared memory, for some length of time. In
particular, clients will reconnect with SCHANNEL (after loosing all
connections) and expect that the credentials chain will remain in the
same place.
To achive this, we do the server-side crypto in a transaction,
including the fetch/store of the shared state.
Andrew Bartlett
(This used to be commit
982a6aa871c9fce17410a9712cd9fa726025ff90)
Andrew Tridgell [Thu, 9 Feb 2006 00:50:48 +0000 (00:50 +0000)]
r13401: remove the rename of the snprintf functions that simo accidentially
included in his last commit
(This used to be commit
487b374b4359b2cb5f4e249e595c43bfa568a853)
James Peach [Thu, 9 Feb 2006 00:49:03 +0000 (00:49 +0000)]
r13400: Only return NULL from talloc_asprintf if vsnprintf returns an
error (ie. zero is not an error).
(This used to be commit
1ab4674196b9df0b2b7b6eb4991358cc2f86c0d9)
James Peach [Wed, 8 Feb 2006 23:44:17 +0000 (23:44 +0000)]
r13397: Propagate the error return from vsnprintf to trap the case where
we aren't linked against a C99 vsnprintf.
(This used to be commit
23782f899aaa5fe488d86d5e67e91be99ff7a146)
James Peach [Wed, 8 Feb 2006 05:14:48 +0000 (05:14 +0000)]
r13388: Report a more helpful error with malformed file options of
the form //server/share (ie. remote path missing).
(This used to be commit
443677f58d4ba8d6aa2963ca5848d3e717ee2cac)
James Peach [Wed, 8 Feb 2006 05:13:11 +0000 (05:13 +0000)]
r13387: Make sure smbcli_parse_unc reports a failure for strings of
the form //server. Make sure failure cases are well-defined.
(This used to be commit
e0020df66bf38873eaaacb95cadac55e17f432be)
Andrew Bartlett [Tue, 7 Feb 2006 23:49:35 +0000 (23:49 +0000)]
r13381: Test the SamLogonEx SamLogon call in the schannel test. This is only
available under schannel, and performs a netlogon authentication.
Andrew Bartlett
(This used to be commit
561a690915f9d3ca2fbb76f16c47cf2f6be1b825)
Andrew Bartlett [Tue, 7 Feb 2006 23:30:50 +0000 (23:30 +0000)]
r13380: Drop the socket, then try SAMR operations secured with netlogon on the new socket.
We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).
Andrew Bartlett
(This used to be commit
39ddba0d0dc4475f9f7c5b7aa19ffff42c9fd1f5)
Simo Sorce [Tue, 7 Feb 2006 00:50:38 +0000 (00:50 +0000)]
r13374: new revision of the snprintf replace code
still missing a configure test to make us
substitute our snprintf to system one when
the system one does not have positional parameters support
(This used to be commit
398f989d6580587eb1fa4fec0b1ed858b5cbe8e1)
James Peach [Mon, 6 Feb 2006 23:01:17 +0000 (23:01 +0000)]
r13373: Implement the -p option for smbtorture.
(This used to be commit
fc17a50b48189c60af60b9163695b48c6b87c5c7)
Simo Sorce [Mon, 6 Feb 2006 22:55:34 +0000 (22:55 +0000)]
r13372: fixes ... still no joy
(This used to be commit
0e2cca9153619d646b90f32620905ab66b017c6a)
Jeremy Allison [Mon, 6 Feb 2006 19:43:24 +0000 (19:43 +0000)]
r13370: Added deltest21 - pull the rug out from a connection by socket
close after setting delete on close flag.
Jeremy.
(This used to be commit
fbea18e78f8a3c6dbb36aa935b7044c0fcf61da4)
Simo Sorce [Mon, 6 Feb 2006 18:29:57 +0000 (18:29 +0000)]
r13369: let's have a way to show the samba4 version through ejs
and use it in provisioning to fullfill rfc 3045 requirements
(This used to be commit
3fb9571a76481560304a826fc945983d52123299)
James Peach [Mon, 6 Feb 2006 04:06:55 +0000 (04:06 +0000)]
r13362: Rename variables for better consistency.
(This used to be commit
dc20bb0ddc0824fc458e7fc4a9bce5059f4fc0d5)
Simo Sorce [Mon, 6 Feb 2006 01:21:17 +0000 (01:21 +0000)]
r13361: initial implementation of the vlv control
seem still buggy, can't make w2k3 to like it yet
(This used to be commit
e1318383e91f6f6db39e3e3c9946fbb089753947)
Simo Sorce [Mon, 6 Feb 2006 00:39:05 +0000 (00:39 +0000)]
r13360: Fix crash bug when 0 results are returned on the internal base search
(This used to be commit
fbee725ae87efbcf5887c923d55d7cb0d05476a6)
Stefan Metzmacher [Mon, 6 Feb 2006 00:27:02 +0000 (00:27 +0000)]
r13359: make sure we don't look at s[-1]
metze
(This used to be commit
24c6e2f73175befa33f9758634e3ee183916e387)
Andrew Tridgell [Sun, 5 Feb 2006 23:13:44 +0000 (23:13 +0000)]
r13358: removed some unused functions and make some local functions static
(This used to be commit
a73b76a36a70703738945d42795da6cf90c85105)
Simo Sorce [Sun, 5 Feb 2006 21:59:50 +0000 (21:59 +0000)]
r13357: more docs
(This used to be commit
5af9086deafc88aa1f9256cc0090592ecbd62203)
Simo Sorce [Sun, 5 Feb 2006 21:25:18 +0000 (21:25 +0000)]
r13356: test utf8 usernames
(This used to be commit
7ddec83a602372765711bff7207657b73922aaea)
Simo Sorce [Sun, 5 Feb 2006 20:57:15 +0000 (20:57 +0000)]
r13355: check controls are correctly exported
(This used to be commit
07fa55db32dcb93bfb4406baca0cfba31d3bc189)
Simo Sorce [Sun, 5 Feb 2006 20:48:27 +0000 (20:48 +0000)]
r13354: Add tests to check that controls work properly
Fix asq module, add a second_stage_init to register with rootdse
Fix asq control ldap parsing routines (this was nasty to find out)
(This used to be commit
933a80397d137f7d5b79c82a068d62bb6928ef47)
Simo Sorce [Sun, 5 Feb 2006 18:18:29 +0000 (18:18 +0000)]
r13353: Fix a crash bug in rootdse when we do not pass in credentials
a plain ldbsearch would just crash
Fix kludge_acl, not passing on the second stage registration
phase to other modules
Simo
(This used to be commit
bec99c5cb65d8c32fd4f636ed2f5383fb1b39830)
Simo Sorce [Sun, 5 Feb 2006 17:28:27 +0000 (17:28 +0000)]
r13352: Integrate Patch to support the ManageDSAIT control
from Pete Rowley <prowley@redhat.com>
(This used to be commit
bf20a848fda1607ca1b0d84791c299c0035793a1)
Simo Sorce [Sat, 4 Feb 2006 18:30:30 +0000 (18:30 +0000)]
r13349: In the end I could not use ldb_caseless_cmp
in attrib_handler.c functions
remove it again
Simo
(This used to be commit
513ff499071e6cb5e608a82430718021f72997bd)
Simo Sorce [Sat, 4 Feb 2006 16:46:40 +0000 (16:46 +0000)]
r13348: Put a reminder for now.
Until we do not have an internal utf8 compliant
casefloding function we cannot pass this test
in the non-samba build
(This used to be commit
5d93c1eeba8f64784294f3aabcaefa4aaf798355)
Simo Sorce [Sat, 4 Feb 2006 16:44:27 +0000 (16:44 +0000)]
r13347: - Now we compare values with an optimized utf8
safe function if the user provides an utf8
compliant casefold function to ldb.
- Fix toupper_m and tolower_m to not crash if
the case tables are not found
- Let load_case_table() search into the correct
directory in the search tree for the case
tables so that we can test utf8
Simo
(This used to be commit
e12f070958eb3c144beb81c5cb878db122249021)
Stefan Metzmacher [Sat, 4 Feb 2006 14:08:24 +0000 (14:08 +0000)]
r13346: use private proto header files for the torture tests
metze
(This used to be commit
67837dbd2bcff8ec1917ba02884ee2eaa0776b46)
Stefan Metzmacher [Sat, 4 Feb 2006 13:54:30 +0000 (13:54 +0000)]
r13345: let us replicate with NT4sp6a
I don't yet know what the extra data in the start_association call mean...
This also let w2k use WREPL_REPL_INFORM messages to us, but w2k3 doesn't
it do it yet...
metze
(This used to be commit
02d6dfa1da754857c28125392a561cfde0087c48)
Andrew Bartlett [Sat, 4 Feb 2006 11:19:09 +0000 (11:19 +0000)]
r13344: Trust SASL to have subtle distinctions between NULL and zero-length
responses...
Also trust OpenLDAP to be pedantic about it, breaking connections to AD.
In any case, we now get this 'right' (by nasty overloading hacks, but
hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI
to talk to Samba4.
Andrew Bartlett
(This used to be commit
0cbe18211a95f811b51865bc0e8729e9a302ad25)
Andrew Bartlett [Sat, 4 Feb 2006 09:53:50 +0000 (09:53 +0000)]
r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec.
GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating
a buffer size and what integrity protection/privacy should be used.
I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3.
I'm doing this in the hope that Apple clients as well as SASL-based
LDAP tools may get a bit further.
I still can't get ldapsearch to work, it fails with the ever-helpful
'Local error'.
Andrew Bartlett
(This used to be commit
3e462897754b30306c1983af2d137329dd937ad6)
Andrew Bartlett [Sat, 4 Feb 2006 09:50:02 +0000 (09:50 +0000)]
r13341: Trivial.
(This used to be commit
b986278b367a6693f69a06e07ca90f8b5a23a0c0)
Andrew Bartlett [Sat, 4 Feb 2006 09:49:33 +0000 (09:49 +0000)]
r13340: The gensec_init() needs to be after the popt processing, as it
disables modules based on parametric options.
Andrew Bartlett
(This used to be commit
db32a81f3ea661e2308cccca8d6a251a3d57337e)
Andrew Bartlett [Sat, 4 Feb 2006 09:48:22 +0000 (09:48 +0000)]
r13339: Propogate more error infomation into the error packet and reformat the
code a little. This also fixes a segfault when we didn't fill in the
error message.
Andrew Bartlett
(This used to be commit
3be01a4ac7efe8d161910e8339bfe42584c0db86)
Simo Sorce [Sat, 4 Feb 2006 08:55:35 +0000 (08:55 +0000)]
r13336: Doh! We actually never optimized for the ascii case.
In the 3.0 branches it is fixed this but we missed it for samba4
(This used to be commit
baccb3c9147e161a6d2cbe371a60bf2ddcc0585c)
Simo Sorce [Sat, 4 Feb 2006 07:57:57 +0000 (07:57 +0000)]
r13335: Fix the build and add an utf8 safe ldb_hadler_fold function
based on ldb_casefold
(This used to be commit
6104f900863c688707809d42c5429a42d654d5fb)
Andrew Bartlett [Sat, 4 Feb 2006 07:56:30 +0000 (07:56 +0000)]
r13334: Add comments describing what these functions do.
We still need many more, but it is a start...
Andrew Bartlett
(This used to be commit
b2bda127f681dc1e2003c86159a85fa613373f16)
Simo Sorce [Sat, 4 Feb 2006 06:57:28 +0000 (06:57 +0000)]
r13333: revert previous commit I will use ldb_caseless_cmp in attrib_handlers
to correctly support utf8 comparisons
add an ldb_attr_Casefold function for attribute names and use it
instead of casefold in the right places
(This used to be commit
3b4eb2413bbce059dde69f35c03cdc3cc2ba85c5)
Simo Sorce [Sat, 4 Feb 2006 05:59:48 +0000 (05:59 +0000)]
r13328: After the attribute name check cleanup it turned up ldb_caseless_cmp()
was used just in one places and by mistake, as there we should have
been using ldb_attr_cmp()
Remove ldb_caseless_cmp() ... going on with the cleanup and utf8 compliance
effort.
Simo.
(This used to be commit
afda68d7bf655a9145648856d29e6e64b9f21aa3)
Simo Sorce [Sat, 4 Feb 2006 01:27:47 +0000 (01:27 +0000)]
r13325: let samba register it's own utf8 aware functions in ldb
(This used to be commit
12faf556833807d3f2aa4360c54e10583ac77fed)
Simo Sorce [Sat, 4 Feb 2006 00:38:48 +0000 (00:38 +0000)]
r13324: From now on check attribute names obey rfc2251
Also add a way to provide utf8 compliant functions
by registering them with ldb_set_utf8_fns()
Next comes code to register samba internal utf8 functions.
Simo.
(This used to be commit
ac9b8a41ffca8e06c5e849d544d3203a665b8e0d)
Andrew Bartlett [Fri, 3 Feb 2006 23:19:00 +0000 (23:19 +0000)]
r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
(This used to be commit
c17007918459678004a009ccaa50fb85e8b6a739)
Andrew Bartlett [Fri, 3 Feb 2006 23:07:58 +0000 (23:07 +0000)]
r13320: Fix kpasswd's use of the local HDB. /dev/null was a bad idea, we want
'no filename' instead.
Andrew Bartlett
(This used to be commit
7de385dca4c40e98a40ef1e769826de8bff64323)
Andrew Bartlett [Fri, 3 Feb 2006 22:30:30 +0000 (22:30 +0000)]
r13317: Create a new function messaging_client_init() which can be used when
we don't have a server messaging context. We should replace the
datagram messages with stream sockets in this case, so we don't have
to create a unique socket.
Andrew Bartlett
(This used to be commit
fd974fb64792f8f6c532b01d2a2e012be18eef7e)
Simo Sorce [Fri, 3 Feb 2006 15:58:41 +0000 (15:58 +0000)]
Jeremy Allison [Fri, 3 Feb 2006 02:07:22 +0000 (02:07 +0000)]
r13297: It's a good thing the shipment of function headers tridge
sent me arrived on time... :-).
Refactor this code to make it comprehensible. Tested
against W2K3 SP 1 and W2K SP 4. Test 19 is different
from what I thought. Turns out delete on close on
"open" of a directory (not create) does have an
effect - even if not reported in the flag bit.
trige please test against Vista (my XP box is
refusing to serve at the moment - have to reinstall).
Jeremy.
(This used to be commit
2b708e26185bfc0a909a33e74e67dd2101c3bbbe)
Simo Sorce [Wed, 1 Feb 2006 20:48:05 +0000 (20:48 +0000)]
r13289: Check the tree is not NULL
Thanks to Aaron J. Seigo <aseigo@kde.org> for spotting this
(This used to be commit
4b5c0493e2276a9eba1bada7c4bac99999a465e2)
Andrew Tridgell [Wed, 1 Feb 2006 10:50:26 +0000 (10:50 +0000)]
r13283: added two optimisations to the tdb transactions code. The first is to
more agressively coalesce entries in the linked list of the undo
log. The second is to ensure that writes during a transaction into the
hash table don't cause the size of the undo log linked list to grow.
These optimisations don't affect Samba much, but they make a huge
difference to the use of ldb in kde
(This used to be commit
a37d9434d1fa181fd3d060ad032ee4ec5135fc52)
Andrew Bartlett [Wed, 1 Feb 2006 10:04:55 +0000 (10:04 +0000)]
r13282: Indentation, and ensure we handle the talloc_free in the right place
all the time.
Andrew Bartlett
(This used to be commit
2aa9fefbb30959f29e9d5a79c4880f33a747b68c)
Andrew Bartlett [Wed, 1 Feb 2006 10:04:11 +0000 (10:04 +0000)]
r13281: Use TALLOC_CTX * not a void *, and use tmp_ctx as the name for consistancy.
(I was chasing ghosts in this code, and decided to do a cleanup while
I was there).
Andrew Bartlett
(This used to be commit
c05f6be09a0cffdd0b87483f5b3751cc3f96e7f5)
git.samba.org / kai / samba.git / log