tprouty/samba.git
11 years agoPush loading the objectGUID and objectSID handlers earlier.
Andrew Bartlett [Thu, 21 Aug 2008 07:29:47 +0000 (17:29 +1000)]
Push loading the objectGUID and objectSID handlers earlier.

Andrew Bartlett
(This used to be commit 0b6e53f80b063d8702718c84409d7b069aee9c05)

11 years agoStop every ldb startup doing a write to the database.
Andrew Bartlett [Thu, 21 Aug 2008 06:42:03 +0000 (16:42 +1000)]
Stop every ldb startup doing a write to the database.

Something in the search stack adds a distinguisedName record, which
isn't in the message we generate.  So we compare, fail and rewrite the
record - every time ldb starts up...

Andrew Bartlett
(This used to be commit 44775d1ed4a4b8edc66a06e2b3710aba6a0dd019)

11 years agoValidate input in the CLDAP and DGRAM 'netlogon' responder.
Andrew Bartlett [Thu, 21 Aug 2008 06:09:42 +0000 (16:09 +1000)]
Validate input in the CLDAP and DGRAM 'netlogon' responder.
(This used to be commit 682ca3cae1d5e796bc58142f79c99d43742ac85c)

11 years agoHandle error cases in attribute handlers better.
Andrew Bartlett [Thu, 21 Aug 2008 05:10:40 +0000 (15:10 +1000)]
Handle error cases in attribute handlers better.

We don't need to just bail, for all these error cases there is still
real result that can be made - just fall back to binary copy/compare.

Andrew Bartlett
(This used to be commit 6aa5dde2aa9a5f070871ecc117e44bfcad363459)

11 years agoThe index handling is now configured from the schema load, not by a
Andrew Bartlett [Thu, 21 Aug 2008 02:59:16 +0000 (12:59 +1000)]
The index handling is now configured from the schema load, not by a
template.

Andrew Bartlett
(This used to be commit b36c6a21ad12fdc1b53efdc3f29cde7614b4fa9e)

11 years agoSet both attributes and indexes into the database on schema load.
Andrew Bartlett [Thu, 21 Aug 2008 02:58:00 +0000 (12:58 +1000)]
Set both attributes and indexes into the database on schema load.

This ensures that a rudementary schema is always present (for
bootstrapping), and that the indexes are maintained equal to the
schema (rather than hard-coded).

Andrew Bartlett
(This used to be commit 747d683b0d92c3b1cde67245d514977a2c87dc44)

11 years agoAll these syntaxes are now handled by the schema.
Andrew Bartlett [Thu, 21 Aug 2008 02:56:34 +0000 (12:56 +1000)]
All these syntaxes are now handled by the schema.
(This used to be commit 94d5e69190f34d66d4defd4a7de7ce24bee77bc3)

11 years agoDon't hardcode attributes to be treated as a DN
Andrew Bartlett [Thu, 21 Aug 2008 02:56:04 +0000 (12:56 +1000)]
Don't hardcode attributes to be treated as a DN

This is now handled by reading the schema into the attributes.

Also, when we do set something here, mark it as FIXED, so the schema
and any reload from @ATTRIBUTES won't touch it.

Andrew Bartlett
(This used to be commit 7b24701335398ece3d1b3a20cf5f1174500b16ce)

11 years agoCorrect anr search commants and error messages in ldap.js
Andrew Bartlett [Thu, 21 Aug 2008 02:51:55 +0000 (12:51 +1000)]
Correct anr search commants and error messages in ldap.js
(This used to be commit 233dd885c2a2b4ee7cc2287efe7d6e03625d4981)

11 years agoDon't allow a NULL syntax
Andrew Bartlett [Thu, 21 Aug 2008 02:51:06 +0000 (12:51 +1000)]
Don't allow a NULL syntax
(This used to be commit 505a0c2b702b696b91dab683626bb25b14a49c38)

11 years agoDon't maniplate control entries in samldb
Andrew Bartlett [Thu, 21 Aug 2008 02:50:22 +0000 (12:50 +1000)]
Don't maniplate control entries in samldb
(This used to be commit 8003ee9abf474de534677283fc499f9a3d992b20)

11 years agoUse the new SEARCH_FLAG_ANR define
Andrew Bartlett [Wed, 20 Aug 2008 06:18:44 +0000 (16:18 +1000)]
Use the new SEARCH_FLAG_ANR define
(This used to be commit 07d122ce2c255124dfb3acf71a3afdf52f06e1b1)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Wed, 20 Aug 2008 06:02:13 +0000 (16:02 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit ae502f9e3991209d70a745bef3a3e6e7484cdb5f)

11 years agodon't overwrite fixed attributes with @ATTRIBUTES
Andrew Tridgell [Wed, 20 Aug 2008 06:00:54 +0000 (16:00 +1000)]
don't overwrite fixed attributes with @ATTRIBUTES
(This used to be commit e860fc171fd127d73df23336089c1479911953da)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Wed, 20 Aug 2008 05:52:08 +0000 (15:52 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit 9fa48b3572cb4e55cfaa48a8b516a91904048573)

11 years agoMerge commit 'origin/v4-0-test' into v4-0-test
Andrew Tridgell [Wed, 20 Aug 2008 05:50:58 +0000 (15:50 +1000)]
Merge commit 'origin/v4-0-test' into v4-0-test
(This used to be commit 3bdc906eb63a494f0d8478c13f8330828aa2f725)

11 years agoadded a LDB_ATTR_FLAG_FIXED so the schema module can mark attributes
Andrew Tridgell [Wed, 20 Aug 2008 05:46:58 +0000 (15:46 +1000)]
added a LDB_ATTR_FLAG_FIXED so the schema module can mark attributes
as never to be removed.
(This used to be commit 9dce558206a2ce70c69b9b6c5c3c9c58ee165b1d)

11 years agoApply attributes (and their syntax) from the schema into ldb
Andrew Bartlett [Wed, 20 Aug 2008 05:46:46 +0000 (15:46 +1000)]
Apply attributes (and their syntax) from the schema into ldb

This changes the @ATTRIBUTES record to be for bootstrapping only,
before we find the schema.

Andrew Bartlett
(This used to be commit 358477fcc041d5fb2e6ac5641c2f899cc49cfb69)

11 years agoAdd schema search flags from MS-ADTS
Andrew Bartlett [Wed, 20 Aug 2008 05:45:16 +0000 (15:45 +1000)]
Add schema search flags from MS-ADTS
(This used to be commit 731d9e569a474da27014737e0805ae712366357d)

11 years agoSplit schema_init.c into smaller bits.
Andrew Bartlett [Wed, 20 Aug 2008 03:22:16 +0000 (13:22 +1000)]
Split schema_init.c into smaller bits.

This should make schema manipulation a little easier to follow.

Andrew Bartlett
(This used to be commit 300ed83526e75d834bd23ddd1c1c26ebe2555e0f)

11 years agoRemove last traces of the old 'subclass' feature
Andrew Bartlett [Wed, 20 Aug 2008 03:09:40 +0000 (13:09 +1000)]
Remove last traces of the old 'subclass' feature
(This used to be commit ed19d0abea5b206d186a51fa11dc0c04197e6ee2)

11 years agoAdd a torture test for the new 'netlogon' flags.
Matthias Dieter Wallnöfer [Wed, 20 Aug 2008 02:46:37 +0000 (12:46 +1000)]
Add a torture test for the new 'netlogon' flags.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit a484334fb4dafd1df514d1bf88f7e0c4f07dff86)

11 years agoAdd extra bits to our 'netlogon' response in CLDAP and NBT.
Matthias Dieter Wallnöfer [Wed, 20 Aug 2008 02:45:41 +0000 (12:45 +1000)]
Add extra bits to our 'netlogon' response in CLDAP and NBT.

I've studied now the netlogon attribute from the CLDAP request and
have compared them with the table presented in the WSPP docs
(http://msdn.microsoft.com/en-us/library/cc201036.aspx). The first two
bytes seem to be correct, but that the third and fourth one is
completely clear with SAMBA 4.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 3024a43c25e3ec9821d94a27d5cf738890b1b8f3)

11 years agoUpdate OpenLDAP MMR configuration per comments by Oliver Liebel
Andrew Bartlett [Wed, 20 Aug 2008 02:21:36 +0000 (12:21 +1000)]
Update OpenLDAP MMR configuration per comments by Oliver Liebel
<oliver@itc.li>

This changes the RIDs to be <serverID><DBID>, to ease later debugging.

The need to specify the port on the MMR URLs is now included in the
help.

Andrew Bartlett
(This used to be commit a5cbe8c09c6f14f95ff9ba9b8782e2100fc55695)

11 years agoadded some comments at the request of a frustrated abartlet
Andrew Tridgell [Tue, 19 Aug 2008 07:49:34 +0000 (17:49 +1000)]
added some comments at the request of a frustrated abartlet
(This used to be commit cad2e6c4c13ccd02587e47d13e897e0a327b58eb)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 19 Aug 2008 04:11:51 +0000 (14:11 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit fc6b4f03ebba015a13a6ab93221b0bc3ef8ef2ed)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 19 Aug 2008 04:10:53 +0000 (14:10 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit 27d07df301d60e49d36efd003f2fd2305c83c3fe)

11 years agoFix up new OpenLDAP MMR code.
Andrew Bartlett [Tue, 19 Aug 2008 04:10:14 +0000 (14:10 +1000)]
Fix up new OpenLDAP MMR code.

This changes the MMR password from hard-coded value of 'linux',
adds tests and fixes the Fedora DS backend.

Currently the MMR password matches the admin password, but we can
change this to be another random value if required.

Also require the port to be specified on the command line, so we don't
hard-code a port of 9000.

Andrew Bartlett
(This used to be commit 08257c6d6ce809fcd53f9b2b4d558fef616b74ce)

11 years agoGenerate Multi-Master Replication configuration for OpenLDAP
Oliver Liebel [Tue, 19 Aug 2008 02:03:04 +0000 (12:03 +1000)]
Generate Multi-Master Replication configuration for OpenLDAP

This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 6ed0b3f2475022288f636605492ca27fde97cd52)

11 years agoFix templates.ldb reprovision handling.
Andrew Bartlett [Tue, 19 Aug 2008 01:43:41 +0000 (11:43 +1000)]
Fix templates.ldb reprovision handling.

This sets the attributes in a seperate transaction, and allows a
forced delete of the whole file.

Andrew Bartlett
(This used to be commit 423db2468ba3dac89cebc59c8498c0b08c5f3d7b)

11 years agolibrpc: don't build the old mszip decompression code
Stefan Metzmacher [Mon, 18 Aug 2008 13:33:11 +0000 (15:33 +0200)]
librpc: don't build the old mszip decompression code

metze
(This used to be commit f48dfd87badcddc64a1c0bf52939188a4a8f4add)

11 years agondr_compression: use zlib's inflate() for decompression
Stefan Metzmacher [Thu, 7 Aug 2008 16:24:57 +0000 (16:24 +0000)]
ndr_compression: use zlib's inflate() for decompression

metze
(This used to be commit 25876fc4ab8ba11f00d24bb8ceb517c0e4a4d72d)

11 years agozlib: mark as modified for samba
Stefan Metzmacher [Mon, 18 Aug 2008 12:26:53 +0000 (14:26 +0200)]
zlib: mark as modified for samba

metze
(This used to be commit 0fb265e567d700b3c16eb8f28bc5f26653a819fa)

11 years agozlib: fix compiler warnings
Stefan Metzmacher [Fri, 15 Aug 2008 11:32:51 +0000 (13:32 +0200)]
zlib: fix compiler warnings

metze
(This used to be commit ce44a608f66bf27070fd43d576551fde6f545d7c)

11 years agozlib: we don't need the inflateReset2 prototype twice
Stefan Metzmacher [Mon, 18 Aug 2008 12:25:41 +0000 (14:25 +0200)]
zlib: we don't need the inflateReset2 prototype twice

metze
(This used to be commit 0dbbc287f65a51330c5309df5a96b3acd4d044d5)

11 years agolibrpc/ndr: add support for XPRESS decompression
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
librpc/ndr: add support for XPRESS decompression

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 6a9720c99d36a575ea8ed92e94ff6d2fe6f3e27d)

11 years agolib/compression: Import of lzxpress decompression algorithm
Matthieu Suiche [Thu, 10 Jul 2008 09:31:43 +0000 (09:31 +0000)]
lib/compression: Import of lzxpress decompression algorithm

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 531882dadd57eb6fa048c5d6e5fe3accc20df751)

11 years agoNote the ldb syntax for attribute syntaxes in the table.
Andrew Bartlett [Mon, 18 Aug 2008 10:30:27 +0000 (20:30 +1000)]
Note the ldb syntax for attribute syntaxes in the table.

This includes additional Samba-specific syntaxes made available from
the ldif_handlers code.

This commit also changes some table to use #defines, to ensure
consistancy in other parts of the code.

Andrew Bartlett
(This used to be commit e26a5efd9a580ed3728e1f449e367b1cd4a73b5f)

11 years agoAllow attributes to be overwritten, not just added to
Andrew Bartlett [Mon, 18 Aug 2008 10:21:31 +0000 (20:21 +1000)]
Allow attributes to be overwritten, not just added to
(This used to be commit 0aebae91be0fba7ffa94d73946a94aea930a252a)

11 years agoFix segfaults when loading the schema fails.
Andrew Bartlett [Mon, 18 Aug 2008 10:20:24 +0000 (20:20 +1000)]
Fix segfaults when loading the schema fails.
(This used to be commit 9643db1a011edc95aa903908cec708b3a3566e71)

11 years agoEnsure we fail to proceed if the schema won't load.
Andrew Bartlett [Mon, 18 Aug 2008 05:12:08 +0000 (15:12 +1000)]
Ensure we fail to proceed if the schema won't load.
(This used to be commit 07107c45c35a11979bf68a14b2c4df9415880fcb)

11 years agoRemove references to the unused @SUBCLASS feature.
Andrew Bartlett [Mon, 18 Aug 2008 02:01:27 +0000 (12:01 +1000)]
Remove references to the unused @SUBCLASS feature.

This was removed from ldb_tdb a while ago

Andrew Bartlett
(This used to be commit fcb87e77860b449ac3483ccec5e6b5ed087540f2)

11 years agoMerge the two attribute syntax tables.
Andrew Bartlett [Mon, 18 Aug 2008 00:16:45 +0000 (10:16 +1000)]
Merge the two attribute syntax tables.

This merges the table once found in the oLschema2ldif tool (and moved
many times) with the table used for DRSUAPI.

The OpenLDAP schema map has been updated, to ensure that despite a
number of attributes being declared as OIDs, they are actually used as
strings (as they are actually LDAP class/attribute names).

Andrew Bartlett
(This used to be commit 61f2958c84beeedcf369ccdc02afed0c8055b108)

11 years agoconfigure: use AS_HELP_STRING for --with-disable-ext-lib
Michael Adam [Fri, 15 Aug 2008 22:37:26 +0000 (00:37 +0200)]
configure: use AS_HELP_STRING for --with-disable-ext-lib

Michael
(This used to be commit 88cf5d8b708d6247772b33128f0e212a4c2e9ba8)

11 years agoconfigure: use AS_HELP_STRING for --enable-developer
Michael Adam [Fri, 15 Aug 2008 22:35:52 +0000 (00:35 +0200)]
configure: use AS_HELP_STRING for --enable-developer

Michael
(This used to be commit b10d4723891c39693100bfaaf1ac29adce9f7a86)

11 years agoconfigure: use AS_HELP_STRING for --enable-debug.
Michael Adam [Fri, 15 Aug 2008 22:34:43 +0000 (00:34 +0200)]
configure: use AS_HELP_STRING for --enable-debug.

Michael
(This used to be commit 1f4bf8fbd5bfc9c58bb5668fe25586766605b268)

11 years agoconfigure: use AS_HELP_STRING for --with-selftest-prefix.
Michael Adam [Fri, 15 Aug 2008 22:33:04 +0000 (00:33 +0200)]
configure: use AS_HELP_STRING for --with-selftest-prefix.

Michael
(This used to be commit eea4f597acf743fa783be3e5809e24aebc79f238)

11 years agoconfigure: use AS_HELP_STRING for --with-logfilebase.
Michael Adam [Fri, 15 Aug 2008 22:31:23 +0000 (00:31 +0200)]
configure: use AS_HELP_STRING for --with-logfilebase.

Michael
(This used to be commit f9c15b817a24bed26a339479c53fc2f5cc5b36df)

11 years agoconfigure: use AS_HELP_STRING for --with-piddir
Michael Adam [Fri, 15 Aug 2008 22:30:02 +0000 (00:30 +0200)]
configure: use AS_HELP_STRING for --with-piddir

Michael
(This used to be commit f05a9fe46ff428e48be9a5af4a6769cd78712c11)

11 years agoconfigure: use AS_HELP_STRING for --with-lockdir.
Michael Adam [Fri, 15 Aug 2008 22:28:36 +0000 (00:28 +0200)]
configure: use AS_HELP_STRING for --with-lockdir.

Michael
(This used to be commit ed4a6e780a3f57854338520e4608cfc8dce4ef3e)

11 years agoconfigure: use AS_HELP_STRING for --ntp-signd-socket-dir.
Michael Adam [Fri, 15 Aug 2008 22:27:15 +0000 (00:27 +0200)]
configure: use AS_HELP_STRING for --ntp-signd-socket-dir.

Michael
(This used to be commit dd07dcbc916236d80d9a7087860a6f504bbb09e8)

11 years agoconfigure: use AS_HELP_STRING for --with-winbindd-privileged-socket-dir.
Michael Adam [Fri, 15 Aug 2008 22:25:42 +0000 (00:25 +0200)]
configure: use AS_HELP_STRING for --with-winbindd-privileged-socket-dir.

Michael
(This used to be commit 3bf8116531d4eb0cc25bc7bac70ae3c77642a5a3)

11 years agoconfigure: use AS_HELP_STRING for --with-winbindd-socket-dir .
Michael Adam [Fri, 15 Aug 2008 22:25:09 +0000 (00:25 +0200)]
configure: use AS_HELP_STRING for --with-winbindd-socket-dir .

Michael
(This used to be commit 1304eda283b29fff8960633b1329c0a1611e1ca3)

11 years agoconfigure: use AS_HELP_STRING for --with-privatedir
Michael Adam [Fri, 15 Aug 2008 22:13:34 +0000 (00:13 +0200)]
configure: use AS_HELP_STRING for --with-privatedir

Michael
(This used to be commit eafde5bee0a68fd4cf61ae64dfb24e4deb16b95a)

11 years agoconfigure: format help string for --with-fhs with AS_HELP_STRING().
Michael Adam [Fri, 15 Aug 2008 22:07:54 +0000 (00:07 +0200)]
configure: format help string for --with-fhs with AS_HELP_STRING().

Michael
(This used to be commit 837d0b3eb213ce6d0ce5345308d1b42ae2b08d67)

11 years agoconfigure: remove duplicate definition of --with-winbindd-socket-dir.
Michael Adam [Fri, 15 Aug 2008 22:23:47 +0000 (00:23 +0200)]
configure: remove duplicate definition of --with-winbindd-socket-dir.

I think this should have gone with fa361354433fb9a5c09c84997a7c51f3052c294e.

Michael
(This used to be commit 91fcaac68b215461a13c1b517f6cede29af5e55c)

11 years agoFix the build, after the ad2oLschema changes.
Andrew Bartlett [Fri, 15 Aug 2008 11:20:05 +0000 (21:20 +1000)]
Fix the build, after the ad2oLschema changes.
(This used to be commit 7361821b21ef78c564c41466783048606a0b6e98)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 11:16:40 +0000 (21:16 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit fa03d750e4577a610dc410d45d49789110b1b4f1)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:41:50 +0000 (20:41 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit b4b14b748e6babc93faee23fe8f5c03ec2d25cbb)

11 years agoGenerate the subSchema in cn=Aggregate
Andrew Bartlett [Fri, 15 Aug 2008 10:40:57 +0000 (20:40 +1000)]
Generate the subSchema in cn=Aggregate

This reads the schema from the in-memory structure, when the magic
attributes are requested.  The code is a modified version of that used
in the ad2oLschema tool (now shared).

The schema_fsmo module handles the insertion of the generated result.

As such, this commit also removes these entries from the setup/schema.ldif

Metze's previous stub of this functionality is also removed.

Andrew Bartlett
(This used to be commit c7c32ec7b42bdf0f7b669644516438c71b364e60)

11 years agoRework generation of the objectClass and attributeType lines.
Andrew Bartlett [Fri, 15 Aug 2008 03:18:48 +0000 (13:18 +1000)]
Rework generation of the objectClass and attributeType lines.

Now that these are subroutines, we can factor them out into a file the
CN=Aggregate schema code can also use.

Andrew Bartlett
(This used to be commit e3591a6a35ddb60398a03a4fa0545cc6158946ef)

11 years agoParamaterise the seperator in ad2OLschema
Andrew Bartlett [Fri, 15 Aug 2008 02:08:10 +0000 (12:08 +1000)]
Paramaterise the seperator in ad2OLschema

This will allow me to add a new mode, with the CN=Aggregate schema
format automatically generated.

Andrew Bartlett
(This used to be commit 7d2a890a7077e446e45527847f78bba84d22bc4c)

11 years agoDon't segfault in RPC-ATSVC.
Andrew Bartlett [Thu, 14 Aug 2008 23:46:51 +0000 (09:46 +1000)]
Don't segfault in RPC-ATSVC.
(This used to be commit e711f7d26a632ec93c1e2a3db52c37e1c0de4214)

11 years agoRAW-OPEN: be more strict in create_option checking
Stefan Metzmacher [Thu, 14 Aug 2008 13:14:53 +0000 (15:14 +0200)]
RAW-OPEN: be more strict in create_option checking

metze
(This used to be commit d548f5dee5980eae0aea25f1314238eb4f963568)

11 years agoRevert "krb5: always generate the acceptor subkey as the same enctype as the used...
Stefan Metzmacher [Wed, 13 Aug 2008 05:22:36 +0000 (07:22 +0200)]
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"

This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11.

As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.

metze
(This used to be commit 697cd1896bccaa55ee422f17d9312d787ca699ed)

11 years agogsskrb5: always return an acceptor subkey
Stefan Metzmacher [Wed, 13 Aug 2008 07:52:20 +0000 (09:52 +0200)]
gsskrb5: always return an acceptor subkey

For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.

metze
(This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8)

11 years agogensec_gssapi: only cache the session key in STAGE_DONE
Stefan Metzmacher [Wed, 13 Aug 2008 05:18:35 +0000 (07:18 +0200)]
gensec_gssapi: only cache the session key in STAGE_DONE

The key may change because we switch from initiator to acceptor
subkey.

metze
(This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5)

11 years agoSMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED
Stefan Metzmacher [Thu, 14 Aug 2008 11:12:07 +0000 (13:12 +0200)]
SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED

Some standalone server (and samba4) doesn't support this.

metze
(This used to be commit 6d8fd4c0089d7e632ec91027a77321aca8c6acc7)

11 years agoSMB2-CREATE: be more strict in checking file attributes
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:51 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in checking file attributes

metze
(This used to be commit ba9d0f6b3c60346df757e7c4c3f5704c0bf26d11)

11 years agoSMB2-CREATE: be more strict in error checking
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:22 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in error checking

metze
(This used to be commit d7d4df78c1de19d0cd7a63daaa2fa0863a243a12)

11 years agontvfs_generic: fix handling of create_options for SMB2
Stefan Metzmacher [Thu, 14 Aug 2008 07:52:45 +0000 (09:52 +0200)]
ntvfs_generic: fix handling of create_options for SMB2

metze
(This used to be commit cbd585d2a1e179615eba773cb07385524369c686)

11 years agolibcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK
Stefan Metzmacher [Thu, 14 Aug 2008 10:48:37 +0000 (12:48 +0200)]
libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK

SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.

metze
(This used to be commit 3ea08d430370717463ffab44fed9c42db1002d97)

11 years agopvfs: fix handling of create_option flags
Stefan Metzmacher [Thu, 14 Aug 2008 10:37:31 +0000 (12:37 +0200)]
pvfs: fix handling of create_option flags

metze
(This used to be commit 3c6cadf76861d6522c5ec41953df1ba2fac4910d)

11 years agolibcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values
Stefan Metzmacher [Thu, 14 Aug 2008 10:44:25 +0000 (12:44 +0200)]
libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values

We now reuse ignored values for the ntvfs backend private flags.

metze
(This used to be commit 14eda93aeface307e1ffd1ea012d8f236fa78290)

11 years agosmb2srv: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:48:44 +0000 (09:48 +0200)]
smb2srv: async replies with STATUS_PENDING are not signed

..., but the they may have the sign flag set.

metze
(This used to be commit 43e43dead030f6bffd06631007fdb162c3c6b2b5)

11 years agosmb2srv: sign replies when the request was also signed
Stefan Metzmacher [Wed, 13 Aug 2008 13:20:18 +0000 (15:20 +0200)]
smb2srv: sign replies when the request was also signed

metze
(This used to be commit dd2f4f7a491debcc30e590f571272afd99e52940)

11 years agosmb2srv: use defines instead of hex values
Stefan Metzmacher [Wed, 13 Aug 2008 07:45:44 +0000 (09:45 +0200)]
smb2srv: use defines instead of hex values

metze
(This used to be commit 7c4abf6614c47471ae005a12abe27d85890d867f)

11 years agolibcli/smb2: use smb2 signing in auto mode if the server supports it
Stefan Metzmacher [Wed, 13 Aug 2008 13:19:01 +0000 (15:19 +0200)]
libcli/smb2: use smb2 signing in auto mode if the server supports it

metze
(This used to be commit fe74faf13dc64eaa58d757de156aedcb24abed1f)

11 years agolibcli/smb2: we don't need check the same thing twice...
Stefan Metzmacher [Wed, 13 Aug 2008 07:44:06 +0000 (09:44 +0200)]
libcli/smb2: we don't need check the same thing twice...

metze
(This used to be commit 1380fb954a7d9d4b543c4650a060fef9f357af7b)

11 years agolibcli/smb2: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:42:27 +0000 (09:42 +0200)]
libcli/smb2: async replies with STATUS_PENDING are not signed

metze
(This used to be commit 3f6cbece4a199a42ad6583ea4bd4302629399625)

11 years agopidl: fix samba4.pidl.samba3-cli test
Stefan Metzmacher [Wed, 13 Aug 2008 14:58:12 +0000 (16:58 +0200)]
pidl: fix samba4.pidl.samba3-cli test

metze
(This used to be commit 0449a5c8267873d7986c7c50adce57029192c456)

11 years agoNBT-WINSREPLICATION: be more robust to timing errors
Stefan Metzmacher [Wed, 13 Aug 2008 14:53:13 +0000 (16:53 +0200)]
NBT-WINSREPLICATION: be more robust to timing errors

Also reenable disabled tests.

metze
(This used to be commit 76878a9c798e0acb0387b8352972d66db989c09a)

11 years agoexpanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
Andrew Tridgell [Thu, 14 Aug 2008 07:26:30 +0000 (17:26 +1000)]
expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
create options fields are supposed to work
(This used to be commit 0576875eccaa21ad529c9db41db91781ad400d0f)

11 years agocope with arbitrary unknown pac buffer types, so when MS adds
Andrew Tridgell [Thu, 14 Aug 2008 05:27:48 +0000 (15:27 +1000)]
cope with arbitrary unknown pac buffer types, so when MS adds
a new one we don't break our server
(This used to be commit 5e08b285319e35afd3a9a6e6f5f59145350f2d80)

11 years agocope with not knowing the kdc key
Andrew Tridgell [Thu, 14 Aug 2008 05:27:22 +0000 (15:27 +1000)]
cope with not knowing the kdc key
(This used to be commit 7e48dad4c7724f3f11236171a777603574224c42)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 12 Aug 2008 23:47:18 +0000 (09:47 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit e85abe7db21eec47adecae8243a25f145aa7ec9a)

11 years agogensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
Stefan Metzmacher [Tue, 12 Aug 2008 13:02:02 +0000 (15:02 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze
(This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)

11 years agogensec_gssapi: fix compiler warnings
Stefan Metzmacher [Tue, 12 Aug 2008 12:57:14 +0000 (14:57 +0200)]
gensec_gssapi: fix compiler warnings

metze
(This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306)

11 years agogensec_gssapi: add a function to load the lucid structure once
Stefan Metzmacher [Tue, 12 Aug 2008 12:56:36 +0000 (14:56 +0200)]
gensec_gssapi: add a function to load the lucid structure once

metze
(This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba)

11 years agogensec: add support for new style spnego and correctly handle mechListMIC
Stefan Metzmacher [Tue, 12 Aug 2008 12:26:21 +0000 (14:26 +0200)]
gensec: add support for new style spnego and correctly handle mechListMIC

metze
(This used to be commit 05a3403967d3cf64bca8b06536dc1b20cf835396)

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 12 Aug 2008 07:46:48 +0000 (17:46 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
(This used to be commit 7ad0d8dd4dab6119ca6f94b64b35c8f975a27d0a)

11 years agodcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE

metze
(This used to be commit 54b873e49ff363609632fa2862208bf6b4c1b6ed)

11 years agorpc_server: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size

metze
(This used to be commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e)

11 years agolibrpc/rpc: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size

metze
(This used to be commit 50eb0e726405580dc5ca3a8a3b15f3bd674f722a)

11 years agodcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH

metze
(This used to be commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7)

11 years agoOnly allow trust accounts access to the NTP signing service.
Andrew Bartlett [Mon, 11 Aug 2008 01:45:45 +0000 (11:45 +1000)]
Only allow trust accounts access to the NTP signing service.
(This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43)

11 years agogensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures

metze
(This used to be commit fcabe24f96c9677146ca754a502f336c23050339)

11 years agogsskrb5: try to be compatible with windows for gss_wrap* and cfx
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx

The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze
(This used to be commit 0fa41a94e466d5e11bcf362ccd8ff41b72733d1a)

11 years agogensec_gssapi: use gsskrb5_get_subkey() to get the session key
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key

This is needed to get the correct key, when aes keys are used.

metze
(This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9)

11 years agokrb5: always generate the acceptor subkey as the same enctype as the used service key
Stefan Metzmacher [Fri, 8 Aug 2008 13:22:39 +0000 (15:22 +0200)]
krb5: always generate the acceptor subkey as the same enctype as the used service key

With this patch samba4 can use gsskrb5_get_subkey() to get the session key.

metze
(This used to be commit dbb94133e0313cae933d261af0bf1210807a6d11)