summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-07-15Rework provision to handle both simple and SASL binds.Andrew Bartlett3-12/+15
Fedora DS is still setup for simple binds only, at this point. (it also fails on other issues). Andrew Bartlett (This used to be commit b24c572d5a38c1f6906751c2ad2f809e1995b510)
2008-07-15Connect to the LDAP backend with SASL credentials.Andrew Bartlett9-21/+111
This reworks our LDAP backend code to move from anonymous access to a shared-secret SASL-protected connection. (SASL selects NTLM or DIGEST-MD5 on my system). To get this working, we must pre-populate the LDAP backend with a DN to store ths SASL secret on, and we use back-ldif for this. This gives us a reasonable basis to deploy a replicated OpenLDAP backend solution. Andrew Bartlett (This used to be commit cd0745253c4a9ec59a035e830e54d74a05b71aaa)
2008-07-15Make up a full hostname for ldapi connections.Andrew Bartlett1-2/+7
The DIGEST-MD5 SASL method requires a hostname, so provide one. Andrew Bartlett (This used to be commit edfb2ed1f22bc735af5a0c3d3ae6ab6771d28f2c)
2008-07-15Add a standard filter for finding the LDAP secrets.Andrew Bartlett1-0/+1
(This used to be commit 28c784966809d634e8497e0716b30bad018467b4)
2008-07-15Cleanup ldap_bind_sasl.Andrew Bartlett1-4/+3
With these changes, we don't leak the LDAP socket, and don't reset all credentials feature flags, just the ones we are actually incompatible with. Andrew Bartlett (This used to be commit 72e52a301102941c41ab423e0212fe9a1aed0405)
2008-07-15Use secrets.ldb to store credentials to contact LDAP backend.Andrew Bartlett3-11/+35
This makes Samba4 behave much like Samba3 did, and use a single set of administrative credentials for it's connection to LDAP. Andrew Bartlett (This used to be commit e396a59788d77aa2fbf3b523c3773fe0e5c976c0)
2008-07-15Allow ldap credentials to be (optionally) stored in secrets.ldbAndrew Bartlett1-11/+33
This includes a simple bind DN, or SASL credentials. The error messages are reworked as on systems without an LDAP backend, we will fail to find this record very often. Andrew Bartlett (This used to be commit 95825ae6d5e9d9846f3a7505a81ebe603826227e)
2008-07-15Try to make NTLMSSP less fussy for unimportant messages.Andrew Bartlett1-2/+13
We don't really care (because nobody uses them) what we send as the domain and workstation in the negotiate packet. Andrew Bartlett (This used to be commit 9ac07e14873df2c18d0e9501691c2d4c4047e218)
2008-07-15Fix 'make gdbtest-enb' and the GDB_PROVISION option.Andrew Bartlett2-2/+2
(This used to be commit 79c4d8e2fabc9c33d978c064b9c01ca45e463ced)
2008-07-14Remove C++ keywords from events.h header.Andrew Bartlett1-4/+4
Andrew Bartlett (This used to be commit 7ca421eb32bed3c400f863b654712d922c82bfb9)
2008-07-12rename sambaPassword -> userPassword.Andrew Bartlett14-68/+49
This attribute is used in a very similar way (virtual attribute updating the password) in AD on Win2003, so eliminate the difference. This should not cause a problem for on-disk passwords, as by default we do not store the plaintext at all. Andrew Bartlett (This used to be commit 1cf0d751493b709ef6b2234ec8847a7499f48ab3)
2008-07-11Use common code to fill in allowedAttributes in kludge_acl.Andrew Bartlett3-39/+41
This code is now in common with ad2oLschema. Andrew Bartlett (This used to be commit 0a797388ca442c3ad4809888897b1c63b65a7fdf)
2008-07-10Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett1-2/+14
(This used to be commit f956908cde7dd40643ff49cf433d0cf7765027de)
2008-07-10Avoid the use of extensibleObject in ldap mapping backend.Andrew Bartlett3-21/+143
Instead of extensibleObject, we use the new (more correct) ad2oLschema tool, and a new objectClass called 'samba4Top', which we add and remove in the same way we did extensibleObject. Andrew Bartlett (This used to be commit 5ab20aa8b43415751f77602fff3a3008bf2186db)
2008-07-10Make ad2oLschema even simpler, by moving the heavy work into dsdb.Andrew Bartlett4-368/+368
This will allow the kludge_acl and schema code to leverage the same work. (We might even get schema validation soon! :-) Andrew Bartlett (This used to be commit cecd04ce1f8ce2af2fb654b3abc1499092405d60)
2008-07-09(Hopefully) fix the build by re-adding security.NTACLJeremy Allison1-0/+2
const char. The deletion earlier was a typo. Jeremy. (This used to be commit aa27344b96929c925b30965a1cd20e69c3dbd515)
2008-07-09Add in a version2 of the NT security descriptor storeJeremy Allison1-3/+13
that can store a timestamp along with the SD. Allows us to check for validity against the POSIX st_ctime. Keeps the IDL consistent with Samba3.3 IDL. Jeremy. (This used to be commit 29843a6b339a581de714924219632390b156aa4f)
2008-07-09ldb_map: eliminate "discards qualifyer" warning (const).Michael Adam1-1/+1
Michael (This used to be commit b7c14af3790bcf825367a7f16d2aaa375b04393c)
2008-07-09libnet_domain: eliminate "discards qualifier" warning (const).Michael Adam1-1/+1
Michael (This used to be commit ea99590046f50ec2d0c4afe0163fc8660a797ba4)
2008-07-09dsdb: eliminate disards qualifyer compile warning.Michael Adam1-1/+1
Michael (This used to be commit 3b0917dbc5399dc6835b523d762b244bdcf45b79)
2008-07-09Revert "tdbtool: fix off-by-one error in argument length. (bug #2344)"Michael Adam1-1/+1
This reverts commit fafb8ad2b81b9a46cf8259bedc1dca5023b06115. This fix is not valid: 1. convert_string() is not only used for key strings but also for data. 2. Some databases use string_tdb_data() i.e. non-null-terminated strings as keynames and others (like the one I was using), use string_term_tdb_data(), i.e. zero-terminated key strings. After discussion with Metze, the easiest (and proper way) to handle this is to specify key names as "keyname\0" for databases which use string_term_tdb_data(). Sorry for the noise... Michael (This used to be commit 17c012c4645f4e9542537c15f80d9b4e74304d11)
2008-07-08tdbtool: fix off-by-one error in argument length. (bug #2344)Michael Adam1-1/+1
This prevented all commands operating on keys (all non-traverse commands) in tdbtool to fail with a "fetch failed" or "delete failed" message. It seems that it fixes bug #2344 ... Apparently this bug was introduced with 94e53472666ed in 2005. Either nobody is using tdbtool or else tdb_find() has become more strict about the key legth in the meantime. :-) Michael (This used to be commit fafb8ad2b81b9a46cf8259bedc1dca5023b06115)
2008-07-07rpc_server: use the transport session_info if availableStefan Metzmacher1-8/+12
metze (This used to be commit 76dd521bcf53a245bd1412968e9b921e5c2f10c9)
2008-07-07packet: make it possible to free the packet_context from the send_callbackStefan Metzmacher1-0/+6
metze (cherry picked from commit 20795c4a0d5f75561561470231de1a2fad2906ff) (This used to be commit 5d5b4e4ab23e1c630dfde2b9f296681e3979c4e0)
2008-07-07smb_server/smb: handle incoming multi fragmented nttrans requestsStefan Metzmacher1-16/+152
metze (This used to be commit 9a5f7bf68b20e3b490b209b5cfc4408566320f2e)
2008-07-07smb_server/smb: prepare multi fragmented nttrans requestsStefan Metzmacher2-4/+7
metze (This used to be commit 36a39b92d732a682e38ad4b3f733951fee4757ed)
2008-07-07libcli/raw: remove unused smb_raw_max_trans_data() functionStefan Metzmacher1-12/+0
metze (This used to be commit d235ce673705641e06b4ad5f5679e146b59a19e1)
2008-07-07torture: .in.max_data should not depend on the smb max sizeStefan Metzmacher2-9/+9
We now support async multi fragment SMBtrans calls. metze (This used to be commit ba8499867af90dcd88455476b1f58a2ab18f159b)
2008-07-07rap: trans->in.max_data should not depend on the smb max sizeStefan Metzmacher1-1/+1
We now support async multi fragment SMBtrans calls. metze (This used to be commit 66e0c1754f14cf0100ca2d3e9c0cd8c87f9dc1e6)
2008-07-07dcerpc_smb: trans->in.max_data should not depend on the smb max sizeStefan Metzmacher1-1/+8
We now support async multi fragment SMBtrans calls. metze (This used to be commit 6813e22e9d300696a40993476629227d5cc4d35f)
2008-07-07libcli/raw: make multi fragmented nttrans requests possibleStefan Metzmacher1-17/+178
metze (This used to be commit a6aa055097313975299f214d8ebe8d45aa51d10a)
2008-07-07smb_server/smb: trans(2) setup count is uint8_tStefan Metzmacher1-2/+3
metze (This used to be commit 1b507a9b8e2ede5a4eb542bdf7a0eab9269b9f7b)
2008-07-07libcli/raw: trans(2) setup count is uint8_tStefan Metzmacher1-4/+6
metze (This used to be commit 48ccb51caf7976ec07c8a9bfc1afd3076bf4ee22)
2008-07-07libcli/raw: remove unused smbcli_request_receive_more() functionStefan Metzmacher1-13/+0
metze (This used to be commit e1d81388fcabba9a947ed0be9ccae875e2b19135)
2008-07-07libcli/raw: use the new recv_helper infrastructure for trans/trans2 repliesStefan Metzmacher1-184/+313
metze (This used to be commit ec67c61b6a82e4f39a15f37a98ae3fe93bb81316)
2008-07-07libcli/raw: use the new recv_helper infrastructure for nttrans repliesStefan Metzmacher1-102/+145
metze (This used to be commit 5bf136e233e26b4372155f494bae5118ef777a76)
2008-07-07libcli/raw: add a recv_helper hook infrastructureStefan Metzmacher2-1/+23
The recv helper will be called when a response comes and the recv helper can decide to let the request on the SMBCLI_REQUEST_RECV when more reponse packets are expected. It's up to the helper function to keep a reference to the in buffers, each incoming response overwrites req->in. metze (This used to be commit 6d84af89ba96627abe142ba7080c24ae2421ed6c)
2008-07-07libcli/raw: the nttrans setup count is only 8-bitStefan Metzmacher1-1/+1
metze (This used to be commit a65599cc83a12ec61e5a6ba6ad9628619a0dc8a3)
2008-07-07smb_server/smb: transs and transs2 calls have different word countsStefan Metzmacher1-1/+12
Also add a note about NT_STATUS_DOS(ERRSRV, ERRerror). metze (This used to be commit 4287b7c1323796cf0688d0fae9b5bd4e840e3d48)
2008-07-07smb_server/smb: fix crash bug with fragmented trans callsStefan Metzmacher1-13/+20
We need to use smbsrv_setup_secondary_request(req) to send the trans ack, because smbsrv_send_reply(req) destroys 'req' and the partial trans list had dead elements in the list. Also make sure the partial list element is removed by a talloc destructor. metze (This used to be commit 221f4d6e534a40b7def6e51dc6b4f9e8057d18b7)
2008-07-03dcerpc.idl: the signing overhead can be more than 32 bytesStefan Metzmacher1-1/+1
Windows seems to use 64 here, so we do now. Before we got nca_proto_error fault because we send fragments larger than the negotiated max frag size. If the max frag size is 5840, we're sending 5837 bytes when the auth_len is 45 and that matches w2k3 traffic. metze (This used to be commit 351947dba3f7a26ac871d4aa7b6bba4cd472383a)
2008-07-03rpc_server: use the same chunk_size logic as we we use in the clientStefan Metzmacher1-7/+7
metze (This used to be commit 9ff0ce42b32bf0f1463d2cb9c2a6595f51b13d04)
2008-07-02Fix bug #5578, reported by sendel2000@hotbox.ru. Bad (non-Samba) use of ↵Jeremy Allison1-0/+3
strlcat gives error. Jeremy. (This used to be commit e633dc4ec2d72c3d34b5e096e0460e07e07ab514)
2008-07-02Merge commit 'origin/v4-0-stable' into v4-0-testStefan Metzmacher0-0/+0
(This used to be commit 91c899290f6962f277c103f11d5d8dc0a7c9aa02)
2008-07-02Merge commit 'release-4-0-0alpha5' into v4-0-stableStefan Metzmacher2-4/+15
(This used to be commit d6652540c2dda9091ccc6d05c3ebb24a663c9fac)
2008-07-02Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett1-1/+1
(This used to be commit b4e7063058ac8587c526dd9133aee345e99f8ef8)
2008-07-02Move ad2oLschema and oLschema2ldif into Samba4, out of LDBAndrew Bartlett10-174/+364
LDB does not know about nor process the AD schema, so it makes no sense to have this tool there. I've been changing it anyway, to use a common schema manipulation library, and will enhance these links in the future. Andrew Bartlett (This used to be commit c7704805b9a3541e4c8768278c8289b0aa6ed5e3)
2008-07-02ldap_server: allow modifies to the root dse record and pass them to the ldb ↵Stefan Metzmacher1-1/+1
layer metze (This used to be commit 3da6f7f95d7c04cff49fa2312f94c059686d11e4)
2008-07-02Fill in the auxiliary classes into the dsdb_schema.Andrew Bartlett1-3/+2
Andrew Bartlett (This used to be commit 615564b3daec0ffe17d05599b7ec8688619f5c65)
2008-07-02Collapse auxillary classes in LDAP schema conversion.Andrew Bartlett1-4/+106
MS-ADTS 3.1.1.3.1.1.5 describes the behaviour of auxiliary classes. In effect, these are additional MUST or MAY attributes that are appeneded to the parent class (the auxiliary does not become listed in the objectClass attribute), and so we do just that, and merge them here, for export to OpenLDAP as it's schema. Andrew Bartlett (This used to be commit d674e92591ea90eb3b2117d8dd21f79f718d7730)