summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-01-30s3: check that a user in a bogus domain name is mapped to the localnetbios ↵Matthieu Patou2-0/+21
name of a domain member This means that if we authentify for BOGUS\administrator in AD domain FOREST with samba being domain member with the netbiosname MEMBER then BOGUS\administrator will be mapped to MEMBER\administrator if the password match.
2012-01-30s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)Andrew Bartlett1-4/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
2012-01-30gensec: inline gensec_generate_session_info() into only callerAndrew Bartlett4-43/+27
This avoids casting to and from the struct auth_user_info_dc *user_info_dc to to this, the if (user_info_dc->info->authenticated) is moved into auth_generate_session_info_wrapper(), which is the function that gensec_security->auth_context->generate_session_info points to. Andrew Bartlett
2012-01-30s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be obtainedAndrew Bartlett1-1/+1
2012-01-30auth: Make check_password and generate_session_info hook genericAndrew Bartlett6-41/+74
gensec_ntlmssp does not need to know the internal form of the struct user_info_dc or auth_serversupplied_info. This will allow the calling logic to be put in common. Andrew Bartlett
2012-01-30tdb2: make --enable-tdb2 the default.Rusty Russell1-2/+2
We still use the tdb1 on-disk format, but we do so via the tdb2 library. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User: Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date: Mon Jan 30 08:02:43 CET 2012 on sn-devel-104
2012-01-30tdb2: add -1 and -2 options to tdbtortureRusty Russell1-1/+18
(For now, -1 is the default).
2012-01-30tdb2:tdbtorture: use TEST_DATA_PREFIX for filesRusty Russell1-9/+34
TDB2 version of commit b83672b36c1ea8c35833c40c3919b63809f16624. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30tdb2: name tools the same as TDB1 tools.Rusty Russell1-5/+5
Otherwise, when we switch everyone's scripts will break (including our own tests!). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30tdb2: tools/tdb2backupRusty Russell2-0/+374
Minor changes from tdb/tools/tdbbackup.c. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30samdb: use compat wrappers for tdb_fetch().Rusty Russell1-6/+6
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now. Similarly, tdb_errorstr() -> tdb_errorstr_compat(). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30tdb_compat: only use hashsize attribute when O_CREATRusty Russell1-1/+1
tdb2 complains if you specify a tdb1 hashsize, and you're not actually trying to create a new database. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30ldb_wrap.c: fix TDB2-incompatible API usage.Rusty Russell1-1/+1
Auditing revealed one place still expecting a -1 return on failure: tdb2 returns the (negative) errcode directly, so the portable way to do this is to check for != 0. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-01-30tdb2: copy tdb1's changed expansion logic.Rusty Russell3-27/+40
TDB2 uses the same expansion logic as TDB1, which got factored out recently. So update TDB2 to match. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (Imported from CCAN commit c438ec17d7b2efe76e56e5fc5ab88bd4a02735e8)
2012-01-30tdb2: careful on wrap.Rusty Russell6-20/+29
It's much harder to wrap a 64-bit tdb2 than a 32-bit tdb1, but we should still take care against bugs. Also, we should *not* cast the length to a size_t when comparing it to the stat result, in case size_t is 32 bit. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (Imported from CCAN commit 6f7cb26e589cea081e71c59801eae87178967861)
2012-01-29auth: provide private pointer and do not return original PAC signaturesAndrew Bartlett3-36/+43
There is no need to return the PAC signatures via the special-purpose torture element. Instead, use a private pointer on the auth_context in conjunction with the private PAC processing method. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
2012-01-29s3: Fix unused variable warningsVolker Lendecke1-0/+4
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Jan 29 16:33:29 CET 2012 on sn-devel-104
2012-01-29libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIREDStefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
2012-01-28s3-selftest: Add test for posix large reads and writesAndrew Bartlett3-5/+87
This includes encrypted reads and writes, both NTLM and kerberos. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Jan 28 00:13:57 CET 2012 on sn-devel-104
2012-01-27s3-libsmb Do not limit read replies to NBT packet sizesAndrew Bartlett1-1/+1
With the posix extensions, we can read 16MB at a time, so we need to check the full size of the packet, not the size rounded down to the old NBT limit. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-27s3-pdb: Make ADS-type backends updates secrets.tdb.Simo Sorce3-0/+127
Make the backends that have ADS capability the only ones that can change the SID and GUID in secrets.tdb at initialization time. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Jan 27 19:42:17 CET 2012 on sn-devel-104
2012-01-27s3-pdb: Break SECRETS3 dependency on PDB.Simo Sorce4-60/+68
This is causing circular depdnendcies that bring libpdb in all code and this is BAD. This change 'protects' the sid and guid of the domain by adding a special key that makes them effectively read only. Limit this temporarily to the samba 4 build, once it gets some good testing the samba4 ifdefs can be dropped. fix pdb dependencies Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-27libcli/smb: fix smbXcli_negprot(..., PROTOCOL_NT1, PROTOCOL_SMB2_02)Stefan Metzmacher1-3/+6
The SMB1 negprot request already consumed the SMB2 sequence '0'. This also happens for the SMB 2.02 case. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
2012-01-27s3-waf: Create a subsystem for SERVER_MUTEX.Andreas Schneider1-3/+6
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Jan 27 12:55:01 CET 2012 on sn-devel-104
2012-01-27s3-waf: Add missing dependency of ntlmssp to wbclient.Andreas Schneider1-1/+1
2012-01-27s3-waf: Add missing dependency of pdb_wbc_sam to wbclient.Andreas Schneider1-1/+1
2012-01-27build: Add missing dependencies on poptAmitay Isaacs2-1/+3
This fixes compilation issues on freebsd where system popt is installed under /usr/local. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Jan 27 08:33:52 CET 2012 on sn-devel-104
2012-01-27Finally remove all malloc()'s from the substitute code. Now totallyJeremy Allison4-101/+64
talloc() based. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jan 27 03:43:21 CET 2012 on sn-devel-104
2012-01-27Fix a really slow memory leak (in master at least). Found by Ira Cooper ↵Jeremy Allison1-2/+7
<ira@wakeful.net>. Bug #8724 - Memory leak in parent smbd on connection. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jan 27 01:26:28 CET 2012 on sn-devel-104
2012-01-26s3:auth/auth_generic: for now call sub_set_smb_name() and lp_load()Stefan Metzmacher1-0/+6
This matches the auth_ntlmssp case and the smbd/sesssetup.c code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 17:58:17 CET 2012 on sn-devel-104
2012-01-26s3:gse: return NT_STATUS_LOGON_FAILURE instead of NT_STATUS_INTERNAL_ERRORStefan Metzmacher1-2/+2
This matches the behavior of ads_verify_ticket(). Note that ads_verify_ticket() calls krb5_to_nt_status(), but as a server it's likely to always returns NT_STATUS_UNSUCCESSFUL. ads_verify_ticket() maps NT_STATUS_UNSUCCESSFUL to NT_STATUS_LOGON_FAILURE. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 26 10:48:36 CET 2012 on sn-devel-104
2012-01-26s4-rpc_server: Fix search for existing trust to actually look for the dns nameAndrew Bartlett1-1/+1
Found by a eagle-eyed user. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
2012-01-26s3-build: Remove FIXME, bigballofmud is no moreAndrew Bartlett1-2/+0
2012-01-26Update man page to fix typo vfs_aio_fork -> vfs_aio_pthread, addJeremy Allison1-1/+3
aio read size, aio write size examples. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 26 03:51:01 CET 2012 on sn-devel-104
2012-01-26Use sys_pread/sys_pwrite to cope correctly with 64-bit sizes. As in the ↵Jeremy Allison1-2/+16
default VFS case fall back from pread -> read and pwrite -> write on an ESPIPE error in the worker thread. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 26 02:11:28 CET 2012 on sn-devel-104
2012-01-25Add man page for vfs_aio_pthread module.Jeremy Allison1-0/+118
2012-01-25s3: Fix a panic in aio_pthreadVolker Lendecke1-1/+1
Found by Nir Drang <nir@fabrix.tv> Thanks! Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 25 18:22:37 CET 2012 on sn-devel-104
2012-01-25s3-waf: Reduce dependencies of winbindd.Andreas Schneider1-24/+9
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Jan 25 13:31:19 CET 2012 on sn-devel-104
2012-01-25s3-waf: Reduce dependencies of smbd_base.Andreas Schneider1-43/+10
2012-01-25s3-waf: Fix cups dependency in PRINTING.Andreas Schneider2-2/+2
2012-01-25s3-waf: Add missing dependency to LIBNET.Andreas Schneider1-2/+1
2012-01-25s3-waf: Add missing dependency to RPC_WINREG.Andreas Schneider1-1/+1
2012-01-25s3-waf: Reduce libsmbclient dependencies.Andreas Schneider1-2/+8
2012-01-25s3-waf: Reduce libnetapi dependencies.Andreas Schneider1-6/+11
2012-01-25s3-waf: Link vlp only against needed subsystems.Andreas Schneider1-1/+3
2012-01-25s3-waf: Link split_tokens only against needed subsystems.Andreas Schneider1-2/+3
2012-01-25s3-waf: Link dbwrap_torture only against needed subsystems.Andreas Schneider1-1/+3
2012-01-25s3-waf: Link dbwrap_tool only against needed subsystems.Andreas Schneider1-1/+3
2012-01-25s3-waf: Link test_lp_load only against needed subsystems.Andreas Schneider1-1/+4
2012-01-25s3-waf: Link rpc_open_tcp only against needed subsystems.Andreas Schneider1-2/+3