summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-08-30Now ACL inheritance flags are working, add test_inheritance_flags() back ↵Jeremy Allison1-5/+10
into raw.acls to ensure we don't regress.
2012-08-30With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS.Jeremy Allison1-1/+0
2012-08-30Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.Jeremy Allison1-3/+7
Change se_create_child_secdesc() to handle inheritance correctly.
2012-08-30Windows does canonicalization of inheritance bits. Do the same.Jeremy Allison1-0/+35
We need to filter out the SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set when an ACE is inherited. Otherwise we zero these bits out. See: http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531 for details.
2012-08-30Change the other two places where we set a security descriptor given by the ↵Jeremy Allison2-25/+2
client to got through set_sd(), the canonicalize sd function.
2012-08-30Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL ↵Jeremy Allison2-14/+28
canonicalization.
2012-08-30Rename set_sd() to set_sd_blob() - this describes what it does.Jeremy Allison3-6/+6
2012-08-30s3:libsmb correctly set isFsctl for snapshot listChristian Ambach1-1/+1
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker otherwise smbclient allinfo will not report snapshots any more with the changes made for Bug #8311 Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
2012-08-30selftest: Remove spoolss tests from knownfail.Andreas Schneider1-66/+0
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
2012-08-30selftest: Add missing printing options for plugin_s4_dc.Andreas Schneider1-0/+24
2012-08-30file_server: Fix spoolss support with s3fs.Andreas Schneider1-1/+1
2012-08-30selftest: Define the log directory for s3fs.Andreas Schneider1-0/+3
2012-08-30auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett3-3/+10
This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
2012-08-29s4-torture: Add start of a test to confirm winbindd PAC parsingAndrew Bartlett3-2/+157
So far this confirms that we can accept a ticket using the secrets.tdb entry. Andrew Bartlett
2012-08-29lib/krb4_wrap: Add const to kt_copy_one_principalAndrew Bartlett2-2/+2
2012-08-29s3:vfs_gpfs: Use directory not file to get fileset idChristof Schmitt2-5/+35
The query of the fileset quota needs to determine the file set id first. With the currently available interface, this requires opening the file to get a file descriptor. For files, this open can fail when a share mode is set. Workaround this by querying the fileset id on the directory instead. The proper solution would be getting an interface for getting the fileset id that does not require opening the file. Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
2012-08-29vfs_media_harmony: fix some compile warnings with llvmBjörn Jacke1-66/+66
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
2012-08-29s3-printing: fix bug 9123 lprng job tracking errorsDavid Disseldorp2-3/+3
The lprng printing back-end is truncating the print job filename in the lpq output, which means that Samba is not able to determine the back-end job ID for a newly submitted print job. Remove the unneeded spoolss job ID from the print job file name to ensure the job filename is not truncated. Also log these warnings at a higher log level. Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
2012-08-29libkrb5: Fix build with MIT Kerberos.Andreas Schneider1-6/+6
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
2012-08-29s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt ↵Andrew Bartlett1-1/+1
array it returns Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
2012-08-29s4-dsdb: Avoid printing secret attributes in ldb trace logsAndrew Bartlett1-0/+8
These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
2012-08-29lib/ldb: Avoid printing secret attributes in ldb trace logsAndrew Bartlett8-14/+352
These are printed when Samba has debug level 10, which is often used for debugging. Instead, print a note to say that this attribute has been skipped. Andrew Bartlett
2012-08-29auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()Andrew Bartlett1-29/+0
2012-08-29auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb recordsAndrew Bartlett1-32/+61
By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett
2012-08-29auth/credentials: Improve memory handling in cli_credentials_set_machine_accountAndrew Bartlett1-26/+26
By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
2012-08-29selftest: Add a test for smbclient --machine-pass without secrets.tdbAndrew Bartlett2-1/+10
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults in the server. This essentially tests both sides. Andrew Bartlett
2012-08-29auth/credentials: Avoid double-free in the failure caseAndrew Bartlett1-1/+1
This pointer is only valid if dbwrap_fetch returned success. Andrew Bartlett
2012-08-28s3-smbd: Fix flooding the logs with records we don't find in pcap.Andreas Schneider1-1/+1
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104
2012-08-28s3-classicupgrade: Fix import from ldapAndrew Bartlett1-2/+2
We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
2012-08-28lib/ldb: Bump ldb version to 1.1.11Andrew Bartlett3-1/+262
This will ensure the next Samba release requires an ldb with the recent fixes. Andrew Bartlett
2012-08-28s3-vfs: Indicate the symlink destination when failing check_reduced_nameAndrew Bartlett1-2/+2
2012-08-28s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2Andrew Bartlett1-12/+19
With the ability to handle times a abolute time_t values since 1970 this becomes more important to get absolutly correct. Andrew Bartlett
2012-08-28s3-vfs_shadow_copy2: Also accept a sscanf resultAndrew Bartlett1-18/+46
2012-08-28VERSION: Move on to beta8Andrew Bartlett1-2/+2
We actually expect beta7 to be the last beta, but to avoid confusion I won't mark it as rc1 until the actual release candidate. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 01:48:16 CEST 2012 on sn-devel-104
2012-08-28VERSION: Mark as the beta7 releaseAndrew Bartlett1-1/+1
2012-08-28WHATSNEW: prepare for 4.0 beta7Andrew Bartlett1-28/+42
2012-08-28selftest: Fix comment in blackbox_s3upgrade.shAndrew Bartlett1-1/+1
2012-08-28s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett2-7/+14
configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett3-2/+23
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-28auth/credentials: Rework credentials handling to try and find the most ↵Andrew Bartlett1-33/+71
recent machine pw As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb Andrew Bartlett
2012-08-28selftest: Add test of smbclient --machine-pass against and using both s3 and s4Andrew Bartlett5-0/+62
This uses both smbclient binaries to ensure that both work in both environments. Andrew Bartlett
2012-08-28auth/credentials: Expand secrets.tdb fetch of secrets to preserve ↵Andrew Bartlett1-0/+4
workstation and realm These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails. Andrew Bartlett
2012-08-28s4-dsdb: Remove double-free in update_keytab moduleAndrew Bartlett1-2/+0
2012-08-28s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in syncAndrew Bartlett6-2/+543
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-28s3-secrets: Use talloc_stackframe() in secrets_init_path()Andrew Bartlett1-3/+6
2012-08-28s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()Andrew Bartlett1-1/+2
2012-08-28s3-secrets: Add helper function to set machine account password from ↵Andrew Bartlett2-0/+92
secrets_tdb_sync secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-28lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett5-81/+109
2012-08-28s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett1-6/+7
2012-08-28s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett1-35/+35
This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett