summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-06-16s3-auth: Remove auth_netlogondAndrew Bartlett6-467/+1
auth_netlogond was an important module in the development of the combined Samba 4.0, and was the first module to link smbd with the AD authentication store, showing that it was possible for NTLM authentication to be offloaded to the AD server components. We now have auth_samba4, which provides the full GENSEC stack to smbd, which also matches exactly the group membership and privileges assignment and which is supported and tested as part of the official Samba 4.0 release configuration. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jun 16 10:13:20 CEST 2012 on sn-devel-104
2012-06-16s3-passdb: Remove pdb_adsAndrew Bartlett5-2709/+1
pdb_ads was an important module in the development of the combined Samba 4.0, and was the first module to show that standard samba3 tools such as smbpasswd can be made to operate on the sam.ldb. We now have pdb_samba4, which operates directly on the sam.ldb, rather than via ldapi://, which uses transactions and which is supported and tested as part of the official Samba 4.0 release configuration. This module is not as complete (for example, it does not honour the idmap configuration) and requires that the samba binary be running to operate. Andrew Bartlett
2012-06-16s4-classicupgrade: Also ask testparm for 'smb passwd file'Andrew Bartlett1-0/+2
2012-06-16WHATSNEW: Bump the version and announce the s3fs defaultAndrew Bartlett1-23/+28
2012-06-16s4-classicupgrade: Use "samba classic" description for samba3 NT4-like ↵Andrew Bartlett2-11/+13
domains in samba3upgrade
2012-06-16s4-lib/param: FLAG DAY for the default FILE SERVERAndrew Bartlett3-7/+8
This commit changes the default file server to be s3fs. Existing installs wishing to keep the ntvfs file server need to set this in their smb.conf: server services = +smb -s3fs dcerpc endpoint services = +winreg +srvsvc Andrew Bartlett
2012-06-16s4-s3upgrade: Assert that administrator has a SID of -500, and only skip ↵Andrew Bartlett1-2/+9
root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett
2012-06-16s4-s3upgrade: Add my wins.dat and fix the parsing errorAndrew Bartlett3-1/+27
The issue was that the numbers at the end of the lines are space padded. Andrew Bartlett
2012-06-16s4-s3upgrade: improve idmap import to use posixAccount and posixGroup entriesAndrew Bartlett1-2/+32
2012-06-16s4-idmap: Add mapping using uidNumber and gidNumber like idmap_adAndrew Bartlett2-2/+123
This is a solution for users who are upgrading from Samba 3.x in particuar, or have clients that will be using idmap_ad. This avoids needing to have duplicate values in idmap.ldb and in the directory. No check for conflicts is made with the idmap.ldb - the AD store always wins. Andrew Bartlett
2012-06-16Same fix as bug 8989 - Samba 3.5.x (and probably all other versions of ↵Jeremy Allison1-0/+9
Samba) does not send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls. See MS-CIFS 2.2.4.47.2 for details. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 16 07:59:19 CEST 2012 on sn-devel-104
2012-06-15Fix Bug 8989 - Samba 3.5.x (and probably all other versions of Samba) does ↵Jeremy Allison1-0/+6
not send correct responses to NT Transact Secondary when no data and no params Found by Richard Sharpe <realrichardsharpe@gmail.com>. The correct command code in a reply to NT Transact Secondary (0xa1) is NT Transact (0xa0).
2012-06-15s3: Slightly simplify grant_fsp_oplock_typeVolker Lendecke1-1/+3
The "else" is not necessary, we did a return in the if-branch Signed-off-by: Jeremy Allison <jra@samba.org>
2012-06-16s4-selftest: Add tests for dbcheck on an old database that needs repairAndrew Bartlett2-0/+44
We changed a lot since alpha13, so there are lots of legitimate errors to fix. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jun 16 05:44:15 CEST 2012 on sn-devel-104
2012-06-16s4-dbcheck: Always specify the dhcheck controlAndrew Bartlett1-0/+1
This will then allow us to make schema modifications, overriding the default ban. Andrew Bartlett
2012-06-16selftest: Add targetdir and tdbrestore parameters to undump.shAndrew Bartlett1-5/+22
2012-06-16build: Remove support for non-64bit sendfile()Andrew Bartlett3-120/+0
Some early Linux 2.6 platforms can not handle sendfile and _FILE_OFFSET_BITS == 64 This disables sendfile() on these platforms. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jun 16 02:21:28 CEST 2012 on sn-devel-104
2012-06-15selftest/flapping: mark samba4.nss.test using winbind(s3dc) as flakeyStefan Metzmacher1-0/+1
I saw this at least 10 times in the last weeks. [1425/1517 in 1h12m22s] samba4.nss.test using winbind(s3dc) UNEXPECTED(failure): samba4.nss.test using winbind(s3dc).run nsstest(s3dc) REASON: _StringException: _StringException: ERROR setpwent: NSS_STATUS=-1 1 (nss_errno=0) ERROR getpwent: NSS_STATUS=-1 1 (nss_errno=0) ERROR endpwent: NSS_STATUS=-1 1 (nss_errno=0) ERROR setgrent: NSS_STATUS=-1 1 (nss_errno=0) ERROR getgrent: NSS_STATUS=-1 1 (nss_errno=0) ERROR endgrent: NSS_STATUS=-1 1 (nss_errno=0) ERROR Non existent user gave error -1 ERROR Non existent uid gave error -1 ERROR Non existent group gave error -1 ERROR Non existent gid gave error -1 total_errors=10 FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites) metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 15 20:24:11 CEST 2012 on sn-devel-104
2012-06-15docs-xml: vfs_gpfs: add comment "per share option"Björn Baumbach1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-15docs-xml: vfs_gpfs: fix typoBjörn Baumbach1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-15docs-xml: add gpfs:acl option to vfs_gpfs man pageBjörn Baumbach1-0/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-15s3:vfs_gpfs: add "gpfs:acl" optionBjörn Baumbach1-0/+81
With "gpfs:acl=no" you can pass the acl calls to the next SMB_VFS module. Based on a patch from Hans-Dieter Schuster <hans-dieter.schuster@ts.fujitsu.com> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-06-15dbwrap: Remove an unnecessary ZERO_STRUCTVolker Lendecke1-1/+0
We assign the only struct member one line down Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-15s3-winbindd: fix the build of idmap_ad modules.Günther Deschner1-1/+2
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Jun 15 18:16:11 CEST 2012 on sn-devel-104
2012-06-15s3-lib: Fix conversion of lib/events.c to modern tevent namesAndrew Bartlett1-2/+2
This corrects an error in 8e31d97c8b62d34aff5d52bfe46dbcc5805dae03. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 15 16:25:20 CEST 2012 on sn-devel-104
2012-06-15dbwrap: dbwrap_trans_store_uint32->dbwrap_trans_store_uint32_bystringVolker Lendecke4-6/+8
Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 15 14:20:04 CEST 2012 on sn-devel-104
2012-06-15dbwrap: dbwrap_trans_store_int32->dbwrap_trans_store_int32_bystringVolker Lendecke5-7/+10
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: ↵Volker Lendecke3-10/+10
dbwrap_trans_change_int32_atomic->dbwrap_trans_change_int32_atomic_bystring Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_change_int32_atomic->dbwrap_change_int32_atomic_bystringVolker Lendecke2-4/+8
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: ↵Volker Lendecke3-10/+10
dbwrap_trans_change_uint32_atomic->dbwrap_trans_change_uint32_atomic_bystring Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_change_uint32_atomic->dbwrap_change_uint32_atomic_bystringVolker Lendecke4-6/+10
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_uint32->dbwrap_store_uint32_bystringVolker Lendecke8-14/+19
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_uint32->dbwrap_fetch_uint32_bystringVolker Lendecke11-23/+25
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_store_int32->dbwrap_store_int32_bystringVolker Lendecke7-20/+23
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15dbwrap: dbwrap_fetch_int32->dbwrap_fetch_int32_bystringVolker Lendecke7-20/+23
Signed-off-by: Michael Adam <obnox@samba.org>
2012-06-15s3-build: Do not write loadparm generated files into the build treeAndrew Bartlett8-29/+35
We need to keep these files away from where waf might see them. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 15 11:10:14 CEST 2012 on sn-devel-104
2012-06-15s3-lib: Convert lib/events.c to modern tevent namesAndrew Bartlett1-14/+14
2012-06-15docs: document new server role valuesAndrew Bartlett1-2/+24
2012-06-15s3-auth: rework default auth methods around the lp_server_role() parameterAndrew Bartlett2-18/+23
To cover all the enum values, ROLE_ACTIVE_DIRECTORY_DOMAIN_CONTROLLER is mapped to the samba4 auth module, and this is no longer required to be specified in fileserver.conf. Andrew Bartlett
2012-06-15lib/param: Use server role = 'standalone server' to be consistant with ↵Andrew Bartlett3-7/+12
member server standalne is left as an alias. Andrew Bartlett
2012-06-15lib/param: make security=domain and security=ads conflict with being a DCAndrew Bartlett1-18/+2
This simplifies our supported configurations down to those that we test and expect to work. security=domain and domain logons = yes has never made much sense, and security=ads and domain logons = yes was only ever used in early experiments for our AD support using smbd. The correct way to be an AD DC is to set "server role = active directory domain controller" Andrew Bartlett
2012-06-15lib/param: Create a seperate server role for "active directory domain ↵Andrew Bartlett29-55/+64
controller" This will allow us to detect from the smb.conf if this is a Samba4 AD DC which will allow smarter handling of (for example) accidentially starting smbd rather than samba. To cope with upgrades from existing Samba4 installs, 'domain controller' is a synonym of 'active directory domain controller' and new parameters 'classic primary domain controller' and 'classic backup domain controller' are added. Andrew Bartlett
2012-06-15s3-auth: Merge SEC_DOMAIN and SEC_ADS cases in creating the default auth ↵Andrew Bartlett1-7/+2
module list
2012-06-15s3-auth: Fix system info3 return to be just SID_NT_SYSTEMAndrew Bartlett1-11/+17
The SID for the SYSTEM token should be a fixed value, and not the administrator. Note however that it will be replaced by the SID of sec_initial_uid() by the create_local_token() code. Fixing this requires fixes the other parts of the code that cannot cope with a token of just SID_NT_SYSTEM. Andrew Bartlett
2012-06-15s3-auth: Fix system token generation not to dereference pointer as an integerAndrew Bartlett1-1/+1
This continues on from commit caaebb455cf955f66c2f662c53998c480cb2d6c9 which is marked as being part of bug #8944, ldapsam:trusted and ipasam and an additional fix for bug #8567 (0528cb5f3a15b72dcb34ece21a3ffb3e7b8d6eb9). The problem here was that the primary_gid was simply the pointer result of dom_sid_parse_talloc() cast to a uint32_t (found by the IRIX cc on the build farm). Andrew Bartlett
2012-06-15s3-auth: Give the SYSTEM token all privilegesAndrew Bartlett1-0/+4
2012-06-15s3:smb2_server: remember the request_time on an incoming requestStefan Metzmacher3-0/+5
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 15 09:17:33 CEST 2012 on sn-devel-104
2012-06-15s3:smbd: remember the request_time on an incoming requestStefan Metzmacher2-0/+6
metze
2012-06-15heimdal:lib/hdb: <config.h> needs to be the first headerStefan Metzmacher1-2/+2
This should fix build problems on AIX. metze
2012-06-15auth.idl: mark confidential attributes as [noprint]Stefan Metzmacher1-4/+4
We should allow NDR_PRINT_DEBUG() to log them. TODO: we could add some more magic which logs it at level 100. metze