summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-08-17s4:provision Rework provision-backend into provisionAndrew Bartlett9-811/+608
This removes a *lot* of duplicated code and the cause of much administrator frustration. We now handle starting and stopping the slapd (at least for the provision), and ensure that there is only one 'right' way to configure the OpenLDAP and Fedora DS backend We now run OpenLDAP in 'cn=config' mode for online configuration. To test what was the provision-backend code, a new --ldap-dryrun-mode option has been added to provision. It quits the provision just before it would start the LDAP binaries Andrew Bartlett
2009-08-17s4:provision Move helper functions back to provisionAndrew Bartlett1-21/+0
(These will be added back in a future commit)
2009-08-17s4:setup Don't manually set @ATTRIBUTES any moreAndrew Bartlett1-32/+0
We now set these as part of the schema load, and we now load the schema before the provision loads the DB, so setting them here is pointless Andrew Bartlett
2009-08-17s4:python Push some helper functions from SamDB into samba.LdbAndrew Bartlett2-64/+57
This makes it possible to do a bit more of the provision with Samba helpers, but without some of the otherwise useful things (such as loading in the global schema) that SamDB does. Rewrite provision_erase to use a recursive search, rather than a looping subtree search. This is much more efficient, particularly now we have one-level indexes enabled. Delete the @INDEX and similar records *after* deleting all other visible records, this hopefully also assists performance. Andrew Bartlett
2009-08-17s4:schema Allow a schema load on an unconnected databaseAndrew Bartlett2-6/+7
This helps ensure we don't load the schema too often in the provision (allowing a reference in of the schema before the modules load). Andrew Bartlett
2009-08-17s4:provision Remove the ACI element from the provision templatesAndrew Bartlett4-17/+14
We need to find a better way to apply this (used in the Fedora DS LDAP backend), not by trying to tunnel this down the module stack. Andrew Bartlett
2009-08-17s4:schema Provide a way to reference a loaded schema between ldbsAndrew Bartlett3-16/+56
This allows us to load the schema against one ldb context, but apply it to another. This will be useful in the provision script, as we need the schema before we start the LDAP server backend. Adnrew Bartlett
2009-08-16s3:winbind: The get[gr|pw]end functions need access to the client stateVolker Lendecke18-3/+36
2009-08-16s3:winbind: Convert WINBINDD_GETGRNAM to the new APIVolker Lendecke5-253/+199
2009-08-16s3:winbind: Convert WINBINDD_GETGRGID to the new APIVolker Lendecke5-52/+143
2009-08-16s3:winbind: Add winbindd_print_groupmemVolker Lendecke2-0/+75
This converts a talloc_dict retrieved from wb_group_members to the string that the pipe protocol expects
2009-08-16s3:winbind: Make fill_grent publically availableVolker Lendecke2-3/+4
2009-08-16s3:winbind: Add const to normalize_name_mapVolker Lendecke2-4/+4
2009-08-16s3:winbind: Add async wb_getgrsidVolker Lendecke3-0/+160
2009-08-16s3:winbind: Add async wb_group_membersVolker Lendecke12-2/+1091
2009-08-16s3:winbind: Make wcache_lookup_groupmem available publicallyVolker Lendecke2-24/+60
2009-08-16s3: Add talloc_dict.[ch]Volker Lendecke5-0/+258
2009-08-16s3:winbind: Fix a potential segfault in libwbclientVolker Lendecke1-1/+1
2009-08-16s3:winbind: Convert winbindd_show_sequence to the new APIVolker Lendecke5-112/+178
2009-08-16s3:winbind: Add async wb_seqnumsVolker Lendecke3-0/+139
This is something that would have been very difficult with the old style of async requests: Send the request to all children simultaneously.
2009-08-16s3:winbind: Add async wb_seqnumVolker Lendecke12-2/+447
2009-08-16s3:winbind: WINBIND_USERINFO -> wbint_userinfoVolker Lendecke12-87/+49
2009-08-16s3:winbind: Simplify _wbint_[GU]id2SidVolker Lendecke1-16/+4
2009-08-15tevent: add some more doxygen comments for tevent_req functionsStefan Metzmacher1-0/+38
metze
2009-08-15s3:Makefile: build ../libcli/smb/smb2_create_blob.o as part of smbdStefan Metzmacher1-0/+1
metze
2009-08-15libcli/smb: add smb2_create_blob_find()Stefan Metzmacher2-0/+23
metze
2009-08-14Use defined names rather than numeric constants to make codeJeremy Allison1-2/+2
clearer. Jeremy.
2009-08-14gpfs.so: map the file_inherit and dir_inherit flags away for filesMichael Adam1-1/+15
GPFS sets inherits dir_inhert and file_inherit flags to files, too, which confuses windows, and seems to be wrong anyways. So when mapping a nfs4 acl to a windows acl, we map these flags away for files. Michael
2009-08-14cifs.upcall: fix IPv6 addrs sent to upcall to have colon delimitersJeff Layton1-4/+29
Current kernels don't send IPv6 addresses with the colon delimiters, add a routine to add them when they're not present. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: use ip address passed by kernel to get server's hostnameJeff Layton1-12/+56
Instead of using the hostname given by the upcall to get the server's principal, take the IP address given in the upcall and reverse resolve it to a hostname. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: clean up flag handlingJeff Layton1-10/+10
Add a new stack var to hold the flags returned by the decoder routine so that we don't need to worry so much about preserving "rc". With this, we can drop privs before trying to find the location of the credcache. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: try getting a "cifs/" principal and fall back to "host/"Jeff Layton2-14/+18
cifs.upcall takes a "-c" flag that tells the upcall to get a principal in the form of "cifs/hostname.example.com@REALM" instead of "host/hostname.example.com@REALM". This has turned out to be a source of great confusion for users. Instead of requiring this flag, have the upcall try to get a "cifs/" principal first. If that fails, fall back to getting a "host/" principal. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: declare a structure for holding decoded argsJeff Layton1-30/+33
The argument list for the decoder is becoming rather long. Declare an args structure and use that for holding the args. This also simplifies pointer handling a bit. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: formatting cleanupJeff Layton1-47/+37
Clean up some unneeded curly braces, and fix some indentation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14cifs.upcall: clean up logging and add debug messagesJeff Layton1-32/+47
Change the log levels to be more appropriate to the messages being logged. Error messages should be LOG_ERR and not LOG_WARNING, for instance. Add some LOG_DEBUG messages that we can use to diagnose problems with krb5 upcalls. With these, someone can set up syslog to log daemon.debug and should be able to get more info when things aren't working. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-14s3:smbd: allow SMB2 Cancel to have the async flag setStefan Metzmacher1-6/+8
metze
2009-08-14s3:smbd: fix parsing of the SMB2 bodyStefan Metzmacher1-5/+7
Maybe there's no dynamic part on the wire. metze
2009-08-14s4:samdb python bindings - we don't need the attributes hereMatthias Dieter Wallnöfer1-2/+1
2009-08-14s4:ldb - Free the asynchronous resultMatthias Dieter Wallnöfer1-0/+2
2009-08-14s4: Correct the parameter logic of the "setpassword" scriptMatthias Dieter Wallnöfer1-7/+4
Either the username or the filter are allowed. If both are given the filter is going to be used due to a higher precedence.
2009-08-14s4: Better way to call "dom_sid_to_rid" from ldap.pyMatthias Dieter Wallnöfer2-4/+12
2009-08-14s4: Remove obsolete "samdb_password_quality_ok" function (it's just a ↵Matthias Dieter Wallnöfer1-10/+1
one-line wrapper)
2009-08-14s4: cracknames.c: Change the handling of the NT_STATUS_NO_MEMORY status resultsMatthias Dieter Wallnöfer1-4/+6
With the previous check I got random failures when trying to connect to the LDAP server.
2009-08-14s4:ldap_server Correct removal of talloc_steal()Andrew Bartlett1-1/+0
This corrects commit 7a82aed71b74af8bc2a8a4381541adbb22452d20. The steal did not set ent->attributes, so it was incorrect to assign to ent->attributes. Andrew Bartlett
2009-08-14fixed TESTS= in make test to allow multiple testsAndrew Tridgell1-2/+16
Now you can do: make test TESTS="test1 test2" and it will run those two tests, each matching tests using a case insensitive substring match
2009-08-14s4:ldap_server Remove another talloc_steal (with references)Andrew Bartlett1-1/+1
This talloc_steal also conflicts with the ldb_map code, and like the previous commit, is rudundent given the talloc_steal of the whole msg above. Andrew Bartlett
2009-08-14s4:ldap_server Don't talloc_steal (with references) in ldap_backendAndrew Bartlett1-1/+1
There may or may not be a need to take a reference to the 'name' in the ldb_map code, but given we seal the whole msg just above here, it makes no senst to steal the name, but not the values. Andrew Bartlett
2009-08-12Fix EVERY SINGLE build on the buildfarm that doesn't haveJeremy Allison2-0/+5
bindtextdomain or textdomain. C'mon, this is what configure.in is *FOR*. Jeremy.
2009-08-12Move build over to storing DOS attributes in EA's.Jeremy Allison1-2/+4
Turn off "map to" directives. I've now fixed the issues with the build tests running this way. I think this is how most people run these days - please raise this on the list (or revert) if you disagree.
2009-08-12When mapping EA's into a TDB, don't remove the EAJeremy Allison1-0/+9
until the last link to the file is gone (fixes the build farm RAW-RENAME test with xattr's in tdb's). Jeremy.