summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-07-29s3:dbwrap: untangle assignemend and check in dbwrap_change_uint32_atomic()Michael Adam1-2/+2
Michael
2009-07-29s3:dbwrap: don't leak in dbwrap_change_int32_atomic().Michael Adam1-2/+3
Michael
2009-07-29s3:dbwrap: don't leak in dbwrap_change_uint32_atomic()Michael Adam1-2/+3
Michael
2009-07-29s3:dbwrap: change dbwrap_change_int32_atomic() to return NTSTATUS not int32.Michael Adam2-8/+9
Michael
2009-07-29s3:dbwrap: change dbwrap_change_uint32_atomic() to return NTSTATUS not uint32_t.Michael Adam5-17/+19
Michael
2009-07-29s3:winbind: in idmap_tdb2_sid_to_id(), use transaction wrapped stores.Michael Adam1-9/+15
When a mapping is not found, then the idmap script is called (if defined). When this gives a reply for the desired sid, this reply is stored in the db. This patch wraps theses two store operations into a transaction by re-using the idmap_tdb2_set_mapping_action() function previously defined for idmap_tdb2_set_mapping(). Michael
2009-07-29s3:winbind: in idmap_tdb2_id_to_sid(), use transaction wrapped stores.Michael Adam1-9/+12
When a mapping is not found, then the idmap script is called (if defined). When this gives a reply for the desired id, this reply is stored in the db. This patch wraps theses two store operations into a transaction by re-using the idmap_tdb2_set_mapping_action() function previously defined for idmap_tdb2_set_mapping(). Michael
2009-07-29s3:winbind: use transaction wrapper in idmap_tdb2_allocate_id()Michael Adam1-43/+69
Michael
2009-07-29s3:winbind: use transaction wrapper in idmap_tdb2_set_mapping()Michael Adam1-49/+55
Michael
2009-07-29shadow_copy2: The system getrealfilename() can't deal with a 0-length fnameVolker Lendecke1-0/+3
This fixes viewing the content of snapshots in the share root directory. We have to treat the filename that *just* consists of "@GMT-YYYY.MM.DD-HH.MM.SS" like the share root, which is the current working directory.
2009-07-29Fix unqualified "net join"Volker Lendecke1-4/+1
Kai, please check! Thanks, Volker
2009-07-28(Hopefully) fix the problem Kai reported withJeremy Allison4-8/+60
net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy.
2009-07-29s4:samba3sam Remove extra newlines that broke samba3sam testAndrew Bartlett2-2/+0
The python ldif parser was changed to be stricter (perhaps too strict), and the extra newlines broke it. The problem was masked earlier because errors parsing the LDIF were considered to be 'end of file', and so no error was raised. Andrew Bartlett
2009-07-29s4:provision We no longer add krbtgt or kpasswd account into secrets.ldbAndrew Bartlett1-1/+1
2009-07-28Remove a duplicate prototypeVolker Lendecke1-1/+0
2009-07-28Added prefer_ipv4 bool parameter to resolve_name().Jeremy Allison15-37/+104
W2K3 DC's can have IPv6 addresses but won't serve krb5/ldap or cldap on those addresses. Make sure when we're asking for DC's we prefer IPv4. If you have an IPv6-only network this prioritizing code will be a no-op. And if you have a mixed network then you need to prioritize IPv4 due to W2K3 DC's. Jeremy.
2009-07-28release-scripts: Remove RFCs in source4/.Karolin Seeger1-0/+8
Remove RFCs as they are non-free content (with a strict interpretation of the DFSG). Addresse Debian bug #538034. Karolin
2009-07-28pidl: import a patch to pidl made in the wireshark reporitory.Ronnie Sahlberg1-5/+19
Original commit message in wireshark SVN (rev 28961): ==== From Kovarththanan Rajaratnam: More "Cleanup header_field_info definitions" ==== Signed-off-by: Ronnie Sahlberg <ronniesahlberg@gmail.com> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-07-28s4:gensec/spnego: only generate the mechListMic when the server expects itStefan Metzmacher1-1/+2
This fixes the ntvfs.cifs tests. metze
2009-07-28Fix compile of py_net.cAndrew Bartlett1-1/+3
2009-07-28s4:libnet Add in a 'credentials' parameter for python libnet_JoinAndrew Bartlett1-7/+20
2009-07-28s4:tls Enable GnuTLS back to version 1.4 (an into the future)Andrew Bartlett1-1/+1
We think we have the bug fixed. Andrew Bartlett
2009-07-28s4:kerberos Add support for user principal names in certificatesAndrew Bartlett8-42/+161
This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett16-39/+419
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Fix the build breakage by #including modules/vfs_acl_common.cJeremy Allison5-50/+33
into acl_tdb and acl_xattr. Duplicates the code size, but keeps the code in common so I don't have to do bug fixes in two places (which is what I really cared about). Jeremy.
2009-07-27s3: net ads user info should print primary group as well (bug #2658)Kai Blin1-15/+57
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and offering an initial patch.
2009-07-27umount.cifs: do not attempt to update /etc/mtab if it is symbolic linkShirish Pargaonkar1-3/+4
If /etc/mtab is a symbolic link to e.g. /proc/mounts, do not update it. This is a fix for a bug reported in 4675 on samba bugzilla Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
2009-07-27frstrans.idl: add definition of frstrans_InitializeFileTransferAsync()Stefan Metzmacher1-1/+79
metze
2009-07-27frstrans.idl: add definition of frstrans_AsyncPoll()Stefan Metzmacher1-1/+32
metze
2009-07-27frstrans.idl: add definition of frstrans_RequestVersionVector()Stefan Metzmacher1-1/+19
metze
2009-07-27frstrans.idl: add definition of frstrans_RequestUpdates()Stefan Metzmacher1-1/+54
metze
2009-07-27frstrans.idl: add definition of frstrans_EstablishSessionStefan Metzmacher1-1/+4
metze
2009-07-27frstrans.idl: add definition of frstrans_EstablishConnection()Stefan Metzmacher1-1/+17
metze
2009-07-27frstrans.idl: add definition of frstrans_CheckConnectivity()Stefan Metzmacher1-1/+4
metze
2009-07-27librpc: rerun "make idl_full"Stefan Metzmacher6-14/+14
metze
2009-07-27pidl: allow foo being on the wire after [length_is(foo)] uint8 *bufferStefan Metzmacher1-0/+4
metze
2009-07-27pidl: add support for [string] on fixed size arrays.Stefan Metzmacher3-2/+117
midl also supports this: struct { long l1; [string] wchar_t str[16]; long l2; }; Where the wire size of str is encoded like a length_is() header: 4-byte offset == 0; 4-byte array length; The strings are zero terminated. metze
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher10-361/+8
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27Lift the event loop in rpc_api_pipe_req() one level into cli_do_rpc_ndrVolker Lendecke4-72/+126
2009-07-27Fix a valgrind error in chain_replyVolker Lendecke2-3/+12
construct_reply() references the request after chain_reply has freed it.
2009-07-27Fix a typoVolker Lendecke1-1/+1
2009-07-27Fix a valgrind error in winbindVolker Lendecke1-1/+2
When looking for idle clients, we dereferenced state->response. As this is dynamically allocated now, the proper test is whether state->response exists at all. This is the case when an async operation is in process at that moment.
2009-07-27s4:kerberos Add test to show that we actually export the keytabAndrew Bartlett3-1/+69
While it is hard to prove it is correct, at least the new 'nettestuser' principal and the Administrator principal are correct. We had to fix the case of 'Administrator' in the selftest code to match the DB, as the keytab lookup is case sensitive. Andrew Bartlett
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett10-8/+361
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett6-29/+39
This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
2009-07-27s4:setup add 'cn' attribute to Samba4 local schemaAndrew Bartlett1-0/+4
(We recently made the ms_schema.py script also add this attribute)
2009-07-27s4:heimdal Extend the 'hdb as a keytab' codeAndrew Bartlett1-4/+145
This extends the hdb_keytab code to allow enumeration of all the keys. The plan is to allow ktutil's copy command to copy from Samba4's hdb_samba4 into a file-based keytab used in wireshark. One day, with a few more hacks, we might even make this a loadable module that can be used directly... Andrew Bartlett
2009-07-27s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett5-63/+90
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
2009-07-27docs: fix typos in the net man page.Michael Adam1-3/+3
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> . Michael
2009-07-27Fix some nonempty blank linesVolker Lendecke1-105/+103