summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-08-26netlogon: make netr_NegotiateFlags a public bitmap.Günther Deschner3-3/+5
Guenther
2009-08-26Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke4-1/+43
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
2009-08-26cifs.upcall: make using ip address conditional on new optionJeff Layton2-27/+50
Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-26cifs.upcall: switch to getopt_longJeff Layton1-1/+7
...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-08-26s4:provision Ensure that @OPTIONS is mirrored into each partitionAndrew Bartlett3-3/+7
The previous patches to the provision system cut down on the number of reconnects, and disabled the partition handling for part of the process. This means we lost the setting of @OPTIONS as a replicated attribute into the partitions. Andrew Bartlett
2009-08-26s4:ldb Add ldb_ldif_write_string() and python wrappersAndrew Bartlett4-1/+95
This allows us to turn a python LdbMessage back into a string. Andrew Bartlett
2009-08-26s4:ldb Add hooks to get/set the flags on a ldb_message_elementAndrew Bartlett2-5/+65
Also add tests to prove that we got this correct, and correct the existing tests which used the wrong constants. Andrew Bartlett
2009-08-26s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use tallocAndrew Bartlett1-14/+20
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an internal talloc hirarchy, so we can safely give it a NULL context from the python. It also fixes manual construction of the ldb_message - we now use the right helper functions. Andrew Bartlett
2009-08-26s4:provison Add prefixes to ldb using same code a later modify will useAndrew Bartlett4-8/+38
This allows us to test out the code that will do the modify of the prefixMap, and to provide the bindings that may assist a future upgrade script. Andrew Bartlett
2009-08-26s4:provision Only create references to our server DN after the self joinAndrew Bartlett6-9/+39
This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett
2009-08-26s4:scheam quiet a 'const' warningAndrew Bartlett1-1/+1
2009-08-26s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schemaAndrew Bartlett1-14/+13
The aim is to create a function that is more easily wrapped for python, so that we can write the updated prefixMap in an upgrade script. Andrew Bartlett
2009-08-26s4:dsdb Use helper function to add 'show deleted' controlAndrew Bartlett1-20/+10
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett
2009-08-26s3-netlogon: fix default case when _netr_LogonSamLogon is called from other ↵Günther Deschner1-1/+3
opcodes. Guenther
2009-08-26Revert "s3: Fix uninitialized const char *"Günther Deschner1-1/+0
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the debug messages completely. Followup fix to come immediately. This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578.
2009-08-26s3-netlogon: get rid of init_net_r_req_chal().Günther Deschner1-13/+1
Guenther
2009-08-26s3-netlogon: let get_md4pw() return a struct samr_Password.Günther Deschner2-8/+7
(in preparation of credential merge). Guenther
2009-08-26s3-netlogon: make _netr_ServerAuthenticate a callback to ↵Günther Deschner1-46/+16
_netr_ServerAuthenticate3. Guenther
2009-08-25Allow for name array strings that don't end in a slashZach Loafman1-12/+17
Fix set_namearray to allow for strings that don't end in a slash. Also remove unnecessary strdup()s. Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-08-25Add some const to dsgetdcnameVolker Lendecke2-6/+6
2009-08-25Do an early TALLOC_FREEVolker Lendecke1-1/+2
2009-08-25netlogon: give netlogon w7/w2k8r2 AES negotiate flag proper name (see bug ↵Günther Deschner3-3/+3
#6099 for details). Guenther
2009-08-25fixed DRS rename of deleted objectsAndrew Tridgell1-1/+20
The objectclass module checks that the target parent exists, and refuses renames if it doesn't exist. For this to work for deleted objects we have to do the search in the objectclass module with the "show deleted" control enabled.
2009-08-25fixed a double free bug on error in net exportAndrew Tridgell1-1/+0
2009-08-25s4:python Fix the reprovision test by deleting 'deleted' objects too.Andrew Bartlett1-6/+9
We were failing because CN=Deleted Objects, which is marked as 'deleted' itself, could not be re-added in a reprovision. Andrew Bartlett
2009-08-25s4:dsdb Rework show_deleted module not to liniearise the LDAP filterAndrew Bartlett1-72/+37
Instead, use the fact that the ldb_parse_tree structure is public to construct the 'and not deleted' clause as a structure, and apply each filter tree to that template. Andrew Bartlett
2009-08-24Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks.Jeremy Allison1-0/+4
Should help track if we get invoked with an invalid fd from the signal handler. Jeremy.
2009-08-24Second attempt at fix for bug 6529 - Offline files conflict with Vista and ↵Jeremy Allison19-133/+188
Office 2003. Confirmation from reporter that this fixes the issue in master on ext3/ext4. Back-ports to follow. Jeremy.
2009-08-24Allow systems with timestamp granularity of 1sec to work withJeremy Allison1-0/+15
this test. Jeremy.
2009-08-24Use existing time_t rounding function, don't invent my own.Jeremy Allison1-1/+1
Jeremy.
2009-08-24netlogon: add (yet) undocumented netlogon negotiate bit to bitmap.Günther Deschner3-0/+3
This bit is set by the Win7 client while joining. Guenther
2009-08-24s3-netlogon: Only hand out rid when netlogon credential chain has been setup ↵Günther Deschner1-1/+5
sucessfully. Guenther
2009-08-24Second part of fix for 6529 - Offline files conflict with Vista and Office 2003.Jeremy Allison3-0/+22
ext4 may be able to store ns timestamps, but the only API to *set* timestamps takes usec, not nsec. Round to usec on set requests. Jeremy.
2009-08-24Fix make test.Jeremy Allison1-0/+1
Jeremy.
2009-08-24make smbcontrol smbd ping work proper checking for arguments handle short ↵Olaf Flebbe2-14/+21
pid_t correctly
2009-08-24libndr: add missing protoypes for double type.Günther Deschner1-0/+1
Guenther
2009-08-24tevent: avoid using reserved c++ word.Günther Deschner1-1/+1
Guenther
2009-08-24s4:dsdb Use talloc_strndup() to ensure OIDs are null terminatedAndrew Bartlett1-8/+11
The OIDs are not NULL terminated by the python caller, in line with the LDB API, but we need them to be here, as we were casting them to a string. Andrew Bartlett
2009-08-24s4:ldb Add python binding and test for ldb_msg_diff()Andrew Bartlett2-0/+43
2009-08-24s4:dsdb Add constAndrew Bartlett1-2/+2
2009-08-24s4:dsdb remove unused variableAndrew Bartlett1-1/+0
2009-08-24s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the endAndrew Bartlett1-7/+17
The problem is that samdb_result_string() and ldb_msg_find_attr_as_string() both simply cast the string, rather than ensuring the return value is NULL terminated. This may be best regarded as a flaw in LDB, but fixing it there is going to be more difficult. Andrew Bartlett
2009-08-24note the semantic change in talloc_free from 2.0Andrew Tridgell2-8/+9
2009-08-24fixed typo in talloc doc XMLAndrew Tridgell1-1/+2
2009-08-24LIBREPLACEOBJ now contains the full pathAndrew Tridgell2-8/+2
2009-08-24updated XML source for talloc man pageAndrew Tridgell1-1/+73
2009-08-24added talloc_set_log_* documentationAndrew Tridgell1-0/+11
2009-08-24updated talloc guide for recent API changesAndrew Tridgell1-2/+54
2009-08-24make lib/replace more usable in standalone buildsAndrew Tridgell1-2/+2
This makes the lib/replace m4 work in lib/talloc as a standalone build
2009-08-24fixed getpass m4Andrew Tridgell1-2/+2
This allows the getpass.m4 code to work in standalone talloc builds