summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-10-22lib/util: remove the "includes.h" dependeny from util_file.cStefan Metzmacher1-5/+4
metze
2011-10-22dynconfig: replace #if (_SAMBA_BUILD_ >= 4) by feature testsStefan Metzmacher1-2/+10
metze
2011-10-22talloc/testsuite: remove #if _SAMBA_BUILD_==3Stefan Metzmacher1-9/+0
We don't include "includes.h" anymore... metze
2011-10-22auth/gensec: replace #if _SAMBA_BUILD_ == 4 by a feature testStefan Metzmacher1-1/+1
metze
2011-10-22Third part of fix for bug #8541 - readlink() on Linux clients fails if the ↵Jeremy Allison1-2/+1
symlink target is outside of the share. Missed passing ucf_flags instead of hard coded flags in findfirst call. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
2011-10-22Second part of fix for bug #8541 - readlink() on Linux clients fails if the ↵Jeremy Allison3-2/+12
symlink target is outside of the share. The statcache has to do lstat instead of stat when returning cached posix pathnames.
2011-10-22s4:finddcs_cldap: talloc free old memory before allocating a new netlogon structStefan Metzmacher1-0/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Oct 22 04:55:54 CEST 2011 on sn-devel-104
2011-10-22s4:finddcs_cldap: close the socket when it's not used anymoreStefan Metzmacher1-1/+2
The amount of possible fd's might be restricted, so close them early. metze
2011-10-22s4:finddcs_cldap: finddcs_cldap_recv() returns NTSTATUSStefan Metzmacher1-1/+6
We need to convert the errno based error to NTSTATUS before calling tevent_req_error (via tevent_req_nterror). metze
2011-10-22Fix bug #8541 - readlink() on Linux clients fails if the symlink target is ↵Jeremy Allison4-11/+43
outside of the share. The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink, but disallow all other operations. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
2011-10-22s4-cldap: fix cldap_socket_init to always specify the dest if local is NULLMatthieu Patou1-17/+18
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Oct 22 00:02:00 CEST 2011 on sn-devel-104
2011-10-21libcli-cldap: avoid the case local == remote == NULLMatthieu Patou1-1/+5
2011-10-21libcli/cldap: make sure the local and remote address family matchesStefan Metzmacher1-5/+25
metze Signed-off-by: Matthieu Patou <mat@matws.net>
2011-10-21s4-resolv: fix resolution of SRV records pointing to A and AAAA recordsMatthieu Patou1-161/+238
2011-10-21Deprecate "acl check permissions".Jeremy Allison2-1/+4
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 21 21:51:18 CEST 2011 on sn-devel-104
2011-10-21s3:idmap_autorid: document allocation poolChristian Ambach1-1/+6
document the need that excessive use of local users/group might require increasing the rangesize Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Fri Oct 21 18:04:50 CEST 2011 on sn-devel-104
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach6-6/+6
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-10-21Revert "s3:idmap/autorid add a small alloc pool to autorid"Christian Ambach1-61/+0
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32. just having 500 uid/gids values is not good enough for users using local users and groups in the order of thousands better solution which will use a complete range for allocated uids/gids will come next.
2011-10-21libcli: remove unneeded com_err.h and fix the build here.Günther Deschner1-4/+0
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Oct 21 15:52:36 CEST 2011 on sn-devel-104
2011-10-21s3-waf: only compile common.c in netapi examples code once.Günther Deschner1-2/+8
Guenther
2011-10-21s3-netapi: use NetApiBufferAllocate() for returned buffer in getdc calls.Günther Deschner1-2/+30
Guenther
2011-10-21s3-netapi: fix missing include in examples code.Günther Deschner1-0/+2
Guenther
2011-10-21libcli/smb: move smb_seal.c to the toplevelStefan Metzmacher10-18/+20
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 21 10:22:39 CEST 2011 on sn-devel-104
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc codeAndrew Bartlett7-74/+75
We always dereferenced auth_ntlmssp_state->gensec_security, so now we do not bother passing around the whole auth_ntlmssp_state. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-seal Remove struct smb_srv_trans_enc_ctxAndrew Bartlett3-104/+54
This structure added no value, particularly after the move to gensec. It was added at a time when auth_ntlmssp_state was not available in the client. This changed a while back (the wrapper was extended with client calls), and the move to gensec again reinforced that we do not need the extra complexity. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the smb sealing codeAndrew Bartlett4-46/+54
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_session_key()Andrew Bartlett4-17/+12
We now just call the gensec_session_key() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett9-31/+17
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-seal use gensec_[un]wrap() instead of gensec_[un]seal_packet()Andrew Bartlett1-54/+41
This should not make a difference for NTLMSSP as it still calls the low level ntlmssp_[un]seal_packet() functions with the same input parameters. If we convert the gss-api/krb5 based code to gensec we have to use gensec_[un]wrap() as the wire format is different compared to gensec_[un]seal_packet() there. Andrew Bartlett Split from another commit by Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp use gensec_{seal,unseal,sign,check}_packetAndrew Bartlett5-125/+55
This avoids the indirection via the auth_ntlmsssp wrapper functions. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and ↵Andrew Bartlett4-16/+4
auth_ntlmssp_negotiated_seal() We now just call the gensec_have_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett10-47/+41
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett5-23/+11
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3:smbd/seal: pass talloc_tos() auth_ntlmssp_update(), because we free a few ↵Stefan Metzmacher1-1/+1
lines later metze
2011-10-21s3:libsmb/smb_seal: always use SAFE_FREE(buf) in common_free_enc_buffer()Stefan Metzmacher1-14/+1
There's no need to do gss-api specific stuff, the buffer is always malloc'ed. metze
2011-10-21s3:libsmb/smb_seal: use plain malloc() in common_ntlm_encrypt_buffer()Stefan Metzmacher1-2/+7
metze
2011-10-21s3:libsmb/smb_seal: avoid ads_errstr() dependency and use gssapi_error_string()Stefan Metzmacher1-9/+28
metze
2011-10-21s3:libsmb/smb_seal: make use of common [_]smb_[set]len_nbt() macrosStefan Metzmacher1-11/+11
metze
2011-10-21s3:include: make smb_setlen() a macroStefan Metzmacher3-15/+1
metze
2011-10-21libcli/smb: add smb_setlen_[nbt|tcp] macrosStefan Metzmacher1-0/+8
metze
2011-10-21libcli/smb: move some common defines to smb_constants.hStefan Metzmacher3-55/+27
metze
2011-10-21build: compile (but do not install) netapi examplesAndrew Bartlett2-0/+65
The only example not yet built is the GTK domain join gui. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 21 01:31:55 CEST 2011 on sn-devel-104
2011-10-20s3:Makefile: make DSO_EXPORTS_CMD more portable (#8531)Björn Jacke1-1/+1
It sems like every not completely trivial sed expression should be tested with Solaris' sed. Its regexp engine is way more limited than the one of GNU sed. Thanks to Michael Pelletier for finding this! This fixes bug #8531 Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Oct 20 23:15:05 CEST 2011 on sn-devel-104
2011-10-20Refactor to create check_parent_access() which can be called for file ↵Jeremy Allison1-23/+64
creation too. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 20 20:29:22 CEST 2011 on sn-devel-104
2011-10-20Make mkdir_internal() check the parent ACL for SEC_DIR_ADD_SUBDIR rights.Jeremy Allison1-2/+33
2011-10-20build: compile (but do not install) all the libsmbclient testsAndrew Bartlett2-0/+40
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Oct 20 13:49:39 CEST 2011 on sn-devel-104
2011-10-20s3-netapi Compile (but do not install) netapi testsAndrew Bartlett2-1/+7