summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-06-08talloc: try to fix the source4 build on AIXStefan Metzmacher1-1/+1
metze
2009-06-08async_sock: try fix the source4 build on FreeBSD, Solaris, SLES8Stefan Metzmacher5-16/+15
metze
2009-06-08Update WHATSNEW for an alpha8 release this week.Andrew Bartlett1-30/+11
Please update this file with things you have worked on, if you want them to be mentioned in the release. Andrew Bartlett
2009-06-07Add "net sam createdomaingroup"Volker Lendecke1-0/+36
2009-06-07More pdb_ads stuffVolker Lendecke1-6/+108
2009-06-07Add tldap_pull_uint32Volker Lendecke2-0/+14
2009-06-07mount.cifs: update the mount.cifs manpageJeff Layton1-50/+95
Add a new section entitled FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS that attempts to cover information about this topic. Change the uid= and gid= options to refer to that section. Add new varlistentries for forceuid, forcegid and dynperm. Also update the information about how the program behaves when installed as a setuid binary. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-07Make "net sam list" work for groups, aliases and builtinsVolker Lendecke1-7/+58
2009-06-07Return full info in pdb_ads_search_users()Volker Lendecke1-5/+17
2009-06-07Fix syntax of sending a delete requestVolker Lendecke1-1/+1
2009-06-07req_del and req_abandon are ASN1_APPLICATION_SIMPLEVolker Lendecke1-2/+4
Ok, ASN1_APPLICATION everywhere was too easy :-)
2009-06-07Fix after making tldap independent of ldap.hVolker Lendecke1-21/+24
2009-06-07s3-groupdb: fix enum_aliasmem in ldb branch.Günther Deschner1-1/+1
It is totally valid to have an alias with no members. Tridge, please check. Found by RPC-SAMR torture test. Guenther
2009-06-07s3-samr: fix return code of _samr_LookupRids when run with pdb_ldap.Günther Deschner1-0/+5
when _samr_LookupRids is called with no rids, it needs to return NT_STATUS_NONE_MAPPED (not NT_STATUS_NO_MEMORY). Found by RPC-SAMR torture test. Guenther
2009-06-07s3-samr: SetGroupInfo level 1 should not return NT_STATUS_INVALID_INFO_CLASS.Günther Deschner1-3/+0
Found by RPC-SAMR torture test. Guenther
2009-06-06mount.cifs: properly check for mount being in fstab when running setuid root ↵Jeff Layton1-40/+162
(try#3) This is the third attempt to clean up the checks when a setuid mount.cifs is run by an unprivileged user. The main difference in this patch from the last one is that it fixes a bug where the mount might have failed if unnecessarily if CIFS_LEGACY_SETUID_CHECK was set. When mount.cifs is installed setuid root and run as an unprivileged user, it does some checks to limit how the mount is used. It checks that the mountpoint is owned by the user doing the mount. These checks however do not match those that /bin/mount does when it is called by an unprivileged user. When /bin/mount is called by an unprivileged user to do a mount, it checks that the mount in question is in /etc/fstab, that it has the "user" option set, etc. This means that it's currently not possible to set up user mounts the standard way (by the admin, in /etc/fstab) and simultaneously protect from an unprivileged user calling mount.cifs directly to mount a share on any directory that that user owns. Fix this by making the checks in mount.cifs match those of /bin/mount itself. This is a necessary step to make mount.cifs safe to be installed as a setuid binary, but not sufficient. For that, we'd need to give mount.cifs a proper security audit. Since some users may be depending on the legacy behavior, this patch also adds the ability to build mount.cifs with the older behavior. Signed-off-by: Jeff Layton <jlayton@redhat.com>
2009-06-07s3-samr: fix _QueryDisplayInformation r->out.returned_size.Günther Deschner1-1/+1
*r->out.returned_size needs to be 0 if nothing was enumerated. Found by RPC-SAMR torture test. Guenther
2009-06-07s3-samr: remove total_data_size variable in _samr_QueryDisplayInfo.Günther Deschner1-5/+2
Guenther
2009-06-07s3-samr: let _samr_SetGroupInfo level 3 just pass with success.Günther Deschner1-0/+2
Guenther
2009-06-07s3-samr: _samr_EnumDomain{Users,Groups} need to return an emtpy array even ↵Günther Deschner1-12/+12
for builtin domain. Found by RPC-SAMR torture test. Guenther
2009-06-07s4-smbtorture: skip samr MultipleMember alias tests for 3 as well as we do ↵Günther Deschner1-2/+3
already for s4. Guenther
2009-06-07s3-samr: cosmetic fixes for _samr_QueryDisplayInfo.Günther Deschner1-20/+18
use the variables of the struct samr_QueryDisplayInfo directly to make it easier to track where variables are defined from. Guenther
2009-06-06testsuite/nsswitch/get{gr,pw}ent_r.c(dump_{gr,pw}ent): fixed wrong condition.Slava Semushin2-2/+2
When fopen() fails it return NULL, so condition where return value less than zero never evaluated to truth. Found by cppcheck.
2009-06-06lib/tdb/tools/tdbtorture.c: fixed memory leak.Slava Semushin1-0/+2
Found by cppcheck: [lib/tdb/tools/tdbtorture.c:326]: (error) Memory leak: pids
2009-06-06s3/docs: Fix example.Karolin Seeger1-2/+2
The 'ldap suffix' is not added automatically to the 'ldap admin dn'. This fixes bug #5584. Thanks to Stefan Bauer <stefan.bauer [at] plzk.de> for reporting! Karolin
2009-06-06Attempt to fix the build without system-ldap.Volker Lendecke1-1/+1
I really tried, but I knew I would miss something... :-)
2009-06-06s3/passdb: Fix debug message: 'net setmaxrid' does not exist.Karolin Seeger1-2/+2
This is aiming bug #6351. Karolin
2009-06-06Add an early prototyp of pdb_ads.c.Volker Lendecke3-1/+1290
The purpose of this module is to connect to a locally running samba4 ldap server for an alternative "Franky" setup. Right now it contains a couple of gross hacks: For example it just takes the s4-chosed RID directly as uid/gid... Checking in tldap and pdb_ads now, I think 3777 insertions are enough for a start...
2009-06-06Allow access as SYSTEM on a privileged ldapi connectionVolker Lendecke1-13/+83
This patch creates ldap_priv/ as a subdirectory under the private dir with the appropriate permissions to only allow the same access as the privileged winbind socket allows. Connecting to ldap_priv/ldapi gives SYSTEM access to the ldap database.
2009-06-06Add some samba-style tldap utility functionsVolker Lendecke4-1/+406
2009-06-06Add the early start of an async ldap libraryVolker Lendecke4-0/+2075
There's a lot of things this does not do yet: For example it does not parse the reply blob in the sasl bind, it does not do anything with controls yet, a lot of the ldap requests are not covered yet. But it provides a basis for me to play with a pdb_ads passdb module.
2009-06-06s3:smbd: FSCTL_PIPE_TRANSCEIVE on a none IPC$ share should give NOT_SUPPORTEDStefan Metzmacher1-1/+1
metze
2009-06-06s3:smbd: return the same things as Windows 7 for SMB2 Ioctl responsesStefan Metzmacher1-7/+23
metze
2009-06-06Fix some nonempty blank linesVolker Lendecke2-64/+60
2009-06-06Use data_blob_null instead of data_blob(NULL, 0)Volker Lendecke1-1/+1
2009-06-06Fix an uninitialized variable read in async_connect_sendVolker Lendecke1-5/+5
2009-06-06Allow AF_UNIX for open_socket_outVolker Lendecke1-0/+4
2009-06-06s3-winbindd: add some debug statements while tracking down a bug.Günther Deschner2-2/+20
Guenther
2009-06-06nss_wrapper: rename nwrap_cache_{re,un}load as per metzes request.Günther Deschner1-10/+10
Guenther
2009-06-05Make cli_ftruncate async. Also add a simple test.Jeremy Allison4-74/+148
Jeremy.
2009-06-06nss_wrapper: add support for loading nss_winbind.so via WINBIND_SO_PATH env.Günther Deschner1-0/+12
Guenther
2009-06-06nss_wrapper: fill in module nwrap_backend.Günther Deschner1-13/+332
Guenther
2009-06-05nss_wrapper: add missing return in nwrap_module_init().Günther Deschner1-0/+1
Guenther
2009-06-05nss_wrapper: add skeleton for module nwrap_backend.Günther Deschner1-0/+159
Guenther
2009-06-05nss_wrapper: add capability to load nss modules.Günther Deschner1-1/+115
Guenther
2009-06-05nss_wrapper: add struct nwrap_backend.Günther Deschner1-85/+320
Guenther
2009-06-05s3:smbd: split smbd_smb2_flush() into a tevent_req based _send()/_recv() pairStefan Metzmacher1-25/+97
metze
2009-06-05s3:smbd: split smbd_smb2_create() into a tevent_req based _send()/_recv() pairStefan Metzmacher1-99/+199
metze
2009-06-05s3:smbd: fix the build in smb2_ioctl.cStefan Metzmacher1-1/+1
metze
2009-06-05s3:smbd: add support for SMB2 Ioctl FSCTL_DFS_GET_REFERRALSStefan Metzmacher1-0/+74
metze