summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-10-19s4-smb_server do not set credentials on gensec twiceAndrew Bartlett1-4/+0
The samba_server_gensec_start() has already set the credentials on the gensec_security context. Andrew Bartlett
2011-10-19build: added deletion of stale .so and .o filesAndrew Tridgell1-2/+16
when we change our build rules to move a C file, we need to remove the old ('stale') .so and .o files from the build directory, or they may be used as part of the new build, which means that old code will be linked in. This expands the list of stale files that we remove on rule changes to include .so and .o files Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Oct 19 09:02:23 CEST 2011 on sn-devel-104
2011-10-19samba.getopt: Add some basic tests.Jelmer Vernooij2-0/+58
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Wed Oct 19 05:04:33 CEST 2011 on sn-devel-104
2011-10-19samba.getopt: Keep exception message when setting a lp option fails.Jelmer Vernooij1-4/+5
2011-10-19samba-tool: Improve getopt.py error handlingGiampaolo Lauria1-4/+5
Modified code to handle -k and --kerberos options to: 1. Throw the correct exception 2. On error, display the correct user's specified option
2011-10-19samba-tool: Improve getopt.py error handlingGiampaolo Lauria1-1/+5
Throw an exception when the --option value is invalid
2011-10-19samba-tool: Improve getopt.py error handlingGiampaolo Lauria1-2/+1
Throw an exception when --option value is not in the form "a=b"
2011-10-19samba-tool: Improve getopt.py error handlingGiampaolo Lauria1-0/+3
Raise exception when -d or --debuglevel value is <0
2011-10-19s3-docs: Add a clarification note for nss_info primary group membership ↵Günther Deschner2-1/+5
calculation. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 19 03:10:40 CEST 2011 on sn-devel-104
2011-10-19s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support.Günther Deschner2-3/+6
Guenther
2011-10-19s3: Avoid a winbind 100% cpu loopVolker Lendecke1-0/+8
When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104
2011-10-19vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths.Jeremy Allison1-5/+5
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104
2011-10-18The last argument to atalk_build_paths() is always false, remove it.Jeremy Allison1-12/+9
2011-10-18lib/util: skip single hex digit at the end of the input sting - fix ↵Michael Adam1-1/+2
potential segfault The second of two digits was read without checking for the length of the input string. For a non-zero-terminated input string, this might have caused a segfault. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104
2011-10-18lib/util: fix function header comment to strhex_to_str()Michael Adam1-9/+8
The description did not match the function's behaviour.
2011-10-18lib/util: untangle assignent from check in strhex_to_str()Michael Adam1-2/+6
2011-10-18s3-util: dbwrap_tool: add fetch fuctions for hex and stringBjörn Baumbach1-0/+61
Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18s3-util: dbwrap_tool: add store hex functionBjörn Baumbach1-3/+43
Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18selftest:Samba3: fix signature for check_or_start()Michael Adam1-1/+1
2011-10-18selftest:Samba3: fix a message printed when starting winbinddMichael Adam1-1/+1
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce8-52/+59
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
2011-10-18s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.cAndrew Bartlett2-85/+198
This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett
2011-10-18s3-ntlmssp split auth_ntlmssp_client_start() into two partsAndrew Bartlett5-25/+34
This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett
2011-10-18s3-rpc_client remove cli_auth_ntlmssp_data_destructorAndrew Bartlett1-9/+1
This can be an ordinary talloc child without causing any problem. This seems to have been inherited from a time when ntlmssp_client_start() returned malloc() based memory. Andrew Bartlett
2011-10-18s3/doc: add man page for aio_fork vfs moduleBjörn Jacke1-0/+86
thanks to Volker for the content Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
2011-10-18s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher1-17/+31
If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-18lib/param: Remove parameters for wins and spoolss databasesAndrew Bartlett4-36/+10
This removes the smb.conf parameters per-database, replacing these with hard-coded database names in well known (and configurable) directories. The wins.ldb is now always in the "state dir", rather than being in both state and lock dir (ie, a bug). Less smb.conf parameters means less parameters to try and sync up between the loadparm subsystems. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 05:39:54 CEST 2011 on sn-devel-104
2011-10-18ldb: Output more error information when a connect failsAndrew Bartlett2-1/+6
2011-10-18s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher1-2/+4
This will help with having "sidHistory" support in future. metze
2011-10-18s3-auth: use typedefs in auth.hAndrew Bartlett1-8/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett24-86/+93
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth fix comment after s3 ntlmssp gensec moduleAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett3-39/+77
This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
2011-10-18ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett3-1/+48
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-smbd Give the nt error string when failing to set up encrypted transportAndrew Bartlett1-3/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett4-87/+229
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: an event context is no longer mandetoryAndrew Bartlett1-10/+0
If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett1-1/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett3-15/+28
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett34-193/+220
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18build: compile gensec_start.c and credentials.c in the autoconf buildAndrew Bartlett2-0/+53
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2-2/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett2-2/+2
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-18credentials: Prioritise command-line specified options above defaults from ↵Andrew Bartlett3-3/+37
smb.conf If a user specified -W or --realm on the command line, then this is of level SPECIFIED, not UNINITIALISED, despite it going via the loadparm system. This helps us to ensure that -W server -Ulocaluser is parsed the same as -Userver\localuser. This matters as otherwise we might instead attempt to use kerberos to the realm from the smb.conf. Andrew Bartlett
2011-10-18s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett5-5/+5
If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
2011-10-18Revert "s4: Mark the winsreplication test as knownfail"Andrew Bartlett1-1/+1
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett