summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-03-05s4:libcli/wrepl: convert wrepl_pull_names_send to tevent_reqStefan Metzmacher2-72/+156
metze
2010-03-05s4:libcli/wrepl: use UTIL_TEVENTStefan Metzmacher2-1/+2
metze
2010-03-05s4:libcli/wrepl: avoid neested named structuresStefan Metzmacher1-15/+19
metze
2010-03-05s4:torture/nbt: avoid the usage of wrepl_pull_table_send()Stefan Metzmacher1-3/+6
metze
2010-03-05libcli/auth: add a const to des_crypt112_16()Stefan Metzmacher2-2/+2
metze
2010-03-05s3:winbindd: add DEBUG(10,...) for the end of each top levelStefan Metzmacher2-6/+25
That will hopefully make debugging a bit easier (at least for me). metze
2010-03-05s4:kcc - Change some counter variables to be unsignedMatthias Dieter Wallnöfer2-4/+5
The upper limits are unsigned variables therefore also the counter variables need to be like that.
2010-03-05s4:samdb_privilege.c - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+3
Also here in both cases the unsigned counter fits better than the signed one.
2010-03-05s4:cracknames - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+2
In both cases the unsigned counter fits better: - in the first one since we are counting LDB objects starting from 0 - in the second since we are counting an array starting from 0
2010-03-05s4-pvfs_sys: build on systems without O_NOFOLLOW or O_DIRECTORYAndrew Tridgell1-4/+22
2010-03-05s4-pvfs_sys: talloc_free should be before errno restoreAndrew Tridgell1-13/+13
talloc can potentially change the errno
2010-03-05s4-pvfs: use pvfs_sys_fchmod()Andrew Tridgell3-4/+4
2010-03-05s4-pvfs: set default for perm override based on system featuresAndrew Tridgell1-1/+9
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for overrides by default. If not, then we disable by default, as we will be more vulnerable to symlink attacks
2010-03-05s4-pvfs: use O_FOLLOW one level at a time for security overridesAndrew Tridgell1-37/+357
To prevent symlink attacks we need to use O_NOFOLLOW one level at a time when processing a root security override
2010-03-05replace: added get_current_dir_name()Andrew Tridgell3-0/+18
2010-03-05s4-pvfs: use pvfs_sys_*() functions to wrap posix callsAndrew Tridgell5-20/+20
This allows for root override, which fixes many problems with mismatches between NT ACL permissions and unix permissions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: new pvfs_sys module Andrew Tridgell2-0/+301
The pvfs_sys_*() calls provide wrapper functions for posix file functions which use root privileges to override EACCES failures if PVFS_FLAG_PERM_OVERRIDE is set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDEAndrew Tridgell2-0/+4
This flag indicates that we should use root privileges to override unix permissions when the NT ACLs indicate that access should be granted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-privs: add root_privileges_original_uid()Andrew Tridgell1-0/+6
This can be used to get the uid we changed away from when we gained root privileges Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s3-selftest: enable RPC-WINREG against Samba 3.Günther Deschner1-1/+1
Guenther
2010-03-05s4-smbtorture: skip NotifyChangeKeyValue test against s3 for now.Günther Deschner1-0/+4
Guenther
2010-03-05s4:torture/rpc/samr.c - add some decision possibility constants to some switchMatthias Dieter Wallnöfer1-0/+3
At the moment nothing is done when the enumeration variable is set to one of those constants as before. This is only to quite nasty warnings.
2010-03-05s4:torture/rpc/samr.c - make some argument of function ↵Matthias Dieter Wallnöfer1-1/+1
"test_SamLogon_with_creds" constant This to quiet warnings.
2010-03-05s4:torture/winbind/struct_based.c - fix up (un)signedness of a function argumentMatthias Dieter Wallnöfer1-1/+2
Otherwise always a warning is generated.
2010-03-05s4-pvfs: log more error conditions in NTVFS backendAndrew Tridgell3-0/+31
This should make is easier to track down some bug reports Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: move the private ntcreatex flags to private_flagsAndrew Tridgell7-20/+21
Re-using two of the create_options bits was bound to eventually cause problems, and indeed, Windows7 now uses one of those bits when opening text files. Fixes bug 7189
2010-03-05s4-rpc: don't use s->credentials after it is freedAndrew Tridgell1-2/+1
2010-03-05s4-torture: fixed commas separating C statementsAndrew Tridgell1-4/+3
2010-03-06s3: Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler.Bo Yang1-0/+6
Signed-off-by: Bo Yang <boyang@samba.org>
2010-03-05s4-python: only install external python libs that are missingAndrew Tridgell2-1/+19
2010-03-05s4-python: import a copy of the python dns libraryAndrew Tridgell114-0/+16829
This library is not installed on enough systems for us to rely on it being available. We use the system copy if possible, and fallback to this local copy Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-dns: use samba.external to pull in the dns.resolver libraryAndrew Tridgell1-3/+5
2010-03-05s4-python: allow us to have samba copies of python libraries we depend onAndrew Tridgell2-0/+54
For python libraries like dns.resolver it is useful to be able to install a copy of the library with Samba. This set of functions allows us to do that while using the locally installed version if it is available Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-dns-ex: use autoclose on the dns child pipeAndrew Tridgell1-2/+1
I'm hoping this will fix an occasional segfault I've noticed where epoll still calls events on a closed fde Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-messaging: use auto-close on the socketAndrew Tridgell1-0/+1
2010-03-04srv_pipe.c doesn't reference current_user anymore. Remove it.Jeremy Allison1-2/+0
Jeremy.
2010-03-04s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵Matthias Dieter Wallnöfer1-1/+1
"authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks.
2010-03-04s4:ldap.py - give the "primaryGroupToken" test a better nameMatthias Dieter Wallnöfer1-3/+3
It tests also some other constructed attributes in a basic way.
2010-03-04s4:ldap.py - add test for "tokenGroups"Matthias Dieter Wallnöfer1-0/+44
2010-03-04s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer1-6/+14
need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
2010-03-04s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer1-2/+2
No need to have signed counters here.
2010-03-04s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer2-1/+96
It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
2010-03-04s4:sam.c - make "authsam_expand_nested_groups" publicMatthias Dieter Wallnöfer2-1/+7
This is needed by the "tokenGroups" work in the operational LDB module.
2010-03-04s4:sam.c - cosmetic indentation fixMatthias Dieter Wallnöfer1-2/+1
2010-03-04s4:sam.c - change variable types to unsigned in "sids_contains_sid"Matthias Dieter Wallnöfer1-3/+4
Should also be unsigned - no need for a signed "i" and "num_sids" here.
2010-03-04s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer1-2/+2
"construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-03-04Revert "s3:configure: add --enable-as-needed"Karolin Seeger1-8/+2
This reverts commit 22d316926b9589608d332143c1fa134229b75b3c. Please see bug #7209 for details.
2010-03-04Refactored ACL python testsNadezhda Ivanova1-441/+256
Made each type into a separate class to be easily run individually, removed code duplication
2010-03-04s3:configure: add --enable-as-neededStefan Metzmacher1-2/+8
On some broken systems like RHEL5, we need to be able to disable --as-needed. metze
2010-03-04s4:provision - use the new "interface_ips" python call to detect the right ↵Matthias Dieter Wallnöfer1-8/+8
host IPv4 address Inform the user when there are more possibilities (so he can check for the right address and otherwise he is able to do an immediate reprovision) and no possibility at all (then we fall back to the loopback address "127.0.0.1" - this is thought for testing purposes). I think this should be enough for closing bug #5484.