summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-10-18s3-util: dbwrap_tool: add fetch fuctions for hex and stringBjörn Baumbach1-0/+61
Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18s3-util: dbwrap_tool: add store hex functionBjörn Baumbach1-3/+43
Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18selftest:Samba3: fix signature for check_or_start()Michael Adam1-1/+1
2011-10-18selftest:Samba3: fix a message printed when starting winbinddMichael Adam1-1/+1
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce8-52/+59
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
2011-10-18s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.cAndrew Bartlett2-85/+198
This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett
2011-10-18s3-ntlmssp split auth_ntlmssp_client_start() into two partsAndrew Bartlett5-25/+34
This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett
2011-10-18s3-rpc_client remove cli_auth_ntlmssp_data_destructorAndrew Bartlett1-9/+1
This can be an ordinary talloc child without causing any problem. This seems to have been inherited from a time when ntlmssp_client_start() returned malloc() based memory. Andrew Bartlett
2011-10-18s3/doc: add man page for aio_fork vfs moduleBjörn Jacke1-0/+86
thanks to Volker for the content Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
2011-10-18s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher1-17/+31
If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-18lib/param: Remove parameters for wins and spoolss databasesAndrew Bartlett4-36/+10
This removes the smb.conf parameters per-database, replacing these with hard-coded database names in well known (and configurable) directories. The wins.ldb is now always in the "state dir", rather than being in both state and lock dir (ie, a bug). Less smb.conf parameters means less parameters to try and sync up between the loadparm subsystems. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 05:39:54 CEST 2011 on sn-devel-104
2011-10-18ldb: Output more error information when a connect failsAndrew Bartlett2-1/+6
2011-10-18s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher1-2/+4
This will help with having "sidHistory" support in future. metze
2011-10-18s3-auth: use typedefs in auth.hAndrew Bartlett1-8/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett24-86/+93
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth fix comment after s3 ntlmssp gensec moduleAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett3-39/+77
This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
2011-10-18ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett3-1/+48
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-smbd Give the nt error string when failing to set up encrypted transportAndrew Bartlett1-3/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett4-87/+229
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: an event context is no longer mandetoryAndrew Bartlett1-10/+0
If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett1-1/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett3-15/+28
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett34-193/+220
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18build: compile gensec_start.c and credentials.c in the autoconf buildAndrew Bartlett2-0/+53
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2-2/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett2-2/+2
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-18credentials: Prioritise command-line specified options above defaults from ↵Andrew Bartlett3-3/+37
smb.conf If a user specified -W or --realm on the command line, then this is of level SPECIFIED, not UNINITIALISED, despite it going via the loadparm system. This helps us to ensure that -W server -Ulocaluser is parsed the same as -Userver\localuser. This matters as otherwise we might instead attempt to use kerberos to the realm from the smb.conf. Andrew Bartlett
2011-10-18s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett5-5/+5
If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
2011-10-18Revert "s4: Mark the winsreplication test as knownfail"Andrew Bartlett1-1/+1
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18Revert "s4:selftest: skip flakey samba4.nbt.winsreplication for now"Andrew Bartlett1-1/+0
This reverts commit 16fd935fc659555c203354b6c96fc23a55be5a3b because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18ldb: fixed a race in ldb initialisationAndrew Tridgell1-1/+9
This fixes a race when two processes initialise the same ldb database at the same time. One of them could fail due to the other creating the @BASEINFO record first. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 18 03:54:42 CEST 2011 on sn-devel-104
2011-10-18libsmbclient: initial ABI signaturesAndrew Tridgell1-0/+170
2011-10-18libsmbclient: add ABI checking and pc fileAndrew Tridgell2-2/+15
this gives us ABI checking for libsmbclient so that the waf build will prevent ABI breakage, and a public version number. The addition of the pc file makes this library available via pkgconfig, including querying of the version number Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-10-17First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.Frank Lahm8-14/+34
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
2011-10-17s3-waf: make sure we always build example pdb modules with --enable-developer.Günther Deschner3-1/+12
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 17 17:39:36 CEST 2011 on sn-devel-104
2011-10-17s3-passdb: fix the build of example pdb test module.Günther Deschner1-32/+1
Guenther
2011-10-17s3-auth: remove dead prototype.Günther Deschner1-1/+0
Guenther
2011-10-17s3-waf: make sure we always build example auth modules with --enable-developer.Günther Deschner3-0/+11
Guenther
2011-10-17s3-auth: fix the build of skel auth example module.Günther Deschner1-5/+20
Guenther
2011-10-17s4:dlz_bind9: add no memory checksStefan Metzmacher1-0/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 14:07:25 CEST 2011 on sn-devel-104
2011-10-17s4:dlz_bind9: Copy dn before changing in b9_has_soaStefan Gohmann1-1/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-17s4:dlz_bind9: add missing earch bases for windows 2000 domainsStefan Gohmann1-0/+1
By default the samba4 dlz_bind9 backend searches under CN=MicrosoftDNS,DC=DomainDnsZones and CN=MicrosoftDNS,DC=ForestDnsZones. In my samba4 test setup all DNS zones are under CN=MicrosoftDNS,CN=System. After adding the attached patch it works fine for me. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-17s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke3-49/+104
Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
2011-10-17Add cldap_multi_netlogon_send/recvVolker Lendecke2-42/+314
Make ads_cldap_netlogon use it. It does not need the fancy multi stuff, but excercising that code more often is better. And because we have to ask over the network, the additional load should be neglectable. Ported to master by Stefan Metzmacher <metze@samba.org>