summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-10-01s4/drsuapi: ber_write_partial_OID_String() implementationKamen Mazdrashki2-0/+36
2009-10-01s3:Makefile: fix talloc dependencies with static buildBjörn Jacke1-65/+64
When configure options --with-libtalloc=no --enable-shared-libs=no are used, LIBTALLOC_TARGET stays empty. Actually LIBTALLOC_TARGET which is only used for Makefile dependencies is obsolete as LIBTALLOC contains exactly the targets that make the dependencies are. Obnox, pleaѕe check!
2009-10-01s3:configure: don't throw away PRINT_LIBSBjörn Jacke1-1/+1
PRINT_LIBS might have been set before intentionally, so don't thow it away.
2009-10-01s3: update comment about (deprecated) a6 recordsBjörn Jacke1-1/+2
2009-10-01Fix for CVE-2009-2813.Jeremy Allison2-2/+11
=========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
2009-10-01s3/VERSION: Raise version number up to 3.6.0.Karolin Seeger1-1/+1
Karolin
2009-10-01Fix for CVE-2009-2906.Jeremy Allison2-5/+26
Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
2009-10-01mount.cifs: don't leak passwords with verbose optionJeff Layton1-16/+30
When running mount.cifs with the --verbose option, it'll print out the option string that it passes to the kernel...including the mount password if there is one. Print a placeholder string instead to help ensure that this info can't be used for nefarious purposes. Also, the --verbose option printed the option string before it was completely assembled anyway. This patch should also make sure that the complete option string is printed out. Finally, strndup passwords passed in on the command line to ensure that they aren't shown by --verbose as well. Passwords used this way can never be truly kept private from other users on the machine of course, but it's simple enough to do it this way for completeness sake. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
2009-10-01mount.cifs: check access of credential files before openingJeff Layton1-0/+11
It's possible for an unprivileged user to pass a setuid mount.cifs a credential or password file to which he does not have access. This can cause mount.cifs to open the file on his behalf and possibly leak the info in the first few lines of the file. Check the access permissions of the file before opening it. Reported-by: Ronald Volgers <r.c.volgers@student.utwente.nl> Signed-off-by: Jeff Layton <jlayton@redhat.com> Acked-by: Steve French <sfrench@us.ibm.com>
2009-10-01s4:pyldb - Wrong error type (found only after the push)Matthias Dieter Wallnöfer1-1/+1
2009-10-01s4:ldb_msg_diff - Fixes up possible memory leaks and the python binding of itMatthias Dieter Wallnöfer2-3/+13
2009-10-01s3-perfcount: more cleanup.Günther Deschner4-274/+39
Guenther
2009-10-01s3-perfcount: only pass down prs_struct when really required.Günther Deschner2-28/+29
Guenther
2009-10-01s3: add perfcount idl and generated files.Günther Deschner11-99/+917
Guenther
2009-10-01s3-registry: move rpccli_winreg_Connect to the only file it belongs.Günther Deschner4-69/+42
Guenther
2009-10-01s3: remove unused rpcstr_pull and rpcstr_pull_talloc.Günther Deschner2-41/+0
Guenther
2009-10-01s3-printing: more use of pull_reg_sz().Günther Deschner1-12/+27
Guenther
2009-10-01s3-registry: use pull_reg_sz() where appropriate.Günther Deschner7-32/+36
(and move away from rpcstr_pull and rpcstr_pull_talloc). Guenther
2009-10-01s4-tort-drs: Add bind_info for dcerpc_drsuapi_DsBind() callKamen Mazdrashki2-1/+41
After this patch DsGetNCChanges() test works fine. bind_info returned by server is also cached for future use Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-10-01s4-tort-drs: DsReplicaUpdateRefs test fixed and extendedKamen Mazdrashki1-37/+50
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-10-01s4-tort: Added assertion macro for DRSUAPI callKamen Mazdrashki1-3/+16
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30allow for outstanding_aio_calls to be decrementedOlaf Flebbe1-2/+4
2009-09-30s3-printing: use regval_ctr_addvalue_multi_sz.Günther Deschner1-17/+4
Guenther
2009-09-30s3-registry: add regval_ctr_addvalue_multi_sz.Günther Deschner2-0/+18
Guenther
2009-09-30s3: re-run make idl. janitor for tridge.Günther Deschner2-2/+2
Guenther
2009-09-30s3-rpc_parse: remove unused prs_string.Günther Deschner2-45/+0
Guenther
2009-09-30s4:torture: data_blob_hex_string() output is now lowercase.Andrew Kroeger2-3/+3
Based on the change in commit fb84edabbe9f358031117de2cf78613c704ac600, these tests needs to expect lowercase output.
2009-09-30s4:samba.tests.samdb - remove last relicts of the templatesMatthias Dieter Wallnöfer1-4/+2
2009-09-30s4:pyldb - Fixed the return value in "py_ldb_msg_diff"Matthias Dieter Wallnöfer1-2/+0
The case distinction shouldn't be needed also when "diff" is NULL. "PyLdbMessage_FromMessage" works with "NULL" arguments.
2009-09-30Revert "s4:wmic - Output enhancements"Matthias Dieter Wallnöfer1-105/+58
This reverts commit fb914640ad656b146f732ab33063575e2e47e37c. Jelmer requested the revert since he feels better when we reapply this change after his merge with the updated WMI branch.
2009-09-30Revert "python: create a script for reorgnizing an LDB file."Matthias Dieter Wallnöfer1-60/+0
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298. abartlet claims that this patch could lead to data loss (look at technical mailing list)
2009-09-30s4:pwsettings - Improve error handling and introduce "choice" typeMatthias Dieter Wallnöfer1-13/+10
- Improve the error handling according to Jelmer's suggestions - Print out the error messages on "stderr" - Add also here the "choice" type for arguments
2009-09-30s4:provision - Lets the user choose between the supported forest/domain ↵Matthias Dieter Wallnöfer2-18/+40
function levels Adds a parameter "--function-level" which allows to specify the domain and forest function level.
2009-09-30s4:provision: Show domains and forests are W2K8 DC capable.Andrew Kroeger2-0/+15
When adding a W2K8 DC to a domain running earlier DC versions, the "adprep" utility is used to perform schema updates and update other attributes as necessary. Adding these entries provides an indication that the adprep utility has been run with the /forestprep, /domainprep and /rodcprep arguments. Although these entries indicate adprep has been run, nothing has been done to verify that the changes that the adprep utility would have made have actually been done. The values used for the revision atttributes are as seen on a W2K8 DC (not W2K8 R2, which will probably have higher values).
2009-09-30s4:provision: Update schema version number to W2K8.Andrew Kroeger1-1/+1
We are running the W2K8 schema version, not the W2K3 version.
2009-09-30s4:dsdb/common/util - remove introduced "samdb_is_capable_dc" callMatthias Dieter Wallnöfer1-57/+0
I came up with a better solution which is invoked when we try to join a domain as a DC (in file "libnet_become_dc.c"). Consider a following commit for this patch.
2009-09-30s4:domainlevel - General reworkMatthias Dieter Wallnöfer1-29/+63
- We support domain/forest function levels >= (Windows) 2003 Native -> adapt the domain/forest and DC function level restrictions. - Consider also the lowest function level of a DC. The domain and forest function levels can never be higher than it. - Improve the error handling by printing out messages to "stderr" - Introduce the "choice" type for choice arguments (saves us some error handling)
2009-09-30w32err: Importing auto-generated Win32 errors and descriptionsKamen Mazdrashki2-1/+7222
Error codes and their descriptions are generated using w32err_code.py script. Error are downloaded from MS site: http://msdn.microsoft.com/en-us/library/cc231199%28PROT.10%29.aspx Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: WERR_GROUP_NOT_FOUND renamed to WERR_GROUPNOTFOUNDKamen Mazdrashki3-6/+6
In Win 32 we have NERR_GroupNotFound which maps to WERR_GROUP_NOT_FOUND currently and we have ERROR_GROUP_NOT_FOUND which maps to nothing, so it is to be added Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: WERR_USER_EXISTS replace with WERR_USEREXISTS nameKamen Mazdrashki2-3/+3
In Win32 we have NERR_UserExists which maps to WERR_USER_EXISTS currently and there is ERROR_USER_EXISTS which maps to WERR_USER_ALREADY_EXISTS Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUNDKamen Mazdrashki3-5/+5
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is an error for Device Context (DC), not Domain Controller Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: FRS_ group of errors replaced with numeric valuesKamen Mazdrashki1-3/+3
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: WERR_DOMAIN_CONTROLLER_NOT_FOUND error value fixedKamen Mazdrashki1-1/+1
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30w32err: Script to fetch and prepare errors to be updated/addedKamen Mazdrashki1-0/+361
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30idl: ntsvcs.idl depends on misc.idl, not winreg.idlAndrew Tridgell1-1/+1
The winreg_Type definition comes from misc.idl
2009-09-29s4/torture: fix RAW-OPLOCK-STREAM1 test after commit a11bb14Steven Danneman1-11/+12
We were pulling junk memory for our stream names after the reordering of the struct definition.
2009-09-29s4/torture: Allow receiving of oplock break requests in any orderSteven Danneman1-88/+159
Previously, the oplock torture tests, being single threaded, required the server to return oplock break requests, and other SMB packets in a specific order for us to verify "correctness". Of course, in several cases the protocol allows the break packets, especially breaks to levelII to come back in any order. With tevent we're now able to wait for oplock breaks in the middle of a torture test. I've added a helper to do this, and modified all oplock tests to allow returning of oplock breaks in any order.
2009-09-29s4/torture: convert printf to torture_comment()Aravind Srinivasan1-2/+4
Allows "make test" and other harnesses to print cleaner output.
2009-09-30s3-netlogon: properly implement _netr_NetrEnumerateTrustedDomains().Günther Deschner1-6/+33
Guenther
2009-09-30s3: remove unused unistr2_term_codes.Günther Deschner1-3/+0
Guenther