summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-09-17Fix OpenLDAP partition configsHoward Chu2-3/+72
Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17lib/ldb-samba/ldb_ildap: Also skip special base DNsAndrew Bartlett1-0/+3
This is so we do not search for @REPLCHANGED against ldap Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-17docs-xml: document SMB3_02 as available protocol for the client sideStefan Metzmacher2-1/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
2013-09-17s3:torture: add PROTOCOL_SMB3_02 handlingStefan Metzmacher1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17lib/param: add PROTOCOL_SMB3_02 handlingStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requestedStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: add PROTOCOL_SMB3_02Stefan Metzmacher1-2/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17libcli/smb: add SMB3_DIALECT_REVISION_302Stefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett2-0/+3
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-16auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett5-0/+60
This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16samba-tool domain provision: Make ldap_backend_startup.sh +x and take ↵Andrew Bartlett1-2/+5
optional arguments Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16samba-tool domain join: Set server role correctly to "active directory ↵Andrew Bartlett1-2/+2
domain controller" We changed the magic string when we reworked the list of server roles. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett1-1/+1
access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16samba-tool domian join: Only print adminpass warning on subdomain creationAndrew Bartlett1-0/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16samba-tool domain join: Add --quite and --verboseAndrew Bartlett2-45/+63
This means we now use logger consistently between doimin join, domain dcpromo and domain provision. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16dsdb: Use dsdb_next_callback() rather than a no-op per-module callbackAndrew Bartlett1-38/+16
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Restore support for joining as a subdomainAndrew Bartlett2-7/+16
This set of patches fixes up the errors that were introduced into the partial support during the past couple of years. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()Andrew Bartlett1-0/+13
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Handle more error cases with useful exceptionsAndrew Bartlett1-1/+9
This will help track down strange failures in the future. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16samba-tool domain join subdomain: Set "reveal_internals:0" control so we can ↵Andrew Bartlett1-1/+1
see the ncName The issue here is that we create the ncName remotely with DsAddEntry, and then replicate it back. However, at this point the naming context pointed at by the ncName does not exist! The issue is that the extended_dn_out module then hides the link, because it points to a missing object. The reveal_internals control forces this link to be returned, and so we can then find the GUID, to create the domain with the right GUID. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16ldb: Show the type of failing operation in default error messageAndrew Bartlett1-1/+26
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Show which database we failed to find the DN on (clarify local v ↵Andrew Bartlett1-1/+1
remote) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16join.py: Handle exceptions when looking for GUID in a DNAndrew Bartlett1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-12tdb: Fix some typos in comments.Björn Jacke2-5/+5
Thanks to Stewart A. Levin for reporting. fixes bug #10136 (Documentation typos). Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Sep 12 13:54:41 CEST 2013 on sn-devel-104
2013-09-12docs: Fix typos.Karolin Seeger1-3/+3
This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking acls for "open for execution". Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
2013-09-12smbd: Properly protect against invalid lock dataVolker Lendecke1-0/+6
If someone messes with brlock.tdb and inserts an invalid record length, this will lead to memcpy overwriting a few bytes behind malloc'ed data. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
2013-09-11Fix is_legal_name() to not emit character conversion error messages.Jeremy Allison1-12/+8
Using next_codepoint() does the same check, but without the conversion message. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-09-12selftest: change to src dir for panic backtraceDavid Disseldorp1-1/+1
When running selftest against a Samba3 target, the working directory is set to st/s3dc/share. The existing "panic action" script attempts obtain a backtrace for a paniced smbd process using GDB, which does not locate debug info relative to the working directory. This commit changes the S3 selftest panic action to first enter the base source directory before attempting to obtain the backtrace, ensuring that GDB can locate the debug info. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 12 00:19:39 CEST 2013 on sn-devel-104
2013-09-11dsdb: When using an LDAP backend, force use of the password from secrets.ldbAndrew Bartlett1-0/+99
This makes testing from the command line much easier, as ldbsearch -H sam.ldb will now just work as well as it did with a tdb-based provision. This code was removed from it's previous location outside the ldb module stack in aabda85a2fc9f6763abd56d61ff819012f2225ad. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
2013-09-11smbd: Convert br_lck->lock_data to tallocVolker Lendecke1-26/+29
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Sep 11 10:15:38 CEST 2013 on sn-devel-104
2013-09-11smbd: Move "struct byte_range_lock" definition to brlock.cVolker Lendecke2-9/+11
2013-09-11smbd: Add brl_fsp access functionVolker Lendecke4-6/+15
2013-09-11smbd: Add brl_num_locks access functionVolker Lendecke4-2/+9
2013-09-11smbd: Use ZERO_STRUCT instead of memsetVolker Lendecke1-1/+1
2013-09-11smbd: Fix a typoVolker Lendecke1-1/+1
2013-09-11smbd: Make brl_lock_failed staticVolker Lendecke2-2/+3
2013-09-11smbd: Make brl_same_context staticVolker Lendecke2-3/+1
2013-09-11smbd: Fix blank line endingsVolker Lendecke3-31/+31
2013-09-11Raise the level of a debug.Korobkin1-1/+1
Bug #10118 - Samba is chatty about being unable to open a printer Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 11 03:10:08 CEST 2013 on sn-devel-104
2013-09-11docs: document "acl allow execute always"Michael Adam1-0/+26
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Sep 11 01:21:00 CEST 2013 on sn-devel-104
2013-09-10s3:smbd: ease file server upgrades from 3.6 and earlier with "acl allow ↵Michael Adam1-1/+15
execute aways" 3.6 and earlier allowed open for execution when execute permissions are not present on a file. This has been fixed in Samba 4.0. This patch changes smbd to skip the execute bit from the ACL check in the open code if "acl allow execute always = yes", hence re-establishing the old behaviour in this case. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-09-10loadparm: add new parameter "acl allow execute always"Michael Adam4-0/+13
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-09-10s3:smb2_find: Return that timestamps do not exist as directoriesChristof Schmitt3-3/+16
When a Windows client receives a large directory listing while querying snapshots, it sends a find request asking for the timestamp as a directory. A Windows server returns NO_SUCH_FILE, so make sure Samba returns the same. Otherwise the client will get confused and display timestamps in the 'previous versions' dialog. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104
2013-09-10lib: serverid.h needs "struct db_record" declarationVolker Lendecke1-0/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10s3: rpc_server/srvsvc: use find_sessions() in NetSessDelShekhar Amlekar1-17/+14
instead of using list_sessions(), use find_sessions() that builds the list of only the sessions of interest. Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10s3:smbd/session: Added a routine find_sessions()Shekhar Amlekar2-0/+30
this routine builds a list of sessions from a particular remote machine or user. Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10s3:smbd/session: add filters to gather_sessioninfo()Shekhar Amlekar1-0/+19
added capability to filter sessions based on remote machine name and user name. Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-10doc: Update documentation of pam_winbind krb5 support.Andreas Schneider1-9/+17
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 10 15:35:20 CEST 2013 on sn-devel-104
2013-09-10s3-winbind: Add support for the kernel krb5 keyring buffer.Andreas Schneider1-0/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2013-09-10s3-winbind: Don't set a default directory for DIR.Andreas Schneider1-4/+0
There is not default so you should always have to specify a directory in the config file. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>