summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-08-09lib/access: make list_match() public.Michael Adam2-1/+3
Michael (This used to be commit 742bedce417c666b5e91d8d0a7dc7682dc62eba2)
2008-08-09lib/access: make client_match() public.Michael Adam2-1/+2
Michael (This used to be commit 1b2dec93b635dfd23af78a370c223ea2dd486aa7)
2008-08-08One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined ↵Jeremy Allison1-3/+3
before we compile the new code. Jeremy. (This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659)
2008-08-08Try and fix the build for systems that don't have ↵Jeremy Allison2-3/+4
krb5_auth_con_set_req_cksumtype(). Jeremy. (This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
2008-08-08Merge branch 'v3-3-test' of ssh://jra@git.samba.org/data/git/samba into ↵Jeremy Allison2-6/+21
v3-3-test (This used to be commit 5b3579b14cd5ea6e67ff3c91f5bed155d944c049)
2008-08-08Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. SomeJeremy Allison3-3/+186
work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc)
2008-08-08build: fix a no previous prototype warning when building without ldap/gssapiaMichael Adam1-6/+6
move prototype of dns_create_update_request() to appropriate section in dns.h Michael (This used to be commit 0fba9549894affa8e2ea0b7fd15812f56f3319a3)
2008-08-08libnet samsync ldif: fix the build without LDAP.Michael Adam1-0/+15
Michael (This used to be commit 32df05bd1f49f2290ad69f84d5a47207b1469629)
2008-08-08using NGROUPS_MAX instead of 32 for the max group value in rep_initgroups() ↵Yannick Bergeron1-1/+1
subroutine in lib/replace/replace.c (This used to be commit 13b1a232d2fe05ae3e924ea2503d05ff5084146e)
2008-08-08Add simple async wrappers around send, recv and connectVolker Lendecke4-0/+721
To be used later :-) (This used to be commit 0d161d336ab9eeccd90d19ef1473646c3008864a)
2008-08-07Fix bug #5675 with a varient of Tim Waugh's patch,Jeremy Allison3-4/+4
as proposed by James Peach. Jeremy. (This used to be commit 5c27ad75836136c39774c9456d63f46fa62e281f)
2008-08-07Fix "might be used uninitialized" warnings.Jeremy Allison2-3/+4
Jeremy. (This used to be commit 5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea)
2008-08-07Fix a build failure on host sunXVolker Lendecke1-1/+1
(This used to be commit 30b5be872501dc87380fd10084aacda13a308ac8)
2008-08-06Solve an IBM XL C/C++ compiler error encountered in get_exit_code() ↵Yannick Bergeron1-1/+2
auth_errors array initialization in client/smbspool.c (This used to be commit b45e7fabc64e699e4fa013ef15f98a004dae3f32)
2008-08-06WHATSNEW: Start WHATSNEW for 3.3.0pre1.Karolin Seeger1-665/+4
Karolin (This used to be commit 28ae738eee37face7dc5e938a036f0c2d3d2a9d6)
2008-08-06libnetapi: fix build of shared library after libnet_join changes.Michael Adam1-1/+2
This needs create_builtin_administrators() and create_builtin_users() from token_utils now. Did not pop up because the only users of the shared lib currently are the examples in lib/netapi/examples/ which are not automatically built. Michael (This used to be commit 8dca23a5597a717c7f79bab0494122e71528272b)
2008-08-06fixed permissions on ctdb databasesAndrew Tridgell1-0/+5
(This used to be commit 123fc3980a83d956bffaa689f3af81bbf81ce1c1)
2008-08-06fixed a fd leak when trying to regain contact to a domain controllerAndrew Tridgell1-0/+1
in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it runs out of file descriptors, and leaves winbind crippled after the DC does finally come up (This used to be commit 57187cafbcc053e75bb54750494df9feabe3a738)
2008-08-05dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().Michael Adam1-0/+7
Michael (This used to be commit f8f21c8e3922806230e240cb54205fc2db7a3619)
2008-08-05secrets: fix replacemend random seed generator (security issue).Michael Adam1-2/+6
This is a regression introduced by the change to dbwrap. The replacement dbwrap_change_int32_atomic() does not correctly mimic the behaviour of tdb_change_int32_atomic(): The intended behaviour is to use *oldval as an initial value when the entry does not yet exist in the db and to return the old value in *oldval. The effect was that: 1. get_rand_seed() always returns sys_getpid() in *new_seed instead of the incremented seed from the secrets.tdb. 2. the seed stored in the tdb is always starting at 0 instead of sys_getpid() + 1 and incremented in subsequent calls. In principle this is a security issue, but i think the danger is low, since this is only used as a fallback when there is no useable /dev/urandom, and this is at most called on startup or via reinit_after_fork. Michael (This used to be commit bfc5d34a196f667276ce1e173821db478d01258b)
2008-08-05dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().Michael Adam1-0/+7
Michael (This used to be commit 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0)
2008-08-05idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().Michael Adam1-2/+6
The race is a regression introduced by the change to dbwrap. It might have led to two concurrent processes returning the same id. This fix is achieved by changing dbwrap_change_uint32_atomic() to match the original behaviour of tdb_change_uint32_atomic(), which is the following: *oldval is used as initial value when the value does not yet exist and that the old value should be returned in *oldval. dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c, to get new ids. Michael (This used to be commit 72bd83fea7572a6202027b200d192c05023aa633)
2008-08-05registry: use _bystring wrappers to dbwrap_trans_(store|delete).Michael Adam1-6/+3
Michael (This used to be commit 103ce6c9e94ce74e616fe922f2584fd46ae1f3f8)
2008-08-05Building cifs.upcall is giving this build warning:Steve French1-1/+1
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype This patch fixes this by properly declaring usage() args as void. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> (This used to be commit 148a012421cdd875167e708c5dfa771d97bf9856)
2008-08-05cifs.upcall: fix manpage and commentsSteve French2-6/+6
The "cifs.resolver" key type has been changed to "dns_resolver". Fix the comments at the top of cifs.upcall and the manpage accordingly. Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@samba.org> --- docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++-- source/client/cifs.upcall.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (This used to be commit 24a93d03c2ca4e718968e2024604e0f398c96659)
2008-08-05Backing out most of changeset 5222b8db3fb692e5071bfd1b41849a8eb0a17995Steve French1-2/+5
(so parsing for domain parameter in mount.cifs matches online help) and rephrasing original code to make it more clear. The check for "domain" was meant to allow for "dom" or "DOM" and the option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the shorter ("dom") form. The reason that the string we compare against is larger was to improve readability (we could compare against "dom" but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed terser to just show the larger string in the strcmp target. The change to "workgoup" from workg* (anything which begins with "workg" doesn't matter - it is a minor behavior change - but probably few scripts depend on the "alias" for this option). Rework code so that it is clearer what we are comparing against. (This used to be commit 92fad0fc537e75c726d5d6794dd0c4fd61edca2d)
2008-08-05man pages: Improve description of boolean values in smb.conf.5.Karolin Seeger1-1/+1
This fixes bug #5378. Thanks Morton K. Poulsen <morten+bugzilla.samba.org [at] afdelingp.dk> for reporting! Karolin (This used to be commit 8195ca2132cbdba396dc35e9d04d4bdc3a8a666c)
2008-08-05man pages: Add documentation about smbclient command "rename".Karolin Seeger1-0/+7
This fixes bug #5268. Thanks to Alexander Franz <a.franz [at] gmx.net> for reporting! Karolin (This used to be commit 0a93fd2dedfa7fed1ad0b8a5e079bf7be72a4bd5)
2008-08-05README.Coding: A few minor fixes.Karolin Seeger1-3/+3
Karolin (This used to be commit e61c6963cc25883c0b6e7e20596723397e294807)
2008-08-04libnet_keytab: fix the build with heimdalStefan Metzmacher1-6/+38
metze (This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655)
2008-08-04clikrb5: don't use krb5_keyblock_init() when no salt is specifiedStefan Metzmacher1-35/+30
If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
2008-08-01cli_request_new() already gave use the req, remove a pointless function callVolker Lendecke1-2/+0
(This used to be commit 08e97bd369ebe3ab1fd92433b168585faea92c68)
2008-08-01Fix a typoVolker Lendecke1-5/+5
(This used to be commit 37bd2815c70176046bbe0232222b9f59dfa159c4)
2008-08-01libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync().Michael Adam1-2/+9
Don't leak temporary data to callers but use a temporary context that is freed at the end. Michael (This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25)
2008-08-01libnet dssync: fix memory allocation for error/result messages.Michael Adam2-11/+11
Use the libnet_dssync_context as a talloc context for the result_message and error_message string members. Using the passed in mem_ctx makes the implicit assumption that mem_ctx is at least as long-lived as the libnet_dssync_context, which is wrong. Michael (This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)
2008-08-01dssync keytab: add comment header explaining add_to_keytab_entries().Michael Adam1-0/+4
Michael (This used to be commit 1072bd9f96ff3853e5ff58239123fc8c76a99063)
2008-08-01libnet dssync: add my C after dssync keytab changes.Michael Adam4-0/+4
Michael (This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d)
2008-08-01vampire keytab: add command line switch --clean-old-entries .Michael Adam3-0/+3
This allows to control cleaning the keytab. It will only clean old occurences of keys that are replicated in this run. So if you want to ensure things are cleaned up, combine this switch with --force-full-repl or --single-obj-repl (+dn list). Michael (This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)
2008-08-01dssync: add clean_old_entries flag to dssync_ctx.Michael Adam3-0/+3
Initialize it to false. And pass it down to the libnet_keytab context in libnet_dssync_keytab.c:keytab_startup(). Unused yet. Michael Note: This might not be not 100% clean design to put this into the toplevel dssync context while it is keytab specific. But then, on the other hand, other imaginable backends might want to use this flag, too... (This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)
2008-08-01libnet keytab: implement cleaning of old entries in libnet_keytab_add().Michael Adam1-0/+22
Triggered by the flag clean_old_entries from the libnet_keytab_contex (unused yet...). Michael (This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f)
2008-08-01libnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries()Michael Adam1-3/+4
to allow for removing all entries with given principal and enctype without repecting the kvno (i.e. cleaning "old" entries...) This is called with ignore_kvno == false from libnet_keytab_add_entry() to keep the original behaviour. Michael (This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a)
2008-08-01libnet keytab: add flag clean_old_entries to libnet_keytab_context.Michael Adam2-0/+2
Michael (This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c)
2008-08-01libnet keytab: use proper counter type (uint32_t) in libnet_keytab_add().Michael Adam1-1/+1
Michael (This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9)
2008-08-01vampire keytab: introduce switch --single-obj-repl.Michael Adam3-1/+4
This controls whether single object replication is to be used. This only has an effect when at least one object dn is given on the commandline. NOTE: Now the default is to use normal replication with uptodateness vectors and use object dns given on the command line as a positive write filter. Single object replication is only performed when this new switch is specified. Michael (This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6)
2008-08-01dssync keytab: when not in single object replication mode, use object dn ↵Michael Adam1-0/+28
list as write filter. I.e. only the passwords and keys of those objects whose dns are provided are written to the keytab file. Others are skippded. Michael (This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
2008-08-01dssync keytab: support storing kerberos keys from supplemental credentials.Michael Adam1-0/+186
Michael (This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c)
2008-08-01libnet dssync: rename flag single to single_object_replicationMichael Adam3-8/+14
So that it is more obvious what this controls. Michael (This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d)
2008-08-01net rpc vampire: rename --repl-nodiff to --force-full-repl.Michael Adam3-3/+3
This more clear. Michael (This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca)
2008-08-01libnet dssync: rename repl_nodiff flag to force_full_replication.Michael Adam3-3/+3
Michael (This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914)
2008-08-01libnet dssync: support lists of dns (instead of one dn) for single object ↵Michael Adam3-18/+28
replication. Just specify several DNs separated by spaces on the command line of "net rpc vampire keytab" to get the passwords for each of these accouns via single object replication. Michael (This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5)