summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-08-31Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share ↵Jeremy Allison2-15/+182
security descriptor testing.
2012-08-31Add a comment showing where to set log level in tests.Jeremy Allison1-0/+3
2012-08-31Change the S3 fileserver over to se_file_access_check().Jeremy Allison2-7/+10
Don't set the priv_open_requested yet until the open-for-backup request is correctly passed in.
2012-08-31Factor out privilege checking code into se_file_access_check() which takes a ↵Jeremy Allison2-10/+87
bool priv_open_requested parameter.
2012-08-31SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used ↵Jeremy Allison1-8/+7
anywhere. Remove (can re-add if needed). Ensure the privilege rights are always specific rights, not generic. By the time the privilege rights are examined, we've already mapped from generic to specific in the access_mask.
2012-09-01s4-dsdb: Remove unused variablesAndrew Bartlett1-3/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
2012-09-01s4-kdc: Improve grammer and clarity of password change failure messages.Andrew Bartlett1-4/+3
This can still be improved further, but avoid mentioning reasons that clearly do not apply in this case. Andrew Bartlett
2012-09-01s3: Fix warnings in aio_fork.cVolker Lendecke1-2/+4
2012-09-01s3: Remove a shadowing variable declarationVolker Lendecke1-2/+0
2012-09-01s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_contextAndrew Bartlett1-2/+0
This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! Andrew Bartlett
2012-08-31s4 dns: Store TKEYs in a ringbufferKai Blin3-57/+106
This stops us from potentially being DoSed by tons of TKEYs Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
2012-08-31tdb: return unpack error on strdup failureDavid Disseldorp1-0/+3
Signed-off-by: Lars Müller <lars@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Aug 31 21:05:21 CEST 2012 on sn-devel-104
2012-08-31s3: Fix a few "warning: ISO C90 forbids mixed declarations and code"Volker Lendecke1-154/+234
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 31 19:24:47 CEST 2012 on sn-devel-104
2012-08-31s3:build fix autoconf build on RHEL5Christian Ambach1-0/+236
RHEL5 only has autoconf 2.59, so autogen.sh still needs to find autoconf-2.60.m4 somewhere, but it was removed with 5f58359 Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Aug 31 12:50:03 CEST 2012 on sn-devel-104
2012-08-31s3:doc Fix name of timeout parameter in documentationChristof Schmitt1-3/+3
The name is time_audit:timeout, not time_audit:audit_timeout. Signed-off-by: Christian Ambach <ambi@samba.org>
2012-08-31s3:dbwrap_ctdb: Add DB name and key to warning messageChristof Schmitt1-1/+8
When a operation takes too long, it is useful for debugging to know the DB and the key. Signed-off-by: Christian Ambach <ambi@samba.org>
2012-08-31s4 dns: Negotiate GSSAPI-based TKEYsKai Blin4-1/+254
Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104
2012-08-31s4-kdc: Give information on how long the password history isAndrew Bartlett1-1/+2
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104
2012-08-31s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctxAndrew Bartlett1-2/+2
These are only needed for as long as the call, and should be children of the private context. This was found based on a log provided by Ricky Nance <ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky! Andrew Bartlett
2012-08-31auth/credentials: Do not print passwords in a talloc memory dumpAndrew Bartlett1-0/+8
The fact that a password was created here is enough information, so overwrite with the function name and line. Andrew Bartlett
2012-08-31VERSION: Move on to beta9Andrew Bartlett1-2/+2
We home beta8 will be the last beta, but to avoid confusion and allow more releases if required I won't mark it as rc1 until the actual release candidate. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104
2012-08-31VERSION: Mark as the beta8 releaseAndrew Bartlett1-1/+1
2012-08-31WHATSNEW: prepare for 4.0 beta8Andrew Bartlett1-35/+30
2012-08-30The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.Jeremy Allison1-0/+1
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104
2012-08-30Now ACL inheritance flags are working, add test_inheritance_flags() back ↵Jeremy Allison1-5/+10
into raw.acls to ensure we don't regress.
2012-08-30With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS.Jeremy Allison1-1/+0
2012-08-30Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.Jeremy Allison1-3/+7
Change se_create_child_secdesc() to handle inheritance correctly.
2012-08-30Windows does canonicalization of inheritance bits. Do the same.Jeremy Allison1-0/+35
We need to filter out the SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set when an ACE is inherited. Otherwise we zero these bits out. See: http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531 for details.
2012-08-30Change the other two places where we set a security descriptor given by the ↵Jeremy Allison2-25/+2
client to got through set_sd(), the canonicalize sd function.
2012-08-30Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL ↵Jeremy Allison2-14/+28
canonicalization.
2012-08-30Rename set_sd() to set_sd_blob() - this describes what it does.Jeremy Allison3-6/+6
2012-08-30s3:libsmb correctly set isFsctl for snapshot listChristian Ambach1-1/+1
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker otherwise smbclient allinfo will not report snapshots any more with the changes made for Bug #8311 Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
2012-08-30selftest: Remove spoolss tests from knownfail.Andreas Schneider1-66/+0
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
2012-08-30selftest: Add missing printing options for plugin_s4_dc.Andreas Schneider1-0/+24
2012-08-30file_server: Fix spoolss support with s3fs.Andreas Schneider1-1/+1
2012-08-30selftest: Define the log directory for s3fs.Andreas Schneider1-0/+3
2012-08-30auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett3-3/+10
This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
2012-08-29s4-torture: Add start of a test to confirm winbindd PAC parsingAndrew Bartlett3-2/+157
So far this confirms that we can accept a ticket using the secrets.tdb entry. Andrew Bartlett
2012-08-29lib/krb4_wrap: Add const to kt_copy_one_principalAndrew Bartlett2-2/+2
2012-08-29s3:vfs_gpfs: Use directory not file to get fileset idChristof Schmitt2-5/+35
The query of the fileset quota needs to determine the file set id first. With the currently available interface, this requires opening the file to get a file descriptor. For files, this open can fail when a share mode is set. Workaround this by querying the fileset id on the directory instead. The proper solution would be getting an interface for getting the fileset id that does not require opening the file. Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
2012-08-29vfs_media_harmony: fix some compile warnings with llvmBjörn Jacke1-66/+66
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
2012-08-29s3-printing: fix bug 9123 lprng job tracking errorsDavid Disseldorp2-3/+3
The lprng printing back-end is truncating the print job filename in the lpq output, which means that Samba is not able to determine the back-end job ID for a newly submitted print job. Remove the unneeded spoolss job ID from the print job file name to ensure the job filename is not truncated. Also log these warnings at a higher log level. Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
2012-08-29libkrb5: Fix build with MIT Kerberos.Andreas Schneider1-6/+6
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
2012-08-29s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt ↵Andrew Bartlett1-1/+1
array it returns Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
2012-08-29s4-dsdb: Avoid printing secret attributes in ldb trace logsAndrew Bartlett1-0/+8
These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
2012-08-29lib/ldb: Avoid printing secret attributes in ldb trace logsAndrew Bartlett8-14/+352
These are printed when Samba has debug level 10, which is often used for debugging. Instead, print a note to say that this attribute has been skipped. Andrew Bartlett
2012-08-29auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()Andrew Bartlett1-29/+0
2012-08-29auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb recordsAndrew Bartlett1-32/+61
By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett
2012-08-29auth/credentials: Improve memory handling in cli_credentials_set_machine_accountAndrew Bartlett1-26/+26
By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
2012-08-29selftest: Add a test for smbclient --machine-pass without secrets.tdbAndrew Bartlett2-1/+10
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults in the server. This essentially tests both sides. Andrew Bartlett