summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-06-21s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals ↵Christian Ambach1-4/+33
with BUILTIN when creating a BUILTIN group, make the strategy dependent on passdb backend behavior 1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument so it asks winbindd for a gid to be used 2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias create the mapping based on the gid that was determined in the mapping request Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
2013-06-21s3:passdb add a gid argument to pdb_create_builtin_aliasChristian Ambach4-15/+25
make it possible to skip the allocation of a new gid from winbind by specifying the gid to be used Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:utils/net_sam make use of pdb_create_builtin helper functionChristian Ambach1-1/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb expose pdb_create_builtin functionChristian Ambach3-3/+5
this one first tries to map the principal before allocating a new gid Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_tdb add parameter to control handling of BUILTINChristian Ambach1-0/+10
with tdbsam:map builtin, one can control if tdbsam should be used to map entries from BUILTIN or not. By default, they will be mapped (as in older releases) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_ldap remove an unnecessary checkChristian Ambach1-4/+0
as general passdb code already verifies for which idmap domains the module is responsible, requests for other domains should not come in here any more Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_ldap make the module handle well-knownChristian Ambach1-0/+7
overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb make pdb_sid_to_id honor backend responsibilitiesChristian Ambach1-0/+7
only ask passdb backend for mapping if it is responsible Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/pdb_samba_dsdb make the module handle well-knownChristian Ambach1-0/+7
overwrite the passdb defaults and let this module handle well-knowns Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:lib/util_sid_passdb make use of pdb_is_responsible_for_* functionsChristian Ambach1-15/+34
ask passdb to determine if sid/object should be handled by passdb or not Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb add pdb_*_is_responsible_for* functionsChristian Ambach3-0/+84
allows PDB modules to specify for which special domains they are responsible when it comes to SID->xid conversion By default, passdb modules will be responsible for local BUILTIN, local SAM and Unix Users/Groups Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb add idmap control functionsChristian Ambach1-1/+8
make it possible for each backend to specify for which domains it should be asked for SID->xid mappings Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/samba_dsdb fix some compiler warningsChristian Ambach1-2/+2
about gids and group_sids being potentially uninitialized Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:passdb/samba_dsdb fix a compiler warningChristian Ambach1-1/+1
about discarding const modifier Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-21s3:utils/net_lookup fix a format-errorChristian Ambach1-1/+1
clang complains about short being used for unsigned as format-error Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-06-20s4-winbind: Add special case for BUILTIN domainAndrew Bartlett3-20/+37
This should mean that lookups for the BUILTIN domain cause less trouble then they have in the past, because they will no longer go via the trusted domain handler. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 20 15:30:00 CEST 2013 on sn-devel-104
2013-06-20Fix bug #9166 - Starting smbd or nmbd with stdin from /dev/null results in ↵Jeremy Allison4-6/+54
"EOF on stdin" Only install the stdin handler if it's a pipe or fifo. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett26-37/+38
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-06-18Re-add umask(0) code removed by commit 3a7c2777ee0de37d758fe81d67d6836a8354825eJeremy Allison1-2/+7
Without the umask code the pipe permissions are affected by the umask of the calling process. As only smbd currently sets its umask to zero (nmbd and winbindd should do the same) this causes the winbindd pipe to be unavailable to the nss library code unless winbindd is run from an init process that explicitly sets umask to zero. When testing from the command line this can be hard to track down :-). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jun 18 04:31:27 CEST 2013 on sn-devel-104
2013-06-18Fix xx_path() - return check from mkdir() is incorrect.Jeremy Allison1-3/+8
This is very old code, but mkdir() fails with -1, not 0. Only print the error message is mkdir failed with anything other than EEXIST. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
2013-06-17docs/vfs_catia: rework man pageDavid Disseldorp1-32/+39
The vfs_catia man page refers to two configuration variants, one applying to Samba <= 3.4.x and one referring to Samba >= 3.5.x. This change removes all information specific to Samba <= 3.4.x, as such versions have been discontinued. This change also improves formatting and nomenclature: configuration parameters, examples and caveats are split into separate sections, and server-side/client-side terms replace the ambiguous use of Unix and Windows. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jun 17 23:23:57 CEST 2013 on sn-devel-104
2013-06-17docs/vfs_catia: remove space-char mapping recommendationDavid Disseldorp1-3/+3
The vfs_catia man page currently recommends the mapping of server-side space-characters (0x20) to client-side plus-minus characters (0xb1). This recommendation should not be made, as 0x20 is a valid filename component on both system character sets. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-17vfs_catia: use translate direction enum instead of intDavid Disseldorp1-1/+1
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-17vfs_streams_xattr: Do not attempt to write empty attribute twiceChristof Schmitt1-31/+11
The create disposition FILE_OVERWRITE_IF is mapped to the flags O_CREAT|O_TRUNC. In vfs_streams_xattr, this triggers two calls to SMB_VFS_SETXATTR. The second can fail if O_EXCL is also set, resulting in an unnecessary error. Merge the identical code to handle O_CREAT and O_TRUNC to avoid setting an empty attribute twice. Also add the flags parameter to the debug message. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-14librpc: Shorten dcerpc_binding_handle_call a bitVolker Lendecke1-13/+6
... saves 200 bytes on 64 bit Linux with -O3 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Jun 14 22:27:43 CEST 2013 on sn-devel-104
2013-06-14librpc: Use tevent_req_poll_ntstatusVolker Lendecke1-2/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14libsmbclient: Fix typosVolker Lendecke1-4/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14tsocket: Add some constVolker Lendecke2-3/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14gencache: Simplify gencache_init a bitVolker Lendecke1-13/+16
Use the implicit cleanup facility CLEAR_IF_FIRST provides Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-14genrand: Slightly simplify do_reseedVolker Lendecke1-13/+11
The only caller set "use_fd" to "true". Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 14 20:29:56 CEST 2013 on sn-devel-104
2013-06-14tevent: Fix Coverity ID 989236 Operands don't affect resultVolker Lendecke1-1/+1
"unsigned" could be less than uint64_t, so idx==UINT64_MAX is always false. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-13dsdb: remove a wrong comment in dsdb_check_access_on_dn_internal()Stefan Metzmacher1-4/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 13 18:19:24 CEST 2013 on sn-devel-104
2013-06-13dsdb: don't allow a missing nTSecurityDescriptor in ↵Stefan Metzmacher1-3/+3
dsdb_get_sd_from_ldb_message() Every object has a nTSecurityDescriptor attribute. This also avoids potential segfaults in the callers. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-06-13dsdb: use AS_SYSTEM | SHOW_RECYCLED for access check searchesStefan Metzmacher1-1/+7
We need AS_SYSTEM in order to get the nTSecurityDescriptor attribute. Also the result of this search not controlled by the client nor is the result exposed to the client. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:smb_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+1
We should call irpc_add_name() when we start the smb_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:rpc_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+1
We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13s4:ldap_server: call irpc_add_name() at startup (bug #9905)Stefan Metzmacher1-0/+3
We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-13dsdb repl_meta_data: Use dsdb_request_add_controls()Andrew Bartlett1-18/+1
This makes the code easier to read. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jun 13 11:15:01 CEST 2013 on sn-devel-104
2013-06-13Initialize the file descriptor in the files_struct before trying to close ↵Christof Schmitt1-0/+1
it. Otherwise, if one of the SETXATTR calls had failed, the close() call will return EBADF. Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <rsharpe@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jun 13 01:43:18 CEST 2013 on sn-devel-104
2013-06-12tevent: Link the tutorial on the mainpage.Andreas Schneider2-157/+535
Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 12 19:54:30 CEST 2013 on sn-devel-104
2013-06-12tevent: Add tevent tutorial files.David Koňař8-0/+1034
Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-06-12s3-libads: Print the debug string of a failed call with LDAP_OTHER.Andreas Schneider1-0/+18
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 12 13:46:57 CEST 2013 on sn-devel-104
2013-06-12krb5wrap: Move mask to the right position.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-12dsdb-tests ldap.py: Add test for usn behaviour on certain changesAndrew Bartlett1-54/+155
This probes when the usn is updated, and when it is not. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 12 11:54:01 CEST 2013 on sn-devel-104
2013-06-12dsdb-tests ldap.py: Fix quoting of print statementsAndrew Bartlett1-10/+10
While python didn't mind (oddly) it really confused my editor. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12dsdb: Fix behaviour for when to update the USN when there is no changeAndrew Bartlett1-6/+28
This handles deletions and replacements with no value, or with an exactly specified value, as well as modifies. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-06-12dsdb: Allow dsdb_find_dn_by_guid to show deleted DNsAndrew Bartlett5-9/+17
This helps us in the KCC as we need to return the deleted DN for the GUID in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12python samba-tool drs: Correctly print KCC references to deleted serversAndrew Bartlett1-3/+12
Tested against Windows 2008R2, presumably before the KCC ran. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12Fix bug #9932 - Currently the maximum number of aces in an SD is limited to ↵Partha Sarathi1-1/+1
1000, but Microsoft supports around 1800. Issue description: I was trying to add maximum number of aces on Microsoft share, where I was able to add nearly 1800 aces on a file/folder SD. But Samba does not support adding 1800 aces to SD instead it limited to 1000. Expected behavior: Ideally SAMBA should also support as like Windows to compare with Windows standard. Set to 2000 until we add EA limits in the server. Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 12 02:52:36 CEST 2013 on sn-devel-104
2013-06-12smbd: Remove an unused variableVolker Lendecke1-2/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 12 01:00:44 CEST 2013 on sn-devel-104