summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-07-23s3-winbind: Fix bug #9052 resolving our own "Domain Local" groups.Andreas Schneider4-14/+12
We don't resolve our own "Domain Local" groups since bug #7843 has been fixed. So we need to add the add resource groups to the sid list too. Before bug #7843 the "Domain Local" groups were added with a lookupuseraliases call, but this isn't done anymore for our domain so we need to resolve resource groups here. When to use Resource Groups: http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104
2012-07-23Fix problem found by Andrew Bartlett - correctly check encrypted flag.Jeremy Allison1-2/+6
2012-07-23libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATAStefan Metzmacher1-2/+15
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jul 23 20:14:07 CEST 2012 on sn-devel-104
2012-07-23libcli/smb: encrypt SMB2 traffic if nedded/desired.Stefan Metzmacher1-3/+79
metze
2012-07-23libcli/smb: increment nbt_len, when we have the fully created the SMB2 PDUStefan Metzmacher1-1/+2
metze
2012-07-23libcli/smb: maintain smb2.should_sign on smbXcli_req_stateStefan Metzmacher1-26/+11
metze
2012-07-23libcli/smb: make use of SMB2_HDR_BODY as header sizeStefan Metzmacher1-1/+1
metze
2012-07-23libcli/smb: parse the SMB2_TRANSFORM header and decrypt the SMB2 pduStefan Metzmacher1-0/+63
metze
2012-07-23libcli/smb: create 4 iovecs per request in smb2cli_inbuf_parse_compound()Stefan Metzmacher1-16/+25
The first one might hold the SMB2_TRANSFORM Header later. metze
2012-07-23libcli/smb: prepare [en|de]cryption_key for SMB3Stefan Metzmacher1-0/+65
metze
2012-07-23libcli/smb: copy the application_key in smb2cli_session_create_channel()Stefan Metzmacher1-0/+6
metze
2012-07-23libcli/smb: check the buffer length in smbXcli_negprot_dispatch_incoming()Stefan Metzmacher1-1/+8
metze
2012-07-23libcli/smb: only pass the smb2 buffer to smb2cli_inbuf_parse_compound()Stefan Metzmacher1-12/+12
We should hide the transport as much as possible. metze
2012-07-23libcli/smb: add smb2_signing_[en|e]crypt_pdu()Stefan Metzmacher2-0/+141
metze
2012-07-23libcli/smb: construct the signing_key before forming the messageStefan Metzmacher1-31/+31
metze
2012-07-23lib/crypto: add aes_ccm_128Stefan Metzmacher5-2/+227
metze
2012-07-23libcli/smb: add SMB2_SESSION_FLAG_ENCRYPT_DATAStefan Metzmacher1-0/+1
metze
2012-07-23libcli/smb: add SMB2_TRANSFORM macrosStefan Metzmacher1-0/+15
metze
2012-07-23s3:test_smb2: copy the session_channel from the primary channel.Stefan Metzmacher1-1/+1
metze
2012-07-23s3:smb2_tcon: reject access to shares mark as "smb encrypt = required"Stefan Metzmacher1-0/+8
We do not support SMB2 transport encryption yet. metze
2012-07-23s3-winbind: Fix idmap initialization debug message.Guenther Deschner2-2/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jul 23 18:19:00 CEST 2012 on sn-devel-104
2012-07-23s3:smbd: if a fsp has fsp->deferred_close, clients shouldn't be able to use itStefan Metzmacher1-2/+18
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jul 23 16:22:03 CEST 2012 on sn-devel-104
2012-07-22s4-classicupgrade: Add unix attributes during upgradeGeza Gemes1-1/+108
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
2012-07-22s4 rfc2307 gids mapping fixSergey Urushkin1-7/+8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-20Use ippGet/ippSet (accessors) for IPP API.Jiri Popelka2-176/+259
CUPS 1.6 makes various structures private and introduces these ippGet and ippSet functions for all of the fields in these structures. http://www.cups.org/str.php?L3928 We define our own accessors when CUPS < 1.6. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 22:35:55 CEST 2012 on sn-devel-104
2012-07-20Remove source3/lib/pidfile.cJeremy Allison4-101/+1
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 20 03:57:20 CEST 2012 on sn-devel-104
2012-07-19Move everything to use the common pidfile functions.Jeremy Allison8-13/+20
The extra code in source3/lib/pidfile.c is no longer needed.
2012-07-19Fix the configure build - add lib/util/pidfile.o into UTIL_OBJ.Jeremy Allison1-1/+1
2012-07-19Make the s3 pidfile use the common code inside lib/util/pidfile.cJeremy Allison5-141/+31
2012-07-19Add debugs to functions. Add pidfile_unlink().Jeremy Allison2-0/+25
2012-07-19Move source4/smbd/pidfile into lib/util in preparation for making it in common.Jeremy Allison15-29/+49
2012-07-19s3-param: Remove special case for lp_ctdbd_socket(), set CTDB_PATH as defaultAndrew Bartlett2-13/+6
This changes the default based on the #ifdef rather than an override on a parameter value of "" The less special override functions we have the easier it is to merge the loadparm tables. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jul 19 09:56:01 CEST 2012 on sn-devel-104
2012-07-19lib/param: bring lp_smb_ports() into common by making it a list everywhereAndrew Bartlett5-26/+14
2012-07-19s3-param: Make lp_name_resolve_order() return a listAndrew Bartlett8-41/+32
This allows this parameter, one of the few with differing declarations between the loadparm systems, to be brought into common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-19s4-param: Remove unused "idmap trusted only"Andrew Bartlett2-18/+0
When we revamp the idmap layer, we will end up just following the s3 options, and this option is not used there either. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-19lib/param: Add my copyrightAndrew Bartlett1-0/+1
2012-07-19lib/param: bring lp_time_server() into commonAndrew Bartlett3-2/+1
2012-07-19s3-auth Use correct RID for domain guests primary groupAndrew Bartlett1-1/+1
This was incorrect in commit 9dd7e7fc2d6d1aa7f3c3b741ac134e087ce808fd as the RID was from the BUILTIN domain, but this creates a guest account token for the real domain. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jul 19 05:56:28 CEST 2012 on sn-devel-104
2012-07-19s3-rpc_server: Remove make_server_info_info3() call from ↵Andrew Bartlett1-52/+3
make_server_pipes_struct() This codepath would only be executed if we provided a partial session_info token across the named pipe forwarding code. The smbd file server always fills this in, and if the ntvfs file server ever wants to use an smbd hosted pipe, it can do the same. Calling create_local_token is always the wrong thing to do. Andrew Bartlett
2012-07-19auth/credentials: Remove extra newlineAndrew Bartlett1-1/+1
2012-07-19selftest: Run unix.whomai against the machine acccount as wellAndrew Bartlett1-0/+2
This shows that the machine account got an extra SID in the token for domain users. Andrew Bartlett
2012-07-19Revert "s3:auth make sure the primary group sid is usable"Andrew Bartlett1-30/+13
This reverts commit 00089fd74af740f832573d904312854e494a869e. The issue with this patch, which I did sign off on, is that for the domain member case, we already know that the SID is reasonable and valid, and we indeed rely on that, because we keep it as an additonal group anyway. The primary group is not so special that we need to do extra validation. Calling this function may put a user into the domain 'domain users' group, even if they are not in that group to start with. Andrew Bartlett
2012-07-19s4-torture: Move check of map-to-guest above SID list checkAndrew Bartlett1-13/+13
This makes it easier to interpret failing output. Andrew Bartlett
2012-07-19s4-torture: Allow unix.whoami to test against a member serverAndrew Bartlett3-16/+63
This compares only the domain SIDs betwen the two servers, rather than the full token, as well known and other SIDs may be added locally in both cases. This also expands the test environments this is run against to verify this between our AD server and domain members. Andrew Bartlett
2012-07-19s4-torture: Also print GID values in whoami testAndrew Bartlett1-0/+3
2012-07-19torture: Print SIDs as additional debug output in unix.whoamiChristof Schmitt1-0/+4
2012-07-19s3-aio: Panic if we try to close a fsp with outstanding aio requestsVolker Lendecke3-18/+15
The core smbd must have taken care of this. If we don't do this properly, we have a race of the close(2) against a pwrite(2). We might end up writing to the wrong file. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 19 03:40:17 CEST 2012 on sn-devel-104
2012-07-18s3-smb2: Postpone close_file until all aio is handledVolker Lendecke1-0/+52
Thanks to Jeremy for this simple idea Signed-off-by: Jeremy Allison <jra@samba.org>
2012-07-18s3-smb1: Postpone close_file until all aio is handledVolker Lendecke3-1/+95
Thanks to Jeremy for this simple idea Signed-off-by: Jeremy Allison <jra@samba.org>
2012-07-18s3: Add tevent_wait_send/recvVolker Lendecke4-0/+122
To me it seems that we might have this functionality already somewere... I just can't find it. Metze, do you have an idea? Signed-off-by: Jeremy Allison <jra@samba.org>