summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-11-17s4-s3-upgrade Test getdomainsid as wellAndrew Bartlett1-0/+2
2011-11-17s3-net Do not look for a local SID when we are a DCAndrew Bartlett1-7/+8
If we are actually a DC, then the only SID we have is the domain SID, and looking for it under the local name fails if we are a Samba4 AD DC. Andrew Bartlett
2011-11-17lib/param simplify server role values specified in smb.confAndrew Bartlett1-5/+1
The pdc/bdc split is only in smb.conf for Samba3 DCs, and so is too confusing to document in this paramter. It will be clearer to sort out "domain master" into a "pdc emulator" paramter to conver this distinction. Andrew Bartlett
2011-11-17docs: Add documentation for server roleAndrew Bartlett2-1/+75
2011-11-17libds: Make server role values explicit for easier debuggingAndrew Bartlett1-1/+6
2011-11-17param: use lp_is_security_and_server_role_valid()Andrew Bartlett1-5/+11
This also permits a few more valid combinations, due to the layer at which this is being used. Andrew Bartlett
2011-11-17param: Check if server role and security parameters are conflictingAmitay Isaacs2-0/+40
2011-11-17lib/param: Add tests for security= behaviour now it operates with server roleAndrew Bartlett1-0/+41
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: Connect lp_security to the lib/param code to allow testsAndrew Bartlett3-0/+12
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17s4-provision permit server role to be the ROLE_ strings from s3Andrew Bartlett3-18/+20
Also convert between the aliases in one single place. Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: Add tests for automatic server role guessingAndrew Bartlett1-0/+81
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17py-param: Add python interface to get server_roleAmitay Isaacs1-0/+15
2011-11-17param: Move enum values into a common (included) .c fileAndrew Bartlett3-164/+114
This #include hack is required as it is not possible to declare a compile-time sized array in a header file. Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: move server role helpers into loadparm.hAndrew Bartlett5-34/+5
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17s4-s3-upgrade Add test of net getlocalsid after the upgradeAndrew Bartlett1-0/+4
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: calculate server role from security, and security from server roleAndrew Bartlett11-39/+132
This allows smb.conf files from either the samba3 or samba4 tradition to come to the same value of server role, using the information in the smb.conf file. This is important so that tools like 'net getlocalsid' work against a Samba4 AD installation (yes, users have tried this). Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17s3-param remove lp_domain_logons(), always use IS_DCAndrew Bartlett6-6/+4
This makes the code internally consistant. Andrew Bartlett Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17param: make server role list common and include auto (for the new default)Andrew Bartlett2-4/+17
Pair-Programmed-With: Amitay Isaacs <amitay@samba.org>
2011-11-17roles: Add ROLE_AUTO to indicate that the server role is calculatedAmitay Isaacs1-1/+4
2011-11-17s3-param: Add "server role" as global parameterAmitay Isaacs3-10/+31
This will help extracting server role processing code in common library.
2011-11-17param: Add "domain logons" and "domain master" parametersAmitay Isaacs2-0/+22
This makes parsing of config files with s3 loadparm code and s4 loadparm code consistent.
2011-11-16s3-libsmb/passchange.c: remove some cli_nt_error() callsBjörn Baumbach1-2/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 16 20:36:11 CET 2011 on sn-devel-104
2011-11-16s3-winbindd/winbindd_cm.c: remove cli_nt_error()Björn Baumbach1-8/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3-libsmb/clidfs.c: remove cli_nt_error()Björn Baumbach1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3:winbindd_cm: remove unused ads_statusStefan Metzmacher1-3/+0
metze
2011-11-16s3-torture: remove all cli_nt_error() calls in tortureBjörn Baumbach1-12/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3-torture: replace cli_errstr() with nt_errstr()Björn Baumbach1-6/+10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3-libsmb: introduce option to disable dos error mappingBjörn Baumbach3-1/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-16s3:smbd: calculate the negprot signing flags from the signing_stateStefan Metzmacher1-3/+10
We should map from lp_server_signing() just once in srv_init_signing(). metze Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
2011-11-16s3: Fix wbinfo socket dir path.Andreas Schneider1-0/+7
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Wed Nov 16 17:19:56 CET 2011 on sn-devel-104
2011-11-16Revert "Fix bug #8453 - smbclient segfaults when dialect option -m is used ↵Stefan Metzmacher1-13/+0
for legacy dialects" This reverts commit f261ac1932ecdae925b27301aa3e907757845a85. We now handle that in cli_state_create(). metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 16 15:44:05 CET 2011 on sn-devel-104
2011-11-16s3:libsmb: always init cli->{server_os,server_domain,server_type}Stefan Metzmacher1-0/+13
We should do that at creation time of cli_state. metze
2011-11-16s3-waf: create a smbldap.so library.Günther Deschner4-6/+10
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Nov 16 14:03:05 CET 2011 on sn-devel-104
2011-11-16s3-smbldap: remove dependency to secrets subsystem.Günther Deschner1-17/+4
Guenther
2011-11-16s3-smbldap: extend smbldap_init() with binddn/bindsecret arguments.Günther Deschner5-6/+39
Guenther
2011-11-16s3-smbldap: remove duplicate prototype of smbldap_init().Günther Deschner1-3/+0
Guenther
2011-11-16s3-net: use better state variable name for smbldap_state.Günther Deschner1-9/+9
Guenther
2011-11-16s3-passdb: split out passdb/pdb_ldap_schema.cGünther Deschner13-327/+385
Guenther
2011-11-16s3: move smbldap_util to pdb_ldap_util.Günther Deschner8-21/+52
Guenther
2011-11-16s3-smbldap: use include/smb_ldap.h in smbldap.hGünther Deschner1-1/+1
Guenther
2011-11-16lib/util/debug: with log level = 10 we should be more verboseStefan Metzmacher1-3/+9
log level = 10 already impacts performance, so we can turn on more details and print the pid, [e][u|g]id and class information. So it implies "debug pid = yes", "debug uid = yes" and "debug class = yes". This generates a lot more useful log files. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 16 12:25:02 CET 2011 on sn-devel-104
2011-11-16provision: Set the security descriptor while creating partitionsAmitay Isaacs2-12/+4
With Matthieu's patch, the setting of security descriptor on partition dn at create time works correctly. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Nov 16 08:54:25 CET 2011 on sn-devel-104
2011-11-16s4-dsdb: rework the NC detection for the descriptor calculationMatthieu Patou1-12/+31
This checks if instanceType attribute is available, and if INSTANCE_TYPE_IS_NC_HEAD bit is set. If the bit is set, then the DN is NC root and security descriptor is not inherited from parent SD. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2011-11-16s3-s4-upgrade: do not add description if it is empty string or noneAmitay Isaacs1-6/+12
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Nov 16 05:53:41 CET 2011 on sn-devel-104
2011-11-16Final part of patchset to fix bug #8556 - ACL permissions ignored when ↵Jeremy Allison3-16/+51
SMBsetatr is requested. This now plumbs access checks through all setattr calls. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
2011-11-15Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). ItJeremy Allison3-8/+17
is called from places like fileio.c that need to update the write time on a file handle only open for write, without neccessarily having FILE_WRITE_ATTRIBUTES permission. Move all checks to before the smb_set_file_time() callers.
2011-11-15Always set the attribute first, before the time.Jeremy Allison1-7/+7
2011-11-15Move handle-based access check into handle codepath.Jeremy Allison1-4/+4
2011-11-15We've already checked fsp must be non-null here.Jeremy Allison1-1/+1
2011-11-15Remove unneeded access check. This is done inside smb_set_file_time().Jeremy Allison1-4/+0