summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2009-07-28s4:kerberos Add support for user principal names in certificatesAndrew Bartlett8-42/+161
This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett16-39/+419
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Fix the build breakage by #including modules/vfs_acl_common.cJeremy Allison5-50/+33
into acl_tdb and acl_xattr. Duplicates the code size, but keeps the code in common so I don't have to do bug fixes in two places (which is what I really cared about). Jeremy.
2009-07-27s3: net ads user info should print primary group as well (bug #2658)Kai Blin1-15/+57
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and offering an initial patch.
2009-07-27umount.cifs: do not attempt to update /etc/mtab if it is symbolic linkShirish Pargaonkar1-3/+4
If /etc/mtab is a symbolic link to e.g. /proc/mounts, do not update it. This is a fix for a bug reported in 4675 on samba bugzilla Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
2009-07-27frstrans.idl: add definition of frstrans_InitializeFileTransferAsync()Stefan Metzmacher1-1/+79
metze
2009-07-27frstrans.idl: add definition of frstrans_AsyncPoll()Stefan Metzmacher1-1/+32
metze
2009-07-27frstrans.idl: add definition of frstrans_RequestVersionVector()Stefan Metzmacher1-1/+19
metze
2009-07-27frstrans.idl: add definition of frstrans_RequestUpdates()Stefan Metzmacher1-1/+54
metze
2009-07-27frstrans.idl: add definition of frstrans_EstablishSessionStefan Metzmacher1-1/+4
metze
2009-07-27frstrans.idl: add definition of frstrans_EstablishConnection()Stefan Metzmacher1-1/+17
metze
2009-07-27frstrans.idl: add definition of frstrans_CheckConnectivity()Stefan Metzmacher1-1/+4
metze
2009-07-27librpc: rerun "make idl_full"Stefan Metzmacher6-14/+14
metze
2009-07-27pidl: allow foo being on the wire after [length_is(foo)] uint8 *bufferStefan Metzmacher1-0/+4
metze
2009-07-27pidl: add support for [string] on fixed size arrays.Stefan Metzmacher3-2/+117
midl also supports this: struct { long l1; [string] wchar_t str[16]; long l2; }; Where the wire size of str is encoded like a length_is() header: 4-byte offset == 0; 4-byte array length; The strings are zero terminated. metze
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher10-361/+8
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27Lift the event loop in rpc_api_pipe_req() one level into cli_do_rpc_ndrVolker Lendecke4-72/+126
2009-07-27Fix a valgrind error in chain_replyVolker Lendecke2-3/+12
construct_reply() references the request after chain_reply has freed it.
2009-07-27Fix a typoVolker Lendecke1-1/+1
2009-07-27Fix a valgrind error in winbindVolker Lendecke1-1/+2
When looking for idle clients, we dereferenced state->response. As this is dynamically allocated now, the proper test is whether state->response exists at all. This is the case when an async operation is in process at that moment.
2009-07-27s4:kerberos Add test to show that we actually export the keytabAndrew Bartlett3-1/+69
While it is hard to prove it is correct, at least the new 'nettestuser' principal and the Administrator principal are correct. We had to fix the case of 'Administrator' in the selftest code to match the DB, as the keytab lookup is case sensitive. Andrew Bartlett
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett10-8/+361
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett6-29/+39
This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
2009-07-27s4:setup add 'cn' attribute to Samba4 local schemaAndrew Bartlett1-0/+4
(We recently made the ms_schema.py script also add this attribute)
2009-07-27s4:heimdal Extend the 'hdb as a keytab' codeAndrew Bartlett1-4/+145
This extends the hdb_keytab code to allow enumeration of all the keys. The plan is to allow ktutil's copy command to copy from Samba4's hdb_samba4 into a file-based keytab used in wireshark. One day, with a few more hacks, we might even make this a loadable module that can be used directly... Andrew Bartlett
2009-07-27s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett5-63/+90
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
2009-07-27docs: fix typos in the net man page.Michael Adam1-3/+3
Noted by Oota Toshiya <t-oota@dh.jp.nec.com> . Michael
2009-07-27Fix some nonempty blank linesVolker Lendecke1-105/+103
2009-07-27Fix a valgrind error in cli_ctemp_doneVolker Lendecke1-1/+3
For performance reasons cli_smb_recv does not make copies of the buffers we received from the client, so both "vwv" and "bytes" vanish with TALLOC_FREE(subreq). I know this is a bit counter-intuitive, but I think in this case it's justified not to make copies. Comments?
2009-07-26Fix valgrind errors in DeleteDomainGroup and DeleteDomAliasVolker Lendecke1-4/+4
2009-07-26Fix a valgrind error in _samr_DeleteUserVolker Lendecke1-2/+2
The close_handle invalidates uinfo
2009-07-25Fix a 32/64bit stack corruption bugVolker Lendecke1-1/+1
2009-07-25Cleanup patch after "new VFS"Volker Lendecke1-1/+1
2009-07-25Cleanup patch after "struct stat_ex"Volker Lendecke1-2/+2
2009-07-25Remove a pointless static fstringVolker Lendecke1-5/+3
2009-07-25No explicit initialization necessary for a zero blobVolker Lendecke1-3/+1
2009-07-25Move 16 bytes from data to r/o text segmentVolker Lendecke1-1/+1
2009-07-25Fix a winbind memleakVolker Lendecke1-0/+1
2009-07-25Use a switch statement in charset_name()Volker Lendecke1-8/+24
2009-07-25Fix some nonempty blank linesVolker Lendecke1-17/+17
2009-07-25First patch for "new VFS" portabilityVolker Lendecke1-5/+5
2009-07-24s3: Convert a few callers of unix_convert() over to filename_convert()Tim Prouty8-112/+90
This patch also changes the unix convert flags to make sure the correct semantics are preservered for allowing/disallowing wildcards in the last component of the path.
2009-07-24s3: Remove a few callers of get_full_smb_filename()Tim Prouty2-45/+81
2009-07-24s3 onefs: Fix the onefs modules after the big refactoringTim Prouty5-22/+22
2009-07-24Factor out common code into vfs_acl_common.c.Jeremy Allison5-1274/+682
Jeremy.
2009-07-24s3: Simplify rename_internals() by passing in smb_filename structsTim Prouty4-157/+127
2009-07-24s3: Allow filename_convert() to pass through unix_convert_flags and let the ↵Tim Prouty8-42/+88
caller know if the path has a wildcard This also eliminates the need for resolve_dfspath().
2009-07-24Make acl_tdb match acl_xattr. Large duplication ofJeremy Allison1-68/+225
code here needs tidying up. Compiles but not yet tested. Jeremy.
2009-07-24For some strange reason using :Jeremy Allison3-6/+5
uint8 hash[XATTR_SD_HASH_SIZE]; doesn't have the same effect as : uint8 hash[64]; Jeremy.
2009-07-24Fix hash function in acl_xattr to be SHA256, makeJeremy Allison6-90/+249
the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.