summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-10-19samba-tool: Improve getopt.py error handlingGiampaolo Lauria1-0/+3
Raise exception when -d or --debuglevel value is <0
2011-10-19s3-docs: Add a clarification note for nss_info primary group membership ↵Günther Deschner2-1/+5
calculation. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 19 03:10:40 CEST 2011 on sn-devel-104
2011-10-19s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support.Günther Deschner2-3/+6
Guenther
2011-10-19s3: Avoid a winbind 100% cpu loopVolker Lendecke1-0/+8
When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104
2011-10-19vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths.Jeremy Allison1-5/+5
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104
2011-10-18The last argument to atalk_build_paths() is always false, remove it.Jeremy Allison1-12/+9
2011-10-18lib/util: skip single hex digit at the end of the input sting - fix ↵Michael Adam1-1/+2
potential segfault The second of two digits was read without checking for the length of the input string. For a non-zero-terminated input string, this might have caused a segfault. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104
2011-10-18lib/util: fix function header comment to strhex_to_str()Michael Adam1-9/+8
The description did not match the function's behaviour.
2011-10-18lib/util: untangle assignent from check in strhex_to_str()Michael Adam1-2/+6
2011-10-18s3-util: dbwrap_tool: add fetch fuctions for hex and stringBjörn Baumbach1-0/+61
Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18s3-util: dbwrap_tool: add store hex functionBjörn Baumbach1-3/+43
Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18selftest:Samba3: fix signature for check_or_start()Michael Adam1-1/+1
2011-10-18selftest:Samba3: fix a message printed when starting winbinddMichael Adam1-1/+1
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce8-52/+59
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
2011-10-18s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.cAndrew Bartlett2-85/+198
This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett
2011-10-18s3-ntlmssp split auth_ntlmssp_client_start() into two partsAndrew Bartlett5-25/+34
This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett
2011-10-18s3-rpc_client remove cli_auth_ntlmssp_data_destructorAndrew Bartlett1-9/+1
This can be an ordinary talloc child without causing any problem. This seems to have been inherited from a time when ntlmssp_client_start() returned malloc() based memory. Andrew Bartlett
2011-10-18s3/doc: add man page for aio_fork vfs moduleBjörn Jacke1-0/+86
thanks to Volker for the content Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
2011-10-18s4:auth/unix_token: match s3 behavior and add uid/gid to the groups arrayStefan Metzmacher1-17/+31
If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-18lib/param: Remove parameters for wins and spoolss databasesAndrew Bartlett4-36/+10
This removes the smb.conf parameters per-database, replacing these with hard-coded database names in well known (and configurable) directories. The wins.ldb is now always in the "state dir", rather than being in both state and lock dir (ie, a bug). Less smb.conf parameters means less parameters to try and sync up between the loadparm subsystems. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 05:39:54 CEST 2011 on sn-devel-104
2011-10-18ldb: Output more error information when a connect failsAndrew Bartlett2-1/+6
2011-10-18s3:auth_util: add the uid with WBC_ID_TYPE_BOTH also to the group arrayStefan Metzmacher1-2/+4
This will help with having "sidHistory" support in future. metze
2011-10-18s3-auth: use typedefs in auth.hAndrew Bartlett1-8/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett24-86/+93
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth fix comment after s3 ntlmssp gensec moduleAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett3-39/+77
This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
2011-10-18ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett3-1/+48
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-smbd Give the nt error string when failing to set up encrypted transportAndrew Bartlett1-3/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett4-87/+229
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: an event context is no longer mandetoryAndrew Bartlett1-10/+0
If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett1-1/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett3-15/+28
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett34-193/+220
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18build: compile gensec_start.c and credentials.c in the autoconf buildAndrew Bartlett2-0/+53
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2-2/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett2-2/+2
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-18credentials: Prioritise command-line specified options above defaults from ↵Andrew Bartlett3-3/+37
smb.conf If a user specified -W or --realm on the command line, then this is of level SPECIFIED, not UNINITIALISED, despite it going via the loadparm system. This helps us to ensure that -W server -Ulocaluser is parsed the same as -Userver\localuser. This matters as otherwise we might instead attempt to use kerberos to the realm from the smb.conf. Andrew Bartlett
2011-10-18s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett5-5/+5
If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
2011-10-18Revert "s4: Mark the winsreplication test as knownfail"Andrew Bartlett1-1/+1
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18Revert "s4:selftest: skip flakey samba4.nbt.winsreplication for now"Andrew Bartlett1-1/+0
This reverts commit 16fd935fc659555c203354b6c96fc23a55be5a3b because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18ldb: fixed a race in ldb initialisationAndrew Tridgell1-1/+9
This fixes a race when two processes initialise the same ldb database at the same time. One of them could fail due to the other creating the @BASEINFO record first. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 18 03:54:42 CEST 2011 on sn-devel-104
2011-10-18libsmbclient: initial ABI signaturesAndrew Tridgell1-0/+170
2011-10-18libsmbclient: add ABI checking and pc fileAndrew Tridgell2-2/+15
this gives us ABI checking for libsmbclient so that the waf build will prevent ABI breakage, and a public version number. The addition of the pc file makes this library available via pkgconfig, including querying of the version number Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-10-17First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.Frank Lahm8-14/+34
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
2011-10-17s3-waf: make sure we always build example pdb modules with --enable-developer.Günther Deschner3-1/+12
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 17 17:39:36 CEST 2011 on sn-devel-104