summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-07-27s3-rpc_client: Close hive if opening of the key fails.Andreas Schneider1-1/+11
2011-07-27s3-rpc_server: Copy correct local tsocket address.Andreas Schneider1-1/+1
2011-07-27s3:idmap_tdb2: remove the undocumented option of the silly name "tdb:idmap2.tdb"Michael Adam1-5/+1
In ancient times, when ctdb had not support for persistent databases and tdb2 was introduced as a two-layer solution and it was more important than today to be able to change the location of the permanent database file because it had to reside on shared storage. But these were times when idmap_tdb2 was not even officially released. Nowadays, with ctdb handling the persistent idmap2.tdb database, the path is stripped anyways, so this undocumented option has become unnecessary and is hence removed. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104
2011-07-27s3:idmap_tdb2: remove a legacy commentMichael Adam1-1/+0
2011-07-27s3:idmap_tdb2: remove legacy commentMichael Adam1-2/+0
2011-07-27s3:idmap_tdb2: remove superfluous initialization with bogus commentMichael Adam1-3/+0
2011-07-27s3:idmap_tdb2: fix a legacy comment that does not apply any moreMichael Adam1-2/+1
2011-07-27s3:doc: add an example with idmap script to the idmap_tdb2 manpageMichael Adam1-0/+12
2011-07-27s3:docs: remove legacy text from the example in the idmap_tdb2 manpageMichael Adam1-2/+0
2011-07-27s3:doc: clarify the idmap script section in the idmap_tdb2 manpageMichael Adam1-7/+9
2011-07-27s3:docs:idmap_tdb2: update the documentation of idmap scriptMichael Adam1-2/+16
to reflect the new variant "idmap config * : script" of configuring the idmap script
2011-07-27s3:idmap_tdb2: deprecate the idmap:script parameter and use "idmap config * ↵Michael Adam1-18/+21
: script" instead With this patch, "idmap config * : script" will override "idmap : script". If "idmap : script" is present, a deprecation warning will be printed in any case. If "idmap config * : script" is not set, then the value of "idmap :script" will be used for backwards compatibility.
2011-07-27waf: update to latest waf 1.5 versionAndrew Tridgell1-0/+0
this includes an on_results fix from thomas that fixes a dependency problem with our autoproto code Note that this changes task signatures, so it will trigger a complete rebuild Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jul 27 04:27:32 CEST 2011 on sn-devel-104
2011-07-27Fix bug #8324 - smbclient cannot list directories from a big-endian machine.Jeremy Allison1-2/+2
Two uses of the setup array are not being correctly byte-swapped to little endian. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jul 27 03:14:48 CEST 2011 on sn-devel-104
2011-07-27s3: cli_close_done->write_andx_done in test_async_echoVolker Lendecke1-2/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jul 27 02:03:49 CEST 2011 on sn-devel-104
2011-07-27s3: Fix a debug messageVolker Lendecke1-1/+1
2011-07-27s3: Fix formattingVolker Lendecke1-2/+4
2011-07-27s3: Fix an error messageVolker Lendecke1-1/+1
2011-07-27s3: Fix async smb handlingVolker Lendecke2-9/+22
In cli_echo with more than one response we ended up with more than one read_smb request. One from the call to cli_smb_req_set_pending called from cli_smb_received. The other one from cli_smb_received itself. I don't really see another way to deal with this than to hold the read_smb request in the cli_state. Metze, please check! Volker
2011-07-27s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 ↵Matthieu Patou1-1/+15
loops when joining s4 domains Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Jul 27 00:46:56 CEST 2011 on sn-devel-104
2011-07-26s4-dsdb: Improve the calculation of system flags according to 3.1.1.5.2.4Matthieu Patou1-2/+3
2011-07-26s4-upgradeprovision: Detect recent provision in a more reliable wayMatthieu Patou1-1/+12
2011-07-26s3 swat: Create random nonce in CGI modeKai Blin1-1/+19
In CGI mode, we don't get access to the user's password, which would reduce the hash used so far to parameters an attacker can easily guess. To work around this, read the nonce from secrets.tdb or generate one if it's not there. Also populate the C_user field so we can use that for token creation. Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jul 26 23:33:24 CEST 2011 on sn-devel-104
2011-07-26s3 swat: Add time component to XSRF tokenKai Blin2-5/+25
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to printer pageKai Blin1-10/+18
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to password pageKai Blin1-3/+8
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to shares pageKai Blin1-5/+13
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to globals pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to wizard_params pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to viewconfig pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add XSRF protection to status pageKai Blin1-0/+7
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3 swat: Add support for anti-XSRF tokenKai Blin2-0/+59
2011-07-26s3 swat: Allow getting the user's HTTP auth passwordKai Blin2-0/+10
Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26s3-swat: Fix typo.Karolin Seeger1-1/+1
Thanks to Simo for reporting! Karolin (cherry picked from commit 9f73c1990a19daa899fa5345530a867e69a5be94) (cherry picked from commit bcb052c29212954a3ed10c9f095c51e4e0a96af5)
2011-07-26s3 swat: Fix possible XSS attack (bug #8289)Kai Blin1-12/+2
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack against SWAT, the Samba Web Administration Tool. The attack uses reflection to insert arbitrary content into the "change password" page. This patch fixes the reflection issue by not printing user-specified content on the website anymore. Signed-off-by: Kai Blin <kai@samba.org>
2011-07-26talloc: Support PYTHON environment variable.Jelmer Vernooij1-0/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 22:21:30 CEST 2011 on sn-devel-104
2011-07-26s3-build: Only define ldb3 when not in standalone build.Jelmer Vernooij1-4/+3
This prevents errors about it by 'make SYMBOLCHECK=1' if there is a system ldb present. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 18:21:48 CEST 2011 on sn-devel-104
2011-07-26shares: Remove dependencies on share modules.Jelmer Vernooij1-1/+1
The build system will already pull these in - if necessary.
2011-07-26s4:samba-tool: ldapcmp needs CredentialsOptionsDoubleStefan Metzmacher1-0/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 26 17:09:32 CEST 2011 on sn-devel-104
2011-07-26s3:lib change default share security access maskChristian Ambach1-3/+3
when there is no share SD set, the default share SD that is used e.g. for the output of sharesec -v defaults to a value that is not equivalent to the desired FULL access. This is a more or less a cosmetical follow-up for the patches in Bug #8201 that makes them more consumeable by printing FULL (that is what the user expects) instead of a bitmask in hexadecimal form. previous output: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/0x101f01ff with patch: REVISION:1 OWNER:(NULL SID) GROUP:(NULL SID) ACL:S-1-1-0:ALLOWED/0/FULL Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue Jul 26 15:57:55 CEST 2011 on sn-devel-104
2011-07-26libsamba-util: Build in libbitmap.Jelmer Vernooij3-11/+4
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Tue Jul 26 14:45:27 CEST 2011 on sn-devel-104
2011-07-26policy: Rename to samba-policy to avoid name space clashes.Jelmer Vernooij3-6/+6
2011-07-26cli_composite: Lowercase name.Jelmer Vernooij4-5/+5
2011-07-26cli_smb_common: Lowercase name.Jelmer Vernooij3-7/+7
2011-07-26cli_cldap: Lowercase name.Jelmer Vernooij6-6/+6
2011-07-26cli_spools: Lowercase name.Jelmer Vernooij1-5/+5
2011-07-26s3: Fix MIT trustsVolker Lendecke1-0/+5
Winbind can't really cope with trusts that don't have a SID associated. This happens with external MIT trusts for example. This filters them out when sending the trust list from child to parent. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jul 26 11:39:53 CEST 2011 on sn-devel-104
2011-07-26s4:kdc: canonicalize the principal if HDB_F_FOR_TGS_REQ is givenStefan Metzmacher1-2/+7
Windows seems to always canonicalize the principal in TGS replies. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 26 03:25:06 CEST 2011 on sn-devel-104
2011-07-26s4:heimdal_build: hdb.asn1 needs --sequence=HDB-Ext-KeySet --sequence=KeysStefan Metzmacher1-0/+1
metze