summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-11-02s3:smbd:smb2: fix a comment typo in the crediting code.Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Nov 2 10:09:36 CET 2012 on sn-devel-104
2012-11-01s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175)Stefan Metzmacher1-1/+1
We should use the latest supported dialect. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewd-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104
2012-11-01s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175)Stefan Metzmacher1-0/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)Stefan Metzmacher2-0/+35
This should be a short term hack until the upper layers have implemented re-authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01lib/krb5_wrap: request enc_types in the correct order (bug #9272)Stefan Metzmacher1-6/+6
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 should have a higher priority than arcfour-hmac-md5, otherwise the KDC still gives us arcfour-hmac-md5 session keys. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01s3:winbindd:cache: fix offline logons with cached credentials (bug #9321)Michael Adam1-0/+7
The removal of consumption of the time field from the centry as "removal of unused variable" in 21528da9cd12a4f5c3792a482a5d18fe946a6f7a had the side effect of changing the offset for reading the following nt password hash, so the read password hash was wrong. This patch re-installs the consumption of the time, thereby fixing the bug without changing the disk format of the cache. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-11-01s3-param: Move the options needed for running smbd in the AD DC to loadparmAndrew Bartlett2-51/+19
This avoids the whole fileserver.conf thing, and simply handles everything in C. The main challenge is that if s3fs is enabled in a member server configuration (unlikely) then these options will not be set, and it overrides any other attempt to set these as globals. (The previous approach essentially just changed defaults, because the include = of smb.conf was after the values were set in fileserver.conf). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104
2012-11-01file_server: put set create mask and directory mask in fileserver.confAndrew Bartlett1-0/+2
This allows any ACL to be set from the client, without restriction from the Samba side. Based on advise from Jermey at https://lists.samba.org/archive/samba-technical/2012-October/088414.html Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01test-chgdcpass: test the ldap case for server password changeAndrew Tridgell1-7/+18
use samba-tool drs options which does both RPC and LDAP connections Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Tridgell <tridge@samba.org> Autobuild-Date(master): Thu Nov 1 07:21:17 CET 2012 on sn-devel-104
2012-11-01s4-ldapclient: cope with logon failure retry in LDAPAndrew Tridgell1-37/+79
similar to what was done for rpc and cifs, we now retry once on logon failure for ldap, allowing for a new ticket to be fetched when a server password changes while we have a valid ticket for the old password Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01s4-librpc: set error code to LOGON_FAILURE on RPC fault with access deniedAndrew Tridgell1-2/+7
this allows the client code to trigger a retry with a new password callback for NTLM connections Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01samba-tool: "drs options" does not need a samdb connectionAndrew Tridgell1-1/+0
this gives us a handy pure RPC client test for use in blackbox testing Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01s4-librpc: try a 2nd logon for more error casesAndrew Tridgell1-3/+10
not all servers give LOGON_FAILURE on authentication failures, so we need to do the retry with a new ticket on a wider range of error types Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01ldb: fixed callers for ldb_pack_data() and ldb_unpack_data()Andrew Tridgell10-48/+321
with ltdb_pack_data() and ltdb_unpack_data() now moved into common, we need to increase the minor version and fixup callers of the API Note that this relies on struct ldb_val being the same shape as TDB_DATA, in much the same way as we rely on ldb_val and DATA_BLOB being the same shape. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01ldb: move ldb_pack.c into commonAndrew Tridgell1-11/+11
this code should not be tied to the ldb_tdb backend, both because it could be used for any record oriented backend, and because it should be exposed for use by diagnosis/repair tools such as the recently added ldbdump tool Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01test_chgdpass: use drs bind to test password change on RPCAndrew Tridgell1-0/+25
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale ticketsAndrew Tridgell1-1/+15
This allows our RPC client code to cope with a kerberos server changing password while we have a valid service ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01test_chgdpass: added test for kerberos retryAndrew Tridgell1-0/+5
this tests that we correctly retry with a new ccache entry when a server changes its password while we have a valid ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01libcli: use cli_credentials_failed_kerberos_login() to cope with server changesAndrew Tridgell1-2/+15
if a server changes while we have a valid ticket we want to retry after removing the ccache entry. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-11-01auth: added cli_credentials_failed_kerberos_login()Andrew Tridgell2-0/+64
this is used to support retrying kerberos connections after removing a ccache entry, to cope with a server being re-built while our client still has a valid service ticket Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-10-31util: remove accidently committed hunkBjörn Jacke1-3/+0
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Oct 31 19:25:30 CET 2012 on sn-devel-104
2012-10-31Add regression test for bug #9329 - Directory listing with SeBackup can ↵Jeremy Allison2-8/+64
crash smbd. Ensure we exercise the SeBackup code path on directory listings. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Oct 31 03:21:38 CET 2012 on sn-devel-104
2012-10-30ldb: Add ldbdump, based on tdbdumpAndrew Bartlett2-0/+223
This uses a tdb_traverse or (more usefully) the tdb_rescue API, like tdbdump. The difference here is that it uses ldb helper functions to further eliminate faulty records, which avoids creating duplicates in the output. (The duplicates come from parts of records that are left in blank space in the db, which tdb_rescue finds, but which are not actually a full record). Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104
2012-10-31ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.hAndrew Bartlett1-2/+0
2012-10-31ldb: Change ltdb_unpack_data to take an ldb_contextAndrew Bartlett5-9/+7
It always de-references the module to find the ldb anyway. Andrew Bartlett
2012-10-31samba-tool: Add samba-tool processes subcommandAndrew Bartlett4-0/+116
This will allow administrators to inspect the process list in a similar way to what running on a platform with setproctitle might permit. --pid= returns the registered server names for a PID (eg kdc, cldap_server) --name= returns the pids registered with a particular name. Andrew Bartlett
2012-10-31pymessaging: Add irpc_servers_byname() and irpc_all_servers()Andrew Bartlett2-0/+108
This will allow python scripts to inspect the process list. Andrew Bartlett
2012-10-31pymessaging: Use the server_id IDL structure rather than a tupleAndrew Bartlett4-7/+33
This will make it easier to pass this structure in and out. The tuple is still accepted as input. Andrew Bartlett
2012-10-31imessaging: Add irpc_all_servers() to list all available serversAndrew Bartlett3-1/+85
This is implemented with a tdb_traverse_read(), and will allow a tool to disover the name and server_id of all Samba processes, as each process registers itself to recieve messages. Andrew Bartlett
2012-10-30s3fs-utils: Free the popt context in smbcacls and smbquotas.Andreas Schneider2-0/+4
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 30 20:22:46 CET 2012 on sn-devel-104
2012-10-30s3fs-net: Use talloc for memory allocation.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-10-30s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2Christian Ambach1-0/+15
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Oct 30 18:32:57 CET 2012 on sn-devel-104
2012-10-30s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support ↵Stefan Metzmacher1-1/+1
(bug #9341) Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
2012-10-30wafbuild: use -Wstack-protector if availableBjörn Jacke1-0/+3
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Tue Oct 30 15:04:30 CET 2012 on sn-devel-104
2012-10-30wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5Björn Jacke1-2/+2
2012-10-30ccan/wafbuild: use WERROR_CFLAGS instead of -WerrorBjörn Jacke1-10/+7
2012-10-30wafbuild: reorder the Werror checks so that the ambigous w2 option is being ↵Björn Jacke1-1/+5
checked last
2012-10-30wafbuild: merge the missing IBM compiler Werror flag "-qhalt=w" to wafBjörn Jacke1-1/+1
2012-10-30wfabuild: fix the -errwarn compile flag testBjörn Jacke2-1/+4
as in the autoconf build this must be "-errwarn=%all"
2012-10-30packaging: Add NetworkManager dispatcher script for winbind.Andreas Schneider2-0/+26
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Oct 30 13:17:02 CET 2012 on sn-devel-104
2012-10-30s3: Use file_id_string in file_id_string_tosVolker Lendecke1-6/+1
Reviewed by Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 30 00:05:34 CET 2012 on sn-devel-104
2012-10-29s3: Fix some nonempty line endingsVolker Lendecke1-5/+5
Reviewed by Jeremy Allison <jra@samba.org>
2012-10-29lib/param: fix line length of DEBUG statments touched in previous commit in ↵Michael Adam1-2/+4
set_variable() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Ira Cooper <ira@samba.org> Autobuild-Date(master): Mon Oct 29 21:55:35 CET 2012 on sn-devel-104
2012-10-29lib/param: fix function name (set_variable) in debug statementsMichael Adam1-4/+4
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
2012-10-29lib/param: fix function name (lpcfg_file_list_changed) in a debug messageMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
2012-10-29s3:smbd:durable: remove a TODO comment about write time updatesMichael Adam1-2/+0
This has been done. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Oct 29 20:12:18 CET 2012 on sn-devel-104
2012-10-29BUG 9326: Fix net ads join message for the dns domain.Andreas Schneider1-1/+1
We don't get a realm back from the server which is useable as a realm on Unix. On Unix they are case sensitive and on Windows they aren't. This confuses uses and if we write realm they try to use it as it came back in lowercase. Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Oct 29 18:26:19 CET 2012 on sn-devel-104
2012-10-29Fix bug #9329 - Directory listing with SeBackup can crash smbd.Jeremy Allison3-1/+37
When we do a become_root()/unbecome_root() pair to temporarily raise privilege, this NULLs out the NT token. If we're within a become_root()/unbecome_root() pair then return the previous token on the stack as our NT token. This is what we should be using to check against NT ACLs in the file server. This copes with security context changing when removing a file on close under the context of another user (when 2 users have a file open, one sets delete on close and then the other user has to actually do the delete). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
2012-10-29packaging: Move smbprint to a comman location.Andreas Schneider6-269/+12
This also removes all the duplicate smbprint scripts. This fixes bug #9301. Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 29 14:08:37 CET 2012 on sn-devel-104
2012-10-29pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGSAndrew Bartlett1-1/+0
This in turn causes an include of <net/if.h> to hang on some systems, as /net/ means to run the automounter! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104