summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-08-16s3:doc manpage for "net connections cleanup"Gregor Beck1-0/+39
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-16s3:net add command "connections cleanup"Gregor Beck5-2/+286
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15s3-vfs: Set errno in xattr emulationAndrew Bartlett2-0/+7
The caller may check this errno. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 15 18:05:33 CEST 2012 on sn-devel-104
2012-08-15s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulationAndrew Bartlett2-8/+8
We need to call the next module in the stack otherwise we will loop if the stat call is in turn implemented in terms of extended attribute lookup. Andrew Bartlett
2012-08-15s3-vfs: ensure we strictly free the talloc_stackframeAndrew Bartlett1-1/+1
We must do this when leaving the function or else in development, we will panic. Andrew Bartlett
2012-08-15s4-selftest: Fix test name for samba.tests.dcerpc.bareAndrew Bartlett1-1/+1
2012-08-15librpc/idl: Make smb_acl_t public so we can pull/push it as a blobAndrew Bartlett2-1/+10
2012-08-15libcli/smb: verify decrypted SMB2 pdus correctlyStefan Metzmacher1-2/+38
We need to make sure we got a encrypted response if we asked for it. If we don't get a encrypted response, we use a similar logic as with signing to propagated wellknown errors to the higher layer and set state->smb2.signing_skipped = true. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Aug 15 16:26:26 CEST 2012 on sn-devel-104
2012-08-15libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pduStefan Metzmacher1-5/+12
One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus. We inject the SMB2_TRANSFORM header to each response which was wrapped inside. This allows the next layer to verify if the SMB2 pdu was encrypted. metze
2012-08-15libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messagesStefan Metzmacher1-63/+104
There should be only one SMB2_TRANSFORM header for all compound requests. metze
2012-08-15s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in ↵Stefan Metzmacher1-3/+3
smbd_smb2_request_validate() metze
2012-08-15libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a ↵Stefan Metzmacher1-0/+6
cancel request. metze
2012-08-15s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-opAndrew Bartlett4-10/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
2012-08-15s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()Andrew Bartlett5-48/+41
2012-08-15s3-smbd: Remove sys_acl_*() VFS wrapper functionsAndrew Bartlett9-1271/+1
We no longer do struct smb_acl_t manipuations via the VFS layer, which is now reduced to handling the get/set functions. The only backend that implemented these functions (aside from audit) was the vfs_default module calling the sys_acl code. The various ACL implementation modules either worked on the fully initilaised smb_acl_t object or on NT ACLs. This not only makes the operation of the posix ACL code more efficient (as allocation and free is not put via the VFS), it makes it easier to test and removes the fantasy that a module could safely redefine this structure or the behaviour here. The smb_acls.idl now defines the structure, and it is now allocated with talloc. These operations were originally added to the VFS in commit 3bb219161a270f12c27c3bc7e1220829c6e9f284. Andrew Bartlett
2012-08-15s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()Andrew Bartlett1-3/+3
2012-08-15s3-smbd: Call sys_acl_set_permset() directly rather than via the VFSAndrew Bartlett1-7/+7
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_create_entry() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_add_perm() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_init() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_acl() directly rather than via the VFSAndrew Bartlett2-24/+24
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_entry() directly rather than via the VFSAndrew Bartlett2-8/+8
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFSAndrew Bartlett2-4/+4
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFSAndrew Bartlett2-5/+5
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_permset() directly rather than via the VFSAndrew Bartlett2-8/+8
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_perm() directly rather than via the VFSAndrew Bartlett2-9/+9
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Move smb_acl_t declaration to smb_acl.idlAndrew Bartlett5-35/+73
This will allow us to marshall this into and from an NDR blob on disk, which will allow us to fake up ACL support during make test, and to test the NT ACL emulation using python bindings via the VFS. Andrew Bartlett
2012-08-15pidl: Add mode_t as an alias so we can marshall posix ACL structuresAndrew Bartlett1-0/+1
2012-08-15s3-smbd: Change allocation of smb_acl_t to talloc()Andrew Bartlett9-64/+49
The acl element is changed to be a talloc child, and is no longer one element longer than requested by virtue of the acl[1] base pointer. This also avoids one of the few remaining cases of over-allocation of a structure. Andrew Bartlett
2012-08-15libwbclient: Add test for wbcPingDc2Christof Schmitt1-0/+14
The internal domain used in 'make test' does not report a DC name, so just add tests similar to the old wbcPingDc call. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15wbinfo: Improve output of wbinfo --ping-dcChristof Schmitt1-3/+5
Use wbcPingDc2 to get the DC name and print it. Cleanup error messages: Remove "Could not ping our DC", there is always a more specific message. Avoid printing "failed to call wbcPingDc" in case the ping has been attempted and it returns an error, the error is already printed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15libwbclient: Add wbcPingDc2Christof Schmitt4-2/+115
Add wbcPingDc2 that optionally returns the DC that was attempted to ping. wbcPing is implemented as a wrapper around wbcPingDc2. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15s3-winbind: Return the DC name from DC_PINGChristof Schmitt3-1/+14
The DC that was attempted to ping is useful for troubleshooting. Return the DC name in the response to the wbclient. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15s3-winbind: Pass ping-dc result to clientChristof Schmitt1-1/+9
The client checks for an error code in response.data.auth.nt_status, make sure the result is stored there. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2Andrew Bartlett1-0/+1
The soon-to-be-added command also fails against the s4 winbind. Andrew Bartlett
2012-08-14s4:dsdb/repl: fix the usage of 'GC/' prefixed principal namesStefan Metzmacher1-21/+6
The "serverReference" attribute is available on the "server" object not on the "nTDSA" object. This allows connections to RODCs, as they don't have a E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} principal. Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
2012-08-14s4:samba-tool/drs: print the dns name of the server belonging to a connectionStefan Metzmacher1-1/+4
Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze
2012-08-14s4:ntp_signd: fix SEGV if SID cannot be foundArvid Requate1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
2012-08-14s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databasesAndrew Bartlett1-5/+10
When pdb_samba4 first opens this databse, this message is printed. Andrew Bartlett
2012-08-14s4-dsdb: Use samdb_dn_is_our_ntdsa()Andrew Bartlett5-37/+61
This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett
2012-08-14s4-dsdb: Add samdb_dn_is_our_ntdsa()Andrew Bartlett1-0/+25
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference. Andrew Bartlett
2012-08-14s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-35/+4
2012-08-14s4-repl: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-15/+13
2012-08-14s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-1/+39
We often want to know if we own an FSMO role (for example). This tries to be more efficient by comparing the GUID, rather than the string DN, as this does not need to be re-fetched each time. Andrew Bartlett
2012-08-14s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()Andrew Bartlett1-1/+1
As the normal case (outside provision) uses a copy, this avoids a case where a caller might modify a global variable accidentily. As suggested by metze. Andrew Bartlett