summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-08-15s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFSAndrew Bartlett2-5/+5
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_permset() directly rather than via the VFSAndrew Bartlett2-8/+8
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_perm() directly rather than via the VFSAndrew Bartlett2-9/+9
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Move smb_acl_t declaration to smb_acl.idlAndrew Bartlett5-35/+73
This will allow us to marshall this into and from an NDR blob on disk, which will allow us to fake up ACL support during make test, and to test the NT ACL emulation using python bindings via the VFS. Andrew Bartlett
2012-08-15pidl: Add mode_t as an alias so we can marshall posix ACL structuresAndrew Bartlett1-0/+1
2012-08-15s3-smbd: Change allocation of smb_acl_t to talloc()Andrew Bartlett9-64/+49
The acl element is changed to be a talloc child, and is no longer one element longer than requested by virtue of the acl[1] base pointer. This also avoids one of the few remaining cases of over-allocation of a structure. Andrew Bartlett
2012-08-15libwbclient: Add test for wbcPingDc2Christof Schmitt1-0/+14
The internal domain used in 'make test' does not report a DC name, so just add tests similar to the old wbcPingDc call. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15wbinfo: Improve output of wbinfo --ping-dcChristof Schmitt1-3/+5
Use wbcPingDc2 to get the DC name and print it. Cleanup error messages: Remove "Could not ping our DC", there is always a more specific message. Avoid printing "failed to call wbcPingDc" in case the ping has been attempted and it returns an error, the error is already printed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15libwbclient: Add wbcPingDc2Christof Schmitt4-2/+115
Add wbcPingDc2 that optionally returns the DC that was attempted to ping. wbcPing is implemented as a wrapper around wbcPingDc2. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15s3-winbind: Return the DC name from DC_PINGChristof Schmitt3-1/+14
The DC that was attempted to ping is useful for troubleshooting. Return the DC name in the response to the wbclient. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15s3-winbind: Pass ping-dc result to clientChristof Schmitt1-1/+9
The client checks for an error code in response.data.auth.nt_status, make sure the result is stored there. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-15selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2Andrew Bartlett1-0/+1
The soon-to-be-added command also fails against the s4 winbind. Andrew Bartlett
2012-08-14s4:dsdb/repl: fix the usage of 'GC/' prefixed principal namesStefan Metzmacher1-21/+6
The "serverReference" attribute is available on the "server" object not on the "nTDSA" object. This allows connections to RODCs, as they don't have a E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN} principal. Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
2012-08-14s4:samba-tool/drs: print the dns name of the server belonging to a connectionStefan Metzmacher1-1/+4
Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze
2012-08-14s4:ntp_signd: fix SEGV if SID cannot be foundArvid Requate1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
2012-08-14s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databasesAndrew Bartlett1-5/+10
When pdb_samba4 first opens this databse, this message is printed. Andrew Bartlett
2012-08-14s4-dsdb: Use samdb_dn_is_our_ntdsa()Andrew Bartlett5-37/+61
This uses a GUID based comparison, and avoids re-fetching the samdb_ntds_settings_dn each time. Andrew Bartlett
2012-08-14s4-dsdb: Add samdb_dn_is_our_ntdsa()Andrew Bartlett1-0/+25
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference. Andrew Bartlett
2012-08-14s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-35/+4
2012-08-14s4-repl: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-15/+13
2012-08-14s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-1/+39
We often want to know if we own an FSMO role (for example). This tries to be more efficient by comparing the GUID, rather than the string DN, as this does not need to be re-fetched each time. Andrew Bartlett
2012-08-14s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()Andrew Bartlett1-1/+1
As the normal case (outside provision) uses a copy, this avoids a case where a caller might modify a global variable accidentily. As suggested by metze. Andrew Bartlett
2012-08-14s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an ↵Andrew Bartlett1-0/+1
extended DN Remote LDAP servers will not accept an extended DN with other components. Andrew Bartlett
2012-08-14s4-libnet: Improve debugging of libnet_BecomeDC LDAP errorsAndrew Bartlett2-0/+14
2012-08-14s4:dsdb/repl: ldb_errstring() takes a 'struct ldb_context' not 'int'Stefan Metzmacher1-1/+2
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 14 13:58:31 CEST 2012 on sn-devel-104
2012-08-14s4:dsdb/repl: make sure instanceType_e is not changed by a reallocationStefan Metzmacher1-1/+11
Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze
2012-08-14s4:dsdb/repl: avoid reallocation of msg->elementsStefan Metzmacher1-1/+1
The index into the elements needs to match between msg->elements and md->ctr.ctr1.array, which means we should pre-allocate them with the same size. Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett14-30/+45
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-08-14s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding ↵Andrew Bartlett1-2/+14
a tmp_ctx
2012-08-14s4-dsdb: Improve memory handling in kccsrv_add_connection()Andrew Bartlett1-0/+5
2012-08-14s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a ↵Andrew Bartlett1-4/+15
tmp_ctx
2012-08-14s4-dsdb: Add constAndrew Bartlett1-4/+4
2012-08-14VERSION: Move on to beta6!Andrew Bartlett1-2/+2
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 04:05:06 CEST 2012 on sn-devel-104
2012-08-14VERSION: Mark as the beta6 releaseAndrew Bartlett1-1/+1
2012-08-14WHATSNEW: prepare for 4.0 beta6Andrew Bartlett1-31/+16
2012-08-14s3-vfs: Put vfs_aixacl_util.c helper functions into a header fileAndrew Bartlett3-3/+24
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 02:16:11 CEST 2012 on sn-devel-104
2012-08-14s4:kdc/wdc-samba4.c - fix user logins on specific workstationsMatthias Dieter Wallnöfer1-4/+5
The decrement operation has been missing. Problem found by Mohammad Ebrahim Abravi <lamp.mia@gmail.com> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-14s4-classicupgrade: Tests if sam policies exist before trying to import them.Wesley Young1-21/+28
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-14s3-selftest: Add smbclient tarmode testSalvador I. Gonzalez2-1/+185
(With small changes to have test complete by Andrew Bartlett) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-14s3-selftest: Fix copy/paste error in test usage stringSalvador I. Gonzalez1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-13Fix smbclient/tarmode panic on connecting to Windows 2000 clients.Salvador I. Gonzalez1-8/+19
'Freed frame ../source3/libsmb/clilist.c:934, expected ../source3/client/clitar.c:821' Cause: (strequal(finfo->name,"..") || strequal(finfo->name,".")) evaluates to true, do_tar returns without freeing ctx Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 13 23:12:50 CEST 2012 on sn-devel-104
2012-08-13Ensure we update last_access on the winbindd child struct on each request.Jeremy Allison1-0/+1
2012-08-12s3: skip loading vfs modules for printer connectionsBjörn Jacke1-0/+6
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Sun Aug 12 23:40:23 CEST 2012 on sn-devel-104
2012-08-11s4-dsdb: Take more care in handling of global schema memoryAndrew Bartlett2-28/+64
This reworks dsdb_replicated_objects_commit() to have a proper local tmp_ctx and to be more careful about what schema is set (only setting a global schema if the original schema was global). In particular, the new working_schema is not given a talloc reference to the old schema. This ensures that the old schema can go away when no longer used. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Aug 11 10:31:57 CEST 2012 on sn-devel-104
2012-08-11s4-dsdb: Remove support for per-partition sequence numbersAndrew Bartlett1-23/+0
These sequence numbers were only used for telling if the schema was changed, and are no longer directly related to the replication USN. The per-partition replication USN can be obtained from the @REPLCHANGED record on the per-partition database, and this is done with an ldb_search(). Andrew Bartlett
2012-08-11s4-dsdb: Use only the replication USN for schema reload.Andrew Bartlett2-66/+0
This way we do not track both the partition seq number and the replication USN for schema reload purposes. We only need one indication of actual data change, and the replication per-partition sequence number is no more expensive to obtain than the ldb per-partition sequence number. Andrew Bartlett
2012-08-11s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check ↵Andrew Bartlett1-115/+13
gid first By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on the fact that IDMAP_BOTH will resolve to a GID. If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should be done in the IDMAP layer. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
2012-08-10s3-smbd: Merge ACE entries based on mapped UID/GID not SIDAndrew Bartlett1-4/+4
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL the merge process also needs to be UID/GID based. This is a problem when we have multiple builtin groups mapped to the same POSIX group as happens in a Samba4 provision. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10s3-smbd: Convert posix_acls.c to use struct unixid internallyAndrew Bartlett1-57/+72
This is consistent with the rest of Samba which uses this structure to represent a unix uid or gid. World values remain represented by the owner_type being WORLD_ACE in the containing structure. A -1 value is filled in to the unixid.id in the same way the .world value was initialised in the union. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10s3-smbd: Create a shortcut for building the token of a user by SID for ↵Andrew Bartlett3-57/+145
posix_acls When a user owns a file, but does not have specific permissions on that file, we need to make up the user permissions. This change ensures that the first thing that we do is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam() and directly create the token via the SID. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>