| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Someone wasn't careful about testing when not running as root :-).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 15 20:45:25 CET 2010 on sn-devel-104
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
Volker, please check.
Guenther
|
|
Guenther
|
|
Guenther
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:
ccache build w/o patch
real 4m21.529s
ccache build with patch
real 3m6.402s
pch build w/o patch
real 4m26.318s
pch build with patch
real 3m6.932s
Guenther
|
|
|
|
|
|
If we put strings like "Usage:" into separate _() macros and not the whole
"Usage:..." string we can cover much more messages by only one single
translation. The drawback is that the message in the sources looks less pretty.
|
|
|
|
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
|
|
Jeremy.
|
|
Guenther
(This used to be commit 954d0998c2c00140addb6ba3845e80ed91e4effc)
|
|
(This used to be commit ef0184d580500734fc7af51e1c790b075180a3d0)
|
|
(This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e)
|
|
Guenther
(This used to be commit 7889516a384c155a9045aad4409c041fddd0d98d)
|
|
Guenther
(This used to be commit b1a4b21f8c35dc23e5c986ebe44d3806055eb39b)
|
|
Guenther
(This used to be commit fd490d236b1fb73a75c457b75128c9b98719418f)
|
|
Guenther
(This used to be commit 19a980f52044a170618629e5b0484c1f6b586e5f)
|
|
In utils/ I was a bit lazy...
(This used to be commit 60e830b0f4571bd5d9039f2edd199534f2a4c341)
|
|
Jeremy.
(This used to be commit a1725f4ff7ed375808c78ac661b539557748d0a5)
|
|
in any getnameinfo calls.
Jeremy
(This used to be commit 4d7badb0c44f287034f58d9a412e662c0fbecdc9)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
|
|
for fine
grained KDC DNS queries).
Guenther
(This used to be commit 3263cd680fe429430d789b284464fca72ef45719)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
call as smb_krb5_locate_kdc to prevent incorrect linking
and crashes on Solaris.
Jeremy.
(This used to be commit 7d30737c8d851505e81a60443baf9a8c7e523472)
|
|
the stored client sitename with the sitename from each sucessfull CLDAP
connection.
Guenther
(This used to be commit 6a13e878b5d299cb3b3d7cb33ee0d51089d9228d)
|
|
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
(This used to be commit 97e248f89ac6548274f03f2ae7583a255da5ddb3)
|
|
Guenther
(This used to be commit b076c39b6ac87a078feae30a4384c881c46e81ac)
|
|
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
gen_ndr/ndr_security.c in SAMBA_4_0
The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
|
|
(This used to be commit 86f4ca84f2df2aa8977eb24828e3aa840dda7201)
|
|
get_sorted_dc_list
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
(This used to be commit 60a166f0347170dff38554bed46193ce1226c8c1)
|
|
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3cdcabf99c0798ef4cf8c978397a57eb)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Jeremy.
(This used to be commit cd192ed79a531c6775cdbfb35f0eb2e0fa230ce9)
|
|
(This used to be commit 7ac6afe4dcded2e3db9e2012aaa57879bb63b508)
|
|
(This used to be commit d92c83aa42fe64a0e996094d1a983f0279c7c707)
|
|
Jeremy.
(This used to be commit af8545806770a7530eecc184bdd230ca14999884)
|
|
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
|
|
"qualifiers". The
whole of samba comiles warning-free with the default compiler flags.
Temporarily defined -Wall to locate other potential problems. Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).
There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.
oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.
The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88ed80318e392f8017f4573fbb2ecbe0f)
|
|
'..' from all #include preprocessor commands. This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
|
|
Also added shortcut so that 'net lookup foo#1b' works.
(This used to be commit f38679201e301d66473e74506f07812590d19fa4)
|
|
*) consolidates the dc location routines again (dns
and netbios) get_dc_list() or get_sorted_dc_list()
is the authoritative means of locating DC's again.
(also inludes a flag to get_dc_list() to define
if this should be a DNS only lookup or not)
(however, if you set "name resolve order = hosts wins"
you could still get DNS queries for domain name IFF
ldap_domain2hostlist() fails. The answer? Fix your DNS
setup)
*) enabled DOMAIN<0x1c> lookups to be funneled through
resolve_hosts resulting in a call to ldap_domain2hostlist()
if lp_security() == SEC_ADS
*) enables name cache for winbind ADS backend
*) enable the negative connection cache for winbind
ADS backend
*) removes some old dead code
*) consolidates some duplicate code
*) moves the internal_name_resolve() to use an IP/port pair
to deal with SRV RR dns replies. The namecache code
also supports the IP:port syntax now as well.
*) removes 'ads server' and moves the functionality back
into 'password server' (which can support "hostname:port"
syntax now but works fine with defaults depending on
the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)
|
|
the dog again.
(This used to be commit 6f89ee2c9dc7f03e3dbe7aa734bf67c6a434d135)
|
|
Jeremy.
(This used to be commit 1b71786c161cd8ec4c3c0c6b178370ed50feeef4)
|
|
90% fix for CR 1076. The password server parameter will no take things
like
password server = DC1 *
which means to contact DC1 first and the go to auto lookup if it
fails.
jerry
(This used to be commit 016ef8b36b30846311a5321803298f8e28719244)
|
