Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which
has special handling in winbindd_cache.c
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
timeout.
If we're running with SEC_ADS and we don't get a cldap response from
the server when querying its name, don't fall back to NetBIOS requests
as they're unlikely to succeed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
|
|
Add a timeout_in_seconds parameter to nbt_getdc() to make it fail
after that time with NT_STATUS_IO_TIMEOUT.
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue May 15 13:56:00 CEST 2012 on sn-devel-104
|
|
domain->alt_name is an array, not a pointer
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon May 14 15:11:47 CEST 2012 on sn-devel-104
|
|
rpc_query_user unconditionally dereferences user_info if successfull
|
|
this fixes Coverity #700172 CHECKED_RETURN
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed May 9 00:27:08 CEST 2012 on sn-devel-104
|
|
BUILTIN should be handled by passdb, however if passdb does not know
about a SID, autorid creates a range for BUILTIN and does deterministic mapping
make it possible to turn off this behavior
|
|
make it possible to set read-only = yes for the backend
so users can replicate an autorid.tdb to another server
to use the same mappings without risking that updates
are done on both sides
|
|
preallocate the list of well-known SIDs that Win2008R2 reports
to be groups and that are on the list in KB243330
This will allow for deterministic mapping of these SIDs, even if they
are stored in the allocation pool as this is the first thing that autorid
will allocate from the pool during module initialization
|
|
This will eventually allow the struct unixid to be passed all the way up
and down the stack.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Use the types from idmap.idl instead
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This will make it easier to consistantly pass a struct unixid all the way up and
down the idmap stack, and allow ID_TYPE_BOTH to be handled correctly.
Andrew Bartlett
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
fix an endless loop
|
|
|
|
- use common logic for the allocation pool
- add a idmap_tdb style 1on1 mapping for non-domain SIDs
like Everyone (S-1-1-0)
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Apr 28 23:38:45 CEST 2012 on sn-devel-104
|
|
Much of the code further down and up the call chain expects the
structures wb_lookupsids returns to be allocated. Do that despite
we have nothing to look up.
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Apr 27 13:10:15 CEST 2012 on sn-devel-104
|
|
|
|
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
|
|
|
|
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
|
|
process died.
This applies to all child processes making use of reinit_after_fork().
It is implemented by establishing a pipe between parent and child.
The child watches for EOF on the read end of the pipe, indidcating
an exited parent.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created, stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This will help avoid runaway processes in the test env, particularly when
the whole selftest.pl is killed.
Andrew Bartlett
|
|
NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
|
|
wbcIdType and id_type have the same values, but different names
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Feb 25 23:46:36 CET 2012 on sn-devel-104
|
|
This allows ntlm_auth --diagnostics to work against the local DC, just
as it works against a member server.
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
sys_poll() is only needed if the signal pipe is set up and used, but as
no signal handler ever writes to the pipe, this can all be removed.
signal based events are now handled via tevent.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
|
|
"local" is always False, so simply remove it and the if statement
checking its value.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
|
|
authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable (jvenable@juniper.net).
Patch from Andrew Bartlett (abartlett@samba.org).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 5 17:16:45 CET 2012 on sn-devel-104
|