summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz10-34/+170
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-02-02s3:winbind_group: fix "getent group" to allocate new gids.Michael Adam1-2/+8
"getent group" used to fill the idmap cache with negative cache entries for unmapped group sids. Don't pass domain name unconditionally to idmap_sid_to_gid(). idmap_sid_to_gid() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_gid() functions here, in the main winbindd. The correct fix would be to send a sid_to_gid request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
2009-02-02s3:winbind_user: fix "getent passwd" to allocate new uids.Michael Adam1-2/+7
"getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael
2009-02-02s3:winbind_user: move initialization of domain up in winbindd_fill_pwent()Michael Adam1-11/+9
and streamline logic some Michael
2009-02-01shared: Move dom_sid_* utility functions to top levelKai Blin2-2/+3
2009-02-01Split up async_req into a generic and a NTSTATUS specific partVolker Lendecke15-185/+185
2009-02-01Convert api_RNetUserEnum to use the srv_samr_nt.c directlyVolker Lendecke1-26/+77
This is a sample for other accesses to pdb to go via samr. The goal is to access passdb only via srv_samr_nt.c. If that is done, then we can easily swap in another samr implementation like for example samba4's via a unix domain socket.
2009-02-01Move rpc_pipe_open_internal to srv_pipe_hnd.cVolker Lendecke2-37/+37
This is a smbd-only function
2009-02-01Replace pipe names in pipes_struct by ndr_syntax_idVolker Lendecke5-72/+117
This was mainly used for debugging output
2009-02-01Fix some type-punned warningsVolker Lendecke1-3/+3
2009-02-01cli_get_pipe_name_from_interface does not really need a talloc_ctxVolker Lendecke6-32/+28
2009-02-01Fix nonempty blank linesVolker Lendecke2-119/+117
2009-02-01Just for fun: Move some bytes from bss to textVolker Lendecke2-2/+2
2009-02-01fix build with external dns_sd librariesBjörn Jacke1-1/+1
2009-02-01Fix the build on Solaris CCVolker Lendecke1-1/+1
2009-01-31Remove unused np_read sync wrapperVolker Lendecke2-32/+0
2009-01-31Make reply_pipe_read_andx asyncVolker Lendecke1-13/+57
2009-01-31Remove unused np_write sync wrapperVolker Lendecke2-32/+0
2009-01-31Make reply_pipe_write asyncVolker Lendecke1-13/+48
2009-01-31Make reply_pipe_write_and_X asyncVolker Lendecke1-20/+52
2009-01-31Make-np_write-handle-0-byte-writes-as-NT_STATUS_OKVolker Lendecke2-43/+33
2009-01-31Convert api_rpc_trans_reply to async np_*Volker Lendecke2-29/+135
2009-01-31Add an async np_read wrapperVolker Lendecke2-22/+107
2009-01-31Add an async np_write wrapperVolker Lendecke2-15/+106
2009-01-31make send_file_readbraw staticVolker Lendecke2-12/+6
2009-01-31Remove the global variable "chain_size"Volker Lendecke8-24/+34
2009-01-31Make is_andx_req non-staticVolker Lendecke3-26/+26
2009-01-31s4:build: require ldb 0.9.3 when building against an external libraryStefan Metzmacher1-1/+1
metze
2009-01-30s3 onefs: Fix onefs ACLs to work with updated ACL syscallTim Prouty1-1/+1
2009-01-30s3 build: Remove unused fstat check to fix a bunch of HAVE_FSTAT warningsTim Prouty1-1/+1
2009-01-30Fix memleaksVolker Lendecke1-0/+7
2009-01-30pass NULL to prs_give_memory, that is a pointerVolker Lendecke1-1/+1
2009-01-30s3:selftest: run the same tests as 'make test'Stefan Metzmacher1-29/+73
Only the tests with samba4's smbtorture are missing. metze
2009-01-30s3:tests: add a guard arround . $incdir/test_functions.shStefan Metzmacher11-0/+21
So that caller can overwrite the functions. metze
2009-01-30s3:smbconftort: don't use reserved words ('test:', 'failure:', 'success:')Stefan Metzmacher1-31/+29
Temporary results printfs should not contain reserved subunit words. metze
2009-01-30selftest: don't export $CONFIGURATION anymore only $SMB_CONF_PATHStefan Metzmacher1-1/+1
metze
2009-01-30Add the "SMBD" rpc transportVolker Lendecke5-1/+785
The idea of this is that all client utils like smbpasswd and also for example "net join" do not access our internal databases like passdb and secrets.tdb directly anymore but pass everything throught the well-established RPC interfaces. The way you use this is the following: With rpc_cli_smbd_conn_init() or its async variant you initialize a "struct rpc_cli_smbd_conn". This structure is the link to a freshly forked smbd, ready to be used for RPC services. You should only ever have one such structure in your program. More don't hurt, but are plainly unnecessary. If you want to use the SAMR pipe to change a passwort, you connect to that pipe with rpc_pipe_open_local. Do you normal rpccli_samr calls on that and your locally forked smbd will connect to passdb for you. GD, this might make the distinction between the _l and _r calls in libnetapi mostly unnecessary. At least it is intended to do so... :-)
2009-01-30Make rpc_transport_np_init asyncVolker Lendecke2-32/+128
2009-01-30Add async cli_ntcreateVolker Lendecke2-0/+154
2009-01-30Make cli_tcon_andx asyncVolker Lendecke13-101/+210
2009-01-30Make cli_session_setup_guest asyncVolker Lendecke2-37/+107
2009-01-29Fix coverity CID#117 - resource leak in error path.Jeremy Allison1-24/+53
Jeremy.
2009-01-29Fix coverity CID#116. Resource leak on error path.Jeremy Allison1-2/+4
Jeremy.
2009-01-29Fix coverity CID#115. Resource leak in error path.Jeremy Allison1-1/+4
Jeremy.
2009-01-29Upgrade POSIX inheritance storage to a new format (version 2). StoresJeremy Allison1-200/+360
the Windows ACL type and flags if "map acl inherit" is set. Jeremy.
2009-01-29Merge branch 'master' of ssh://jra@git.samba.org/data/git/sambaJeremy Allison14-57/+130
2009-01-29s3 build: Fix "shadows global declaration warning"Tim Prouty1-1/+1
2009-01-29s3 onefs: Add the OneFS implementation of SMB_VFS_GET_ALLOC_SIZETim Prouty1-0/+27
2009-01-29s3: Add a new SMB_VFS_GET_ALLOC_SIZE vfs operationTim Prouty13-56/+102
This allows module implementors to customize what allocation size is returned to the client.
2009-01-29Merge branch 'master' of ssh://jra@git.samba.org/data/git/sambaJeremy Allison3-7/+5