summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-03-09s3: Remove some superfluous ()Volker Lendecke1-1/+1
2012-03-09auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_stateAndrew Bartlett1-3/+3
This just means there is one less pointer to ensure we initialise. Andrew Bartlett
2012-03-08s3-auth: Remove single-implementation plugin layerAndrew Bartlett5-19/+50
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
2012-03-08s3-auth: Follow auth_ntlmssp and use auth4_context for Session SetupAndrew Bartlett4-55/+32
This patch ensures consistency in behaviour between NTLMSSP and NTLM session setup handlers. By calling the same layer that auth_ntlmssp calls, we can not only allow redirection of all authentication to the AD DC, we ensure that map to guest and username map handling is consistent, even in the file server alone. Andrew Bartlett
2012-03-08selftest: add more tests for different authentication codepathsAndrew Bartlett1-0/+4
2012-03-07Change default protocol to SMB2_02.Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Mar 7 22:41:21 CET 2012 on sn-devel-104
2012-03-07s3: piddir creation fix part 2.Ira Cooper2-0/+8
Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created, stopping some configurations from running. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07addns: Fix the Solaris/Illumos build.Ira Cooper1-0/+1
uuid_t is not defined without including sys/uuid.h, configure+waf checks added. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07s3: piddir creation fix.Ira Cooper1-0/+3
Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created stopping some configurations from running. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07s3-rpc_server: Do not register embedded ncacn_np endpoints by defaultAndrew Bartlett1-1/+8
The end point mapper is primarily in support of lsasd, and the key SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end point mapper does not appear to be used for the well-known mappings to named pipes, and we have a problem with how to safely register the embedded pipes. For now, disable this to avoid re-registration storms in production, until we sort out a better way. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104
2012-03-07s3-rpc_server: Register embedded RPC services after starting lsasd and spoolssdAndrew Bartlett1-4/+4
This ensures that these services are not accidentally registered in these child processes. Andrew Bartlett
2012-03-07s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc serversAndrew Bartlett1-108/+38
Embedded RPC services are those not launched in the preforked lsasd and spoolssd children. The reason that these child processes were created is that is is not possible to correctly listen for ncalrpc and TCP connections without creating a child process. Therefore, we should not have these embedded RPC services to listen on these sockets just because the endpoint mapper has been enabled. Andrew Bartlett
2012-03-07s3-smbd make change_to_user_by_session staticAndrew Bartlett2-4/+2
2012-03-07s3:selftest: ask smbtorture4 for smb2 testsGregor Beck1-2/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Mar 7 01:34:05 CET 2012 on sn-devel-104
2012-03-06s3:smbd: keep 'num_files' and 'files' directly under smbd_server_connectionStefan Metzmacher2-8/+9
The plan is to have files_struct as some kind of low level abstraction for a smb1/smb2 opens, that can be used by SMB_VFS modules. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Mar 6 23:04:01 CET 2012 on sn-devel-104
2012-03-06s3:smbd: keep 'num_connections' and 'connections' directly under ↵Stefan Metzmacher5-154/+52
smbd_server_connection The plan is to have connection_struct as some kind of low level abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules. metze
2012-03-06s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connectionStefan Metzmacher4-20/+17
The plan is to have users_struct as some kind of low level abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules. metze
2012-03-06s3:msdfs: set the 'cnum' field to invalid for faked connection_structsStefan Metzmacher1-0/+1
metze
2012-03-06s3: Move a talloc_strdup out of the main code pathVolker Lendecke1-15/+31
This is only used for AS_GUEST requests Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Mar 6 14:29:50 CET 2012 on sn-devel-104
2012-03-06s3: Fix some format string warningsVolker Lendecke1-9/+13
We were printing nmb->header.name_trn_id with %hu, which denotes a short. However, header.name_trn_id is an int for the better or worse.
2012-03-05s3-rpc_server: Remove remaining code for embedded endpoint mapperAndrew Bartlett1-23/+0
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Mar 5 23:14:33 CET 2012 on sn-devel-104
2012-03-05s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()Andrew Bartlett1-37/+66
This consults the two definitions for embedded, that is if the deamon is forking or if the rpc_server:<interface> line is set to embedded. Andrew Bartlett Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-05s3: Fix a "Invalid (state->nread >= 0)" warningVolker Lendecke1-1/+1
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return ssize_t. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon Mar 5 17:38:16 CET 2012 on sn-devel-104
2012-03-05s3: Move the drain_socket on error to reply_write_and_XVolker Lendecke2-9/+9
That's the only case where this can happen, so we should not clutter the main code path.
2012-03-05s3: Use "goto out;" in reply_write_and_XVolker Lendecke1-18/+9
2012-03-05s3: Remove "size" param from switch_messageVolker Lendecke1-3/+3
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon Mar 5 15:13:49 CET 2012 on sn-devel-104
2012-03-05s3: Remove "size" param from smb_dumpVolker Lendecke1-4/+5
2012-03-05s3-lsasd: Fix debug messages on registration failureAndrew Bartlett1-3/+3
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 5 09:50:17 CET 2012 on sn-devel-104
2012-03-05selftest: Reduce declarations of smbclient_auth tests by moving into a loopAndrew Bartlett1-3/+1
2012-03-05selftest: run smbtorture_s3 tests against the ntvfs file serverAndrew Bartlett1-0/+1
This checks not only the behaviour of the NTVFS file server, but also the client library and authentication stack. Andrew Bartlett
2012-03-05s3-ctdb: Enable CTDB readonly support only if CTDB supports itAmitay Isaacs3-1/+40
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Mar 5 02:47:36 CET 2012 on sn-devel-104
2012-03-05dbwrap_ctdb: only fetch a read-only copy if we had a record already.Rusty Russell3-5/+12
Because revoking read-only copies of records is expensive, we only want ctdbd to do it for high-turnover records. A basic heuristic is that if we don't find a local copy of the record, don't ask for a read-only copy. The fetch itself will cause ctdbd to migrate the record, so eventually we will have a local copy. Next time it gets migrated away, we'll call ctdbd_fetch() with local_copy = true. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05ctdbd_conn: fetch read-only copies of records.Rusty Russell1-2/+2
This means we try to get a read-only copy of a record, which we can then place in the local tdb. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05dbwrap_ctdb: handle read-only records.Rusty Russell1-9/+26
The new read-only record flags make determining if we can use a record a bit more complex, so extract it into its own function. The OLD logic was: 1) If the record doesn't exist, we can't use it. 2) If we are the dmaster for the record, we can use it. The new logic is: 1) If the record doesn't exist, we can't use it. 2) If we are the dmaster for the record, we can use it IF we only want read-only access, OR there are no read-only delegations. 3) If we are not dmaster, we can only use it if we want read-only access and it is marked as a read-only copy. This logic is unused until the next patches which begin to ask for read-only copies of records. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05selftest: remove unused config.h checkAndrew Bartlett1-6/+0
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Mar 5 01:10:01 CET 2012 on sn-devel-104
2012-03-04s3-smbd: vuser and session_info cannot be NULL hereAndrew Bartlett1-37/+31
The callers always supply it. (this is a hold-over from the security=share removal). Andrew Bartlett
2012-03-04s3-rpc_server: consolidate rpc server init routinesAndrew Bartlett1-484/+64
This uses a helper function to reduce duplication. Andrew Bartlett
2012-03-04s3-auth Add make_session_info_from_pw to avoid multiple getpwnam() callsAndrew Bartlett1-12/+34
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett18-827/+67
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3:smbd/globals.h: remove unused pollfd pointerStefan Metzmacher1-6/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Mar 4 23:18:10 CET 2012 on sn-devel-104
2012-03-04s3: Fix some && vs & warningsVolker Lendecke1-3/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Sun Mar 4 13:31:25 CET 2012 on sn-devel-104
2012-03-04s3-winbindd: Add stdin handler for winbindAndrew Bartlett2-3/+48
This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
2012-03-04s3-nmbd: Add stdin handler for nmbdAndrew Bartlett1-0/+33
This will help avoid runaway processes in the test env, particularly when the whole selftest.pl is killed. Andrew Bartlett
2012-03-04change low FDs are handled in SambaAndrew Bartlett4-19/+2
We now only close fds 0, 1, 2 when we are a forked daemon, and take care not to close a file descriptor that we might need for foreground stdin monitoring. This should fix stdout logging in the lsa and epmapper deamons (ie in make test). Andrew Bartlett
2012-03-04s3: don't replace the error message if already definedMatthieu Patou1-3/+5
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Mar 4 10:13:24 CET 2012 on sn-devel-104
2012-03-04s3: print a nice warning when HAVE_ADS is not enabled but you still try to ↵Matthieu Patou1-0/+5
do net rpc keytab vampire
2012-03-03s3: Fix a bogus if (client_len < 0)Volker Lendecke1-1/+1
On some platforms socklen_t might be unsigned, so comparing for <0 always returns true. Also, tsocket_address_bsd_sockaddr returns ssize_t. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Sat Mar 3 23:38:31 CET 2012 on sn-devel-104
2012-03-03s3:libsmb: pass smb2 capabilities and client guid in cli_state_create()Stefan Metzmacher1-2/+7
metze Signed-off-by: Michael Adam <obnox@samba.org>
2012-03-03smbXcli: add the possiblilty to negotiate client capabilites in smb >= 2.2Michael Adam1-1/+2
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-03-03s3:smbd:smb2_write: improve logging in the error caseMichael Adam1-4/+14