summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2013-02-05s3:auth small optimization in create_token_from_sidChristian Ambach1-3/+5
save some calls to lp_idmap_default_range(), calling it once is enough Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Feb 5 19:14:25 CET 2013 on sn-devel-104
2013-02-05s3:net: reduce indentation in net idmap delete for symmetry and consistencyMichael Adam1-5/+7
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:net: introduce a talloc stackframe for net idmap deleteMichael Adam1-3/+2
this simplifies the freeing at the end Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:net_idmap_delete do not lock two records at the same timeChristian Ambach1-24/+25
the lock order check will prohibit this and as we are running inside a transaction there is no need to lock the records before deleting them Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Christian Ambach <ambi@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2013-02-05s3:net idmap: use lp_idmap_default_backend() now that we have it.Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: add new lp_idmap_default_backend()Michael Adam2-0/+6
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: introduce new lp_idmap_backend() that takes the domainMichael Adam2-0/+28
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: add a commentMichael Adam1-0/+4
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: remove unused function lp_idmap_backend()Michael Adam2-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:net idmap: remove call to lp_idmap_backend() - this is useless.Michael Adam1-2/+2
The variable behind lp_idmap_backend() is never set. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: remove unused functions lp_idmap_uid() and lp_idmap_gid()Michael Adam2-49/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:auth: use new lp_idmap_default_range() instead of lp_idmap_gid() in ↵Michael Adam1-2/+2
create_token_from_sid() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: add utility function lp_idmap_default_range()Michael Adam2-0/+6
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: add a utility function lp_idmap_range() to get the configured ↵Michael Adam2-0/+41
range for a given domain. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-05s3:param: remove an old comment (that is not up-to date any more)Michael Adam1-2/+0
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04s3:dbrwap_ctdb: ZERO_STRUCT(rec) just to be sure in ↵Michael Adam1-0/+1
traverse_persistent_callback_read() Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-02-04s3:dbwrap_ctdb: ZERO_STRUCT(rec) just to be sure in traverse_read_callback()Michael Adam1-0/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-02-04s3:dbwrap_ctdb: add "db_context" to "db_record"Stefan Metzmacher1-2/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-04s3:dbwrap_ctdb: setup result->name in db_open_ctdb()Stefan Metzmacher1-0/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-04s3: use generate_random_password() instead of generate_random_str()Stefan Metzmacher5-12/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-04s3:modules remove gpfs_getacl_allocChristian Ambach1-46/+0
last caller has gone Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Feb 4 14:10:08 CET 2013 on sn-devel-104
2013-02-04s3:modules use vfs_gpfs_getacl in gpfsacl_get_posix_aclChristian Ambach1-3/+3
as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:modules use vfs_gpfs_getacl in gpfsacl_set_nt_acl_internalChristian Ambach1-5/+9
as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:modules use vfs_gpfs_getacl in gpfs_get_nfs4_aclChristian Ambach1-2/+5
as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:torture/vfstest add memreport optionChristian Ambach1-0/+8
this will run a talloc_report_full on the talloc stackframe after each command Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:torture/vfstest implement sys_acl_blob_get_fdChristian Ambach1-0/+45
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:torture/vfstest implement sys_acl_blob_get_fileChristian Ambach1-0/+32
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:vfs_gpfs use non_posix_sys_acl_blob_get_*_helperChristian Ambach1-16/+90
use the helper functions to return the blob based on the raw GPFS ACL blob (if it is a NFSv4 ACL). If not, fall back to the POSIX ACL code Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:vfs_gpfs add a generic vfs_gpfs_getacl functionChristian Ambach1-0/+73
in contrast to gpfs_getacl_alloc which always puts the ACL on talloc_tos(), this one allows to specify the memory context and if the caller is interested in the raw ACL blob or a structured version Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:modules/vfs_gpfs add GPFS_GETACL_NATIVE defineChristian Ambach1-0/+4
this is not in the official GPFS header file, but can be found in the GPL'd kernel module sources Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:modules/non_posix_acls: only stat if we do not have it cachedChristian Ambach1-4/+8
most probably we already have the stat() information Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:autoconf add non_posix_acls to NFS4ACL_OBJChristian Ambach1-1/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3:autoconf introduce NFS4ACL_OBJChristian Ambach1-3/+5
use a definition instead of listing it separately Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04s3-waf:modules add non_posix_acls dependency to vfs_gpfsChristian Ambach1-1/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-04vfs: Add helper function for non posix ACL modulesAndrew Bartlett3-0/+136
This handles the stat, and fills in the pre-supplied blob into a wrapper sturcture that can then be returned to vfs_acl_common for hashing. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04vfs_acl_common: Do not fetch the underlying NT ACL unless we need itAndrew Bartlett1-44/+80
This avoids asking for the posix ACL on disk twice, and avoids running a good deal of mapping code if it is not needed. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04vfs: Whitespace fix only to get_nt_acl_internal indentationAndrew Bartlett1-4/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04vfs: Implement an improved vfs_acl_common that uses the hash of the system ACLAndrew Bartlett1-51/+250
Where supported by the system ACL backend, this avoids hashing the result of the ACL mapping, instead hashing the original ACL, linearlised. For maximum robustness, the hash of the NT and system ACL are stored, along with the time and a description of the system ACL. This variety of extra metadata may assist some future implementation in determining which hash to validate. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04vfs: Add helper function hash_blob_sha256 to vfs_acl_common.cAndrew Bartlett1-7/+19
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-02-04Fix typo in warning messageVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-By: Ira Cooper <ira@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 4 11:48:25 CET 2013 on sn-devel-104
2013-02-01s3-net: mention optional impersonation principal for PAC retrieval.Günther Deschner1-1/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-02-01s3:auth: wbcAuthenticateEx gives unix times (bug #9625)Stefan Metzmacher1-3/+3
We also need to convert last_logon, last_logoff and acct_expiry from unix time to nt time. Otherwise a windows member server will reject clients using CAP_DYNAMIC_REAUTH or smb2) with STATUS_NETWORK_SESSION_EXPIRED, if the logoff and kickoff time is expired. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Feb 1 18:42:42 CET 2013 on sn-devel-104
2013-01-30smbd: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Jan 30 18:21:19 CET 2013 on sn-devel-104
2013-01-30smbd: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-01-29s3:winbindd: change getpwsid() to return a passwd struct for a group sid ↵Michael Adam1-9/+43
id-mapped with ID_TYPE_BOTH Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 29 23:46:19 CET 2013 on sn-devel-104
2013-01-29s3:winbindd: check the correct variable for talloc success in rpc_query_user()Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd:getgrnam: also produce a group struct for a user with ID_TYPE_BOTHMichael Adam1-2/+13
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: create group structs for gids that are coming from a user sid ↵Michael Adam1-0/+49
id-mapped with ID_TYPE_BOTH This "fake" group contains exctly one member, namely the user that the sid is actually belonging to. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()Michael Adam2-17/+47
for later reuse Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-29s3:winbindd: fix a cut'n'paste comment typo in wb_fill_pwentMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>