summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2011-10-22Fix bug #8541 - readlink() on Linux clients fails if the symlink target is ↵Jeremy Allison4-11/+43
outside of the share. The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink, but disallow all other operations. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
2011-10-21Deprecate "acl check permissions".Jeremy Allison1-1/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 21 21:51:18 CEST 2011 on sn-devel-104
2011-10-21s3:idmap_autorid: add an allocation range to autoridChristian Ambach1-1/+96
this is needed to allocate gids for BUILTIN\Users and BUILTIN\Administrators and for local users/group that admins might want to create autorid will now allocate one range for this purpose and can so give out as many uids and gids as the configured rangesize allows
2011-10-21s3:idmap_autorid: move HWM initialization into a functionChristian Ambach1-17/+27
we will need some more HWM soon, so move out initialization and optimize the logic using the new interface of dbwrap_fetch_uint32
2011-10-21s3:idmap_autorid: use strings as parameter for range allocatorChristian Ambach1-14/+14
this prepares for allocation of non-domain ranges that cannot be expressed by a SID (e.g. an allocation pool)
2011-10-21s3:winbindd/idmap make idmap modules loadable againChristian Ambach6-6/+6
commit 355b5e3a831415d9bef97 changed the module system to expect 'samba_init_module' as fixed initializer function
2011-10-21Revert "s3:idmap/autorid add a small alloc pool to autorid"Christian Ambach1-61/+0
This reverts commit 0aa558718ad7427ee8b02046da73eea1838a5a32. just having 500 uid/gids values is not good enough for users using local users and groups in the order of thousands better solution which will use a complete range for allocated uids/gids will come next.
2011-10-21s3-waf: only compile common.c in netapi examples code once.Günther Deschner1-2/+8
Guenther
2011-10-21s3-netapi: use NetApiBufferAllocate() for returned buffer in getdc calls.Günther Deschner1-2/+30
Guenther
2011-10-21s3-netapi: fix missing include in examples code.Günther Deschner1-0/+2
Guenther
2011-10-21libcli/smb: move smb_seal.c to the toplevelStefan Metzmacher8-506/+7
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Oct 21 10:22:39 CEST 2011 on sn-devel-104
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the rpc codeAndrew Bartlett7-74/+75
We always dereferenced auth_ntlmssp_state->gensec_security, so now we do not bother passing around the whole auth_ntlmssp_state. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-seal Remove struct smb_srv_trans_enc_ctxAndrew Bartlett3-104/+54
This structure added no value, particularly after the move to gensec. It was added at a time when auth_ntlmssp_state was not available in the client. This changed a while back (the wrapper was extended with client calls), and the move to gensec again reinforced that we do not need the extra complexity. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove references to auth_ntlmssp_context from the smb sealing codeAndrew Bartlett4-46/+54
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_session_key()Andrew Bartlett4-17/+12
We now just call the gensec_session_key() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_want_feature()Andrew Bartlett9-31/+17
We now just call the gensec_want_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-seal use gensec_[un]wrap() instead of gensec_[un]seal_packet()Andrew Bartlett1-54/+41
This should not make a difference for NTLMSSP as it still calls the low level ntlmssp_[un]seal_packet() functions with the same input parameters. If we convert the gss-api/krb5 based code to gensec we have to use gensec_[un]wrap() as the wire format is different compared to gensec_[un]seal_packet() there. Andrew Bartlett Split from another commit by Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp use gensec_{seal,unseal,sign,check}_packetAndrew Bartlett5-125/+55
This avoids the indirection via the auth_ntlmsssp wrapper functions. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and ↵Andrew Bartlett4-16/+4
auth_ntlmssp_negotiated_seal() We now just call the gensec_have_feature() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-ntlmssp Remove auth_ntlmssp_update wrapperAndrew Bartlett10-47/+41
We now just call gensec_update directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3-auth remove auth_ntlmssp_session_info()Andrew Bartlett5-23/+11
Instead, call gensec_session_info() directly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-21s3:smbd/seal: pass talloc_tos() auth_ntlmssp_update(), because we free a few ↵Stefan Metzmacher1-1/+1
lines later metze
2011-10-21s3:libsmb/smb_seal: always use SAFE_FREE(buf) in common_free_enc_buffer()Stefan Metzmacher1-14/+1
There's no need to do gss-api specific stuff, the buffer is always malloc'ed. metze
2011-10-21s3:libsmb/smb_seal: use plain malloc() in common_ntlm_encrypt_buffer()Stefan Metzmacher1-2/+7
metze
2011-10-21s3:libsmb/smb_seal: avoid ads_errstr() dependency and use gssapi_error_string()Stefan Metzmacher1-9/+28
metze
2011-10-21s3:libsmb/smb_seal: make use of common [_]smb_[set]len_nbt() macrosStefan Metzmacher1-11/+11
metze
2011-10-21s3:include: make smb_setlen() a macroStefan Metzmacher3-15/+1
metze
2011-10-21libcli/smb: move some common defines to smb_constants.hStefan Metzmacher1-27/+0
metze
2011-10-21build: compile (but do not install) netapi examplesAndrew Bartlett2-0/+65
The only example not yet built is the GTK domain join gui. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Oct 21 01:31:55 CEST 2011 on sn-devel-104
2011-10-20s3:Makefile: make DSO_EXPORTS_CMD more portable (#8531)Björn Jacke1-1/+1
It sems like every not completely trivial sed expression should be tested with Solaris' sed. Its regexp engine is way more limited than the one of GNU sed. Thanks to Michael Pelletier for finding this! This fixes bug #8531 Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Oct 20 23:15:05 CEST 2011 on sn-devel-104
2011-10-20Refactor to create check_parent_access() which can be called for file ↵Jeremy Allison1-23/+64
creation too. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 20 20:29:22 CEST 2011 on sn-devel-104
2011-10-20Make mkdir_internal() check the parent ACL for SEC_DIR_ADD_SUBDIR rights.Jeremy Allison1-2/+33
2011-10-20s3-netapi Compile (but do not install) netapi testsAndrew Bartlett2-1/+7
2011-10-20s3:libsmb/async_smb: in cli_state_notify_pending() we always disconnectStefan Metzmacher1-7/+5
So we should always set state->mid = 0. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Oct 20 11:34:23 CEST 2011 on sn-devel-104
2011-10-20Fix error return to be NT_STATUS_NOT_A_DIRECTORY.Jeremy Allison1-2/+2
2011-10-20Make use of the "dir_exists" we already have on directory open.Jeremy Allison1-8/+28
2011-10-19s3-waf: make sure we always compile (not install) our libsmbclient testcode.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Oct 19 20:42:52 CEST 2011 on sn-devel-104
2011-10-19s3:libsmb/smb_seal: move smb_set_enclen() to smb_seal.c and make it static thereStefan Metzmacher3-14/+13
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Oct 19 19:06:35 CEST 2011 on sn-devel-104
2011-10-19s3:libsmb/smb_seal: s/uint16/uint16_tStefan Metzmacher2-5/+5
metze
2011-10-19s3:include: move smb_seal.c prototypes to smb_crypt.hStefan Metzmacher3-9/+10
metze
2011-10-19s3:libsmb/smb_seal: make common_ntlm_[en|de]crypt_buffer staticStefan Metzmacher2-7/+2
metze
2011-10-19s3:include: use smb_[set]len_[nbt|tcp]() macrosStefan Metzmacher1-4/+4
metze
2011-10-19s3: Remove duplicate fsctl function definitionsDavid Disseldorp4-52/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-19s3: Avoid a winbind 100% cpu loopVolker Lendecke1-0/+8
When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104
2011-10-19vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths.Jeremy Allison1-5/+5
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104
2011-10-18The last argument to atalk_build_paths() is always false, remove it.Jeremy Allison1-12/+9
2011-10-18s3-util: dbwrap_tool: add fetch fuctions for hex and stringBjörn Baumbach1-0/+61
Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18s3-util: dbwrap_tool: add store hex functionBjörn Baumbach1-3/+43
Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam <obnox@samba.org>
2011-10-18pdb-interface: Do not use unid_t hereSimo Sorce8-52/+59
This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
2011-10-18s3-auth move the s3 auth context onto gensec_ntlmssp once we startAndrew Bartlett1-2/+2
We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104