summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-01-18s3-librpc Allow spnego_generic_init_client to handle kerberos tooAndrew Bartlett1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett5-329/+17
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-libsmb Use the gse_krb5 gensec module as clientAndrew Bartlett2-2/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Make gse available as a gensec client moduleAndrew Bartlett2-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-build: Rework object lists to allow gse gensec moduleAndrew Bartlett3-73/+40
This also allows the spnego_parse_krb5_wrap() function to be shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: Add gensec wrapper for gse GSSAPI clientAndrew Bartlett2-0/+441
This brings in part of the s4 gensec_gssapi as the boilerplate for the new module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett1-1/+4
This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Add auth hook for PAC parsingAndrew Bartlett1-2/+128
This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3: Use lock_order for setting the db priorityVolker Lendecke1-0/+18
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 18 16:21:52 CET 2012 on sn-devel-104
2012-01-18s3: Pass down lock_order to db_open_ctdbVolker Lendecke3-4/+10
2012-01-18Revert "Fix bug #8175 - smbd deadlock."Volker Lendecke1-68/+26
This reverts commit 5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
2012-01-18s3: Change locking order between brlock and lockingVolker Lendecke1-8/+58
But 8175 was fixed in a way that brlock.tdb was always locked before locking.tdb. This patch fixes the bug in a different way. locking.tdb is the central tdb for files and should always be locked first. This patch solves the problem by postponing the level2 break messages, which are async anyway.
2012-01-18s3: Enforce a lock order in dbwrapVolker Lendecke4-1/+85
This makes sure we do not deadlock from doing two dbwrap_fetch_locked in two processes in different orders. At open time, we assign a strict order to all databases. lock_order 1 will be locked first, lock_order 2 second. No two records of the same lock order may be locked at the same time.
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke30-40/+97
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2012-01-18s3-passdb: trying to decouple passdb and secrets a little.Günther Deschner8-105/+173
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2012-01-17s3: Fix bug 8695Volker Lendecke1-0/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
2012-01-17s3:lib/messages: remove unused messaging_event_context()Stefan Metzmacher2-6/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 17 09:45:30 CET 2012 on sn-devel-104
2012-01-17s3:smbcontrol: avoid using messaging_event_context()Stefan Metzmacher1-10/+7
metze
2012-01-17s3:smbcontrol: pass tevent_context down to wait_replies()Stefan Metzmacher1-10/+11
metze
2012-01-17s3:smbcontrol: pass tevent_context down to subcommandsStefan Metzmacher1-38/+69
metze
2012-01-17s3:printing: avoid messaging_event_context() in print_queue_housekeeping()Stefan Metzmacher1-6/+21
metze
2012-01-16s3-install: Don't let MANDIR and SRCDIR be overwrittenVolker Lendecke1-1/+2
In installman.sh, we get them via cmd line args Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 16 18:55:40 CET 2012 on sn-devel-104
2012-01-16s3:selftest: rpcclient doesn't support smb2Stefan Metzmacher1-29/+27
metze
2012-01-14s3: ADS support is needed for dns updatesVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jan 14 15:32:15 CET 2012 on sn-devel-104
2012-01-13s3: Fix the talloc hierarchy in fetch_share_mode_unlockedVolker Lendecke1-1/+1
Thanks, metze for noticing! Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 13 13:16:44 CET 2012 on sn-devel-104
2012-01-13s3-waf: check for KRB5_PDU_NONE as in the autoconf build.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Jan 13 11:15:35 CET 2012 on sn-devel-104
2012-01-13s3-autoconf: fix the build of the pdb_ldap shared module in autoconf build ↵Günther Deschner2-5/+4
as well. Guenther
2012-01-13s3-waf: fix compile of pdb_ldap as shared module by moving ldap schema ↵Günther Deschner2-2/+3
helpers to libpdb.so These helpers are used in other parts of Samba as well (like in idmap and in the net provision code). Guenther
2012-01-13s3-waf: also check for gsskrb5_extract_authz_data_from_sec_context() duringGünther Deschner1-1/+2
configure. Guenther
2012-01-13s3:build: add auth/gensec/spnego.oStefan Metzmacher2-5/+9
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
2012-01-13s3-selftest The krb5 encrypted CIFS test was wrongAndrew Bartlett1-1/+1
Sadly this fails in the test environement for now. It needs a /etc/krb5.keytab which we do not provide. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jan 13 04:57:22 CET 2012 on sn-devel-104
2012-01-13Add comments to all functions (to help me understand it better).Jeremy Allison2-0/+32
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jan 13 01:35:03 CET 2012 on sn-devel-104
2012-01-12s3: Fix nested get_share_mode_lock callsVolker Lendecke1-5/+57
This forces us to only do one real get_share_mode_lock call and share the data between the nested get_share_mode_lock calls. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Move the share_mode_lock handling to its own fileVolker Lendecke4-417/+465
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Put an indirection layer into share_mode_lockVolker Lendecke9-173/+193
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Introduce get_share_mode_lock_fresh()Volker Lendecke7-41/+40
This slightly simplifies the code path for all callers which assume that a share mode exists already. Only the callers in open_file_ntcreate and open_directory will ever create new share modes. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Replace fill_share_mode_lock()Volker Lendecke1-84/+67
This replaces fill_share_mode_lock() with the two routines fresh_share_mode_lock() and parse_share_modes(). This lifts the decision whether a share mode already existed on level up. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3-waf: auth_netlogond depends on tldap.Andreas Schneider1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
2012-01-12s3-waf: link SECRETS3 only against samba3util.Andreas Schneider1-1/+1
2012-01-12s3-waf: Create a smaller samba3util subsystem.Andreas Schneider1-7/+18
2012-01-12s3: Split a line with 1 statementsVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Jan 12 13:10:19 CET 2012 on sn-devel-104
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher2-0/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-12Ensure we always free aio_ex on all error paths by moving the TALLOC_FREEJeremy Allison3-3/+4
call out of smbd_aio_complete_aio_ex() and into the caller. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104
2012-01-11First part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-18/+31
Simplify the logic in the unlink/rmdir calls - makes it readable (and correct).
2012-01-11s3-rpcclient: add deldriverex flags argumentDavid Disseldorp1-7/+7
The spoolss DeletePrinterDriverEx command offers three flags for controlling how associated files and other versions of the driver are effected: DPD_DELETE_UNUSED_FILES (1), DPD_DELETE_SPECIFIC_VERSION (2) and DPD_DELETE_ALL_FILES (4). This commit adds an optional numeric flags argument to the rpcclient deldriverex command. Signed-off-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: David Disseldorp <ddiss@samba.org> Autobuild-Date: Wed Jan 11 14:39:35 CET 2012 on sn-devel-104
2012-01-11spoolss: fix DPD_DELETE_ALL_FILES error returnDavid Disseldorp1-2/+1
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files assigned to the to-be-deleted driver overlap with other drivers then an error is returned. Change the error code here to match Windows 2k8r2. Signed-off-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-11s3-librpc Supply target service and server to spnego_generic_init_client()Andrew Bartlett3-0/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc: Rename spnego_ntlmssp_init_client and make genericAndrew Bartlett3-5/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-libsmb: split out auth_generic client functions into auth_generic.cAndrew Bartlett5-129/+164
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc: rename get_ntlmssp_auth_footer to be more genericAndrew Bartlett1-5/+5
This can handle any gensec auth type now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>