summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2011-06-22s4:ntvfs/cifs: add option to use S4U2ProxyStefan Metzmacher1-0/+49
Note: this doesn't work against a Samba4 KDC yet. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
2011-06-22s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCsStefan Metzmacher1-1/+48
If the KDC does not support S4U2Proxy, it might return a ticket for the TGT client principal. metze
2011-06-22s4:auth/kerberos: add S4U2Proxy support to kerberos_kinit_password_cc()Stefan Metzmacher3-5/+134
For S4U2Proxy we need to use the ticket from the S4U2Self stage and ask the kdc for the delegated ticket for the target service. metze
2011-06-22s4-dsdb: bypass validation when relax setAndrew Tridgell1-1/+2
this allows dbcheck to fix bad attributes Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
2011-06-22samba-tool: allow for running dbcheck against a remove ldap serverAndrew Tridgell1-5/+14
this is useful for running it against a Windows server
2011-06-22samba-tool: expanded dbcheck DN checkingAndrew Tridgell1-21/+104
this now checks for bad GUID elements in DN links, and offers to fix them when possible Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: prioritise GUID in extended_dn_inAndrew Tridgell1-8/+11
if we search with a base DN that has both a GUID and a SID, then use the GUID first. This matters for the S-1-5-17 SID. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4-dsdb: catch duplicate matches in extended_dn_inAndrew Tridgell1-0/+12
When searching using extended DNs, if there are multiple matches then return an object not found error. This is needed for the case of a duplicate objectSid, which happens for S-1-5-17 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCsStefan Metzmacher1-1/+47
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets which belongs to the client principal of the TGT. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
2011-06-22s4:auth/kerberos: remove one indentation level in kerberos_kinit_password_cc()Stefan Metzmacher1-94/+99
This will make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: reformat kerberos_kinit_password_cc()Stefan Metzmacher1-32/+41
In order to make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: don't mix s4u2self creds with machine account credsStefan Metzmacher1-24/+76
It's important that we don't store the tgt for the machine account in the same krb5_ccache as the ticket for the impersonated principal. We may pass it to some krb5/gssapi functions and they may use them in the wrong way, which would grant machine account privileges to the client. metze
2011-06-22s4:auth/kerberos: use better variable names in kerberos_kinit_password_cc()Stefan Metzmacher1-27/+41
This will make the following changes easier to review. metze
2011-06-22s4:auth/kerberos: don't ignore return code in kerberos_kinit_password_cc()Stefan Metzmacher1-0/+2
metze
2011-06-22samba-tool: added missing GUID component checks to dbcheckAndrew Tridgell1-4/+93
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
2011-06-22pyldb: added methods to get/set extended components on DNsAndrew Tridgell1-0/+51
this will be used by the dbcheck code Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22pydsdb: added get_syntax_oid_from_lDAPDisplayName()Andrew Tridgell2-0/+45
this gives you access to the syntax oid of an attribute Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22ldb: added extended_str() method to pyldbAndrew Tridgell1-0/+16
this gives access to ldb_dn_get_extended_linearized() from python Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22ldb: expose syntax oids to pythonAndrew Tridgell1-0/+10
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-22samba-tool: try to keep dbcheck.py in a logical orderingAndrew Tridgell1-29/+38
keep individual error handlers together and separate from driver code
2011-06-22s4-dsdb: don't add zero GUID to BINARY_DNAndrew Tridgell1-9/+11
When converting from DRS to ldb format for a BINARY_DN, don't add the GUID extended DN element if the GUID is all zeros. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-06-21s4-smbtorture: rework the spoolss notify test a bit.Günther Deschner1-16/+15
Guenther
2011-06-21s4-smbtorture: use ipv4 addresses for backchannel spoolss change notifyGünther Deschner1-1/+1
connections for now. Guenther
2011-06-21s4/auth: Trivial spelling fixes.Brad Hards2-6/+6
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-21build: move dynconfig for top level build upAndrew Bartlett1-115/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-21s4-param Autogenerate the loadparm_globals and loadparm_service tablesAndrew Bartlett3-153/+226
This makes it much easier and less error prone to add new parameters as we merge the s3 and s4 loadparm systems. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Jun 21 04:41:54 CEST 2011 on sn-devel-104
2011-06-21selftest: Run tests for libsmbclient and libnetapiAndrew Bartlett2-1/+6
This adds the known failure for the one test (netbios browsing) that fails. Andrew Bartlett
2011-06-21s4-torture Enable libnetapi and libsmbclient tests using combined buildAndrew Bartlett4-27/+25
Because we now always build the source3 code, we can link directly against a private libnetapi and libsmbclient to test the behaviour of these important APIs. We use a private libnetapi_net_init(), and by using this interface rather than the public one, we can ensure that the correct smb.conf is loaded (as smbtorture4 is a Samba4 semantics binary). The #include of the source3 includes.h is required to do the manual lp_load(). Andrew Bartlett
2011-06-21s4-cmdline: Rename popt tables to avoid symbol conflictsAndrew Bartlett3-12/+12
These same names are use in the source3 popt code, which is called from in libsmbclient and libnet. These are then included in the smbtorture binary for testing Andrew Bartlett
2011-06-21lib/util: Use common d_printf() in the whole codebaseAndrew Bartlett1-6/+0
This removes the lang_tdb based varient, the only user of the lang_tdb code is SWAT, which calls that directly. 'net' and 'pam_winbind' are internationalised using gettext. Andrew Bartlett
2011-06-21s4-param Add my authorship to this scriptAndrew Bartlett1-2/+3
2011-06-20Use tevent_req_oomVolker Lendecke4-5/+5
This fixes a few Coverity errors
2011-06-20tdb2: tie it into build process if --enable-tdb2-breaks-compatRusty Russell1-1/+1
This is simplistic. We need to support making TDB2 a standalone library, but for now, we simply built it in-tree. Once we have tdb1 compatibility in tdb2, we can rename this option to --enable-tdb2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb2: create tdb2 versions of various testing TDBs.Rusty Russell1-2/+5
Soon, TDB2 will handle tdb1 files, but until then, we substitute. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat: use tdb_open_compat.Rusty Russell3-29/+51
This is a helper for the common case of opening a tdb with a logging function, but it doesn't do all the work, since TDB1 and TDB2's log functions are different types. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb2: #ifdef out TDB_ERR_NOLOCK and TDB_ERR_LOCK_TIMEOUT.Rusty Russell1-0/+4
These don't exist in tdb2. The former is used in one weird place in tdb1, and the latter not at all. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20ldb: replace 'struct TDB_DATA' with 'TDB_DATA'Rusty Russell3-6/+6
The typedef is TDB2 compatible, the struct isn't. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_unlockall/tdb_unlockall_read: ignore return value.Rusty Russell1-1/+2
TDB2 returns void here. tdb_unlockall will *always* return with the database unlocked, but it will complain via the log function if it wasn't locked. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_traverse/tdb_traverse_read: check returns for negative, not -1.Rusty Russell2-3/+3
TDB2 returns a negative error number on failure. This is compatible if we always check for < 0 instead of == -1. Also, there's no tdb_traverse_read in TDB2: we don't try to make traverse reliable any more, so there are no write locks anyway. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_transaction_cancel: ignore return value.Rusty Russell1-4/+1
TDB2 returns void here. tdb_transaction_cancel will *always* return with the transaction cancelled, but it will complain via the log function if a transaction wasn't in progress. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_store: check returns for 0, not -1.Rusty Russell3-3/+3
TDB2 returns a negative error number on failure. This is compatible if we always check for != 0 instead of == -1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_delete: check returns for 0, not -1.Rusty Russell1-1/+1
TDB2 returns a negative error number on failure. This is compatible if we always check for != 0 instead of == -1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_fetch_compat: use instead of tdb_fetch.Rusty Russell7-15/+17
This is a noop for tdb1. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20tdb_compat.h: divert every tdb build and includes to tdb_compatRusty Russell15-20/+25
We change all the headers and wscript files to use tdb_compat; this means we have one place to decide whether to use TDB1 or TDB2. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-20pyldb: add unit test for get(myattribute, defVal)Matthieu Patou1-0/+5
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Mon Jun 20 09:23:15 CEST 2011 on sn-devel-104
2011-06-20libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett26-116/+116
The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-20libcli/util Bring samba4 unix -> nt_status code in common.Andrew Bartlett5-169/+3
Due to library link orders, this is already the function that is being used. However we still need to sort out the duplicate symbol issues, probably by renaming things. Andrew Bartlett
2011-06-20s3-libcli Remove unused error mapping tablesAndrew Bartlett1-549/+0
The functions which uesed these tables have since moved in common. Andrew Bartlett
2011-06-20build: Put lockdir and cachedir in FHS-like locations by defaultAndrew Bartlett1-2/+2
This does not move statedir, leaving it in PREFIX/var/locks because state files such as idmap are dangerous to move, as they might re-create, causing chaos. This isn't ideal, but I don't have a better solution right now. Andrew Bartlett
2011-06-20s4-build Change default paths and --with flags for a 4.0 releaseAndrew Bartlett1-58/+20
The following changes are made since Samba 3.6: * --with-ncalrpcdir and --with-nmbdsocketdir are replaced with --with-socket-dir (with ntp_signd, winbindd, nmbd subdirs) * This moves the winbind socket out of /tmp. Distributions have moved this out of /tmp for quite some time now, and /var/run in the FHS blessed location these days. --with-socketdir should point to /var/run in a distribution package. * Configuration files are expected in PREFIX/etc instead of PREFIX/lib (they need to be moved manually) * SWAT data files have moved to PREFIX/share/swat (alongside PREFIX/share/setup containing samba4 provision templates). * The --with-fhs option is no longer available (it was never very useful, and major distributions (Debian, OpenSuSE, Fedora) either specified every option (overriding the effect) or didn't specify it at all. * PID files are now in PREFIX/var/run, moved from PREFIX/var/locks * The ncalrpc and nmbd sockets are now in PREFIX/var/run by default The following changes are made for users of Samba3 binaries built with the top level build in master * 'state' files are now expected to be in their Samba 3.6 location PREFIX/var/locks (and will need to be moved manually) Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>