summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-02-12s4:kdc Fill in created_by principal fieldSimo Sorce1-4/+7
2010-02-12s4:kdc Fix double free and uninitialized memory.Simo Sorce1-2/+13
In samba_kdc_trust_message2entry() on error, hdb_free_entry() may end up trying to access uninitialized memory or double free the hdb_entry.
2010-02-12s4:auth/credentials/credentials.c - Initialise the "lm_response" and ↵Matthias Dieter Wallnöfer1-0/+5
"nt_response" structures In some cases those structures are not initialised and the whole authentication system crashes with a SIGSEGV. Bug discovered by Matthieu Patou in bug #6755.
2010-02-12s4:getopt.py - set the password callback only when no password has been providedMatthias Dieter Wallnöfer1-4/+6
Previously the "no_pass" and "no_pass2" variables weren't handled correctly. Since at the initialisation of the "CredentialsOptions" we don't have any password at all. Only afterwards we could get one through "set_password". If a password is specified, use it. If no password is specified, consider the use fo an input mask on STDOUT. But if the loadparm context contains one prefer it over the input.
2010-02-12s4:net_drs_bind: make some more stuff staticStefan Metzmacher1-2/+2
metze
2010-02-12s4:net/drs: use the full path to "utils/net/drs/net_drs*.h"Stefan Metzmacher5-5/+5
This fixes the build with automatic dependecies. metze
2010-02-11s4: Switch to S3-style id mapping data types.Kai Blin14-82/+97
2010-02-11s4 idmap: Make the sid_to_xid and xid_to_sid calls static.Kai Blin1-4/+8
Looking at the winbind interface, we should only be using the bulk conversion calls.
2010-02-11ldb_match - Ignore ":dn" part of extended matches for nowMatthias Dieter Wallnöfer1-2/+5
It's not fully clear what this ":dn" part means for us. What we know is that older AD implementations (Windows Server 2000, 2003) need it to have extended matches working in the expected way. To be able to interoperate with s3's winbind and other tools I and gd decided to transform this into a warning until we know what to do. This should fix bug #6511.
2010-02-12s4-provision: import the R2 functional levelAndrew Tridgell1-1/+1
this makes it easier to modify the script to set us at R2 level in provision. We should make this a parameter.
2010-02-12s4-build: avoid finding python symlinksAndrew Tridgell1-1/+1
emacs creates symlinks to .py files while you are editing them. This could cause build failures.
2010-02-12s4-provision: fixed --function-level option to provisionAndrew Tridgell1-0/+1
we need the DS_DOMAIN_* levels imported
2010-02-12s4-script: make enablerecyclebin use system_sessionAndrew Tridgell1-1/+2
This allows it to work against our local ldb
2010-02-12s4-pyldb: null terminate string ldb message elements from pythonAndrew Tridgell1-4/+4
We need to eventually get rid of ldb_msg_find_attr_as_string() (or add a mem_ctx to it), but meanwhile we have too many places that break if we don't add a nul to the end of ldb msg strings from python.
2010-02-11s4-net-drs: fix some coding style issuesAndrew Tridgell2-3/+2
We should use the system/*.h headers for system includes. We also try to avoid C++ comments. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-11s4/net_drs: 'net drs kcc' command implementationKamen Mazdrashki3-2/+177
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-11s4/net_drs: 'net drs bind' command implementationKamen Mazdrashki2-1/+138
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-11s4/net_drs: 'net drs' utility initial creationKamen Mazdrashki4-1/+377
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-02-11provision: Use short name for assignee of ACE (BA, SA, CO, ...)Matthieu Patou1-8/+6
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible) of sysvol files (GPO objects and netlogon folders). This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the from_sddl function. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11python-s4: use secrets.ldb instead of sam.ldb for reading domain SIDMatthieu Patou1-2/+2
This allow to be able to run net acl set xxx yyy on DC, but also on domain member. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11provision: Fix an error with eadb when using not default install dir and ↵Matthieu Patou1-1/+5
running as a non root user Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11s4-dns: don't leave behind a tmp fileAndrew Tridgell1-0/+2
If the dns update file doesn't need updating we need to delete the tmp file
2010-02-11s4-dns: added a dns update taskAndrew Tridgell4-1/+237
This task watches for changes in the list of DCs, and creates a bind9 formatted file that grants update permission to all DCs, plus to the administration, and machines update for their own names. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-11s4-provision: cope with umask in creating private/dnsAndrew Tridgell1-0/+2
2010-02-11s4-provision: pre-create a named.conf.update fileAndrew Tridgell3-36/+13
The named.conf.update file will be filled in at runtime by Samba to contain the list of bind9 grant rules for granting DNS dynamic update permissions on the domain.
2010-02-11s4-provision: move zone file to dns subdirectoryAndrew Tridgell2-14/+54
This allows the permissions to be correctly set for bind to write to a journal file. It also sets the right group ownership and permissions on the files that bind needs to access. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-11s4:provision Be more polite to long-suffering Samba testers.Andrew Bartlett1-2/+3
Our testers put up with a lot of odd things when testing out Samba4. Andrew Bartlett
2010-02-10test:local added LOCAL-DLINKLIST testsuiteAndrew Tridgell2-0/+2
(cherry picked from commit 95a5bee2c30a67a35604b0456ab7836f6dc67702)
2010-02-10util: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)Andrew Tridgell2-61/+112
This changes the meaning of the ->prev pointer in our doubly linked lists to point at the end of the list from the front of the list. That allows us to implement DLIST_ADD_END() and related functions in O(1) time, which can be a huge saving in many places in Samba. This also means that the 'type' argument to various DLIST_*() macros is no longer needed, but I have left it in for now to keep the patchset small, which will make it easier to revert if any problems are found. In the future we should remove the 'type' arguments. (jra. Move the one use of DLIST_TAIL over to the new macros).
2010-02-10s4-ldb: update ldb_tdb to use new DLIST_ macrosAndrew Tridgell1-15/+3
(cherry picked from commit 6ede911654566a7e21ded70dacac68df3b6a1bca)
2010-02-10s4-dsdb: update repl_meta_data.c to use new DLIST_ macrosJeremy Allison1-3/+2
2010-02-10Temporary changes to dlinklist to keep the implementation static whilstJeremy Allison1-0/+16
uses of (list)->prev are moved over to DLIST_PREV. This will be replaced when the final (new) version of the dlinklist.h header is added. Jeremy.
2010-02-10s4:provision Just 'do the right thing' with empty smb.conf filesAndrew Bartlett2-2/+26
For some reason, JHT keeps on creating an empty smb.conf file, expecting it to be the same as a non-existant one. It is easier to just realise what he meant. Andrew Bartlett
2010-02-10s4-smbtorture: use test_GetPrinter_level in RPC-SPOOLSS-NOTIFY.Günther Deschner2-45/+27
Guenther
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer11-44/+0
This was needed only by Python 2.3 which we no longer support.
2010-02-09s4-torture: allow host-only in unc lists in smbtortureAndrew Tridgell2-4/+7
Allow UNC lists like this: 192.168.2.1 192.168.2.2 192.168.2.3 the share name will be taken from the command line
2010-02-08s4-smbtorture: skip over ValidatePassword if DCERPC error is returned.Günther Deschner1-0/+4
Guenther
2010-02-08s4:subtree_delete - "NULL" as format string isn't allowed on FreeBSDMatthias Dieter Wallnöfer1-2/+3
I changed the format string into "(objectClass=*)" which should be an equivalent expression for choosing all available objects. Consider bug 7115 for the issue.
2010-02-08s4:heimdal: regerenate filesStefan Metzmacher9-173/+218
Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78 is wrong as that removes #include "config.h" and breaks the build on AIX. metze
2010-02-08s4:heimdal_build: allow flex-2.5.35:bison-2.4.1 to regenerate filesStefan Metzmacher1-1/+9
metze
2010-02-08s4-torture: more useful error message in SMB2-DIRAndrew Tridgell1-2/+2
2010-02-07s4-registry: fixed byte order assumptionsAndrew Tridgell4-7/+9
the registry tests were broken on big-endian systems
2010-02-06tdb: raise version to 1.2.1Simo Sorce1-1/+1
after recent fixes we need to raise the version to 1.2.1 so that we can require also the right patched version.
2010-02-06s4-ldb: fixed api.py selftestAndrew Tridgell1-1/+1
subunitrun seemed to be calling a test from its own source, instead of the samba test. Fix this by calling the test directly.
2010-02-05s4:UID wrapper - Fix includesMatthias Dieter Wallnöfer4-18/+18
The includes of the UID wrapper headers werent't really efficient according to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html). To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c", "lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
2010-02-05s4:Heimdal build - never require the NSS wrapper for Heimdal KerberosMatthias Dieter Wallnöfer1-5/+5
Disable the use of it in the heimdal code. Notice: This doesn't need to be ported upstream since it only affects the build in conjunction with s4.
2010-02-05s4/drs: propagate DRS_ extension flags in code baseKamen Mazdrashki3-3/+3
2010-02-04s4-torture: handle NT_STATUS_CONNECTION_RESETAndrew Tridgell3-6/+12
a CONNECTION_RESET is now the normal "client disconnect" status code
2010-02-04s4:mark the SYSTEM control always as non-criticalMatthias Dieter Wallnöfer1-0/+29
It is needed to not break the various LDAP backends. For reference look at bug #7040.
2010-02-03net: Fix python 2.4 compatibility.Jelmer Vernooij1-0/+5