summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match opsSamuel Cabrero2014-12-221-13/+35
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture/spoolss: issue GetJob after StartDocPrinterDavid Disseldorp2014-12-191-0/+8
| | | | | | | | | | | | This reflects Windows XP spoolss client behaviour. This fails if the job is not yet instantiated on the server, and prior to the bso#10984 fix resulted in an unsable DCERPC pipe. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Dec 19 18:03:20 CET 2014 on sn-devel-104
* spoolss: clear PrinterInfo on GetPrinter errorDavid Disseldorp2014-12-191-7/+12
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrinterDriverDirectory errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrintProcessorDirectory errorDavid Disseldorp2014-12-191-4/+9
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear FormInfo on GetForm errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | | | In handling a spoolss GetForm request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear DriverInfo on GetPrinterDriver2 errorDavid Disseldorp2014-12-191-5/+11
| | | | | | | | | | | | In handling a spoolss GetPrinterDriver2 request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear JobInfo on GetJob errorDavid Disseldorp2014-12-191-10/+18
| | | | | | | | | | | | | | | | In handling a spoolss GetJob request, the _spoolss_GetJob() handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then api_spoolss_GetJob() will attempt to marshall @info, which in the case of an @offered value of zero results in a marshalling error: ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger than size_is(0) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: add aes key support for trusted domainsStefan Metzmacher2014-12-191-37/+148
| | | | | | | | | | | We have a look at "msDS-SupportedEncryptionTypes" and >= DS_DOMAIN_FUNCTION_2008 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Dec 19 15:39:40 CET 2014 on sn-devel-104
* s4:rpc_server/lsa: fix segfault in check_ft_info()Stefan Metzmacher2014-12-191-0/+2
| | | | | | | | | | | This is triggered by lsa_lsaRSetForestTrustInformation() with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME. The nb_name variable was uninitialized and dereferenced without checking. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove unused allow_warnings=TrueStefan Metzmacher2014-12-191-1/+0
| | | | | | | | We compile without warnings now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the ↵Stefan Metzmacher2014-12-191-12/+20
| | | | | | | | | | | related flag is removed. When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared we should also remove the related credentials. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()Stefan Metzmacher2014-12-191-4/+3
| | | | | | | | | | | | This requires 'struct lsa_policy_state', we now pass this directly instead of a instead of an opaque 'struct dcesrv_handle'. dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle' with 'struct lsa_trusted_domain_state' before, which results in segfaults. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in ↵Stefan Metzmacher2014-12-191-6/+33
| | | | | | | | | | | | pdb_samba_dsdb_get_trusteddom_creds() If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match a Windows DC. For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_credsStefan Metzmacher2014-12-191-1/+225
| | | | | | | | | | We have the password as raw UTF16 blob, which might not be valid utf16, so we need to use cli_credentials_set_utf16_password(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of cli_rpc_pipe_open_schannel_with_creds()Stefan Metzmacher2014-12-191-17/+40
| | | | | | | This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()Stefan Metzmacher2014-12-191-23/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ↵Stefan Metzmacher2014-12-191-2/+2
| | | | | | | | | | ourself If we're a member or RWDC there's no need to require talking to a rwdc, an rodc will forward the request if required. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogonStefan Metzmacher2014-12-191-0/+5
| | | | | | | | We need to call init_dc_connection_rpc() before we can decide if we want to try NCACN_IP_TCP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper functionStefan Metzmacher2014-12-192-0/+93
| | | | | | | | | This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() ↵Stefan Metzmacher2014-12-192-0/+65
| | | | | | | | | helper functions This simplifies the callers, then can just pass in a cli_credentials structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-193-6/+65
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()Stefan Metzmacher2014-12-191-17/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if requiredStefan Metzmacher2014-12-191-0/+8
| | | | | | | | | | | | | Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL backend arround, this can only be specified explicitely by the caller and cli_credentials_get_netlogon_creds() != NULL is the strong indication that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*. With trusts against AD domain we can reliable use kerberos and netlogon secure channel for authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'Stefan Metzmacher2014-12-191-4/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-192-11/+43
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()Stefan Metzmacher2014-12-191-1/+1
| | | | | | | | We should not try to connect to the given domain from within the winbindd parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: report our own name for PING_DC and internal domainsStefan Metzmacher2014-12-191-0/+22
| | | | | | | | This means "wbinfo --ping-dc" works fine on a DC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: check for rpath compiler/linker flagsRalph Boehme2014-12-191-0/+4
| | | | | | | | | | | | Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: fill PRIVATE_NAME() logic againStefan Metzmacher2014-12-192-4/+21
| | | | | | | | | | | | | We append bld.env.PRIVATE_EXTENSION to the name of private libraries again, but only unless they have a abi_directory, vnum or soname defined. This avoids naming conflicts with system libraries, e.g. libidmap.so on Solaris Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2014-12-192-13/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: use shared/libnss_wrapper_winbind.so.2Stefan Metzmacher2014-12-192-2/+2
| | | | | | | | | | | This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()Stefan Metzmacher2014-12-191-1/+5
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ctdb-daemon: Use correct tdb flags when enabling robust mutex supportAmitay Isaacs2014-12-194-22/+70
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: version 1.3.4Stefan Metzmacher2014-12-192-1/+69
| | | | | | | | | | | | Transactions are supported with TDB_MUTEX_LOCKING. This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
* tdb/toos: allow transactions with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb/test: add tdb1-run-mutex-transaction1 testStefan Metzmacher2014-12-192-0/+237
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+1
| | | | | | | | | | | | | There's no real reason to disallow transactions as the allrecord lock is also available with mutexes enabled. E.g. ctdbd requires transactions also on non-persistent databases opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* vfs_fruit: Avoid double ()Volker Lendecke2014-12-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
* vfs_fruit: Avoid double initializationVolker Lendecke2014-12-181-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/texpect: prefer bsd/libutil.h if availableStefan Metzmacher2014-12-182-2/+4
| | | | | | | Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
* s4:heimdal_build: remove unused openpty checkStefan Metzmacher2014-12-181-1/+0
| | | | | | | | | commit 638a8edd7ce708cf550c054ac16dade795b6448b removed HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...) (the only heimdal user of openpty(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli-dns: Remove obsolete dns_host_file subsystem.Andreas Schneider2014-12-184-456/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
* s3-libsmb: Remove obsolete support for dns_host_file.Andreas Schneider2014-12-181-27/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-libcli: Remove obsolete support for file resolving.Andreas Schneider2014-12-183-163/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* addns: Remove support for dns_host_file.Andreas Schneider2014-12-189-94/+122
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba3 targets to join AD.Andreas Schneider2014-12-181-11/+60
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba4 target.Andreas Schneider2014-12-182-15/+90
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Always enable dns fakeing.Andreas Schneider2014-12-181-2/+6
| | | | | | | | FIXME: This should be removed once we fixed adding records to the DNS server using nsupdate! Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Define if we should fake dns resolving.Andreas Schneider2014-12-182-1/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-25 22:31:31 +0000