summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gensec: move schannel module to toplevel.Günther Deschner2013-09-193-10/+8
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Fix SEGV from improperly formed SUBSTRING/PRESENCE filterHoward Chu2013-09-191-1/+1
| | | | | | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Sep 19 01:42:43 CEST 2013 on sn-devel-104
* OpenLDAP provisioning tweaksHoward Chu2013-09-185-65/+38
| | | | | | | | | | | | | Remove BerkeleyDB-specific setup. Streamline cn=samba partition initialization - allow any backend type for it. Use back-mdb instead of back-ldif for cn=samba partition Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
* Use SASL/EXTERNAL over ldapi://Howard Chu2013-09-183-53/+86
| | | | | | | | | The provision script will map the uid of the user running the script to the samba-admin LDAP DN. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Add SASL/EXTERNAL gensec moduleHoward Chu2013-09-183-1/+91
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Prepare for SASL/EXTERNAL supportHoward Chu2013-09-182-2/+19
| | | | | | Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* Free memory on errorAlistair Leslie-Hughes2013-09-181-0/+1
| | | | | | | | Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 18 19:46:41 CEST 2013 on sn-devel-104
* s3: libsmb - 10150 - Not all OEM servers support the ALTNAME info level.Jeremy Allison2013-09-181-3/+4
| | | | | | | | Sigh. Some OEM servers return NT_STATUS_NOT_IMPLEMENTED not NT_STATUS_NOT_SUPPORTED. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* Give slapd a second to startupHoward Chu2013-09-181-1/+1
| | | | | | | | | | | | Moving the sleep to the beginning of the loop avoids most occurrences of the "connection failed" message Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
* Add an OpenLDAP-specific extended_dn_in moduleHoward Chu2013-09-182-5/+37
| | | | | | | | Don't "fix" plain DNs before sending them to OpenLDAP Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* libcli/smb: only check the SMB2 session setup signature if required and validStefan Metzmacher2013-09-181-5/+21
| | | | | | | | | | | | | This is an update to commit af290a03cef63c3b08446c1980de064a3b1c8804 that skips the scary debug messages. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
* s3: libsmb : Bug 10150 - Not all OEM servers support the ALTNAME info level.Jeremy Allison2013-09-171-1/+9
| | | | | | | | | | | Just ignore and print error message and an altname of "" if the server returns NT_STATUS_NOT_SUPPORTED. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 17 23:40:08 CEST 2013 on sn-devel-104
* s3: libsmb SMB2 wrapper layer. cli_smb2_get_ea_list_path() failed to close ↵Jeremy Allison2013-09-171-0/+4
| | | | | | | | | file on exit. Found at SNIA SDC plugfest. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3-rpc_server: fix typo in DEBUG statement.Günther Deschner2013-09-171-1/+1
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 17 18:24:26 CEST 2013 on sn-devel-104
* docs: point out side-effects of global "valid users" setting.Günther Deschner2013-09-171-0/+10
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 17 16:20:16 CEST 2013 on sn-devel-104
* s3: libsmb : The short name length is only a one byte field.Jeremy Allison2013-09-171-1/+1
| | | | | | | | | | | The next byte is "undefined" and some vendors set this to 0xff (discovered in SNIA SDC lab tests). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 12:27:18 CEST 2013 on sn-devel-104
* libcli/smb: fix non mendatory signing against some vendor SMB2 servers.Stefan Metzmacher2013-09-171-1/+10
| | | | | | | | | | | | | | Windows and Samba always sign the final session setup response even if signing is not mendatory, but it ensures that the signing key is correctly in place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
* libcli/smb: use SMB1 MID=0 for the initial NegprotStefan Metzmacher2013-09-171-0/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Cleanup map return codesHoward Chu2013-09-171-18/+17
| | | | | | | | | | -1 was never a valid LDB return code, just use OPERATIONS_ERROR Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 07:51:45 CEST 2013 on sn-devel-104
* Fix OpenLDAP partition configsHoward Chu2013-09-172-3/+72
| | | | | | | | Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu <hyc@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/ldb-samba/ldb_ildap: Also skip special base DNsAndrew Bartlett2013-09-171-0/+3
| | | | | | | This is so we do not search for @REPLCHANGED against ldap Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* docs-xml: document SMB3_02 as available protocol for the client sideStefan Metzmacher2013-09-172-1/+4
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
* s3:torture: add PROTOCOL_SMB3_02 handlingStefan Metzmacher2013-09-171-0/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/param: add PROTOCOL_SMB3_02 handlingStefan Metzmacher2013-09-171-0/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requestedStefan Metzmacher2013-09-171-0/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add PROTOCOL_SMB3_02Stefan Metzmacher2013-09-171-2/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add SMB3_DIALECT_REVISION_302Stefan Metzmacher2013-09-171-0/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dsdb: Use credentials.get_forced_sasl_mech()Andrew Bartlett2013-09-172-0/+3
| | | | | | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
* auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech()Andrew Bartlett2013-09-165-0/+60
| | | | | | | | | | This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* samba-tool domain provision: Make ldap_backend_startup.sh +x and take ↵Andrew Bartlett2013-09-161-2/+5
| | | | | | | optional arguments Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* samba-tool domain join: Set server role correctly to "active directory ↵Andrew Bartlett2013-09-161-2/+2
| | | | | | | | | | | | | | domain controller" We changed the magic string when we reworked the list of server roles. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
* s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett2013-09-161-1/+1
| | | | | | | access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool domian join: Only print adminpass warning on subdomain creationAndrew Bartlett2013-09-161-0/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool domain join: Add --quite and --verboseAndrew Bartlett2013-09-162-45/+63
| | | | | | | | | | This means we now use logger consistently between doimin join, domain dcpromo and domain provision. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Use dsdb_next_callback() rather than a no-op per-module callbackAndrew Bartlett2013-09-161-38/+16
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Restore support for joining as a subdomainAndrew Bartlett2013-09-162-7/+16
| | | | | | | | | | This set of patches fixes up the errors that were introduced into the partial support during the past couple of years. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()Andrew Bartlett2013-09-161-0/+13
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Handle more error cases with useful exceptionsAndrew Bartlett2013-09-161-1/+9
| | | | | | | | | This will help track down strange failures in the future. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool domain join subdomain: Set "reveal_internals:0" control so we can ↵Andrew Bartlett2013-09-161-1/+1
| | | | | | | | | | | | | | | | | see the ncName The issue here is that we create the ncName remotely with DsAddEntry, and then replicate it back. However, at this point the naming context pointed at by the ncName does not exist! The issue is that the extended_dn_out module then hides the link, because it points to a missing object. The reveal_internals control forces this link to be returned, and so we can then find the GUID, to create the domain with the right GUID. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* ldb: Show the type of failing operation in default error messageAndrew Bartlett2013-09-161-1/+26
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Show which database we failed to find the DN on (clarify local v ↵Andrew Bartlett2013-09-161-1/+1
| | | | | | | remote) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Handle exceptions when looking for GUID in a DNAndrew Bartlett2013-09-161-1/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: Fix some typos in comments.Björn Jacke2013-09-122-5/+5
| | | | | | | | | | | | Thanks to Stewart A. Levin for reporting. fixes bug #10136 (Documentation typos). Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Sep 12 13:54:41 CEST 2013 on sn-devel-104
* docs: Fix typos.Karolin Seeger2013-09-121-3/+3
| | | | | | | | | | | This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking acls for "open for execution". Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
* smbd: Properly protect against invalid lock dataVolker Lendecke2013-09-121-0/+6
| | | | | | | | | | | If someone messes with brlock.tdb and inserts an invalid record length, this will lead to memcpy overwriting a few bytes behind malloc'ed data. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 12 03:26:45 CEST 2013 on sn-devel-104
* Fix is_legal_name() to not emit character conversion error messages.Jeremy Allison2013-09-111-12/+8
| | | | | | | | Using next_codepoint() does the same check, but without the conversion message. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* selftest: change to src dir for panic backtraceDavid Disseldorp2013-09-121-1/+1
| | | | | | | | | | | | | | | | | | When running selftest against a Samba3 target, the working directory is set to st/s3dc/share. The existing "panic action" script attempts obtain a backtrace for a paniced smbd process using GDB, which does not locate debug info relative to the working directory. This commit changes the S3 selftest panic action to first enter the base source directory before attempting to obtain the backtrace, ensuring that GDB can locate the debug info. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 12 00:19:39 CEST 2013 on sn-devel-104
* dsdb: When using an LDAP backend, force use of the password from secrets.ldbAndrew Bartlett2013-09-111-0/+99
| | | | | | | | | | | | | | | | | This makes testing from the command line much easier, as ldbsearch -H sam.ldb will now just work as well as it did with a tdb-based provision. This code was removed from it's previous location outside the ldb module stack in aabda85a2fc9f6763abd56d61ff819012f2225ad. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Wed Sep 11 21:15:50 CEST 2013 on sn-devel-104
* smbd: Convert br_lck->lock_data to tallocVolker Lendecke2013-09-111-26/+29
| | | | | Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Sep 11 10:15:38 CEST 2013 on sn-devel-104
* smbd: Move "struct byte_range_lock" definition to brlock.cVolker Lendecke2013-09-112-9/+11
|
generated by cgit (git 2.34.1) at 2025-09-27 04:52:44 +0000