summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* talloc: don't allow a talloc_pool inside a talloc_pool.Rusty Russell2012-07-182-1/+9
| | | | | | | | | We explicitly call free() on a pool which falls to zero, assuming it's not inside another pool (we crash). Check on creation and explicitly document this case. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* talloc: use a struct for pool headers.Rusty Russell2012-07-182-106/+90
| | | | | | | | | | | | | | | | | | This neatens the code a bit (we should do a similar thing for all the TALLOC_CHUNK macros). Two subtler changes: (1) As a result of the struct, we actually pack object_count into the talloc header on 32-bit platforms (since the header is 40 bytes, but needs to be 16-byte aligned). (2) I avoid VALGRIND_MAKE_MEM_UNDEFINED on memmove when we resize the only entry in a pool; that's done later anyway. With -O2 on my 11.04 Ubuntu 32-bit x86 laptop, the talloc_pool speed as measured by testsuite.c actually increases 10%. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s3-linux-aio: Fix error handlingVolker Lendecke2012-07-171-4/+2
| | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 17 21:22:31 CEST 2012 on sn-devel-104
* Add debug message when SD hash doesn't match.Jeremy Allison2012-07-171-0/+5
|
* s3-autoconf: Fix the build.Günther Deschner2012-07-171-11/+3
| | | | | | | Guenther Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jul 17 16:17:06 CEST 2012 on sn-devel-104
* Enable AES in winbind.Andreas Schneider2012-07-171-1/+1
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-rpc_client: Fix updating netlogon credentials.Andreas Schneider2012-07-171-8/+7
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-rpc_client: Add capabilities check for AES encrypted connections.Andreas Schneider2012-07-171-1/+158
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s4-auth: Make sure we use the correct credential state.Andreas Schneider2012-07-171-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we create a copy of the credential state we miss updates to the credentials. To establish a netlogon schannel connection we create client credentials and authenticate with them using dcerpc_netr_ServerAuthenticate2() For this we call netlogon_creds_client_authenticator() which increases the sequence number and steps the credentials. Lets assume the sequence number is 1002. After a successful authentication we get the server credentials and we send bind a auth request with the received creds. This sets up gensec and the gensec schannel module created a copy of the client creds and stores it in the schannel auth state. So the creds stored in gensec have the sequence number 1002. After that we continue and need the client credentials to call dcerpc_netr_LogonGetCapabilities() to verify the connection. So we need to increase the sequence number of the credentials to 1004 and step the credentials to the next state. The server always does the same and everything is just fine here. The connection is established and we want to do another netlogon call. So we get the creds from gensec and want to do a netlogon call e.g. dcerpc_netr_SamLogonWithFlags. We get the needed creds from gensec. The sequence number is 1002 and we talk to the server. The server is already ahead cause we are already at sequence number 1004 and the server expects it to be 1006. So the server gives us ACCESS_DENIED cause we use a copy in gensec. Signed-off-by: Günther Deschner <gd@samba.org>
* s4-librpc: Add capabilities check for AES encrypted connections.Andreas Schneider2012-07-171-1/+110
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s4-torture: Improve samlogon test.Andreas Schneider2012-07-171-0/+8
|
* s4-torture: Add DCERPC_SCHANNEL_AES tests.Andreas Schneider2012-07-171-1/+5
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3:rpc_server: add support for AES bases netlogon schannelStefan Metzmacher2012-07-171-0/+4
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher2012-07-171-0/+4
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:librpc/rpc: add DCERPC_SCHANNEL_AES supportStefan Metzmacher2012-07-172-2/+18
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* libcli/auth: add support for AES/HMAC-SHA256 to the netlogon schannel sign/sealStefan Metzmacher2012-07-171-51/+137
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* libcli/auth: add support for AES/HMAC-SHA256 schannel session key supportStefan Metzmacher2012-07-171-3/+63
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher2012-07-171-26/+31
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher2012-07-171-2/+20
| | | | | | | | This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:librpc/rpc/dcerpc_schannel: just append NETLOGON_NEG_RODC_PASSTHROUGH as rodcStefan Metzmacher2012-07-172-6/+5
| | | | | | | | The RODC stuff doesn't depend on the schannel algorithm. metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:librpc/rpc/dcerpc_schannel: rework downgrade logicStefan Metzmacher2012-07-171-5/+38
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* VERSION: Move on to beta5!Andrew Bartlett2012-07-171-2/+2
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jul 17 06:10:52 CEST 2012 on sn-devel-104
* VERSION: Mark as the beta4 releaseAndrew Bartlett2012-07-171-1/+1
|
* WHATSNEW: prepare for 4.0 beta4Andrew Bartlett2012-07-171-28/+44
|
* Revert "Remove XSLT script to generate image dependencies, instead rely on make"Jelmer Vernooij2012-07-162-17/+89
| | | | | | | | | | | | This reverts commit c4493c22f129b2c94f361e6f8657adc7cd2dc1c6. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7562 Conflicts: docs-xml/Makefile Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Mon Jul 16 16:18:46 CEST 2012 on sn-devel-104
* pytdb: Check if the database is closed before we touch itAndrew Bartlett2012-07-162-10/+85
| | | | | | | | | | | If .close() has already been called, we have to play dead - the self->ctx is just not valid any more, as we have been shut down to allow some other part of Samba to open the tdb. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 16 13:51:52 CEST 2012 on sn-devel-104
* pytdb: Check for errors parsing strings into TDB_DATAAndrew Bartlett2012-07-161-0/+16
| | | | | | | The call to PyStringAsString() can raise an exception, and we want to return that rather than following a NULL pointer later. Andrew Bartlett
* auth/credentials: Look in the secrets.tdb for the machine accountAndrew Bartlett2012-07-152-3/+50
| | | | | | | | | This is for use with the -P/--machine-pass option. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 15 05:41:28 CEST 2012 on sn-devel-104
* s4-param: Use a unique header nameAndrew Bartlett2012-07-151-3/+3
|
* s3-secrets: Use C99 typesAndrew Bartlett2012-07-152-11/+11
|
* Fix bug #9016 - Connection to outbound trusted domain goes offline.Jeremy Allison2012-07-141-6/+0
| | | | | | | | | | | | By the time we've gotten to init_dc_connection_network() we shouldn't be second guessing the caller by calling winbindd_can_contact_domain(). If for some reason we do need to restrict the contact list here we can add a condition to only contact the primary domain or domains listed in the tdc cache, but I don't think that's neccessary. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jul 14 03:17:57 CEST 2012 on sn-devel-104
* s3: Make us survive smb2.lock.rw-shared with aio enabledVolker Lendecke2012-07-131-1/+1
| | | | | | | | | | | | schedule_aio_smb2_write can return NT_STATUS_FILE_LOCK_CONFLICT. This is a valid error code that smb2.lock.rw-shared expects and checks for. The code before this patch maps this to NT_STATUS_FILE_CLOSED, masking the real, correct error message. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 13 21:53:51 CEST 2012 on sn-devel-104
* s3-auth_samba4: Explain that check_samba4_security is actually unusedAndrew Bartlett2012-07-131-0/+10
| | | | | | | | | | | Because of the evolution in the way the auth handling has been done, we do not need this code any more. Raw NTLM Session setup & X is done via the auth4 context which returns a full session info. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 10:04:05 CEST 2012 on sn-devel-104
* lib/util: Allocate enough space to reference blob->data[len]Andrew Bartlett2012-07-131-3/+3
| | | | | | | | Found by Thomas Hood <jdthood@gmail.com> using valgrind. Thanks! Andrew Bartlett
* s3-auth Remove unused global_machine_account_needs_changingAndrew Bartlett2012-07-133-82/+0
| | | | | | | | | | | | | | This boolean was only set if the old machine account store (with an MD4 hash in it) was returned. We have not set that password type for years. If this call ever worked, it would store a plaintext password, so we could only ever be here if we had set a password using a version of Samba so old as not to store plaintext, and then never honered the flag anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
* s3-auth Remove confusing reference to global_machine_password_needs_changingAndrew Bartlett2012-07-131-8/+0
| | | | | | This is in the trusted domain codepath, not the primary domain code path. Andrew Bartlett
* s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrsGeza Gemes2012-07-133-2/+536
| | | | | | | | | | When provisioning with --use_rfc2307=yes populate the subtree: CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it possible to manipulate the posix attributes via ADUC (commit message adjusted by abartlet) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Use HAVE_FSYNC, we bothered to test for it.Jeremy Allison2012-07-131-0/+2
| | | | | Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 13 04:44:42 CEST 2012 on sn-devel-104
* s4:registry:regdiff: use existing talloc context for the event contextMichael Adam2012-07-131-1/+1
| | | | | Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jul 13 02:51:44 CEST 2012 on sn-devel-104
* s4:registry:regdiff: add TALLOC_CTX * argument to open_backend()Michael Adam2012-07-131-6/+7
|
* s4:registry: add a TALLOC_CTX argument to reg_open_remote()Michael Adam2012-07-134-5/+7
|
* Linux-specific optimization in aio_open code.Jeremy Allison2012-07-131-0/+22
| | | | | | | | Use initial_allocation_size to allocate on disk if sent. Ignore failures (upper level will cope). Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jul 13 00:35:48 CEST 2012 on sn-devel-104
* Set fsp->initial_allocation_size before calling open_file_ntcreate().Jeremy Allison2012-07-121-0/+5
| | | | | Allows an SMB_VFS_OPEN() vfs module to do something interesting with the request.
* Make sure we reset fsp->initial_allocation_size to zero if we didn't create ↵Jeremy Allison2012-07-121-0/+2
| | | | | | | the file. This will become important as we set fsp->initial_allocation_size before create.
* Add an optimization to pthread aio writes to also do fsync if requested.Jeremy Allison2012-07-123-0/+25
| | | | | Should help by ensuring complete writes done in sub-thread, not in the main thread.
* s3: Make us survive base-delaywrite with aio enabledVolker Lendecke2012-07-121-0/+4
| | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 12 21:28:19 CEST 2012 on sn-devel-104
* s3: Factor out "mark_file_modified"Volker Lendecke2012-07-122-25/+43
| | | | | | This is in preparation of making us survive base-delaywrite with async I/O activated Signed-off-by: Jeremy Allison <jra@samba.org>
* s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()Michael Adam2012-07-1213-24/+24
| | | | | | | | | This does not check whether the given sid is in our domain, but but whether it belongs to the local sam, which is a different thing on a domain member server. Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Jul 12 18:36:02 CEST 2012 on sn-devel-104
* s3: rename sid_check_is_domain() to sid_check_is_our_sam()Michael Adam2012-07-1213-26/+26
| | | | | | This does not check whether the given sid is the domain sid, but whether it is the sid of the local sam, which is different for a domain member server.
* s3:passdb: remove commented out pdb_lookup_names codeMichael Adam2012-07-121-82/+0
| | | | This code is lying there unused since more than five years now.
generated by cgit (git 2.34.1) at 2025-05-03 23:57:56 +0000