1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

448 Commits

Author SHA1 Message Date
Günther Deschner
102a70e809 s3-util: use shared dom_sid_dup.
Guenther
2010-09-20 14:05:07 -07:00
Günther Deschner
4dbd743e46 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.
Guenther
2010-09-20 14:04:37 -07:00
Günther Deschner
62544c5d2b s3-build: only include smbldap.h where needed.
Guenther
2010-09-20 13:54:56 -07:00
Jeremy Allison
718fd39f10 Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder@gmx.net>".
Jeremy.
2010-09-09 15:29:03 -07:00
Günther Deschner
ca765d2f50 s3-build: only include krb5 environment variables where required.
Guenther
2010-08-26 00:20:29 +02:00
Günther Deschner
e978a3d3f4 s3-lsa: separate out init_lsa headers.
Guenther
2010-08-25 22:50:39 +02:00
Günther Deschner
06a2c23641 s3-libnet: also remove libnet/libnet_samsync_keytab.c.orig.
Guys, what are you doing here ? ;-)

Guenther
2010-08-13 15:24:00 +02:00
Günther Deschner
f0475ac36c s3-libnet: remove source3/libnet/libnet_join.c.orig, added by a previous commit.
Guenther
2010-08-13 15:22:06 +02:00
Andrew Bartlett
71d80e6be0 s3-krb5 Only build ADS support if arcfour-hmac-md5 is available
Modern Kerberos implementations have either defines or enums for these
key types, which makes doing #ifdef difficult.  This shows up in files
such as libnet_samsync_keytab.c, the bulk of which is not compiled on
current Fedora 12, for example.

The downside is that this makes Samba unconditionally depend on the
arcfour-hmac-md5 encryption type at build time.  We will no longer
support libraries that only support the DES based encryption types.
However, the single-DES types that are supported in common with AD are
already painfully weak - so much so that they are disabled by default
in modern Kerberos libraries.

If not found, ADS support will not be compiled in.

This means that our 'net ads join' will no longer set the
ACB_USE_DES_KEY_ONLY flag, and we will always try to use
arcfour-hmac-md5.

A future improvement would be to remove the use of the DES encryption
types totally, but this would require that any ACB_USE_DES_KEY_ONLY
flag be removed from existing joins.

Andrew Bartlett

Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-13 09:08:27 -04:00
Andrew Bartlett
fff6fa72ff s3:libnet Add other required headers for libnet_samsync_keytab.c
Due to missing defines in modern kerberos libraries, this code was
not compiled and so this wasn't noticed.

Andrew Bartlett

Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-13 09:08:27 -04:00
Jim McDonough
c67b4ed3a4 s3-libnet: fix bug #6364: Pull realm from supplied username on libnet join 2010-08-12 17:51:02 -04:00
Stefan Metzmacher
08cf7ac7a0 s3:libnet/libnet_samsync.c: we also need some ndr_pull functions
metze
2010-08-08 11:05:18 +02:00
Günther Deschner
f9012635da s3-libnet: include netlogon.h in libnet samsync header.
Guenther
2010-08-06 15:43:37 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Günther Deschner
7dad3251e3 s3-libnet: add missing header file, sorry.
Guenther
2010-07-13 23:39:20 +02:00
Günther Deschner
80b47fcb0a s3-libnet: better separate headers.
Guenther
2010-07-13 22:40:46 +02:00
Günther Deschner
dff7be8ccb s3-libads: only include libds flags where needed.
Guenther
2010-07-01 23:20:40 +02:00
Andrew Bartlett
cba7f8b827 s3:dom_sid Global replace of DOM_SID with struct dom_sid
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-21 10:39:59 +02:00
Günther Deschner
8478770c35 s3-rpc_client: move protos to init_samr.h
Guenther
2010-05-18 21:42:57 +02:00
Günther Deschner
230b880d14 s3-rpc_client: move protos to cli_lsarpc.h
Guenther
2010-05-18 21:42:41 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h
Guenther
2010-05-18 21:42:37 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Günther Deschner
e9f5bdf6b5 smbconf: only include smbconf headers where needed.
Guenther
2010-05-18 10:36:33 +02:00
Olaf Flebbe
d5c3db6f88 work around AIX6.1 name space pollution rename mod_name to module_name 2010-05-12 07:15:07 +02:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
2010-05-06 00:22:59 +02:00
Kamen Mazdrashki
88494b2b62 s3/drs: DsCrackNames - Propagating IDL changes to source code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-10 17:12:03 +01:00
Kamen Mazdrashki
feb4c8a3e3 s3/drs: DsGetNCChanges - Propagating IDL changes to source code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-03-10 17:11:57 +01:00
Andrew Tridgell
f461a72ec3 idl: switched to using the WSPP names for the 'neighbour' DRS options
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
2010-01-18 07:25:18 +11:00
Volker Lendecke
3ea64e0ad8 s3: Replace most calls to sid_append_rid() by sid_compose() 2010-01-10 20:56:16 +01:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
2009-11-27 16:36:00 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Günther Deschner
4a1b50afd5 s3-netlogon: pass down account name to remote password set functions.
Guenther
2009-10-13 00:07:45 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change"
This reverts commit 20a8ea91e1.

Ooops, this should not have been committed.
2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Kamen Mazdrashki
d9994a604b w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUND
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is
an error for Device Context (DC), not Domain Controller

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-30 15:48:40 +03:00
Kamen Mazdrashki
35f4b88c7c w32err: use WERR_DC_NOT_FOUND name instead of WERR_DOMAIN_CONTROLLER_NOT_FOUND
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-17 07:18:51 +02:00
Günther Deschner
d3af0346c8 s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.
Guenther
2009-09-15 17:49:34 +02:00
Günther Deschner
bea8e5fa60 s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().
Guenther
2009-09-11 09:59:04 +02:00
Günther Deschner
9f15ef11bd s3-account_policy: add pdb_policy_type enum.
Guenther
2009-07-14 12:12:18 +02:00
Jim McDonough
3c382db3a3 Don't use ads realm name for non-ads case. #6481
Also check that the connection to ads worked.
2009-06-26 15:24:57 -04:00
Günther Deschner
36a8abce4f s3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads struct.
Guenther
2009-06-22 22:35:58 +02:00
Jim McDonough
7930f15f5d Don't require "Modify property" perms to unjoin bug #6481)
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).

Libnetapi should not delete machine accounts, as this does not
happen on win32.  The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).

However, to keep the functionality in "net ads leave", we
will still try to do the delete.  If this fails, we try
to do the disable.

Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account.  libnet can now do this as well.
2009-06-19 13:46:07 -04:00
Simo Sorce
4112bb2428 Move smb_create_user() in samsync
It is not used anywhere else, so make it also static and remove
it from proto.h
2009-05-16 15:30:48 -04:00
Günther Deschner
e28071f79a s3-libnetjoin: make acct_flags dependent on secure channel type.
Guenther
2009-04-24 14:38:28 +02:00
Günther Deschner
37f491e5e3 s3-libnetjoin: add support for WKSSVC_JOIN_FLAGS_JOIN_UNSECURE.
Guenther
2009-04-24 14:38:19 +02:00
Volker Lendecke
b8cd1cff2d Fix an uninitialized variable 2009-04-23 14:35:50 +02:00
Günther Deschner
b5bec1a6d7 s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.
Guenther
2009-04-21 12:40:47 +02:00
Jelmer Vernooij
4c32978d97 Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() if
the system one is broken.
2009-04-20 23:58:26 +02:00
Andrew Bartlett
6c9caed481 Merge commit 'origin/master' into libcli-auth-merge-without-netlogond 2009-04-20 16:53:02 +02:00