Andrew Tridgell
a6e4cb500b
s3: fixed krb5 build problem on ubuntu karmic
...
Karmic has MIT krb5 1.7-beta3, which has the symbol
krb5_auth_con_set_req_cksumtype but no prototype for it.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
2009-10-16 10:40:50 +11:00
Andrew Tridgell
70b020ca76
s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWED
...
This matches the sec_access_check() code
2009-10-16 10:12:18 +11:00
Andrew Tridgell
29929a3c46
s4-torture: take privileges into account in BASE-MAXIMUM_ALLOWED
...
The correct answer depends on the users privileges.
2009-10-16 10:12:18 +11:00
Andrew Tridgell
068e09847a
idl: added bit definition for privilege masks
...
When you have backup or restore privileges, you automatically get
extra access bits in ACL interpretation. This adds definitions for the
bits you get.
2009-10-16 10:12:18 +11:00
Matthias Dieter Wallnöfer
c35f18513a
s4:dcerpc_server - Read the generic session key out from "dcerpc_generic_session_key"
...
I don't think that this code needs to exist identically on the server and on the
client side. This patch leaves it on the client side (dcerpc lib) and calls it
from the server.
2009-10-15 13:27:38 +02:00
Günther Deschner
ef194bc692
s3-spnego: fix memleak in spnego_parse_auth().
...
Guenther
2009-10-15 15:45:20 +02:00
Günther Deschner
449ab398f5
s3-spnego: Fix Bug #6815 . Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
...
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.
By just using the shared spnego/asn1 code, we get the parsing the correct way.
Guenther
2009-10-15 14:41:22 +02:00
Matthias Dieter Wallnöfer
fb13eb7db8
s4:w32err_code.py script - put it under "scripting/bin"
...
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
2009-10-15 12:48:20 +02:00
Karolin Seeger
6a9e88e08b
s3/docs: Add missing meta data to man ldbrename.
...
Avoid warnings.
Karolin
2009-10-15 12:27:24 +02:00
Andrew Tridgell
d72b5a81ef
s4-smb: fill in fnum as well for root_fid
...
This helps with the CIFS NTVFS backend, but doesn't solve all problems
2009-10-15 20:50:49 +11:00
Andrew Tridgell
bdd9dc4a84
s4-selftest: mark some CIFS backend tests as known fail
...
The CIFS passthru NTVFS doesn't handle some options yet (eg. root_fid)
2009-10-15 20:42:53 +11:00
Andrew Tridgell
dab799e569
s4-smbserver: fixed root_fid in nttrans create
2009-10-15 20:03:01 +11:00
Andrew Tridgell
4a4f420481
s4-libcli: fixed structure element bug in ntcreatexreadx
...
This one didn't matter until the root_fid changed the alignment of the
two structures.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
ffa8c45372
s4-torture: catch bad command line options
...
It is annoying when you mistype a command line option and aren't told.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
c5cfda9e8a
s4-pvfs: implement root_fid support in posix backend
...
Construct the filename from the old handle and the new name.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
3c028ff88b
s4-smb: declare root_fid as a file handle
...
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
c73ba89112
s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWED
...
The CREATEX_ACCESS test shows that this is used as a bit test, not a
equality test
2009-10-15 20:02:59 +11:00
Andrew Tridgell
387e67d53f
s4-ldaptest: "testgroup" is a bit too common
...
This failed on one of my test boxes that has a group called
"testgroup". using "testgroupXX" should be a bit better.
2009-10-15 20:02:59 +11:00
Matthias Dieter Wallnöfer
ea60b72c46
s4:ntlmssp server - use also here the new "lp_dnsdomain()" call
2009-10-15 10:32:16 +02:00
Matthias Dieter Wallnöfer
3bd452e3f6
s4:auth/credentials/credentials - fix uninitalised pointers
...
This should fix bug #6755 .
2009-10-15 10:32:12 +02:00
Björn Jacke
dc586b933d
s3: fix outdated proto.h causing build error on AIX
...
Matthias, please check!
2009-10-15 10:27:34 +02:00
Andrew Tridgell
818d98acf1
s4-ldap: test the rDN size limit
2009-10-15 15:54:40 +11:00
Andrew Tridgell
fdeeafb481
s4-dsdb: implement limit on rDN length
...
w2k8 imposes a limit of 64 characters on the rDN
2009-10-15 15:54:20 +11:00
Andrew Tridgell
144686a838
s4-ldb: removed incorrect rDN length test
...
This is a property of AD, not ldb, so should be in our ldb
modules.
2009-10-15 15:53:40 +11:00
Andrew Tridgell
4185e376f5
s4-ldb: removed bugus RDN length check
...
This isn't the rDN !
2009-10-15 10:01:10 +11:00
Andrew Tridgell
7dcabdec74
s4-script: flush DNS after adding new addresses
2009-10-15 10:00:46 +11:00
Andrew Tridgell
b41290c10d
s4-devel: for devel scripts its better to use bin/ than $PREFIX/bin
...
This avoids having to do make install after each change when using the
drs devel scripts
2009-10-15 08:49:21 +11:00
Andrew Tridgell
d1784e7ca9
s4-drs: support DRSUAPI_DRS_ADD_REF flag
...
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
2009-10-15 08:20:37 +11:00
Andrew Tridgell
59818f2f79
s4-drs: implement more of DsUpdateRefs
...
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes.
This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
2009-10-15 08:20:37 +11:00
Andrew Tridgell
41ba2f8189
ldb: fixed display of replUpToDateVector
2009-10-15 08:20:37 +11:00
Andrew Tridgell
f1bf262497
drs: improved error checking
...
Check the validity of the requested options in DsGetNCChanges
2009-10-15 08:20:37 +11:00
Andrew Tridgell
94897d7a7c
s4-dsdb: added samdb_rodc() and samdb_ntds_options()
...
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
2009-10-15 08:20:37 +11:00
Andrew Tridgell
424c464b7f
libds: added nTDSDSA options flags
2009-10-15 08:20:36 +11:00
Andrew Tridgell
44866f0df4
idl: added WSPP DrsOptions bit names
...
This should make it much easier to work through the logic in MS-DRSR
2009-10-15 08:20:36 +11:00
Jeremy Allison
1c1a883bd0
Fix the build, missing ->.
...
Jeremy.
2009-10-14 12:36:02 -07:00
Jeremy Allison
ce4542fbde
Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal 6"
...
Don't use mapped_user uninitialized.
Jeremy.
2009-10-14 11:16:03 -07:00
Volker Lendecke
c6fc461e71
s3:winbind: Fix a double-free
...
Part of a fix for bug #6793 .
2009-10-14 11:15:53 -07:00
Volker Lendecke
db29d3eb40
s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth
2009-10-14 11:14:57 -07:00
Günther Deschner
67b544ba96
s3-build: we need to have talloc 2.0.1 when building with external talloc.
...
2.0.0 did not got the exports right.
This and the 2.0.1 talloc fixes resolve bug #6808 .
Guenther
2009-10-14 17:45:59 +02:00
Simo Sorce
6618a062a1
talloc: Fix exports and increment talloc version
2009-10-14 11:05:52 -04:00
Simo Sorce
8fb483b296
talloc: Make abi checks in release script
...
Make always sure the exports and signature files are up to date before
shipping a release.
2009-10-14 11:05:52 -04:00
Simo Sorce
8e6df560b7
talloc: Move release script under /script too
2009-10-14 11:05:52 -04:00
Simo Sorce
2d6d6bcb5d
talloc: Change the way mksysms work
...
Make sure we always have a sorted (per file) export file.
This way we can directly compare the real export and the check file w/o having
to further sort things.
Also return error code from abi_checks.sh if warnings were reported
2009-10-14 11:05:51 -04:00
Günther Deschner
075303560f
s3-passdb: missed two prototypes while moving to enum netr_SchannelType.
...
Guenther
2009-10-14 15:26:14 +02:00
Matthias Dieter Wallnöfer
e9f7ef0439
s4:torture cldap test - Add checks for the right forest DNS name
2009-10-14 12:27:06 +02:00
Matthias Dieter Wallnöfer
5931734be6
s4:password_hash - load the domain parameters from the "loadparm context"
...
And don't cut them out from the DNS hostname.
2009-10-14 11:49:04 +02:00
Matthias Dieter Wallnöfer
8a505ec755
s4:torture - fix up "ldap_basic" test
2009-10-14 10:50:57 +02:00
Matthias Dieter Wallnöfer
e9686985cb
s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed
...
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
2009-10-14 10:50:43 +02:00
Matthias Dieter Wallnöfer
ccfbe7bcb1
s4:loadparm - adapt "realm" handling
...
Change "lp_realm" behaviour to return the realm always upcased and add a
function "lp_dnsdomain" which returns it always lowcased.
2009-10-14 09:32:16 +02:00
Bo Yang
8e91c40574
s3: Fix reference to freed memory in pam_winbind.
...
Signed-off-by: Bo Yang <boyang@samba.org>
2009-10-15 04:31:26 +08:00