1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

56832 Commits

Author SHA1 Message Date
Andrew Tridgell
a6e4cb500b s3: fixed krb5 build problem on ubuntu karmic
Karmic has MIT krb5 1.7-beta3, which has the symbol
krb5_auth_con_set_req_cksumtype but no prototype for it.

See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
2009-10-16 10:40:50 +11:00
Andrew Tridgell
70b020ca76 s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWED
This matches the sec_access_check() code
2009-10-16 10:12:18 +11:00
Andrew Tridgell
29929a3c46 s4-torture: take privileges into account in BASE-MAXIMUM_ALLOWED
The correct answer depends on the users privileges.
2009-10-16 10:12:18 +11:00
Andrew Tridgell
068e09847a idl: added bit definition for privilege masks
When you have backup or restore privileges, you automatically get
extra access bits in ACL interpretation. This adds definitions for the
bits you get.
2009-10-16 10:12:18 +11:00
Matthias Dieter Wallnöfer
c35f18513a s4:dcerpc_server - Read the generic session key out from "dcerpc_generic_session_key"
I don't think that this code needs to exist identically on the server and on the
client side. This patch leaves it on the client side (dcerpc lib) and calls it
from the server.
2009-10-15 13:27:38 +02:00
Günther Deschner
ef194bc692 s3-spnego: fix memleak in spnego_parse_auth().
Guenther
2009-10-15 15:45:20 +02:00
Günther Deschner
449ab398f5 s3-spnego: Fix Bug #6815. Windows 2008 R2 SPNEGO negTokenTarg parsing failure.
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.

By just using the shared spnego/asn1 code, we get the parsing the correct way.

Guenther
2009-10-15 14:41:22 +02:00
Matthias Dieter Wallnöfer
fb13eb7db8 s4:w32err_code.py script - put it under "scripting/bin"
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
2009-10-15 12:48:20 +02:00
Karolin Seeger
6a9e88e08b s3/docs: Add missing meta data to man ldbrename.
Avoid warnings.

Karolin
2009-10-15 12:27:24 +02:00
Andrew Tridgell
d72b5a81ef s4-smb: fill in fnum as well for root_fid
This helps with the CIFS NTVFS backend, but doesn't solve all problems
2009-10-15 20:50:49 +11:00
Andrew Tridgell
bdd9dc4a84 s4-selftest: mark some CIFS backend tests as known fail
The CIFS passthru NTVFS doesn't handle some options yet (eg. root_fid)
2009-10-15 20:42:53 +11:00
Andrew Tridgell
dab799e569 s4-smbserver: fixed root_fid in nttrans create 2009-10-15 20:03:01 +11:00
Andrew Tridgell
4a4f420481 s4-libcli: fixed structure element bug in ntcreatexreadx
This one didn't matter until the root_fid changed the alignment of the
two structures.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
ffa8c45372 s4-torture: catch bad command line options
It is annoying when you mistype a command line option and aren't told.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
c5cfda9e8a s4-pvfs: implement root_fid support in posix backend
Construct the filename from the old handle and the new name.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
3c028ff88b s4-smb: declare root_fid as a file handle
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
2009-10-15 20:03:00 +11:00
Andrew Tridgell
c73ba89112 s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWED
The CREATEX_ACCESS test shows that this is used as a bit test, not a
equality test
2009-10-15 20:02:59 +11:00
Andrew Tridgell
387e67d53f s4-ldaptest: "testgroup" is a bit too common
This failed on one of my test boxes that has a group called
"testgroup". using "testgroupXX" should be a bit better.
2009-10-15 20:02:59 +11:00
Matthias Dieter Wallnöfer
ea60b72c46 s4:ntlmssp server - use also here the new "lp_dnsdomain()" call 2009-10-15 10:32:16 +02:00
Matthias Dieter Wallnöfer
3bd452e3f6 s4:auth/credentials/credentials - fix uninitalised pointers
This should fix bug #6755.
2009-10-15 10:32:12 +02:00
Björn Jacke
dc586b933d s3: fix outdated proto.h causing build error on AIX
Matthias, please check!
2009-10-15 10:27:34 +02:00
Andrew Tridgell
818d98acf1 s4-ldap: test the rDN size limit 2009-10-15 15:54:40 +11:00
Andrew Tridgell
fdeeafb481 s4-dsdb: implement limit on rDN length
w2k8 imposes a limit of 64 characters on the rDN
2009-10-15 15:54:20 +11:00
Andrew Tridgell
144686a838 s4-ldb: removed incorrect rDN length test
This is a property of AD, not ldb, so should be in our ldb
modules.
2009-10-15 15:53:40 +11:00
Andrew Tridgell
4185e376f5 s4-ldb: removed bugus RDN length check
This isn't the rDN !
2009-10-15 10:01:10 +11:00
Andrew Tridgell
7dcabdec74 s4-script: flush DNS after adding new addresses 2009-10-15 10:00:46 +11:00
Andrew Tridgell
b41290c10d s4-devel: for devel scripts its better to use bin/ than $PREFIX/bin
This avoids having to do make install after each change when using the
drs devel scripts
2009-10-15 08:49:21 +11:00
Andrew Tridgell
d1784e7ca9 s4-drs: support DRSUAPI_DRS_ADD_REF flag
The DRSUAPI_DRS_ADD_REF flag tells the DRS server to run an UpdateRefs
call on behalf of the client after the DsGetNCChanges call. The lack
of support for this option may explain why the repsTo attribute was
not being created for w2k8-r2 replication partners.
2009-10-15 08:20:37 +11:00
Andrew Tridgell
59818f2f79 s4-drs: implement more of DsUpdateRefs
The DsUpdateRefs calls takes a set of flags that indicates if the
server should ignore specific add/delete error codes. 

This patch also exposes the core UpdateRefs call into a public
function, so that it can be called from DsGetNCChanges
2009-10-15 08:20:37 +11:00
Andrew Tridgell
41ba2f8189 ldb: fixed display of replUpToDateVector 2009-10-15 08:20:37 +11:00
Andrew Tridgell
f1bf262497 drs: improved error checking
Check the validity of the requested options in DsGetNCChanges
2009-10-15 08:20:37 +11:00
Andrew Tridgell
94897d7a7c s4-dsdb: added samdb_rodc() and samdb_ntds_options()
Later we will need to make samdb_rodc() look in the database, but for
now we should at least have the function in a central place
2009-10-15 08:20:37 +11:00
Andrew Tridgell
424c464b7f libds: added nTDSDSA options flags 2009-10-15 08:20:36 +11:00
Andrew Tridgell
44866f0df4 idl: added WSPP DrsOptions bit names
This should make it much easier to work through the logic in MS-DRSR
2009-10-15 08:20:36 +11:00
Jeremy Allison
1c1a883bd0 Fix the build, missing ->.
Jeremy.
2009-10-14 12:36:02 -07:00
Jeremy Allison
ce4542fbde Final part of fix for bug 6793 - winbindd crash with "INTERNAL ERROR: Signal 6"
Don't use mapped_user uninitialized.
Jeremy.
2009-10-14 11:16:03 -07:00
Volker Lendecke
c6fc461e71 s3:winbind: Fix a double-free
Part of a fix for bug #6793.
2009-10-14 11:15:53 -07:00
Volker Lendecke
db29d3eb40 s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_auth 2009-10-14 11:14:57 -07:00
Günther Deschner
67b544ba96 s3-build: we need to have talloc 2.0.1 when building with external talloc.
2.0.0 did not got the exports right.
This and the 2.0.1 talloc fixes resolve bug #6808.

Guenther
2009-10-14 17:45:59 +02:00
Simo Sorce
6618a062a1 talloc: Fix exports and increment talloc version 2009-10-14 11:05:52 -04:00
Simo Sorce
8fb483b296 talloc: Make abi checks in release script
Make always sure the exports and signature files are up to date before
shipping a release.
2009-10-14 11:05:52 -04:00
Simo Sorce
8e6df560b7 talloc: Move release script under /script too 2009-10-14 11:05:52 -04:00
Simo Sorce
2d6d6bcb5d talloc: Change the way mksysms work
Make sure we always have a sorted (per file) export file.
This way we can directly compare the real export and the check file w/o having
to further sort things.

Also return error code from abi_checks.sh if warnings were reported
2009-10-14 11:05:51 -04:00
Günther Deschner
075303560f s3-passdb: missed two prototypes while moving to enum netr_SchannelType.
Guenther
2009-10-14 15:26:14 +02:00
Matthias Dieter Wallnöfer
e9f7ef0439 s4:torture cldap test - Add checks for the right forest DNS name 2009-10-14 12:27:06 +02:00
Matthias Dieter Wallnöfer
5931734be6 s4:password_hash - load the domain parameters from the "loadparm context"
And don't cut them out from the DNS hostname.
2009-10-14 11:49:04 +02:00
Matthias Dieter Wallnöfer
8a505ec755 s4:torture - fix up "ldap_basic" test 2009-10-14 10:50:57 +02:00
Matthias Dieter Wallnöfer
e9686985cb s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
2009-10-14 10:50:43 +02:00
Matthias Dieter Wallnöfer
ccfbe7bcb1 s4:loadparm - adapt "realm" handling
Change "lp_realm" behaviour to return the realm always upcased and add a
function "lp_dnsdomain" which returns it always lowcased.
2009-10-14 09:32:16 +02:00
Bo Yang
8e91c40574 s3: Fix reference to freed memory in pam_winbind.
Signed-off-by: Bo Yang <boyang@samba.org>
2009-10-15 04:31:26 +08:00