Andrew Bartlett [Thu, 26 Aug 2010 23:22:31 +0000 (09:22 +1000)]
s3-privs Move manual prototypes to common privileges.h
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 27 Aug 2010 00:04:05 +0000 (10:04 +1000)]
s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
The previous 128 bit structure needed this helper function.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 23:50:31 +0000 (09:50 +1000)]
libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 23:50:12 +0000 (09:50 +1000)]
libcli/security Use C99 types
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 23:41:32 +0000 (09:41 +1000)]
libcli/security Use true and false, not True and False
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 22:56:15 +0000 (08:56 +1000)]
s3-privs Move source3/ privileges implmentation into common
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:49:27 +0000 (22:49 +1000)]
s3-privs Rename structure elements for greater clarity
It is important to make clear which is the LUID and which
is the Samba-only bitmap mask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:35:35 +0000 (22:35 +1000)]
s3-privs More clarity in variable names
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:30:26 +0000 (22:30 +1000)]
s3-privs Rename mask -> privilege_mask to be more clear
After SE_PRIV was removed, it became less clear what these
parameters were for.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:08:22 +0000 (22:08 +1000)]
s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 10:04:11 +0000 (20:04 +1000)]
s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 10:54:13 +0000 (20:54 +1000)]
s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:42:01 +0000 (19:42 +1000)]
security.idl Add comments
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:21:53 +0000 (19:21 +1000)]
security.idl Update Windows privileges list to Win2008R2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:20:32 +0000 (19:20 +1000)]
s3-privs Only store low bits of luid in privileges table
Samba only uses the low bits, and this makes the code simpler.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 08:38:59 +0000 (18:38 +1000)]
s4-privs Add a lookup by index of privilages
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 08:38:16 +0000 (18:38 +1000)]
privs Add my Copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:04:53 +0000 (16:04 +1000)]
security.idl clarify which privilages are LUID and bitmap values
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:03:41 +0000 (16:03 +1000)]
s3-privs Remove comment already moved to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:02:12 +0000 (16:02 +1000)]
s3-privs Use constants from security.idl
The values in security.idl have been updated to match these.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 05:56:21 +0000 (15:56 +1000)]
s4-privs Remove link between enum sec_privilege and the privilege bitmap
This allows us to set the enum sec_privilege constants to the LUID
values that are seen from windows, which we need to match, in order
to preserve the support for the NT Print Migrator tool after a merge
with the source3/ privileges code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 04:37:00 +0000 (14:37 +1000)]
s3-privs Further changes to remove SE_PRIV
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 27 Aug 2010 02:44:35 +0000 (12:44 +1000)]
privs Move privilege bitmasks to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 00:35:45 +0000 (10:35 +1000)]
s3:privs Change to new host endian neutral privilages tdb format
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.
The previous endian-dependent format was introduced in
46e5effea948931509283cb84b27007d34b521c8
replacing a 32 bit number which was used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 25 Aug 2010 22:49:28 +0000 (08:49 +1000)]
s3:Change SE_PRIV to uint64_t
This removes the SE_PRIV typedef
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 24 Aug 2010 04:47:26 +0000 (14:47 +1000)]
s3:privileges Change SE_PRIV to be just a uint64_t
We don't need 128 possible privileges here, as we only use 12.
This reverts some of
46e5effea948931509283cb84b27007d34b521c8
by Jerry back in 2005, where he introduced the SE_PRIV structure
to replace the uint32_t used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Volker Lendecke [Thu, 9 Sep 2010 02:12:21 +0000 (19:12 -0700)]
s3: Remove "mem_ctx" from a few functions
Volker Lendecke [Thu, 9 Sep 2010 02:09:21 +0000 (19:09 -0700)]
s3: Remove "mem_ctx" from wcache_save_creds()
Volker Lendecke [Thu, 9 Sep 2010 02:03:15 +0000 (19:03 -0700)]
s3: Remove "mem_ctx" from lookup_cached_name()
Volker Lendecke [Thu, 9 Sep 2010 02:01:11 +0000 (19:01 -0700)]
s3: Remove a nested if-statement
Volker Lendecke [Thu, 9 Sep 2010 01:09:07 +0000 (18:09 -0700)]
s3: Fill in workstation in winbindd_pam_auth_crap_send
Volker Lendecke [Thu, 9 Sep 2010 01:07:31 +0000 (18:07 -0700)]
s3: Fill in domain in winbindd_pam_auth_crap_send
Volker Lendecke [Thu, 9 Sep 2010 00:56:55 +0000 (17:56 -0700)]
s3: Remove redundant flag checks
We're checking these in the parent already (winbindd_pam_auth_send and
winbindd_pam_auth_crap_send). No point in doing it in the child as well
Volker Lendecke [Wed, 8 Sep 2010 23:58:21 +0000 (16:58 -0700)]
s3: Remove unused arg "user_sid" from winbindd_store_creds
All callers have passed in NULL
Volker Lendecke [Wed, 8 Sep 2010 23:54:50 +0000 (16:54 -0700)]
s3: Remove unused winbindd_update_creds_by_sid
Volker Lendecke [Wed, 8 Sep 2010 17:04:53 +0000 (10:04 -0700)]
s3: Remove unused winbindd_dual_show_sequence()
Jeremy Allison [Thu, 9 Sep 2010 03:54:38 +0000 (20:54 -0700)]
Don't rely on the underlying ACL modules to enforce share level
security when setting ACLs, check at the call level as well.
Jeremy.
Jeremy Allison [Wed, 8 Sep 2010 23:55:24 +0000 (16:55 -0700)]
Optimization suggested by Metze. Without this patch,
FindFirst with 'path\to\some\dir\with\files\*'
triggers the following stat calls
path\to\some\dir\with\files\* => ENOENT
path\
path\to\
path\to\some\
path\to\some\dir\
path\to\some\dir\with\
path\to\some\dir\with\files\
path\to\some\dir\with\files\* => ENOENT
With this patch we get :
path\to\some\dir\with\files\* => ENOENT
path\to\some\dir\with\files = OK
Jeremy.
Volker Lendecke [Wed, 8 Sep 2010 13:29:32 +0000 (15:29 +0200)]
s3: "== false" looks wrong :-)
Jeremy Allison [Wed, 8 Sep 2010 22:13:45 +0000 (15:13 -0700)]
Fix warnings caused by double ";;" at the end of the time_mono() fixes.
Günther Deschner [Wed, 8 Sep 2010 21:23:09 +0000 (23:23 +0200)]
s4-waf: fix bin/python/samba/dcerpc/nbt.so.
Thanks to Brad Hards for pointing this out.
Guenther
Jelmer Vernooij [Wed, 8 Sep 2010 20:45:12 +0000 (22:45 +0200)]
wafsamba: Eliminate sys.path updating if installing to a standard python
path.
Björn Jacke [Wed, 8 Sep 2010 20:29:00 +0000 (22:29 +0200)]
s3: use time_mono throughout in smbget
Björn Jacke [Mon, 6 Sep 2010 23:04:10 +0000 (01:04 +0200)]
s3/ldap: use monotonic clock for timeouts in smbldap
tevent would need monotonic clock features to make also smbldap's idle handling
aware of backward clock jumps. Other areas in smbldap are clock jump save now.
Jelmer Vernooij [Wed, 8 Sep 2010 20:11:55 +0000 (22:11 +0200)]
setup: Use standard octal ints rather than harcoding.
Jelmer Vernooij [Wed, 8 Sep 2010 20:11:23 +0000 (22:11 +0200)]
popt_common: Add missing dependency on libsamba-hostconfig.
Volker Lendecke [Wed, 8 Sep 2010 10:07:42 +0000 (12:07 +0200)]
s3: Make winbind_add_failed_connection_entry static
Volker Lendecke [Wed, 8 Sep 2010 18:59:46 +0000 (20:59 +0200)]
s3: Fix a typo
Günther Deschner [Wed, 8 Sep 2010 09:18:40 +0000 (11:18 +0200)]
s4-smbtorture: add torture ndr nbt testsuite.
Guenther
Günther Deschner [Tue, 7 Sep 2010 20:41:06 +0000 (22:41 +0200)]
nbt: add nbt_netlogon_response2 to IDL.
Guenther
Günther Deschner [Tue, 7 Sep 2010 11:16:27 +0000 (13:16 +0200)]
nbt: add NETLOGON_LOGON_REQUEST.
Guenther
Günther Deschner [Wed, 8 Sep 2010 09:19:48 +0000 (11:19 +0200)]
nbt: add decode_nbt_netlogon_packet() to IDL.
Guenther
Günther Deschner [Tue, 7 Sep 2010 09:50:39 +0000 (11:50 +0200)]
s3-nmbd: fix indentation in process_logon_packet().
purely cosmetic, no code change.
Guenther
Günther Deschner [Wed, 8 Sep 2010 17:01:10 +0000 (19:01 +0200)]
s3-nmbd: remove trailing whitespace in nmbd_processlogon.c
Guenther
Andreas Schneider [Wed, 1 Sep 2010 16:00:44 +0000 (18:00 +0200)]
s3-spoolss: Move spoolss winreg to new dcerpc client funtions.
Volker Lendecke [Wed, 8 Sep 2010 00:38:24 +0000 (17:38 -0700)]
s3: Simplify cm_connect_sam a bit
Volker Lendecke [Wed, 8 Sep 2010 00:37:13 +0000 (17:37 -0700)]
s3: Check for sid instead of name in cm_connect_sam
Andreas Schneider [Mon, 6 Sep 2010 14:07:24 +0000 (16:07 +0200)]
s3-spoolss: Fixed a possible crash bug.
Volker Lendecke [Tue, 7 Sep 2010 23:54:31 +0000 (16:54 -0700)]
s3: Remove a superfluous ;
Björn Jacke [Tue, 7 Sep 2010 00:15:09 +0000 (02:15 +0200)]
s3/libads: use monotonic clock for ldap connection timeouts
Björn Jacke [Tue, 7 Sep 2010 01:29:19 +0000 (03:29 +0200)]
s3: use monotonic clock for aio timeout
Björn Jacke [Tue, 7 Sep 2010 01:05:35 +0000 (03:05 +0200)]
s3/nmbd: tidy up debug message: ttl isn't a hex value
Björn Jacke [Mon, 6 Sep 2010 23:54:01 +0000 (01:54 +0200)]
s3/libads: use monotonic clock for DNS timeouts
Björn Jacke [Mon, 6 Sep 2010 18:27:24 +0000 (20:27 +0200)]
lib/util: add time_mono() for monotonic time a la time()
Kamen Mazdrashki [Tue, 7 Sep 2010 14:00:20 +0000 (17:00 +0300)]
s4-dreplsrv: Run NC replication synchronously if requested
Kamen Mazdrashki [Mon, 6 Sep 2010 11:33:14 +0000 (14:33 +0300)]
s4-drs: Dump exact error when failure occurs during DsReplicaUpdateRefs call
Volker Lendecke [Tue, 7 Sep 2010 03:58:45 +0000 (20:58 -0700)]
s3: Prune the printername cache when a printer is deleted
Signed-off-by: Andreas Schneider <asn@samba.org>
Andrew Tridgell [Tue, 7 Sep 2010 04:33:20 +0000 (14:33 +1000)]
librpc: bitten by the strncasecmp define again
Andrew Tridgell [Tue, 7 Sep 2010 03:45:46 +0000 (13:45 +1000)]
waf-abi: fixed small uninitialised data on PPC64
on PPC64 Linux systems a 'S' line from nm means "small object
uninitialised data"
Andrew Tridgell [Tue, 7 Sep 2010 01:57:44 +0000 (11:57 +1000)]
s4-ldapserver: serialise ldap server operations
This ensures that two ldap server operations cannot happen in parallel
by using packet_recv_disable() and packet_recv_enable() to disable
other interfaces during ldap calls.
This prevents problems caused by parallel ldap operations where
transactions could overlap.
Andrew Tridgell [Tue, 7 Sep 2010 01:55:47 +0000 (11:55 +1000)]
s4-packet: make packet_recv_disable() a lot more efficient
this avoids doing an epoll system call when we want to prevent receipt
of packets on a socket, unless there actually is a packet to receive.
Andrew Tridgell [Tue, 7 Sep 2010 01:25:42 +0000 (11:25 +1000)]
s4-process: fixed the thread process model so it compiles
it doesn't actually work, but at least it now compiles
Julien Kerihuel [Fri, 27 Aug 2010 12:04:07 +0000 (14:04 +0200)]
Add unique IP address binding for client connections (EPM and ncacn_ip_tcp levels)
This allows for binding strings like this:
ncacn_ip_tcp:host[localaddress=192.168.2.1,seal]
which will force the connection to be locally bound to the specified
IP address
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Kamen Mazdrashki [Sun, 5 Sep 2010 20:28:06 +0000 (23:28 +0300)]
s4-test: refactor API-DELETEUSER test a little to:
- fail torture_context in case libnet_DeleteUser() has failed
- make use of torture_assert_* macros to track down where failur occured
- use only one memory context internally
Kamen Mazdrashki [Sun, 5 Sep 2010 19:54:05 +0000 (22:54 +0300)]
s4-idl: redefine dreplsrv_refresh() to be alike other RPC function definitions
Sorry for the 'custom' definition first time
Jelmer Vernooij [Sun, 5 Sep 2010 18:16:50 +0000 (20:16 +0200)]
wafsamba: Create bin/defaukt/modules if it does not yet exist.
Jelmer Vernooij [Sun, 5 Sep 2010 16:00:44 +0000 (18:00 +0200)]
waf: Use os.makedirs rather than os.mkdir in case parent directories
don't exist yet.
Volker Lendecke [Sun, 5 Sep 2010 14:27:43 +0000 (16:27 +0200)]
s3: On Solaris, iov_len is an int
We can't use &iov.iov_len passing it to a size_t *
Matthieu Patou [Sat, 4 Sep 2010 23:00:05 +0000 (03:00 +0400)]
upgradeprovision: avoid working with None objects ...
Matthieu Patou [Sat, 4 Sep 2010 22:59:20 +0000 (02:59 +0400)]
upgradeprovision: do not try to remove/change attribute before the RID Set object is present
Matthieu Patou [Sat, 4 Sep 2010 22:58:31 +0000 (02:58 +0400)]
upgradeprovision: cleanup
Matthieu Patou [Sat, 14 Aug 2010 16:44:35 +0000 (20:44 +0400)]
s4 upgradeprovision: add dns_update_list if missing
Matthieu Patou [Sat, 4 Sep 2010 22:57:16 +0000 (02:57 +0400)]
python-ldb: allow ldb_rename to take optional control(s)
Matthieu Patou [Sat, 4 Sep 2010 22:56:30 +0000 (02:56 +0400)]
dsdb: make the ATTRIBUTE NOT FOUND more clear
Jelmer Vernooij [Sun, 5 Sep 2010 02:33:29 +0000 (04:33 +0200)]
s4/selftest: Fix path to include/config.h, set BUILDDIR automatically.
Jelmer Vernooij [Sun, 5 Sep 2010 01:16:48 +0000 (03:16 +0200)]
selftest: Cope with parentheses in testnames in --load-list.
Jelmer Vernooij [Sun, 5 Sep 2010 01:14:44 +0000 (03:14 +0200)]
selftest/subunit: Parse timestamps generated by upstream subunit.
Jelmer Vernooij [Sun, 5 Sep 2010 00:20:56 +0000 (02:20 +0200)]
selftest: Print out unmatched tests when using --load-list.
Jelmer Vernooij [Sat, 4 Sep 2010 22:58:41 +0000 (00:58 +0200)]
dsgetinfo: Set modulesdir when using ldb without ldb_wrap
(Is there a particular reason we're not using ldb_wrap here?)
Jelmer Vernooij [Sat, 4 Sep 2010 21:05:16 +0000 (23:05 +0200)]
dnspython: Update to latest upstream.
Jelmer Vernooij [Sat, 4 Sep 2010 21:04:28 +0000 (23:04 +0200)]
subunit: Import latest upstream.
Jelmer Vernooij [Sat, 4 Sep 2010 21:04:07 +0000 (23:04 +0200)]
testtools: Import latest upstream.
Jelmer Vernooij [Sat, 4 Sep 2010 19:13:37 +0000 (21:13 +0200)]
testr: Fix configuration to use idfile, in case more than a couple of
hundred tests fail.
Jelmer Vernooij [Sat, 4 Sep 2010 19:08:35 +0000 (21:08 +0200)]
selftest: Don't make printing the log output a side-effect of check_env(), do it manually.
Jelmer Vernooij [Sat, 4 Sep 2010 16:24:02 +0000 (18:24 +0200)]
selftest: Remove stop() method, not used anywhere.
Jelmer Vernooij [Sat, 4 Sep 2010 16:18:55 +0000 (18:18 +0200)]
selftest/samba4: Remove references to Samba34.pm, which no longer
exists.
Jelmer Vernooij [Sat, 4 Sep 2010 16:03:19 +0000 (18:03 +0200)]
selftest: Refer to subunit README rather than documenting locally.
Jelmer Vernooij [Sat, 4 Sep 2010 15:59:48 +0000 (17:59 +0200)]
ldb: Add missing aliases for ldb_ildap.
Jelmer Vernooij [Sat, 4 Sep 2010 01:42:52 +0000 (03:42 +0200)]
dsdb: Add missing dependencies for dsdb ldb modules.
Jelmer Vernooij [Sat, 4 Sep 2010 01:42:37 +0000 (03:42 +0200)]
waf: Support aliases in SAMBA_MODULE.