Günther Deschner [Wed, 2 Sep 2009 23:06:48 +0000 (01:06 +0200)]
more fix security cse.
Günther Deschner [Wed, 2 Sep 2009 23:06:33 +0000 (01:06 +0200)]
fix security cse
Günther Deschner [Wed, 2 Sep 2009 20:07:01 +0000 (22:07 +0200)]
s3-net: show how to use filters for group policy processing.
Guenther
Günther Deschner [Wed, 2 Sep 2009 20:04:35 +0000 (22:04 +0200)]
s3-net: allow to startup a ads connection based on flags. really needed ???
Guenther
Günther Deschner [Wed, 2 Sep 2009 20:04:03 +0000 (22:04 +0200)]
s3-net: let net_ads_gpo() call no_ads when built w/o ads support.
Guenther
Günther Deschner [Wed, 2 Sep 2009 20:03:32 +0000 (22:03 +0200)]
s3-librpc: add GUID_from_string_talloc(). really needed ??
Guenther
Günther Deschner [Wed, 2 Sep 2009 20:02:39 +0000 (22:02 +0200)]
s3-winbindd: very simple user group policy processing within PAM_AUTH.
Guenther
Günther Deschner [Wed, 2 Sep 2009 20:01:55 +0000 (22:01 +0200)]
s3-winbindd: retrieve "PasswordExpiryWarning" time via Group Policy.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:52:07 +0000 (21:52 +0200)]
s3-libgpo: add completley unfinished gpdb backend.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:49:16 +0000 (21:49 +0200)]
s3-winbindd: call gp_run_startup_scripts and gp_run_shutdown_scripts.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:48:30 +0000 (21:48 +0200)]
s3-privileges: link in group policy based privileges.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:45:02 +0000 (21:45 +0200)]
s3-wbinfo: add "gpapply" command.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:43:56 +0000 (21:43 +0200)]
s3-smbcontrol: add group-policy-apply and group-policy-refresh handlers.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:42:37 +0000 (21:42 +0200)]
s3-libgpo: provide hooks to run scripts (filled by scripts CSE).
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:40:44 +0000 (21:40 +0200)]
s3-privileges: add group policy backend.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:39:18 +0000 (21:39 +0200)]
s3-winbind: temporary debugging for winbindd_set_locator_kdc_env().
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:38:31 +0000 (21:38 +0200)]
s3-winbindd: embed group policy client inside winbindd.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:30:15 +0000 (21:30 +0200)]
s3-loadparm: add lp_winbind_group_policy().
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:27:41 +0000 (21:27 +0200)]
s3-messaging: add two new messages for group policy refresh and apply.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:26:27 +0000 (21:26 +0200)]
s3-gpext: fill in security client side extension. Much cleanup required...
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:25:32 +0000 (21:25 +0200)]
s3-registry: fixme!!!
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:24:03 +0000 (21:24 +0200)]
s3-iniparser: FIXME: is this really still required ?
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:21:26 +0000 (21:21 +0200)]
s3-libgpo: enable LDAP sign in ads_get_gpo_list().
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:16:45 +0000 (21:16 +0200)]
s3-libads: add ads_set_sasl_wrap_flags().
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:59:31 +0000 (21:59 +0200)]
s3-net: fix the build for libgpo.
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:15:28 +0000 (21:15 +0200)]
s3-net: compile net_ads_gpo_apply().
Guenther
Günther Deschner [Wed, 2 Sep 2009 19:08:28 +0000 (21:08 +0200)]
s3-util_sid: add sid_in_sid_list().
Guenther
Jeremy Allison [Wed, 19 May 2010 01:34:54 +0000 (18:34 -0700)]
Implement missing info level SMB_FILE_LINK_INFORMATION.
Fix bug #7435 - SMB2 hardlink fails (invalid level).
Found at the Microsoft plugsharing plugfest.
Jeremy.
Jeremy Allison [Wed, 19 May 2010 00:11:54 +0000 (17:11 -0700)]
Keep track of credits we're giving out. Set initial credits to 1 (MS-SMB2 spec required).
Jeremy.
Kamen Mazdrashki [Tue, 18 May 2010 23:29:20 +0000 (02:29 +0300)]
s4/drsuapi: Add another set of predefined ATTIDs
Very useful for debugging/dumping purposes
Kamen Mazdrashki [Tue, 18 May 2010 23:28:09 +0000 (02:28 +0300)]
s4/metadata: fix whitespaces
Kamen Mazdrashki [Tue, 18 May 2010 23:18:17 +0000 (02:18 +0300)]
s4/selftest: fix passwords in selftest-vars script
Jeremy Allison [Tue, 18 May 2010 23:32:13 +0000 (16:32 -0700)]
Fix our NTLMSSP implementation against the Microsoft torture tester.
We need to return a version blob if we negotiate version info.
Jeremy.
Jeremy Allison [Tue, 18 May 2010 16:57:29 +0000 (09:57 -0700)]
Change data_blob() to be based on top of data_blob_talloc(), instead of the reverse (as it is now).
It makes no sense to talloc off the null context, then talloc steal
into the required context - just talloc off the correct context, and
change data_blob() to pass in the null context to data_blob_talloc().
Jeremy.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 18 May 2010 16:54:56 +0000 (18:54 +0200)]
s3-passdb: move get_logon_hours_from_pdb() into samr server.
Guenther
Günther Deschner [Tue, 18 May 2010 16:59:45 +0000 (18:59 +0200)]
s3-rpc_client: move protos to init_samr.h
Guenther
Günther Deschner [Tue, 18 May 2010 16:58:45 +0000 (18:58 +0200)]
s3-rpc_client: move protos to init_spoolss.h
Guenther
Günther Deschner [Tue, 18 May 2010 16:26:48 +0000 (18:26 +0200)]
s3-rpc_client: move protos to cli_spoolss.h
Guenther
Günther Deschner [Tue, 18 May 2010 16:26:16 +0000 (18:26 +0200)]
s3-rpc_client: move protos to cli_lsarpc.h
Guenther
Günther Deschner [Tue, 18 May 2010 16:26:03 +0000 (18:26 +0200)]
s3-rpc_client: move protos to cli_netlogon.h
Guenther
Günther Deschner [Tue, 18 May 2010 16:25:50 +0000 (18:25 +0200)]
s3-rpc_client: move protos to cli_samr.h
Guenther
Andrew Bartlett [Mon, 17 May 2010 03:39:42 +0000 (13:39 +1000)]
s3:split secrets.c to put machine account secrets in a new file
This helps the s3compat effort by allowing these functions to be
replaced by functions that query the cli_credentials and secrets.ldb
APIs.
Also, this changes a couple of DOM_SID to struct dom_sid along the
way.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Matthias Dieter Wallnöfer [Tue, 18 May 2010 14:58:53 +0000 (16:58 +0200)]
s4:smb_server/smb/trans2.c - remove unused define "DEFAULT_SITE_NAME"
Obviously this isn't needed and in general site names shouldn't be hardcoded
anymore (except there is a good reason).
Andrew Bartlett [Wed, 12 May 2010 21:57:27 +0000 (07:57 +1000)]
s3:winbind use no_srv_register to avoid needing rpc_srv_register
This pidl attribute avoids the need for this dummy function, which
helps s3compat.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 12 May 2010 21:53:07 +0000 (07:53 +1000)]
pidl: Allow new property 'no_srv_register'.
This Samba-only property prevents pild from emitting the
rpc_wbint_init function, which causes problems because it needs
rpc_srv_register().
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Wed, 12 May 2010 16:36:30 +0000 (18:36 +0200)]
s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Mon, 17 May 2010 16:22:37 +0000 (18:22 +0200)]
s3-pidfile: set the close on exec flag for the created pidfiles.
Guenther
Simo Sorce [Thu, 22 Apr 2010 23:30:11 +0000 (19:30 -0400)]
s3-spoolss: Removed the Phantom DeviceMode.
This was a hack that required a special client from HP.
The client code has never been released and was discontinued,
so this code was just dead weight.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 18 May 2010 13:32:47 +0000 (15:32 +0200)]
s3-net: also dump security descriptors from ntprinters.tdb in "net printing dump".
Guenther
Matthieu Patou [Tue, 11 May 2010 17:22:24 +0000 (21:22 +0400)]
s4:smb_server: add dfs smbtorture to selftests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sat, 1 May 2010 18:27:31 +0000 (22:27 +0400)]
s4:smb_server: Implement GET_DFS_REFERRAL for domain referral requests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sat, 1 May 2010 18:33:20 +0000 (22:33 +0400)]
s4:smb_server: fix trailling whitespace in trans2.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 9 May 2010 21:39:27 +0000 (01:39 +0400)]
s4 torture: Add tests for dfs referrals handling in SMB/trans2 requests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 9 May 2010 21:40:31 +0000 (01:40 +0400)]
s4 torture test: Adapt ndr-dfsblobs torture test to new idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 25 Apr 2010 21:31:19 +0000 (01:31 +0400)]
librpc/idl: fix errors and improve idl in dfsblobs
Fix problems between strings and nstring
Allow get_deferral parameters to be used by ndr_push/pull_blobs
Handle correctly the 16 bytes padding
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 18 May 2010 12:49:39 +0000 (14:49 +0200)]
s4:librpc: fix the autoconf build
metze
Stefan Metzmacher [Tue, 18 May 2010 11:50:33 +0000 (13:50 +0200)]
s4:dynconfig: let the autoconf build compile again
metze
Andreas Schneider [Wed, 28 Apr 2010 15:04:10 +0000 (17:04 +0200)]
s3-spoolss: Use the spoolss_map_to_os2_driver to modify drivername.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Wed, 28 Apr 2010 15:03:41 +0000 (17:03 +0200)]
s3-spoolss: Create a spoolss_map_to_os2_driver function.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Mon, 10 May 2010 13:05:46 +0000 (15:05 +0200)]
s3-spoolss: Use better names for set_last_from_to.
Use set_driver_mapping() and get_win_driver(), get_os2_driver().
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Wed, 12 May 2010 22:05:40 +0000 (00:05 +0200)]
s3-net: Added a rather trivial "net printing dump" command.
Guenther
Andreas Schneider [Wed, 12 May 2010 08:59:41 +0000 (10:59 +0200)]
s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
Signed-off-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Wed, 12 May 2010 08:57:14 +0000 (10:57 +0200)]
s3-spoolss: Sorted the builtin forms alphabetically.
Signed-off-by: Günther Deschner <gd@samba.org>
Günther Deschner [Tue, 18 May 2010 10:52:18 +0000 (12:52 +0200)]
s3-secdesc: use SD_REVISION from security.idl.
Guenther
Günther Deschner [Tue, 18 May 2010 10:51:35 +0000 (12:51 +0200)]
s3-secdesc: move SEC_DESC_HEADER_SIZE to its only user.
Guenther
Günther Deschner [Tue, 18 May 2010 08:29:34 +0000 (10:29 +0200)]
s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".
Guenther
Günther Deschner [Tue, 18 May 2010 01:30:40 +0000 (03:30 +0200)]
s3-secdesc: remove "typedef struct security_acl SEC_ACL".
Guenther
Günther Deschner [Tue, 18 May 2010 01:25:38 +0000 (03:25 +0200)]
s3-secdesc: remove "typedef struct security_ace SEC_ACE".
Guenther
Günther Deschner [Tue, 18 May 2010 00:56:17 +0000 (02:56 +0200)]
s3-secdesc: remove "typedef struct sec_desc_buf SEC_DESC_BUF".
Guenther
Günther Deschner [Tue, 18 May 2010 10:26:52 +0000 (12:26 +0200)]
s3-build: fix the build.
Guenther
Jelmer Vernooij [Fri, 14 May 2010 15:39:07 +0000 (17:39 +0200)]
s3: Fix some more iconv convenience usages.
Jelmer Vernooij [Mon, 10 May 2010 12:08:38 +0000 (14:08 +0200)]
Remove more usages of iconv_convenience in files which were apparently not recompiled by waf.
Jelmer Vernooij [Sun, 9 May 2010 22:42:06 +0000 (00:42 +0200)]
s3: Remove use of iconv_convenience.
Jelmer Vernooij [Sun, 9 May 2010 15:20:01 +0000 (17:20 +0200)]
Finish removal of iconv_convenience in public API's.
Günther Deschner [Tue, 18 May 2010 00:27:34 +0000 (02:27 +0200)]
smbconf: only include smbconf headers where needed.
Guenther
Andrew Bartlett [Wed, 5 May 2010 02:47:07 +0000 (12:47 +1000)]
s4:ntvfs Prepare for a possible future sharing of notify.idl
I would love for notify.idl to be shared between Samba4 and Samba3
some day, and this seems to be the point at which the structure is
initialised.
Andrew Bartlett
Andrew Bartlett [Mon, 17 May 2010 09:54:00 +0000 (19:54 +1000)]
s4:winbindd Record the privilaged pipe dir
This may help us return an accurate priv pipe dir later on.
Andrew Bartlett
Andrew Bartlett [Mon, 17 May 2010 03:41:01 +0000 (13:41 +1000)]
s4:credentials Add in tracking of the password last set time
We perhaps need a more general API here, but for now extend the
credentials API to return the password last changed time that the
s3compat layer will need.
Andrew Bartlett
Andrew Bartlett [Mon, 17 May 2010 01:52:24 +0000 (11:52 +1000)]
s4:provision Remove unused 'account_name' parameter
The python glue code didn't even de-reference this element in the
structure.
Andrew Bartlett
Andrew Bartlett [Thu, 6 May 2010 06:47:15 +0000 (16:47 +1000)]
s4:auth Make it clear to the callers the talloc lifetime.
In other times, we might have used talloc_reference here, but this
isn't used as much these days.
Andrew Bartlett
Jeremy Allison [Tue, 18 May 2010 01:22:19 +0000 (18:22 -0700)]
Plumb in krb5 to the SMB2 sessionsetup code. First cut of this code.
Jeremy.
Jeremy Allison [Tue, 18 May 2010 00:17:44 +0000 (17:17 -0700)]
Fix the build of bin/smbtorture in source3. Guenther please check !
Jeremy.
Jelmer Vernooij [Mon, 17 May 2010 23:39:17 +0000 (01:39 +0200)]
selftest: Cope with empty testsuite results in more places.
Jelmer Vernooij [Mon, 17 May 2010 22:01:48 +0000 (00:01 +0200)]
selftest: Cope with testsuites without any output whatsoever (probably an error though).
Jelmer Vernooij [Sun, 2 May 2010 18:02:26 +0000 (20:02 +0200)]
pynet: Remove unused credentials argument.
Günther Deschner [Thu, 1 Oct 2009 22:17:06 +0000 (00:17 +0200)]
s3-registry: only include registry headers when really needed.
Guenther
Günther Deschner [Mon, 17 May 2010 22:39:43 +0000 (00:39 +0200)]
s3-tldap: only include tldap when actually needed.
Guenther
Günther Deschner [Mon, 17 May 2010 22:18:55 +0000 (00:18 +0200)]
s3-includes: remove completely unused util_getent.h header.
Guenther
Günther Deschner [Mon, 17 May 2010 22:16:40 +0000 (00:16 +0200)]
s3-crypto: only include crypto headers when crypto is done.
Guenther
Günther Deschner [Mon, 17 May 2010 21:27:30 +0000 (23:27 +0200)]
s3-samr: move samr helper prototypes outside of proto.h
Guenther
Günther Deschner [Mon, 17 May 2010 21:04:46 +0000 (23:04 +0200)]
s3-services: move services.h to where it is actually used.
Guenther
Günther Deschner [Mon, 17 May 2010 21:04:08 +0000 (23:04 +0200)]
security: merge builtin rid tables.
Guenther
Günther Deschner [Mon, 17 May 2010 20:04:24 +0000 (22:04 +0200)]
s3-rpc_misc: clean out include/rpc_misc.h.
Well known rids don't really belong into an rpc header, just use the ones
defined in security.idl.
Guenther
Jeremy Allison [Mon, 17 May 2010 20:05:22 +0000 (13:05 -0700)]
Refactor the sessionsetup SMB2 code to make it easy to add
krb5. Fix a memory leak in returning security blobs.
Jeremy
Günther Deschner [Sun, 9 May 2010 22:07:10 +0000 (00:07 +0200)]
s3-libgpo: move group policy protos to where they belong.
Guenther
Günther Deschner [Mon, 17 May 2010 18:49:31 +0000 (20:49 +0200)]
s3-includes: remove some unused defines.
Guenther
Günther Deschner [Fri, 14 May 2010 22:34:35 +0000 (00:34 +0200)]
s3-kerberos: temporary fix for ipv6 in print_kdc_line().
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
Günther Deschner [Fri, 14 May 2010 21:23:34 +0000 (23:23 +0200)]
s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().
Guenther
Günther Deschner [Fri, 14 May 2010 21:21:47 +0000 (23:21 +0200)]
s3-winbind: make the getpeername() checks in cm_prepare_connection IPv6 aware.
Note that this failure was hard to track, as winbind did only log a super helpful
"cm_prepare_connection: Success" debug message.
IPv6 gurus, please check
Successfully tested in two independent IPv6 networks now.
Guenther
Anatoliy Atanasov [Mon, 17 May 2010 09:49:37 +0000 (12:49 +0300)]
s4-rodc: Set am_rodc flag during provision