Andrew Bartlett [Thu, 26 Aug 2010 23:50:31 +0000 (09:50 +1000)]
libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 23:50:12 +0000 (09:50 +1000)]
libcli/security Use C99 types
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 23:41:32 +0000 (09:41 +1000)]
libcli/security Use true and false, not True and False
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 22:56:15 +0000 (08:56 +1000)]
s3-privs Move source3/ privileges implmentation into common
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:49:27 +0000 (22:49 +1000)]
s3-privs Rename structure elements for greater clarity
It is important to make clear which is the LUID and which
is the Samba-only bitmap mask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:35:35 +0000 (22:35 +1000)]
s3-privs More clarity in variable names
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:30:26 +0000 (22:30 +1000)]
s3-privs Rename mask -> privilege_mask to be more clear
After SE_PRIV was removed, it became less clear what these
parameters were for.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 12:08:22 +0000 (22:08 +1000)]
s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 10:04:11 +0000 (20:04 +1000)]
s3-auth Change struct nt_user_token -> struct security_token
This common structure is defined in security.idl
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 10:54:13 +0000 (20:54 +1000)]
s3-auth Change type of num_sids to uint32_t
size_t is overkill here, and in struct security_token in the num_sids
is uint32_t.
This includes a change to the prototype of add_sid_to_array()
and add_sid_to_array_unique(), which has had a number of
consequnetial changes as I try to sort out all the callers using
a pointer to the number of sids.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:42:01 +0000 (19:42 +1000)]
security.idl Add comments
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:21:53 +0000 (19:21 +1000)]
security.idl Update Windows privileges list to Win2008R2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 09:20:32 +0000 (19:20 +1000)]
s3-privs Only store low bits of luid in privileges table
Samba only uses the low bits, and this makes the code simpler.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 08:38:59 +0000 (18:38 +1000)]
s4-privs Add a lookup by index of privilages
Now that privileges are no longer given luid values sequentially,
we need another way to look them up for enumeration.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 08:38:16 +0000 (18:38 +1000)]
privs Add my Copyright
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:04:53 +0000 (16:04 +1000)]
security.idl clarify which privilages are LUID and bitmap values
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:03:41 +0000 (16:03 +1000)]
s3-privs Remove comment already moved to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 06:02:12 +0000 (16:02 +1000)]
s3-privs Use constants from security.idl
The values in security.idl have been updated to match these.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 05:56:21 +0000 (15:56 +1000)]
s4-privs Remove link between enum sec_privilege and the privilege bitmap
This allows us to set the enum sec_privilege constants to the LUID
values that are seen from windows, which we need to match, in order
to preserve the support for the NT Print Migrator tool after a merge
with the source3/ privileges code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 04:37:00 +0000 (14:37 +1000)]
s3-privs Further changes to remove SE_PRIV
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Fri, 27 Aug 2010 02:44:35 +0000 (12:44 +1000)]
privs Move privilege bitmasks to security.idl
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Thu, 26 Aug 2010 00:35:45 +0000 (10:35 +1000)]
s3:privs Change to new host endian neutral privilages tdb format
These values are stored in account_policy.tdb, and the old format,
using a 128 bit bitmap was not endian neutral.
The previous endian-dependent format was introduced in
46e5effea948931509283cb84b27007d34b521c8
replacing a 32 bit number which was used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Wed, 25 Aug 2010 22:49:28 +0000 (08:49 +1000)]
s3:Change SE_PRIV to uint64_t
This removes the SE_PRIV typedef
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Andrew Bartlett [Tue, 24 Aug 2010 04:47:26 +0000 (14:47 +1000)]
s3:privileges Change SE_PRIV to be just a uint64_t
We don't need 128 possible privileges here, as we only use 12.
This reverts some of
46e5effea948931509283cb84b27007d34b521c8
by Jerry back in 2005, where he introduced the SE_PRIV structure
to replace the uint32_t used at the time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 06:42:10 +0000 (08:42 +0200)]
lib/replace:wscript - don't check twice for type "bool"
Matthias Dieter Wallnöfer [Sat, 11 Sep 2010 06:22:09 +0000 (08:22 +0200)]
lib/replace:wscript - attempt to fix the features detection on Tru64
Hopefully now we detect the built-in "socklen_t"
https://bugs.internet2.edu/jira/browse/SSPCPP-114
http://h30097.www3.hp.com/docs/base_doc/DOCUMENTATION/V50_HTML/MAN/MAN5/0001____.HTM
Jeremy Allison [Sat, 11 Sep 2010 06:33:18 +0000 (23:33 -0700)]
Add check missing from previous patch after talloc_strdup().
Jeremy.
Jeremy Allison [Sat, 11 Sep 2010 06:28:15 +0000 (23:28 -0700)]
Factor out the recent changes into a function - check_parent_exists().
Fix this to ensure that if "start" is manipulated, then "dirpath"
is changed also.
Ensures that when the path:
/a/long/file/name/path.txt
is processed, we first stat:
/a/long/file/name/path.txt
and if this fails, we try to stat:
/a/long/file/name
if this path exists (the normal case when creating a new
entry in a directory) then we no longer do the individual
path name walk, but only do case insensitive lookup on the
last component. If the stat fails we do the full pathname
walk as normal in 3.5.x and below. Metze, examine this
change for your back-port.
Jeremy.
Volker Lendecke [Fri, 10 Sep 2010 13:07:28 +0000 (15:07 +0200)]
s3: Simplify the logic in generate_krb5_ccache
gd, jra, others, please check!
Björn Jacke [Fri, 10 Sep 2010 19:36:20 +0000 (21:36 +0200)]
s3/winbind: use mono time for startup timeout check
Björn Jacke [Fri, 10 Sep 2010 19:03:17 +0000 (21:03 +0200)]
libreplace: clock_gettime sets errno
Björn Jacke [Fri, 10 Sep 2010 18:46:10 +0000 (20:46 +0200)]
s4/pvfs: use monotonic time for this timeout
Björn Jacke [Fri, 10 Sep 2010 18:39:20 +0000 (20:39 +0200)]
s4/ldap: use time_mono for reconnect timeout
Björn Jacke [Fri, 10 Sep 2010 18:28:41 +0000 (20:28 +0200)]
s4/torture: use time_mono for timeouts
Björn Jacke [Fri, 10 Sep 2010 18:25:19 +0000 (20:25 +0200)]
s4/torture: use time_mono for delta time
Günther Deschner [Fri, 10 Sep 2010 21:06:46 +0000 (23:06 +0200)]
s3-selftest: add print_test_extended (as called from RPC-PRINTER) to knownfail list.
Guenther
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:39:39 +0000 (22:39 +0200)]
s4:client/client.c - fix wrong return codes in "do_connect"
Detected by the Solaris cc compiler.
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:26:24 +0000 (22:26 +0200)]
s4:lib/policy/gp_filesys.c - remove dead code
Found out by Solaris cc
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:35:10 +0000 (22:35 +0200)]
s4:torture/locktest.c - add a cast in order to quiet a warning on Solaris cc
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s4:libcli/wrepl/winsrepl.c - add more "char *" casts in order to suppress Solaris warnings
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s3/s4:libcli/tstream - add more "char *" casts in order to suppress Solaris warnings
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 20:22:14 +0000 (22:22 +0200)]
s4:torture/ntp/ntp_signd.c - add more "char *" casts in order to suppress Solaris warnings
Günther Deschner [Fri, 10 Sep 2010 20:40:46 +0000 (22:40 +0200)]
s3-printing: fix non-ads build after prototype changes.
Guenther
Volker Lendecke [Fri, 10 Sep 2010 12:34:19 +0000 (14:34 +0200)]
s3: Simplify generate_krb5_ccache slightly
strequal deals with a NULL string input just fine
Jeremy Allison [Fri, 10 Sep 2010 18:56:26 +0000 (11:56 -0700)]
Check all SMB_MALLOC returns correctly. Found by Andreas Moroder <andreas.moroder@gmx.net>.
Jeremy
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 17:28:07 +0000 (19:28 +0200)]
s4:torture/rpc/winreg.c - hopefully this attempt fixes Solaris "cc" on the buildfarm
The Solaris "cc" incompatiblity on this codepart seems to be harder to fix than
it looks like.
Matthias Dieter Wallnöfer [Fri, 10 Sep 2010 17:17:25 +0000 (19:17 +0200)]
s4:getncchanges_change_master - also in this call "i" needs to be unsigned
Volker Lendecke [Fri, 10 Sep 2010 10:49:32 +0000 (12:49 +0200)]
s3: auth.krb5ccname and auth.unix_username are both fstrings
There's no point in checking for != NULL
Stefan Metzmacher [Wed, 8 Sep 2010 15:56:33 +0000 (17:56 +0200)]
selftest/s3-selftest.sh: knownfailure filtering for non-build-farm make test
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:54:29 +0000 (17:54 +0200)]
s3:torture: fix printf output, lines can't start with lower case "test"
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:55:12 +0000 (17:55 +0200)]
s3:torture: fix run_uid_regression_test
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:53:47 +0000 (17:53 +0200)]
s3-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED
metze
Stefan Metzmacher [Wed, 8 Sep 2010 15:53:47 +0000 (17:53 +0200)]
s4-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED
metze
Stefan Metzmacher [Fri, 10 Sep 2010 04:36:02 +0000 (06:36 +0200)]
s4:provision: remember the setup directory if it wasn't the default
This fixes make test without a make install.
metze
Günther Deschner [Fri, 10 Sep 2010 14:55:23 +0000 (16:55 +0200)]
s3-spoolss: Fix _spoolss_GetPrinter().
In the error case, we need to TALLOC_FREE(r->out.info), don't ask :-)
Guenther
Andreas Schneider [Fri, 10 Sep 2010 14:06:24 +0000 (16:06 +0200)]
s3-spoolss: Don't leak memory on the session counter list.
Thanks Günther, please check.
Simo Sorce [Thu, 1 Jul 2010 23:39:57 +0000 (19:39 -0400)]
s3-spoolss: Allow multiple client backchannels.
When we run spoolssd we need to support multiple clients connecting.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 22:35:29 +0000 (18:35 -0400)]
s3-spoolss: Split function to send notification.
More digestible this way.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 18:19:43 +0000 (14:19 -0400)]
s3-spoolss: Use a single structure for all the back channel data.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 19:32:15 +0000 (15:32 -0400)]
s3-spoolss: Rename Printer_entry to struct printer_handle.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 19:11:41 +0000 (15:11 -0400)]
s3-spoolss: Move Printer_entry to srv_spoolss_nt.c
It is used only there, and it is a good idea to make this one private and
opaque to the rest of the code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 16:19:41 +0000 (12:19 -0400)]
s3-spoolss: Allocate printer entries on the pipe struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Simo Sorce [Wed, 30 Jun 2010 16:07:44 +0000 (12:07 -0400)]
s3-spoolss: Rename session counter structure and use talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 3 Dec 2008 09:40:04 +0000 (10:40 +0100)]
s3-dsgetdcname: cleanup receive_getdc_response a little.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:51:32 +0000 (11:51 +0200)]
s3-build: use proper RPC_X_OBJ target names.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:49:49 +0000 (11:49 +0200)]
s3-waf: use proper RPC_X_SRC names.
This allows to build using waf without --enable-developer and should also fix
support for rpc server modules.
Guenther
Anatoliy Atanasov [Fri, 10 Sep 2010 10:44:20 +0000 (13:44 +0300)]
s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole
This removed an unnecessary conversion of the return type in
drepl_take_FSMO_role.
Anatoliy Atanasov [Fri, 10 Sep 2010 06:00:56 +0000 (09:00 +0300)]
s4/fsmo: Fix callback declaration
Kamen Mazdrashki [Thu, 9 Sep 2010 23:05:27 +0000 (02:05 +0300)]
s4-drs: return DRSUAPI_EXOP_ERR_SUCCESS in extended_ret
in case we are handling extended operation.
It seems that windows accept both DRSUAPI_EXOP_ERR_SUCCESS
and DRSUAPI_EXOP_ERR_NONE, but Samba is a little bit
more picky on this.
Kamen Mazdrashki [Thu, 9 Sep 2010 23:02:56 +0000 (02:02 +0300)]
s4-drs: Hanlde extended operations only once
Most of extended operations I know of work like:
1. do extended operation
2. collect a set of objects to return and start replication cycle
3. continue returning object as we have no more to give
This way we ensure we are doing 1. only once
Kamen Mazdrashki [Thu, 9 Sep 2010 22:59:21 +0000 (01:59 +0300)]
s4-dreplsrv: fix 'dn' for partition object being created
Kamen Mazdrashki [Thu, 9 Sep 2010 22:58:07 +0000 (01:58 +0300)]
s4-drs-fsmo: try to dispatch ops in queue as soon as possible
In most cases this will transfer of schema master role to
look like a synchronous operation.
Anatoliy Atanasov [Wed, 8 Sep 2010 07:25:54 +0000 (10:25 +0300)]
s4/fsmo: Added python tests for schema master transfer op
Andrew Tridgell [Thu, 9 Sep 2010 06:16:05 +0000 (16:16 +1000)]
s4-fsmo: update FSMO changes for recent IRPC work
the IRPC API has changed
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Anatoliy Atanasov [Thu, 26 Aug 2010 08:19:24 +0000 (11:19 +0300)]
s4/drs: update repsFrom only when we are not in getncchanges extended op
Nadezhda Ivanova [Thu, 26 Aug 2010 08:09:58 +0000 (11:09 +0300)]
s4-ldap: Added support for FSMO role transfer via LDAP by modify on rootDSE
GetNCChanges with the corresponding extended operation is initiated and added to
the queue when a modify request is received on becomeSchemaMaster, becomeRidMaster,
becomeNamingMaster, becomeInfrastructureMaster and becomePDC attributes in
rootDSE.
Nadezhda Ivanova [Thu, 26 Aug 2010 07:59:02 +0000 (10:59 +0300)]
s4-rpc: Added handling of fsmo role transfer to GetNCChanges
This adds support for DRSUAPI_EXOP_FSMO_REQ_ROLE, DRSUAPI_EXOP_FSMO_RID_REQ_ROLE
and DRSUAPI_EXOP_FSMO_REQ_PDC.
Developed in collaboration with Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Nadezhda Ivanova [Tue, 24 Aug 2010 21:26:28 +0000 (00:26 +0300)]
s4-irpc: Added internal rpc call DREPL_TAKEFSMOROLE
It schedules a getncchanges with extended op 6, to be used when a modify request on
becomeROLEMaster atteibute on rootDSE is received.
Nadezhda Ivanova [Tue, 24 Aug 2010 21:22:16 +0000 (00:22 +0300)]
s4-drs: Implementation of GetNCChanges extended op 6 - fsmo role transfer
Basically the candidate owner makes a getncchanges call with extended op 6 when they want to
become the new owner. The current owner then updates the corresponding fSMORoleOwner attribute
in its database with the new owner, and replicates the change to the candidate, who then becomes the
owner.
The patch was made in cooperation with Anatoliy Atanasov <anatoliy.atanasov@postpath.com> who
kindly helped to debug it.
Nadezhda Ivanova [Tue, 24 Aug 2010 20:01:43 +0000 (23:01 +0300)]
s4-drs: Refactored drepl_service and send_ridalloc_request so that the structures can be used for other extended ops
Björn Jacke [Fri, 10 Sep 2010 09:51:15 +0000 (11:51 +0200)]
s4/torture: use time_mono for deltas in lock test
Günther Deschner [Fri, 10 Sep 2010 09:28:54 +0000 (11:28 +0200)]
s3-build: only link LIBNDR_XATTR_OBJ where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:28:38 +0000 (11:28 +0200)]
s3-waf: only link LIBNDR_XATTR_SRC where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:27:52 +0000 (11:27 +0200)]
s3-build: link ndr_notify only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:26:35 +0000 (11:26 +0200)]
s3-waf: link ndr_notify only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:24:28 +0000 (11:24 +0200)]
s3-build: link ndr_named_pipe_auth only where needed.
Guenther
Günther Deschner [Fri, 10 Sep 2010 09:23:59 +0000 (11:23 +0200)]
s3-waf: link ndr_named_pipe_auth only where needed.
Guenther
Günther Deschner [Thu, 2 Sep 2010 11:19:02 +0000 (13:19 +0200)]
s3-spoolss: allow a short printername w/o servername.
Verified with RPC-SPOOLSS-PRINTSERVER-enumprinters_old test.
Guenther
Jeremy Allison [Thu, 9 Sep 2010 22:29:03 +0000 (15:29 -0700)]
Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder@gmx.net>".
Jeremy.
Jeremy Allison [Thu, 9 Sep 2010 22:28:43 +0000 (15:28 -0700)]
More paranoia to ensure SD's can't be set on read-only shares.
Jeremy.
Günther Deschner [Thu, 2 Sep 2010 11:39:12 +0000 (13:39 +0200)]
s3-selftest: rename printer "print4" to "lp".
This should trigger a false error condition in our code.
Guenther
Günther Deschner [Thu, 9 Sep 2010 22:16:30 +0000 (00:16 +0200)]
s4-smbtorture: add spoolss_OpenPrinter with unc and printername in RPC-SPOOLSS-PRINTSERVER.
Guenther
Volker Lendecke [Thu, 9 Sep 2010 14:57:01 +0000 (16:57 +0200)]
s3: Fix messsssages
Volker Lendecke [Thu, 9 Sep 2010 14:25:09 +0000 (16:25 +0200)]
s3: Ensure NULL termination for "workstation" in auth_crap
Günther Deschner [Thu, 9 Sep 2010 21:13:33 +0000 (23:13 +0200)]
s3-nmbd: use NETLOGON_NT_VERSION_1 in LOGON_PRIMARY_RESPONSE.
Guenther
Volker Lendecke [Thu, 9 Sep 2010 14:02:38 +0000 (16:02 +0200)]
s3: These assignments are overwritten immediately
Dump them
Günther Deschner [Wed, 8 Sep 2010 16:55:27 +0000 (18:55 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_SAM_LOGON_REQUEST.
Guenther
Günther Deschner [Thu, 9 Sep 2010 11:16:21 +0000 (13:16 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_PRIMARY_QUERY.
Couldn't find any reproducer for a short request, so removing it for now.
Guenther
Günther Deschner [Thu, 9 Sep 2010 20:39:05 +0000 (22:39 +0200)]
s3-nmbd: use autogenerated marshalling for LOGON_REQUEST.
Guenther
Günther Deschner [Thu, 9 Sep 2010 20:38:37 +0000 (22:38 +0200)]
s3-nmbd: handle source_name in one location in nmbd_process_logon().
Guenther