summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* ldb: bump to version 1.1.19ldb-1.1.19Andrew Bartlett2014-12-223-1/+266
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
* ldb: Allow to register extended match rulesSamuel Cabrero2014-12-224-36/+165
| | | | | | | | | | | | This allows to extend LDB by registering extended match rules from outside the library itself. This is necessary when the implementation requires knowledge about syntaxes implemented in samba extensions, like the LDAP_MATCHING_RULE_TRANSITIVE_EVAL match. Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Singed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dsdb: Improve code clarity for ldb_extended_dn_in_openldap modeAndrew Bartlett2014-12-221-3/+7
| | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match opsSamuel Cabrero2014-12-221-13/+35
| | | | | | Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* torture/spoolss: issue GetJob after StartDocPrinterDavid Disseldorp2014-12-191-0/+8
| | | | | | | | | | | | This reflects Windows XP spoolss client behaviour. This fails if the job is not yet instantiated on the server, and prior to the bso#10984 fix resulted in an unsable DCERPC pipe. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Dec 19 18:03:20 CET 2014 on sn-devel-104
* spoolss: clear PrinterInfo on GetPrinter errorDavid Disseldorp2014-12-191-7/+12
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrinterDriverDirectory errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear info on GetPrintProcessorDirectory errorDavid Disseldorp2014-12-191-4/+9
| | | | | | | | | | If an error is returned without zeroing a pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear FormInfo on GetForm errorDavid Disseldorp2014-12-191-0/+1
| | | | | | | | | | | | In handling a spoolss GetForm request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear DriverInfo on GetPrinterDriver2 errorDavid Disseldorp2014-12-191-5/+11
| | | | | | | | | | | | In handling a spoolss GetPrinterDriver2 request, the handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then marshalling of the response will fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: clear JobInfo on GetJob errorDavid Disseldorp2014-12-191-10/+18
| | | | | | | | | | | | | | | | In handling a spoolss GetJob request, the _spoolss_GetJob() handler may return an immediate error if one of the input parameters is invalid. If this is done without zeroing the pre-allocated @info pointer, then api_spoolss_GetJob() will attempt to marshall @info, which in the case of an @offered value of zero results in a marshalling error: ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger than size_is(0) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984 Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:kdc: add aes key support for trusted domainsStefan Metzmacher2014-12-191-37/+148
| | | | | | | | | | | We have a look at "msDS-SupportedEncryptionTypes" and >= DS_DOMAIN_FUNCTION_2008 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Dec 19 15:39:40 CET 2014 on sn-devel-104
* s4:rpc_server/lsa: fix segfault in check_ft_info()Stefan Metzmacher2014-12-191-0/+2
| | | | | | | | | | | This is triggered by lsa_lsaRSetForestTrustInformation() with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME. The nb_name variable was uninitialized and dereferenced without checking. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove unused allow_warnings=TrueStefan Metzmacher2014-12-191-1/+0
| | | | | | | | We compile without warnings now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the ↵Stefan Metzmacher2014-12-191-12/+20
| | | | | | | | | | | related flag is removed. When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared we should also remove the related credentials. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()Stefan Metzmacher2014-12-191-4/+3
| | | | | | | | | | | | This requires 'struct lsa_policy_state', we now pass this directly instead of a instead of an opaque 'struct dcesrv_handle'. dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle' with 'struct lsa_trusted_domain_state' before, which results in segfaults. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in ↵Stefan Metzmacher2014-12-191-6/+33
| | | | | | | | | | | | pdb_samba_dsdb_get_trusteddom_creds() If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match a Windows DC. For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_credsStefan Metzmacher2014-12-191-1/+225
| | | | | | | | | | We have the password as raw UTF16 blob, which might not be valid utf16, so we need to use cli_credentials_set_utf16_password(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of cli_rpc_pipe_open_schannel_with_creds()Stefan Metzmacher2014-12-191-17/+40
| | | | | | | This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()Stefan Metzmacher2014-12-191-23/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ↵Stefan Metzmacher2014-12-191-2/+2
| | | | | | | | | | ourself If we're a member or RWDC there's no need to require talking to a rwdc, an rodc will forward the request if required. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogonStefan Metzmacher2014-12-191-0/+5
| | | | | | | | We need to call init_dc_connection_rpc() before we can decide if we want to try NCACN_IP_TCP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper functionStefan Metzmacher2014-12-192-0/+93
| | | | | | | | | This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() ↵Stefan Metzmacher2014-12-192-0/+65
| | | | | | | | | helper functions This simplifies the callers, then can just pass in a cli_credentials structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-193-6/+65
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()Stefan Metzmacher2014-12-191-17/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if requiredStefan Metzmacher2014-12-191-0/+8
| | | | | | | | | | | | | Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL backend arround, this can only be specified explicitely by the caller and cli_credentials_get_netlogon_creds() != NULL is the strong indication that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*. With trusts against AD domain we can reliable use kerberos and netlogon secure channel for authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'Stefan Metzmacher2014-12-191-4/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-192-11/+43
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()Stefan Metzmacher2014-12-191-1/+1
| | | | | | | | We should not try to connect to the given domain from within the winbindd parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: report our own name for PING_DC and internal domainsStefan Metzmacher2014-12-191-0/+22
| | | | | | | | This means "wbinfo --ping-dc" works fine on a DC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: check for rpath compiler/linker flagsRalph Boehme2014-12-191-0/+4
| | | | | | | | | | | | Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: fill PRIVATE_NAME() logic againStefan Metzmacher2014-12-192-4/+21
| | | | | | | | | | | | | We append bld.env.PRIVATE_EXTENSION to the name of private libraries again, but only unless they have a abi_directory, vnum or soname defined. This avoids naming conflicts with system libraries, e.g. libidmap.so on Solaris Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2014-12-192-13/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: use shared/libnss_wrapper_winbind.so.2Stefan Metzmacher2014-12-192-2/+2
| | | | | | | | | | | This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()Stefan Metzmacher2014-12-191-1/+5
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ctdb-daemon: Use correct tdb flags when enabling robust mutex supportAmitay Isaacs2014-12-194-22/+70
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: version 1.3.4tdb-1.3.4Stefan Metzmacher2014-12-192-1/+69
| | | | | | | | | | | | Transactions are supported with TDB_MUTEX_LOCKING. This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
* tdb/toos: allow transactions with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb/test: add tdb1-run-mutex-transaction1 testStefan Metzmacher2014-12-192-0/+237
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+1
| | | | | | | | | | | | | There's no real reason to disallow transactions as the allrecord lock is also available with mutexes enabled. E.g. ctdbd requires transactions also on non-persistent databases opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* vfs_fruit: Avoid double ()Volker Lendecke2014-12-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
* vfs_fruit: Avoid double initializationVolker Lendecke2014-12-181-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/texpect: prefer bsd/libutil.h if availableStefan Metzmacher2014-12-182-2/+4
| | | | | | | Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
* s4:heimdal_build: remove unused openpty checkStefan Metzmacher2014-12-181-1/+0
| | | | | | | | | commit 638a8edd7ce708cf550c054ac16dade795b6448b removed HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...) (the only heimdal user of openpty(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli-dns: Remove obsolete dns_host_file subsystem.Andreas Schneider2014-12-184-456/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
* s3-libsmb: Remove obsolete support for dns_host_file.Andreas Schneider2014-12-181-27/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-libcli: Remove obsolete support for file resolving.Andreas Schneider2014-12-183-163/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* addns: Remove support for dns_host_file.Andreas Schneider2014-12-189-94/+122
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba3 targets to join AD.Andreas Schneider2014-12-181-11/+60
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status