summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()Stefan Metzmacher2014-12-191-17/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if requiredStefan Metzmacher2014-12-191-0/+8
| | | | | | | | | | | | | Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL backend arround, this can only be specified explicitely by the caller and cli_credentials_get_netlogon_creds() != NULL is the strong indication that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*. With trusts against AD domain we can reliable use kerberos and netlogon secure channel for authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'Stefan Metzmacher2014-12-191-4/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-192-11/+43
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()Stefan Metzmacher2014-12-191-1/+1
| | | | | | | | We should not try to connect to the given domain from within the winbindd parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: report our own name for PING_DC and internal domainsStefan Metzmacher2014-12-191-0/+22
| | | | | | | | This means "wbinfo --ping-dc" works fine on a DC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: check for rpath compiler/linker flagsRalph Boehme2014-12-191-0/+4
| | | | | | | | | | | | Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: fill PRIVATE_NAME() logic againStefan Metzmacher2014-12-192-4/+21
| | | | | | | | | | | | | We append bld.env.PRIVATE_EXTENSION to the name of private libraries again, but only unless they have a abi_directory, vnum or soname defined. This avoids naming conflicts with system libraries, e.g. libidmap.so on Solaris Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2014-12-192-13/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: use shared/libnss_wrapper_winbind.so.2Stefan Metzmacher2014-12-192-2/+2
| | | | | | | | | | | This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()Stefan Metzmacher2014-12-191-1/+5
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ctdb-daemon: Use correct tdb flags when enabling robust mutex supportAmitay Isaacs2014-12-194-22/+70
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: version 1.3.4Stefan Metzmacher2014-12-192-1/+69
| | | | | | | | | | | | Transactions are supported with TDB_MUTEX_LOCKING. This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
* tdb/toos: allow transactions with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb/test: add tdb1-run-mutex-transaction1 testStefan Metzmacher2014-12-192-0/+237
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+1
| | | | | | | | | | | | | There's no real reason to disallow transactions as the allrecord lock is also available with mutexes enabled. E.g. ctdbd requires transactions also on non-persistent databases opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* vfs_fruit: Avoid double ()Volker Lendecke2014-12-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
* vfs_fruit: Avoid double initializationVolker Lendecke2014-12-181-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/texpect: prefer bsd/libutil.h if availableStefan Metzmacher2014-12-182-2/+4
| | | | | | | Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
* s4:heimdal_build: remove unused openpty checkStefan Metzmacher2014-12-181-1/+0
| | | | | | | | | commit 638a8edd7ce708cf550c054ac16dade795b6448b removed HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...) (the only heimdal user of openpty(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli-dns: Remove obsolete dns_host_file subsystem.Andreas Schneider2014-12-184-456/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
* s3-libsmb: Remove obsolete support for dns_host_file.Andreas Schneider2014-12-181-27/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-libcli: Remove obsolete support for file resolving.Andreas Schneider2014-12-183-163/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* addns: Remove support for dns_host_file.Andreas Schneider2014-12-189-94/+122
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba3 targets to join AD.Andreas Schneider2014-12-181-11/+60
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba4 target.Andreas Schneider2014-12-182-15/+90
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Always enable dns fakeing.Andreas Schneider2014-12-181-2/+6
| | | | | | | | FIXME: This should be removed once we fixed adding records to the DNS server using nsupdate! Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Define if we should fake dns resolving.Andreas Schneider2014-12-182-1/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_dnsupdate: Allow the tool to work in 'make test'.Andreas Schneider2014-12-181-2/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_dnsupdate: Always fill out the nameservers of a dns object.Andreas Schneider2014-12-181-3/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Wait for the logon server to register to join the member.Andreas Schneider2014-12-181-0/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nmblookup: Return if the lookup was successful or not.Andreas Schneider2014-12-181-7/+18
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10803 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Jeremy Allison <jra@samba.org>
* selftest: Print better DC provisioning info.Andreas Schneider2014-12-181-3/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Also pass the IPv6 address for the KDC around.Andreas Schneider2014-12-181-17/+49
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Preload resolv_wrapper in selftest.Andreas Schneider2014-12-182-0/+12
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: try to use the trust account with kerberos if possibleStefan Metzmacher2014-12-181-7/+19
| | | | | | | | | | This trust account is usable for SMB authentication via kerberos, so we should try that if we think the domain is active directory. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: fix anon fallback in cm_prepare_connection()Stefan Metzmacher2014-12-181-18/+1
| | | | | | | | | We should not crash with machine_password==NULL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: also try to fallback to anonymous if we get ↵Stefan Metzmacher2014-12-181-0/+1
| | | | | | | | | | | NT_STATUS_INVALID_ACCOUNT_NAME Kerberos authentication may return NT_STATUS_INVALID_ACCOUNT_NAME (PRINCIPAL_UNKNOWN) Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: let cli_session_setup_kerberos_recv() return a useful error codeStefan Metzmacher2014-12-181-6/+22
| | | | | | | | | | Forcing NT_STATUS_UNSUCCESSFUL is not a good idea, we should return NT_STATUS_LOGON_FAILURE instead. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() firstStefan Metzmacher2014-12-181-21/+44
| | | | | | | | | | | | | NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2() code. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
* s3:passdb: add optional get_trusteddom_creds() hooksStefan Metzmacher2014-12-184-1/+339
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pdb: fix build issues with shared modulesGarming Sam2014-12-181-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10355 Change-Id: I26e78b56ead0c66afcda6b3fb8b1fd09130b24a5 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser()Stefan Metzmacher2014-12-181-0/+1
| | | | | | | | | | | | | In a cluster this can be called with an empty record, while brl_parse_data() relies on an initialized structure. This is a regression in commit 837e29035c911f3509135252c3f423d0f56b606d. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10911 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: improve rpc.remote_pac test so we check if LogonSamLogon actually ↵Andrew Bartlett2014-12-181-0/+2
| | | | | | | | | | | succeeds Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 02:51:02 CET 2014 on sn-devel-104
* torture: Improve winbindd.pac test to check multiple GENSEC mechanimsAndrew Bartlett2014-12-181-10/+57
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* gensec_krb5: Match behaviour of gensec_gssapi for password-based keytabsAndrew Bartlett2014-12-181-0/+10
| | | | | | | | | This allows the winbind.pac.krb5 test to pass against the s3member environment, which uses the password from secrets.tdb. Andrew Bartlett Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* test: improve kinit kerberos testsGarming Sam2014-12-181-6/+38
| | | | | | | | | | | | | For enterprise and windows style kinit, a UPN is now configured. There are now additional smbclient calls and added cache removals to make the tests more robust. Change-Id: I7c58ae4c9f303ca74a52878aa5dce2cc5f7d6742 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* autobuild: adapt a commentMichael Adam2014-12-171-1/+1
| | | | | | | | | | | | The configure-option --with-cluster-support now only builds against the included ctdb, and it also builds the ctdb component. The comment in autobuild.py this patch changes was still from the olden days... Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Dec 17 21:13:44 CET 2014 on sn-devel-104
* vfs/glusterfs: Change xattr key to match gluster key.raghavendra talur2014-12-171-1/+1
| | | | | | | | | | | | | | Gluster changed the key used to do get_real_filename in 3.5. This changes Samba's glusterfs vfs-module to use the same key. This will render SMB_VFS_GET_REALFILENAME() working again under 3.5 and will remove support for that functionality for Gluster 3.4 and older. Signed-off-by: raghavendra talur <raghavendra.talur@gmail.com> Reviewed-by: Ira Cooper <ira@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* vfs_glusterfs: Implement AIO supportPoornima G2014-12-172-12/+243
| | | | | | | | | | Signed-off-by: Poornima G <pgurusid@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Dec 17 16:35:37 CET 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 15:27:12 +0000