summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s4/scripting: in MIT build do not install samba-tool, it is not usable yetAlexander Bokovoy2012-05-242-7/+4
|
* s4-selftest: Demonstrate the correct behaviour between specified usernames ↵Andrew Bartlett2012-05-241-0/+8
| | | | | | | | | and kerberos ccache This shows that a username/password on the command line must always override any credentials cache in the environment. Andrew Bartlett
* auth/credentials: 'workgroup' set via command line will not drop existing ccacheAlexander Bokovoy2012-05-243-14/+7
| | | | | | | | | | The root cause for existing ccache being invalidated was use of global loadparm with 'workgroup' value set as if from command line. However, we don't really need to take 'workgroup' parameter value's nature into account when invalidating existing ccache. When -U is used on the command line, one can specify a password to force ccache invalidation. The commit also reverts previous fix now that root cause is clear.
* s3:smbd/msdfs: pass allow_broken_path to resolve_dfspath_wcard()Stefan Metzmacher2012-05-244-1/+6
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu May 24 16:14:01 CEST 2012 on sn-devel-104
* s3:smbd/msdfs: pass 'allow_broken_path' to get_referred_path()Stefan Metzmacher2012-05-244-8/+13
| | | | | | | | Note the DCERPC code should not be smb2 specific! I wonder why this is at all smb2 specific... metze
* s3:smbd/msdfs: let create_conn_struct() also fake the 'smbd_server_connection'Stefan Metzmacher2012-05-244-23/+63
| | | | metze
* s3:smbd/files: work without sconn->file_bmap and assign fsp->fnum = -1Stefan Metzmacher2012-05-241-23/+39
| | | | | | | For faked connection_structs we do not need valid fnum values, e.g. in the dfs and printing code. metze
* s3:smbd/files: fix error path and correctly cleanupStefan Metzmacher2012-05-241-7/+7
| | | | metze
* selftest: Run only the samba3 tests on builds without the AD DCAndrew Bartlett2012-05-241-1/+6
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu May 24 11:51:40 CEST 2012 on sn-devel-104
* WHATSNEW: Move to document changes for beta1Andrew Bartlett2012-05-241-57/+51
| | | | | | This is not the beta1 release, but this is the preperation for such a release. Andrew Bartlett
* s4-provision: Make s3fs the default way to install a new Samba4 DCAndrew Bartlett2012-05-242-2/+3
| | | | | | | | | | With s3fs now well settled into master, we now throw the swtich and make it the default. There is still much to do, but we need to be using s3fs by default to find out exactly what that is. Andrew Bartlett
* s4-selftest: Always delete the user at the end of test_passwords.shAndrew Bartlett2012-05-241-1/+1
| | | | | | | If this test is run in the "dc" environment (rather than "dc:local") is would not delete the test user. Andrew Bartlett
* dlz_bind9: Make the talloc destructor static and return 0.Amitay Isaacs2012-05-241-1/+2
| | | | | Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Thu May 24 03:32:50 CEST 2012 on sn-devel-104
* dlz_bind9: Fix the named crash on reloading namedAmitay Isaacs2012-05-241-1/+17
| | | | | | | | | | When reloading zones, named first creates new zone instance and then shuts down the old instance. Since ldb layer, keeps the same LDB open, talloc_free() on samdb handle, causes talloc "access after use" error. This patch keeps only single context (dlz_bind9_data) and uses reference counting to decide when to actually free the context. Since samdb handle is reused, use talloc_unlink() instead of talloc_free() on samdb handle.
* s3-configure: Fix configure version information.Ira Cooper2012-05-241-4/+4
| | | | | | | version.h moved from include -> include/autoconf. Autobuild-User: Ira Cooper <ira@samba.org> Autobuild-Date: Thu May 24 01:34:24 CEST 2012 on sn-devel-104
* s3:rpc_server/dfs: pass allow_broken_path=true to create_junction()Stefan Metzmacher2012-05-231-2/+4
| | | | | | | | | | | | DCERPC code can't be smb2 specific! I'm not sure if 'true' is the correct value here, but at least it matches the old behavior and the tcp and smb1 cases. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed May 23 21:56:05 CEST 2012 on sn-devel-104
* s3:smbd/proto.h: remove unused resolve_dfspath() prototypeStefan Metzmacher2012-05-231-5/+0
| | | | metze
* s3:smbd/files: remove unused VALID_FNUM()Stefan Metzmacher2012-05-231-2/+0
| | | | metze
* s3:smb2_server: make use of nt_status_np_pipe()Stefan Metzmacher2012-05-233-3/+13
| | | | metze
* s3:smbd: use nt_status_np_pipe for smb1Stefan Metzmacher2012-05-233-7/+28
| | | | metze
* s3:smbd: add nt_status_np_pipe()Stefan Metzmacher2012-05-232-0/+12
| | | | | | This mapps between NT_STATUS_CONNECTION_* to NT_STATUS_PIPE_* metze
* blackbox: fix samba4.blackbox.kinit testAlexander Bokovoy2012-05-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This deserves some explanation. With commit 518232d4578d700f5f5ea1609275a6cd1de3a1e7 samba4.blackbox.kinit test set was wrapped with password settings reset before and after the tests with an idea to maintain reliable state for the tests. As result, the resetting of the password settings was done after the test that tried to use smbclient with a Kerberos ticket obtained with machine account credentials. However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(), never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module always re-kinited even if existing credentials were available in the ccache. This had an effect on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test. When the issue of not using already initialized credentials from ccache was fixed with d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly re-used already obtained credentials from ccaches. This caused failure of the test 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account has no permissions to modify password settings. Thus, the correct fix is to reset ccache state before performing the test. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104
* gse: Use the smb_gss_oid_equal wrapper.Andreas Schneider2012-05-235-23/+10
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* krb5samba: Add smb_gss_oid_equal wrapper.Andreas Schneider2012-05-234-2/+90
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* s3-autoconf: fix typo after migrating DNS resolver code to lib/addnsAlexander Bokovoy2012-05-231-1/+1
|
* wafsamba: ensure TO_LIST does not fail with empty stringAlexander Bokovoy2012-05-231-0/+2
|
* libcli/dns: make 'clidns' private library out of DNS code in WAF buildAlexander Bokovoy2012-05-235-11/+9
| | | | | | | | | | | | | | | | After consolidating DNS resolver code to lib/addns, there is one piece that still needs to be moved into a common DNS resolver library: DNS_HOSTS_FILE subsystem. Unfortunately, direct move would require lib/addns to depend on libcli/util/{ntstatus.h,werror.h} (provided by errors subsystem). In addition, moving libcli/dns/* code to lib/addns/ would make conflicting the dns_tkey_record struct. The conflict comes from source4/dns_server/ and is due to use of IDL to define the struct. lib/addns/ library also provides its own definition so we either need to keep them in sync (rewrite code in lib/addns/ a bit) or depend on generated IDL headers. Thus, making a private library and subsystem clidns is an intermediate step that allows to buy some time fore refactoring.
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-2348-471/+598
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* s4: samba-tool is usable without export-keytab command, make sure it does ↵Alexander Bokovoy2012-05-231-19/+22
| | | | | | | | not break When export_keytab is not compiled in (pure client-side Samba 4 build as with system MIT krb5), export-keytab command of samba-tool will not be available. Make sure it is not provided but its absence does not break the Python tool.
* auth-credentials: Support using pre-fetched ccache when obtaining kerberos ↵Alexander Bokovoy2012-05-231-2/+12
| | | | | | | | | credentials When credentials API is used by a client-side program that already as fetched required tickets into a ccache, we need to skip re-initializing ccache. This is used in FreeIPA when Samba 4 Python bindings are run after mod_auth_kerb has obtained user tickets already.
* s3-passdb: add unixid_from_uid/unixid_from_gid/unixid_from_both APIAlexander Bokovoy2012-05-233-1/+54
| | | | | | | | | | | | | struct unixid is defined in idmap.idl and therefore to use it one would need generated headers from librpc/gen_ndr. Not all of these files are installed and available as public headers. Also, they pull in some support headers which requires them to be available via specific locations like <librpc/gen_ndr/*> or <libcli/util>. Instead of pulling the headers to get structure and enum definitions, introduce three simple helpers to fill in 'struct unixid' based on the type of id. This is sufficient for PASSDB users and does not require exposing generated headers or code.
* dns: fix comments and make s4/libcli/resolve dns resolver workingAlexander Bokovoy2012-05-232-4/+4
| | | | | | | | After migrating to use libaddns, reply_to_addrs() needed to change the way answers are iterated through. Originally libroken implementation gave all answers as separate records with last one being explicitly NULL. libaddns unmarshalling code gives all non-NULL answers and should be iterated with explicit reply->num_answers in use.
* lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT KerberosAlexander Bokovoy2012-05-231-19/+22
| | | | | | | In case krb5_cc_get_lifetime is not available, iterate over existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL, and use its lifetime. This is how it is implemented in Heimdal and how it was suggested to be done by MIT Kerberos developers.
* gensec_gssapi: Make it possible to build with MIT krb5Simo Sorce2012-05-234-11/+40
| | | | | | | | | | We need to ifdef out some minor things here because there is no available API to set these options in MIT. The realm and canonicalize options should be not interesting in the client case. Same for the send_to_kdc hacks. Also the OLD DES3 enctype is not at all interesting. I am not aware that Windows will ever use DES3 and no modern implementation relies on that enctype anymore as it has been fully deprecated long ago, so we can simply ignore it.
* auth and s4-rpc_server: Do not use features we currently can't implement ↵Simo Sorce2012-05-232-1/+10
| | | | with MIT Kerbros build
* s4-resolve: Remove dependency on librokenSimo Sorce2012-05-234-206/+156
| | | | Use available native samba resolver functions
* addns: Make ads_dns_lookup_srv pulicSimo Sorce2012-05-232-1/+6
|
* Move source3/libads/dns.c to lib/addnsSimo Sorce2012-05-2312-15/+27
|
* s3-ads-dns: Avoid unnecessary dependenciesSimo Sorce2012-05-233-12/+11
|
* s3-ads-dns: Break dependency on lp_parmSimo Sorce2012-05-237-33/+69
| | | | In preparation of making this code common to s3 and s4
* s3-ad-dns: Use more standard uint and booleans defsSimo Sorce2012-05-231-35/+35
| | | | In preparation of making this code common to s3 and s4
* addns: Fix talloc hiereachySimo Sorce2012-05-231-1/+1
| | | | Attach request to local memory context not to potentially long lived connection
* s3:smbd: use reply_force_doserror(req, ERRSRV, ERRbaduid) on SMBulogoffStefan Metzmacher2012-05-231-0/+5
| | | | | | | | | | | | We don't support security = share anymore, so we should always have a valid session. Found by the raw.context test. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed May 23 12:47:37 CEST 2012 on sn-devel-104
* Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no ↵Herb Lewis2012-05-231-0/+1
| | | | | | | | | | | | | timeout. If we're running with SEC_ADS and we don't get a cldap response from the server when querying its name, don't fall back to NetBIOS requests as they're unlikely to succeed. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
* Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout.Jeremy Allison2012-05-224-2/+15
| | | | | Add a timeout_in_seconds parameter to nbt_getdc() to make it fail after that time with NT_STATUS_IO_TIMEOUT.
* s3:smbd: remove unused 'connection_struct->used'Michael Adam2012-05-223-4/+0
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
* Added torture test for bug #8910. Test remove_duplicate_addrs2().Jeremy Allison2012-05-224-2/+108
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue May 22 01:31:17 CEST 2012 on sn-devel-104
* s3: Fix vfs_xattr_tdb.cVolker Lendecke2012-05-211-1/+1
| | | | | | | | | | | "size" is the maximum buffer, only copy what we actually got. For me, this fixes valgrind errors in the DIR1 test that might potentially make DIR1 non-flaky again. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon May 21 22:10:15 CEST 2012 on sn-devel-104
* s3:smb2_ioctl: Fix Coverity ID 701771 Uninitialized scalar variableStefan Metzmacher2012-05-211-0/+10
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon May 21 19:27:44 CEST 2012 on sn-devel-104
* s4-dsdb: allow modification of some deleted object if the show-deleted ↵Matthieu Patou2012-05-191-4/+9
| | | | | | | control is presented Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 14:31:26 +0000