summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()Stefan Metzmacher2014-12-191-23/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ↵Stefan Metzmacher2014-12-191-2/+2
| | | | | | | | | | ourself If we're a member or RWDC there's no need to require talking to a rwdc, an rodc will forward the request if required. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogonStefan Metzmacher2014-12-191-0/+5
| | | | | | | | We need to call init_dc_connection_rpc() before we can decide if we want to try NCACN_IP_TCP. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper functionStefan Metzmacher2014-12-192-0/+93
| | | | | | | | | This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN as cli_credentials_get_realm() will return the correct value compared to cli_credentials_get_domain(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() ↵Stefan Metzmacher2014-12-192-0/+65
| | | | | | | | | helper functions This simplifies the callers, then can just pass in a cli_credentials structure. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/credentials: add cli_credentials_set_utf16_password()Stefan Metzmacher2014-12-193-6/+65
| | | | | | | | | | | | | | We need a way to initialize the cli_credentials from the raw utf16 blob, which might not be completely valid utf16, which means the conversion from CH_UTF16MUNGED to CH_UTF8 might loose information. This would result in an invalid nt_hash, when we convert back from CH_UTF8 to CH_UTF16LE. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()Stefan Metzmacher2014-12-191-17/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if requiredStefan Metzmacher2014-12-191-0/+8
| | | | | | | | | | | | | Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL backend arround, this can only be specified explicitely by the caller and cli_credentials_get_netlogon_creds() != NULL is the strong indication that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*. With trusts against AD domain we can reliable use kerberos and netlogon secure channel for authentication. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'Stefan Metzmacher2014-12-191-4/+13
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-192-11/+43
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()Stefan Metzmacher2014-12-191-1/+1
| | | | | | | | We should not try to connect to the given domain from within the winbindd parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: report our own name for PING_DC and internal domainsStefan Metzmacher2014-12-191-0/+22
| | | | | | | | This means "wbinfo --ping-dc" works fine on a DC. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: check for rpath compiler/linker flagsRalph Boehme2014-12-191-0/+4
| | | | | | | | | | | | Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: fill PRIVATE_NAME() logic againStefan Metzmacher2014-12-192-4/+21
| | | | | | | | | | | | | We append bld.env.PRIVATE_EXTENSION to the name of private libraries again, but only unless they have a abi_directory, vnum or soname defined. This avoids naming conflicts with system libraries, e.g. libidmap.so on Solaris Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2014-12-192-13/+18
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: use shared/libnss_wrapper_winbind.so.2Stefan Metzmacher2014-12-192-2/+2
| | | | | | | | | | | This library is always available in make test. nss-wrapper strictly requires the linux nss api. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()Stefan Metzmacher2014-12-191-1/+5
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ctdb-daemon: Use correct tdb flags when enabling robust mutex supportAmitay Isaacs2014-12-194-22/+70
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tdb: version 1.3.4Stefan Metzmacher2014-12-192-1/+69
| | | | | | | | | | | | Transactions are supported with TDB_MUTEX_LOCKING. This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
* tdb/toos: allow transactions with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb/test: add tdb1-run-mutex-transaction1 testStefan Metzmacher2014-12-192-0/+237
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKINGStefan Metzmacher2014-12-191-1/+1
| | | | | | | | | | | | | There's no real reason to disallow transactions as the allrecord lock is also available with mutexes enabled. E.g. ctdbd requires transactions also on non-persistent databases opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* vfs_fruit: Avoid double ()Volker Lendecke2014-12-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
* vfs_fruit: Avoid double initializationVolker Lendecke2014-12-181-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* lib/texpect: prefer bsd/libutil.h if availableStefan Metzmacher2014-12-182-2/+4
| | | | | | | Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
* s4:heimdal_build: remove unused openpty checkStefan Metzmacher2014-12-181-1/+0
| | | | | | | | | commit 638a8edd7ce708cf550c054ac16dade795b6448b removed HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...) (the only heimdal user of openpty(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli-dns: Remove obsolete dns_host_file subsystem.Andreas Schneider2014-12-184-456/+0
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
* s3-libsmb: Remove obsolete support for dns_host_file.Andreas Schneider2014-12-181-27/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-libcli: Remove obsolete support for file resolving.Andreas Schneider2014-12-183-163/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* addns: Remove support for dns_host_file.Andreas Schneider2014-12-189-94/+122
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba3 targets to join AD.Andreas Schneider2014-12-181-11/+60
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Use resolv_wrapper in the samba4 target.Andreas Schneider2014-12-182-15/+90
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Always enable dns fakeing.Andreas Schneider2014-12-181-2/+6
| | | | | | | | FIXME: This should be removed once we fixed adding records to the DNS server using nsupdate! Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Define if we should fake dns resolving.Andreas Schneider2014-12-182-1/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_dnsupdate: Allow the tool to work in 'make test'.Andreas Schneider2014-12-181-2/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_dnsupdate: Always fill out the nameservers of a dns object.Andreas Schneider2014-12-181-3/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Wait for the logon server to register to join the member.Andreas Schneider2014-12-181-0/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nmblookup: Return if the lookup was successful or not.Andreas Schneider2014-12-181-7/+18
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10803 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Jeremy Allison <jra@samba.org>
* selftest: Print better DC provisioning info.Andreas Schneider2014-12-181-3/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Also pass the IPv6 address for the KDC around.Andreas Schneider2014-12-181-17/+49
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Preload resolv_wrapper in selftest.Andreas Schneider2014-12-182-0/+12
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: try to use the trust account with kerberos if possibleStefan Metzmacher2014-12-181-7/+19
| | | | | | | | | | This trust account is usable for SMB authentication via kerberos, so we should try that if we think the domain is active directory. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: fix anon fallback in cm_prepare_connection()Stefan Metzmacher2014-12-181-18/+1
| | | | | | | | | We should not crash with machine_password==NULL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: also try to fallback to anonymous if we get ↵Stefan Metzmacher2014-12-181-0/+1
| | | | | | | | | | | NT_STATUS_INVALID_ACCOUNT_NAME Kerberos authentication may return NT_STATUS_INVALID_ACCOUNT_NAME (PRINCIPAL_UNKNOWN) Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: let cli_session_setup_kerberos_recv() return a useful error codeStefan Metzmacher2014-12-181-6/+22
| | | | | | | | | | Forcing NT_STATUS_UNSUCCESSFUL is not a good idea, we should return NT_STATUS_LOGON_FAILURE instead. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() firstStefan Metzmacher2014-12-181-21/+44
| | | | | | | | | | | | | NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2() code. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
* s3:passdb: add optional get_trusteddom_creds() hooksStefan Metzmacher2014-12-184-1/+339
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pdb: fix build issues with shared modulesGarming Sam2014-12-181-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10355 Change-Id: I26e78b56ead0c66afcda6b3fb8b1fd09130b24a5 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser()Stefan Metzmacher2014-12-181-0/+1
| | | | | | | | | | | | | In a cluster this can be called with an empty record, while brl_parse_data() relies on an initialized structure. This is a regression in commit 837e29035c911f3509135252c3f423d0f56b606d. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10911 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: improve rpc.remote_pac test so we check if LogonSamLogon actually ↵Andrew Bartlett2014-12-181-0/+2
| | | | | | | | | | | succeeds Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 18 02:51:02 CET 2014 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 17:04:35 +0000