Andrew Bartlett [Mon, 27 Jun 2011 05:59:54 +0000 (15:59 +1000)]
s3-param Remove lp_parm_string
Samba 4.0 makes no attempt to provide a loader environment that
will allow a module that is not rebuilt to operate.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Jun 2011 05:58:45 +0000 (15:58 +1000)]
s3-param make lp_passdb_backend() a normal lp_ function again
It is now a large number of releases since the multiple passdb backend
support was removed in 3.0.23.
Andrew Bartlett
Volker Lendecke [Mon, 27 Jun 2011 12:34:39 +0000 (14:34 +0200)]
s3: explicitly pass domain_sid to wbint_LookupRids() (bug #7841)
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jun 27 18:21:30 CEST 2011 on sn-devel-104
Christian Ambach [Mon, 27 Jun 2011 13:44:10 +0000 (15:44 +0200)]
s3:g_lock: g_lock.tdb should not be executable
TDBs are not executable, so do not create the file with
the execution bit set
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Mon Jun 27 17:09:12 CEST 2011 on sn-devel-104
Volker Lendecke [Sat, 25 Jun 2011 12:25:38 +0000 (14:25 +0200)]
s3: Fix winbindd_wins_byname
Before the async change, the addresses were separated by spaces, not tabs
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jun 25 15:40:15 CEST 2011 on sn-devel-104
Michael Adam [Fri, 24 Jun 2011 14:40:17 +0000 (16:40 +0200)]
s3:test: don't rely on pyhton being in /usr/bin/python in the sids2xids test
"/usr/bin/env pyhton" should always work as long as pyhton is in the path.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat Jun 25 01:07:15 CEST 2011 on sn-devel-104
Michael Adam [Fri, 24 Jun 2011 14:38:07 +0000 (16:38 +0200)]
s3:test: fix the smbclient_s3 test on older systems
mktemp requires precisely six Xs at the end of the template name
Michael Adam [Fri, 24 Jun 2011 14:37:20 +0000 (16:37 +0200)]
s3:test: fix the net registry roundtrip test on older systems
mktemp requires exactly Xs at the end of the template name on SLES8
Stefan Metzmacher [Fri, 24 Jun 2011 20:04:51 +0000 (22:04 +0200)]
s3:configure: remove unused --with-rootsbindir configure option
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jun 24 23:57:20 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 14 Jun 2011 05:00:32 +0000 (15:00 +1000)]
s3-autconf Move nmbd socket directory to PREFIX/var/nmbd
This is consistent with the new ncalrpc socket directory, also added
in this release.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The last 2 patches address bug #8230 (Move .nmbd socket directory to non-hidden
name PREFIX/var/nmbd).
(cherry picked from commit
833fdb5b3693a7c9111bb98e5bc9a29d29be9d1d)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 14 Jun 2011 04:56:30 +0000 (14:56 +1000)]
s3-buildoptions Show compiled-in location of the new ncaclrpc and nmbd sockets
(cherry picked from commit
c558775713e505cfc1db5af417cc7b792dfc310e)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 24 Jun 2011 19:23:21 +0000 (21:23 +0200)]
Add NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jun 24 22:36:50 CEST 2011 on sn-devel-104
Volker Lendecke [Fri, 24 Jun 2011 15:01:44 +0000 (17:01 +0200)]
s3: Fix an error message in smbclient symlink
Volker Lendecke [Thu, 23 Jun 2011 14:54:50 +0000 (16:54 +0200)]
s3: Use reparse point style symlinks
Volker Lendecke [Thu, 23 Jun 2011 14:52:34 +0000 (16:52 +0200)]
s3: Remove a call to cli_errstr
Volker Lendecke [Thu, 23 Jun 2011 14:49:17 +0000 (16:49 +0200)]
s3: Add cli_symlink
Volker Lendecke [Thu, 23 Jun 2011 14:02:50 +0000 (16:02 +0200)]
s3: Add SYMLINK_FLAG_RELATIVE define
Volker Lendecke [Thu, 23 Jun 2011 13:33:58 +0000 (15:33 +0200)]
s3: Add symlink reparse point marshalling routines
Volker Lendecke [Thu, 23 Jun 2011 12:44:25 +0000 (14:44 +0200)]
lib: Allow NULL converted_size in convert_string_talloc
Stefan Metzmacher [Fri, 18 Mar 2011 18:13:43 +0000 (19:13 +0100)]
s4:selftest: test ntvfs.cifs with s4u2proxy
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jun 24 20:35:30 CEST 2011 on sn-devel-104
Stefan Metzmacher [Mon, 2 May 2011 10:53:48 +0000 (12:53 +0200)]
s4:selftest: use wildcards for ntvfs.cifs tests in knownfail and skip files
metze
Stefan Metzmacher [Fri, 24 Jun 2011 16:50:51 +0000 (18:50 +0200)]
selftest/Samba4: correctly upper case the netbiosname variable
metze
Stefan Metzmacher [Wed, 27 Apr 2011 09:41:49 +0000 (11:41 +0200)]
s4:kdc: implement samba_kdc_check_s4u2proxy()
metze
Stefan Metzmacher [Fri, 24 Jun 2011 14:59:24 +0000 (16:59 +0200)]
s4:samba-tool: add "delegation" subcommands for S4U2Proxy and related stuff
For now this only works on the local sam.ldb, but it shouldn't be hard
to improve it to talk to remove servers.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Stefan Metzmacher [Fri, 24 Jun 2011 14:37:26 +0000 (16:37 +0200)]
s4:python/samba/samdb: add toggle_userAccountFlags() helper function
And let enable_account() use it.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Stefan Metzmacher [Fri, 24 Jun 2011 10:40:33 +0000 (12:40 +0200)]
HEIMDAL:kdc: don't allow self delegation if a backend check_constrained_delegation() hook is given
A service should use S4U2Self instead of S4U2Proxy.
Windows servers allow S4U2Proxy only to explicitly configured
target principals.
metze
Stefan Metzmacher [Fri, 24 Jun 2011 09:53:37 +0000 (11:53 +0200)]
HEIMDAL:kdc: pass down the server hdb_entry_ex to check_constrained_delegation()
This way we can compare the already canonicalized principals,
while still passing the client specified target principal down
to the backend specific constrained_delegation() hook.
metze
Stefan Metzmacher [Fri, 24 Jun 2011 09:08:33 +0000 (11:08 +0200)]
HEIMDAL:kdc: use the correct client realm in the EncTicketPart
With S4U2Proxy tgt->crealm might be different from tgt_name->realm.
metze
Volker Lendecke [Fri, 24 Jun 2011 14:44:04 +0000 (16:44 +0200)]
Add NT_STATUS_IO_REPARSE_DATA_INVALID
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jun 24 17:58:00 CEST 2011 on sn-devel-104
Sumit Bose [Fri, 24 Jun 2011 12:32:15 +0000 (14:32 +0200)]
s4-lsa: Fix typo
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jun 24 16:19:36 CEST 2011 on sn-devel-104
Björn Jacke [Fri, 24 Jun 2011 11:37:16 +0000 (13:37 +0200)]
s3:vfs_commit: fix build
fix build
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Fri Jun 24 14:51:31 CEST 2011 on sn-devel-104
Stefan Metzmacher [Fri, 24 Jun 2011 06:54:02 +0000 (08:54 +0200)]
s3:smb2_ioctl/FSCTL_PIPE_TRANSCEIVE: generate STATUS_BUFFER_OVERFLOW if needed (bug #8260)
This should fix DCERPC responses with fragments larger than 1024 bytes.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jun 24 11:25:36 CEST 2011 on sn-devel-104
Stefan Metzmacher [Fri, 24 Jun 2011 07:39:36 +0000 (09:39 +0200)]
Merge commit 'release-4-0-0alpha16' into master4-tmp
Stefan Metzmacher [Fri, 24 Jun 2011 07:39:33 +0000 (09:39 +0200)]
Merge commit 'release-4-0-0alpha15' into master4-tmp
Andrew Bartlett [Fri, 24 Jun 2011 06:26:23 +0000 (16:26 +1000)]
Andrew Bartlett [Fri, 24 Jun 2011 04:25:12 +0000 (14:25 +1000)]
VERSION: on the road to alpha17
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jun 24 08:23:54 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 24 Jun 2011 03:57:47 +0000 (13:57 +1000)]
release Samba 4.0 alpha16
Andrew Bartlett [Sat, 23 Apr 2011 21:38:52 +0000 (23:38 +0200)]
Update WHATSNEW.txt with news for Samba 4.0 alpha16
Andrew Bartlett [Fri, 24 Jun 2011 04:14:51 +0000 (14:14 +1000)]
build: Remove blacklist now we have a common build
Andrew Bartlett [Fri, 24 Jun 2011 03:57:47 +0000 (13:57 +1000)]
release Samba 4.0 alpha16
Andrew Bartlett [Sat, 23 Apr 2011 21:38:52 +0000 (23:38 +0200)]
Update WHATSNEW.txt with news for Samba 4.0 alpha16
Andrew Bartlett [Fri, 24 Jun 2011 03:22:11 +0000 (13:22 +1000)]
s3-build Add dep on popt to fix FreeBSD build
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jun 24 06:32:59 CEST 2011 on sn-devel-104
Andrew Bartlett [Fri, 24 Jun 2011 04:14:51 +0000 (14:14 +1000)]
build: Remove blacklist now we have a common build
Andrew Bartlett [Fri, 24 Jun 2011 03:17:19 +0000 (13:17 +1000)]
selftest: Cope with no binary argument being supplied to gdb_backtrace
Modern versions of gdb are better than us at working out what binary
is running, and so it is more reliable to omit the binary argument.
This change is required because samba4 no longer supplies this
argument.
Andrew Bartlett
Andrew Bartlett [Fri, 24 Jun 2011 03:04:27 +0000 (13:04 +1000)]
selftest: Remove %PROG% argument from 'panic action'
The debugger or script will need to work out the binary from the PID,
as %PROG% support was lost when the setup_fault() code was merged
between Samba3 and Samba4.
Andrew Bartlett
Andrew Bartlett [Fri, 24 Jun 2011 03:03:49 +0000 (13:03 +1000)]
s3-selftest Remove unused gdb_backtrace
The version in selftest/ has more features and is the one used by 'make test'.
Andrew Bartlett
Andrew Bartlett [Fri, 24 Jun 2011 02:57:47 +0000 (12:57 +1000)]
param: Remove remaining references to announce as and announce version
Andrew Bartlett [Fri, 24 Jun 2011 01:47:45 +0000 (11:47 +1000)]
s3-build Require fully defined symbols in ALL libraries by default
The only exception here is libsmbregistry, which needs further work to
resolve the library loop caused by the registry based smb.conf
loading.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jun 24 05:01:38 CEST 2011 on sn-devel-104
Andrew Bartlett [Wed, 25 May 2011 06:05:23 +0000 (16:05 +1000)]
s3-build: Require fully defined symbols for all public libraries
Andrew Bartlett [Thu, 23 Jun 2011 07:33:04 +0000 (17:33 +1000)]
s3-build: Remove SECRETS3 as a samba3core dep
This resolves the the library loop between libsmbconf and
SECRETS3/passdb, and allows the next commit to require fully defined
symbols in public libraries.
Andrew Bartlett
Andrew Bartlett [Thu, 23 Jun 2011 07:32:07 +0000 (17:32 +1000)]
s3-param Remove %(DomainSID) support
This also removes the now unused longvar support. This experiment
never took off.
Fixing this allows me to resolve the the library loop between libsmbconf
and SECRETS3/passdb.
Andreas correctly points out that this loop originally comes from my
patch to obtain the domain sid from passdb
(
25cfa29e29bdbb6c84bd85ea02ec542228ae585f), but as I would prefer to
keep that feature, I'm hoping to break the loop here instead.
Andrew Bartlett
Jeremy Allison [Thu, 23 Jun 2011 22:06:16 +0000 (15:06 -0700)]
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
Andrew Bartlett [Thu, 23 Jun 2011 10:43:16 +0000 (20:43 +1000)]
build: Add a script to install python and Samba with one command
This should help folks on systems that don't have a recent python
provided by the OS.
Python is installed into the same prefix as Samba, not in the default
path.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jun 23 14:56:54 CEST 2011 on sn-devel-104
Andrew Bartlett [Tue, 21 Jun 2011 05:14:29 +0000 (15:14 +1000)]
s3-param Remove 'announce version' parameter
The only users I can find of this on the internet involve confused
users, and our own documentation recommends never setting this. Don't
confuse our users any longer.
Andrew Bartlett
Andrew Bartlett [Tue, 21 Jun 2011 00:20:05 +0000 (10:20 +1000)]
param: Remove "announce as" parameter
Andrew Bartlett [Wed, 22 Jun 2011 00:40:26 +0000 (10:40 +1000)]
s3-net: Bind our gettext results to 'unix charset'
This ensures that the translations and any embedded strings are in the
same charset. It won't be the one from the user's locale (we no
longer auto-detect that), but it will be self-consistent.
Thanks to Steve Langasek for pointing this function out!
Andrew Bartlett
Andrew Bartlett [Wed, 22 Jun 2011 00:12:39 +0000 (10:12 +1000)]
s3-swat Remove d_printf() calls
These calls only ever output ASCII strings (protocol strings and
debugging), and never user content, so make it clear that these don't
need to be converted into UTF8.
Andrew Bartlett
Andrew Bartlett [Tue, 21 Jun 2011 23:58:59 +0000 (09:58 +1000)]
lib/util/charset: Remove autodetection of charset from LOCALE
In the past, our LOCALE would set the display charset of Samba. The
display charset has now been removed. This patch removes the support
code that detected the locale from the environment. We cannot safely
have 'unix charset' follow the locale (at it creates files on disk and
entries in databases that must not vary), so this code is unused.
As an example, imagine a database is manipulated in the
administrator's locale, and then read by smbd starting up in the
system default locale. Or smbd restarted by the administrator rather
than a startup script. Both of these situations could corrupt
databases or filenames on disk.
Andrew Bartlett
Andrew Bartlett [Tue, 21 Jun 2011 23:52:31 +0000 (09:52 +1000)]
lib/util/charset: Remove 'display charset'
As discussed in 'CH_DISPLAY and gettext' on the samba-technical list:
http://lists.samba.org/archive/samba-technical/2011-June/078190.html
Setting this to a value other than 'unix charset' does not make sense,
as any system where the filesytem charset does not equal the terminal
charset will already have problems with programs as simple as 'ls'.
It also means that our output could not be pasted as our input in
interactive programs or onto our command line, as we never did
translate in the DISPLAY -> UNIX direction.
The d_printf() calls are retained in case we need to revisit this, and
to support display_set_stderr().
Andrew Bartlett
Volker Lendecke [Thu, 23 Jun 2011 10:24:40 +0000 (12:24 +0200)]
s3: Add IO_REPARSE_TAG_SYMLINK define
From http://msdn.microsoft.com/en-us/library/
dd541667%28v=PROT.13%29.aspx
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jun 23 13:46:37 CEST 2011 on sn-devel-104
Volker Lendecke [Thu, 23 Jun 2011 10:24:21 +0000 (12:24 +0200)]
s3: Fix some nonempty blank lines
Michael Adam [Tue, 21 Jun 2011 08:23:51 +0000 (10:23 +0200)]
s3: remove prototype of convert_string_error from proto.h
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Jun 23 12:34:31 CEST 2011 on sn-devel-104
Michael Adam [Tue, 21 Jun 2011 08:23:17 +0000 (10:23 +0200)]
s3: remove prototype of convert_string from proto.h
Matthieu Patou [Wed, 22 Jun 2011 22:35:50 +0000 (02:35 +0400)]
dfsreferral: search client's site and use it
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Thu Jun 23 01:50:39 CEST 2011 on sn-devel-104
Matthieu Patou [Wed, 22 Jun 2011 17:28:25 +0000 (21:28 +0400)]
s4-dbcheck: fix uninitialized errstr in err_dn_target_mismatch
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Jun 22 21:22:27 CEST 2011 on sn-devel-104
Matthieu Patou [Wed, 22 Jun 2011 17:28:00 +0000 (21:28 +0400)]
s4-dbcheck: remove unused include
Matthieu Patou [Wed, 22 Jun 2011 16:54:37 +0000 (20:54 +0400)]
s4-schema: avoid segfaulting if id3.guid is NULL
Matthieu Patou [Tue, 21 Jun 2011 09:39:28 +0000 (13:39 +0400)]
s4-samba_dnsupdate: set environment via the env parameter
I faced a situation where the os.environ("KRB5CCNAME") = ... didn't
seems to be effective
Matthieu Patou [Tue, 21 Jun 2011 09:37:26 +0000 (13:37 +0400)]
s4-upgradeprovision: Don't forget to populate the non replicated objects, and don't touch rIDPreviousAllocationPool
Andrew Tridgell [Wed, 22 Jun 2011 12:06:18 +0000 (22:06 +1000)]
dbchecker: cope with a broken link to Deleted Objects
if a DN link to Deleted Objects has a bad GUID, we need to use
show_deleted
Andrew Tridgell [Wed, 22 Jun 2011 11:22:39 +0000 (21:22 +1000)]
dbchecker: fixed argument error for -H and DN
Andrew Tridgell [Wed, 22 Jun 2011 10:53:44 +0000 (20:53 +1000)]
dbchecker: when fixing a bad GUID in a DN, search by the string DN
Andrew Tridgell [Wed, 22 Jun 2011 10:44:35 +0000 (20:44 +1000)]
samba-tool: added --attrs option to dbcheck
this allows checking of a specific list of attributes
Andrew Tridgell [Wed, 22 Jun 2011 10:01:58 +0000 (20:01 +1000)]
samba-tool: make the dbcheck class available outside of samba-tool
this will be used in provision, and probably in upgradeprovision as
well
Andrew Tridgell [Wed, 22 Jun 2011 09:32:45 +0000 (19:32 +1000)]
samba-tool: added --quiet option to dbcheck
this will be used to allow for other tools (such as provision) to call
into dbcheck without generating a lot of noise
Stefan Metzmacher [Wed, 22 Jun 2011 16:25:30 +0000 (18:25 +0200)]
s4:winbind/wb_init_domain: use DCERPC_SCHANNEL_128 in order to work against w2k8r2
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 19:40:47 CEST 2011 on sn-devel-104
Stefan Metzmacher [Fri, 11 Mar 2011 07:32:22 +0000 (08:32 +0100)]
s4:ntvfs/cifs: add option to use S4U2Proxy
Note: this doesn't work against a Samba4 KDC yet.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
Stefan Metzmacher [Tue, 21 Jun 2011 09:05:15 +0000 (11:05 +0200)]
s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCs
If the KDC does not support S4U2Proxy, it might return a ticket
for the TGT client principal.
metze
Stefan Metzmacher [Mon, 20 Jun 2011 18:28:44 +0000 (20:28 +0200)]
s4:auth/kerberos: add S4U2Proxy support to kerberos_kinit_password_cc()
For S4U2Proxy we need to use the ticket from the S4U2Self stage
and ask the kdc for the delegated ticket for the target service.
metze
Jim McDonough [Wed, 22 Jun 2011 11:36:20 +0000 (07:36 -0400)]
Update eDirectory schema
Autobuild-User: Jim McDonough <jmcd@samba.org>
Autobuild-Date: Wed Jun 22 14:48:09 CEST 2011 on sn-devel-104
Andrew Tridgell [Wed, 22 Jun 2011 08:14:14 +0000 (18:14 +1000)]
s4-dsdb: bypass validation when relax set
this allows dbcheck to fix bad attributes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
Andrew Tridgell [Wed, 22 Jun 2011 07:38:19 +0000 (17:38 +1000)]
samba-tool: allow for running dbcheck against a remove ldap server
this is useful for running it against a Windows server
Andrew Tridgell [Wed, 22 Jun 2011 07:08:28 +0000 (17:08 +1000)]
samba-tool: expanded dbcheck DN checking
this now checks for bad GUID elements in DN links, and offers to fix
them when possible
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 07:07:39 +0000 (17:07 +1000)]
s4-dsdb: prioritise GUID in extended_dn_in
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 07:05:08 +0000 (17:05 +1000)]
s4-dsdb: catch duplicate matches in extended_dn_in
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 21 Jun 2011 13:09:28 +0000 (15:09 +0200)]
s3: Added missing includes to .clang_complete.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jun 22 11:15:56 CEST 2011 on sn-devel-104
Stefan Metzmacher [Mon, 20 Jun 2011 23:39:58 +0000 (01:39 +0200)]
s4:auth/kerberos: protect kerberos_kinit_password_cc() against old KDCs
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets
which belongs to the client principal of the TGT.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
Stefan Metzmacher [Mon, 20 Jun 2011 19:23:45 +0000 (21:23 +0200)]
s4:auth/kerberos: remove one indentation level in kerberos_kinit_password_cc()
This will make the following changes easier to review.
metze
Stefan Metzmacher [Mon, 20 Jun 2011 19:09:13 +0000 (21:09 +0200)]
s4:auth/kerberos: reformat kerberos_kinit_password_cc()
In order to make the following changes easier to review.
metze
Stefan Metzmacher [Mon, 20 Jun 2011 13:27:58 +0000 (15:27 +0200)]
s4:auth/kerberos: don't mix s4u2self creds with machine account creds
It's important that we don't store the tgt for the machine account
in the same krb5_ccache as the ticket for the impersonated principal.
We may pass it to some krb5/gssapi functions and they may use them
in the wrong way, which would grant machine account privileges to
the client.
metze
Stefan Metzmacher [Mon, 20 Jun 2011 16:01:49 +0000 (18:01 +0200)]
s4:auth/kerberos: use better variable names in kerberos_kinit_password_cc()
This will make the following changes easier to review.
metze
Stefan Metzmacher [Mon, 20 Jun 2011 15:41:52 +0000 (17:41 +0200)]
s4:auth/kerberos: don't ignore return code in kerberos_kinit_password_cc()
metze
Andrew Tridgell [Wed, 22 Jun 2011 04:44:36 +0000 (14:44 +1000)]
samba-tool: added missing GUID component checks to dbcheck
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
Andrew Tridgell [Wed, 22 Jun 2011 04:44:12 +0000 (14:44 +1000)]
pyldb: added methods to get/set extended components on DNs
this will be used by the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 04:41:50 +0000 (14:41 +1000)]
pydsdb: added get_syntax_oid_from_lDAPDisplayName()
this gives you access to the syntax oid of an attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 03:49:37 +0000 (13:49 +1000)]
ldb: added extended_str() method to pyldb
this gives access to ldb_dn_get_extended_linearized() from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 02:34:32 +0000 (12:34 +1000)]
ldb: expose syntax oids to python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 22 Jun 2011 02:23:05 +0000 (12:23 +1000)]
samba-tool: try to keep dbcheck.py in a logical ordering
keep individual error handlers together and separate from driver code
Andrew Tridgell [Wed, 22 Jun 2011 01:56:40 +0000 (11:56 +1000)]
s4-dsdb: don't add zero GUID to BINARY_DN
When converting from DRS to ldb format for a BINARY_DN, don't add the
GUID extended DN element if the GUID is all zeros.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 20 Jun 2011 17:27:01 +0000 (19:27 +0200)]
s3-spoolss: Fix some valgrind warnings.
These are in/out values and need to be initialized.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Jun 21 18:58:30 CEST 2011 on sn-devel-104
git.samba.org / ira / wip.git / log