Volker Lendecke [Thu, 12 Jan 2012 10:36:02 +0000 (11:36 +0100)]
s3: Split a line with 1 statements
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 12 13:10:19 CET 2012 on sn-devel-104
Stefan Metzmacher [Wed, 11 Jan 2012 21:25:38 +0000 (22:25 +0100)]
s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKEN
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 15 Dec 2011 01:29:01 +0000 (12:29 +1100)]
Revert "make paranoia check less paranoid" - check that key types strictly match
This reverts commit
c25af51232616061bb08eea86aae595b4f029490 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 15 Dec 2011 05:36:03 +0000 (16:36 +1100)]
make hmac-md5 the keyed checksum type for arcfour-hmac-md5
Andrew Bartlett [Thu, 15 Dec 2011 05:17:09 +0000 (16:17 +1100)]
use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 07:19:14 +0000 (18:19 +1100)]
heimdal: remove checking of KDC PAC signature, delegate to wdc plugin
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 07:07:41 +0000 (18:07 +1100)]
auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksum
Andrew Bartlett [Wed, 11 Jan 2012 07:06:55 +0000 (18:06 +1100)]
s4-kdc Do the KDC PAC checksum validation in the Samba plugin
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that
we know. We cannot check the KDC signature on incoming trusts.
Andrew Bartlett
Andrew Bartlett [Wed, 11 Jan 2012 05:13:37 +0000 (16:13 +1100)]
s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATE
Amitay Isaacs [Thu, 12 Jan 2012 04:11:12 +0000 (15:11 +1100)]
samba-tool:dns: DNS names are case insensitive
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
Amitay Isaacs [Thu, 12 Jan 2012 04:10:42 +0000 (15:10 +1100)]
s4-rpc:dnsserver: DNS names are case insensitive
Jeremy Allison [Thu, 12 Jan 2012 00:37:48 +0000 (16:37 -0800)]
Ensure we always free aio_ex on all error paths by moving the TALLOC_FREE
call out of smbd_aio_complete_aio_ex() and into the caller.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104
Jeremy Allison [Tue, 10 Jan 2012 20:58:13 +0000 (12:58 -0800)]
Second part of fix for bug #8673 - NT ACL issue.
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
Jeremy Allison [Tue, 10 Jan 2012 20:52:01 +0000 (12:52 -0800)]
First part of fix for bug #8673 - NT ACL issue.
Simplify the logic in the unlink/rmdir calls - makes it readable
(and correct).
Stefan Metzmacher [Wed, 11 Jan 2012 12:47:08 +0000 (13:47 +0100)]
lib/param: avoid talloc_reference() in copy_service()
The memory reduction compared of talloc_reference() over talloc_strdup()
is typically very low. As the strings are typically short compared
to the talloc header overhead.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104
David Disseldorp [Wed, 11 Jan 2012 11:29:58 +0000 (12:29 +0100)]
s3-rpcclient: add deldriverex flags argument
The spoolss DeletePrinterDriverEx command offers three flags for
controlling how associated files and other versions of the driver are
effected: DPD_DELETE_UNUSED_FILES (1), DPD_DELETE_SPECIFIC_VERSION (2)
and DPD_DELETE_ALL_FILES (4).
This commit adds an optional numeric flags argument to the rpcclient
deldriverex command.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Wed Jan 11 14:39:35 CET 2012 on sn-devel-104
David Disseldorp [Tue, 10 Jan 2012 17:21:42 +0000 (18:21 +0100)]
spoolss: fix DPD_DELETE_ALL_FILES error return
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files
assigned to the to-be-deleted driver overlap with other drivers then an
error is returned. Change the error code here to match Windows 2k8r2.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 08:00:34 +0000 (19:00 +1100)]
s4:auth: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
Andrew Bartlett [Wed, 11 Jan 2012 08:00:34 +0000 (19:00 +1100)]
gensec: Make sure to check the optional auth_context hooks before using them
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:26:31 +0000 (11:26 +1100)]
gensec: Rename want_flags and got_flags in gensec_gssapi
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:14:54 +0000 (11:14 +1100)]
gensec: make gensec_gssapi.h common
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:21:05 +0000 (15:21 +1100)]
s3-librpc Supply target service and server to spnego_generic_init_client()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 03:29:51 +0000 (14:29 +1100)]
s3-librpc: Rename spnego_ntlmssp_init_client and make generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 5 Jan 2012 16:15:14 +0000 (17:15 +0100)]
s3-libsmb: split out auth_generic client functions into auth_generic.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 02:11:38 +0000 (13:11 +1100)]
s3-librpc: rename get_ntlmssp_auth_footer to be more generic
This can handle any gensec auth type now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 02:00:44 +0000 (13:00 +1100)]
s3-librpc Set target service and server into gensec
This will allow cli_rpc_pipe_open_generic_auth() to handle kerberos mechanisms.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 01:51:06 +0000 (12:51 +1100)]
s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be generic
This also includes renaming the helper function
rpccli_ntlmssp_bind_data, and allows this function to operate on any
gensec-supplied auth type.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 12:08:25 +0000 (23:08 +1100)]
s3-librpc Rename create_ntlmssp_auth_rpc_bind_req() to be more generic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 11:24:44 +0000 (22:24 +1100)]
gensec: move gensec_util.c to the top level
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 11:45:51 +0000 (22:45 +1100)]
auth: make auth4_context common to provide access to generate_session_info_pac()
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 11:24:07 +0000 (22:24 +1100)]
auth/kerberos: Remove unused headers from gssapi_parse.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 28 Dec 2011 11:54:23 +0000 (22:54 +1100)]
s3-librpc Return user principal name on supplied mem_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 6 Jan 2012 07:32:41 +0000 (18:32 +1100)]
krb5: Require gss_get_name_attribute or Heimdal's PAC parsing to build with krb5
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 10 23:23:07 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 5 Jan 2012 00:39:14 +0000 (11:39 +1100)]
krb5: Require krb5_string_to_key be available to build with krb5
Andrew Bartlett [Thu, 5 Jan 2012 00:34:12 +0000 (11:34 +1100)]
krb5: Require krb5_set_real_time is available to build with krb5
Andrew Bartlett [Thu, 5 Jan 2012 00:30:22 +0000 (11:30 +1100)]
krb5: Require krb5_principal_compare_any_realm be available to build with krb5
Andrew Bartlett [Thu, 5 Jan 2012 00:16:24 +0000 (11:16 +1100)]
krb5: Require krb5_get_renewed_creds be available to build with krb5
Andrew Bartlett [Thu, 5 Jan 2012 00:09:46 +0000 (11:09 +1100)]
krb5: Remove now unused checks for krb5_verify_checksum
Andrew Bartlett [Thu, 5 Jan 2012 00:06:28 +0000 (11:06 +1100)]
krb5: Require krb5_get_init_creds_opt_alloc/free for build with krb5
This also assumes the modern API with a krb5_context argument.
Andrew Bartlett
Andrew Bartlett [Wed, 4 Jan 2012 23:59:44 +0000 (10:59 +1100)]
krb5: Require krb5_fwd_tgt_creds to be available to build with krb5
Andrew Bartlett [Wed, 4 Jan 2012 23:54:50 +0000 (10:54 +1100)]
krb5: Require krb5_get_host_realm and krb5_free_host_realm be available to build with krb5
Andrew Bartlett [Wed, 4 Jan 2012 23:51:29 +0000 (10:51 +1100)]
krb5: Require krb5_c_verify_checksum is available to build with krb5
Andrew Bartlett [Wed, 4 Jan 2012 23:46:24 +0000 (10:46 +1100)]
krb5: Require krb5_c_enctype_compare is available to build with krb5
Michael Adam [Sun, 8 Jan 2012 00:02:58 +0000 (01:02 +0100)]
s4:provision: add "+dns" to server services if the dns backend is SAMBA_INTERNAL
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue Jan 10 21:17:45 CET 2012 on sn-devel-104
Michael Adam [Wed, 4 Jan 2012 23:45:12 +0000 (00:45 +0100)]
s4:provision: add a server services line to the smb.conf template for the dc
Signed-off-by: Kai Blin <kai@samba.org>
Michael Adam [Wed, 4 Jan 2012 23:44:39 +0000 (00:44 +0100)]
s4:provision: add the possibility to provision "server services" in smb.conf
Signed-off-by: Kai Blin <kai@samba.org>
Michael Adam [Wed, 4 Jan 2012 23:05:26 +0000 (00:05 +0100)]
s4:provision: improve a message
Signed-off-by: Kai Blin <kai@samba.org>
Günther Deschner [Thu, 15 Dec 2011 16:50:33 +0000 (17:50 +0100)]
samba: check for AES encryption type defines.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104
Stefan Metzmacher [Wed, 4 Jan 2012 11:57:10 +0000 (12:57 +0100)]
talloc/testsuite: fix compiler warnings
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 10 13:31:33 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 10 Jan 2012 09:12:49 +0000 (10:12 +0100)]
s3-aio_pthread: Fix the build
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 10 11:54:01 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 10 Jan 2012 09:12:49 +0000 (10:12 +0100)]
s3-aio_pthread: Make "pd_list" static
Matthias Dieter Wallnöfer [Mon, 9 Jan 2012 12:21:49 +0000 (13:21 +0100)]
s4:python tests __init__.py - do not depend on "subprocess.check_call()"
Method not present in Python 2.4
Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Jan 10 00:41:59 CET 2012 on sn-devel-104
Matthias Dieter Wallnöfer [Mon, 9 Jan 2012 10:55:08 +0000 (11:55 +0100)]
s4:python tests __init__.py - do not depend on "subprocess.CalledProcessError"
The class is not present in Python 2.4
Reviewed-by: Jelmer
Volker Lendecke [Mon, 9 Jan 2012 20:33:54 +0000 (21:33 +0100)]
s3: Remove an unused label
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jan 9 23:07:32 CET 2012 on sn-devel-104
Stefan Metzmacher [Thu, 15 Dec 2011 15:28:08 +0000 (16:28 +0100)]
s4:scripting/devel: add repl_cleartext_pwd.py script
This is useful to sync passwords from an AD domain.
$
$ source4/scripting/devel/repl_cleartext_pwd.py \
-Uadministrator%
A1b2C3d4 \
172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName
# starting at usn[0]
dn: CN=Test User1,CN=Users,DC=bla,DC=base
cleartext_utf8:
A1b2C3d4
displayName:: VABlAHMAdAAgAFUAcwBlAHIAMQA=
# up to usn[16449]
$
$ source4/scripting/devel/repl_cleartext_pwd.py \
-Uadministrator%
A1b2C3d4
172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName
# starting at usn[16449]
# up to usn[16449]
$
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 9 19:06:06 CET 2012 on sn-devel-104
Günther Deschner [Mon, 9 Jan 2012 11:51:08 +0000 (12:51 +0100)]
s4-kerberos: remove some unused prototypes.
These are defined in the krb5 abstraction headers elsewhere.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
Günther Deschner [Fri, 6 Jan 2012 16:50:50 +0000 (17:50 +0100)]
s3-waf: rpcclient does not need libads.so.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 9 12:06:06 CET 2012 on sn-devel-104
Günther Deschner [Fri, 6 Jan 2012 16:49:31 +0000 (17:49 +0100)]
s3-passdb: remove a forward declaration.
Guenther
Günther Deschner [Fri, 6 Jan 2012 16:48:58 +0000 (17:48 +0100)]
s3-libads: pretty print a keytab list.
Guenther
Günther Deschner [Fri, 6 Jan 2012 16:27:03 +0000 (17:27 +0100)]
s3-pdbtest: only test trusted domains when pdb backends offers trusted domain support.
Guenther
Günther Deschner [Fri, 6 Jan 2012 15:10:55 +0000 (16:10 +0100)]
s3-libads: fix malloc/talloc mismatch in ads_keytab_verify_ticket().
Guenther
Stefan Metzmacher [Thu, 5 Jan 2012 15:34:02 +0000 (16:34 +0100)]
s4:python/samba/ndr.py: add an optional 'allow_remaining' to ndr_unpack()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 9 10:28:30 CET 2012 on sn-devel-104
Stefan Metzmacher [Thu, 5 Jan 2012 15:33:13 +0000 (16:33 +0100)]
pidl:Samba4/Python: add an optional 'allow_remaining' argument to __ndr_unpack__() hooks
Thanks to Amitay Isaacs <amitay@gmail.com> for the help with this.
metze
Andrew Bartlett [Mon, 9 Jan 2012 02:59:48 +0000 (13:59 +1100)]
s3-build: Remove unused hooks to set smbtorture4 and test args
These were left around after the selftest.pl script was introduced.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 9 06:13:21 CET 2012 on sn-devel-104
Andrew Bartlett [Mon, 9 Jan 2012 00:52:54 +0000 (11:52 +1100)]
auth/credentials Remove debug that prints in normal operation
The fact that this function is unimplemented is unimportant to the callers
as credential caches are not handled via the auth/credentials code in s3.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 9 03:24:36 CET 2012 on sn-devel-104
Andrew Bartlett [Mon, 9 Jan 2012 00:19:33 +0000 (11:19 +1100)]
s3-libsmb: Do not look up FQDN or use host/ for krb5 encrypted CIFS
This is important, as we want to use exactly the same name and ticket
that the libsmb session setup code used, so we do not hit the KDC twice.
For the session setup to have succeded using the default 'client use
spnego principal = no', the cifs/ principal must exist anyway, so
looking for host/ is pointless. The case of 'client use spnego
principal = yes' was never supported here.
Andrew Bartlett
Andrew Bartlett [Sun, 8 Jan 2012 23:50:14 +0000 (10:50 +1100)]
s3-sefltest Make krb5 tests contain the word krb5
Andrew Bartlett [Sun, 8 Jan 2012 23:49:49 +0000 (10:49 +1100)]
s3-selftst Add encrypted CIFS testing with kerberos
Andrew Bartlett [Sun, 8 Jan 2012 23:30:47 +0000 (10:30 +1100)]
s3-libsmb: match the rest of Samba3 in kerberos name selection in smb sealing
This mirrors
860ad734ba77238d187520f72afcbdc1c73d94ef which in turn
mirrors the behaviour of the libsmb client code at session setup time.
Andrew Bartlett
Andrew Bartlett [Sun, 8 Jan 2012 23:18:37 +0000 (10:18 +1100)]
s3-selftest: Add test for smbclient kerberos support
Andrew Bartlett [Fri, 6 Jan 2012 08:16:32 +0000 (19:16 +1100)]
s3-build SMBTORTRUE4 variable is unused in make test
Andrew Bartlett [Fri, 6 Jan 2012 08:14:33 +0000 (19:14 +1100)]
s3-build SAMBA4SHAREDIR is unused in make test
Andrew Bartlett [Fri, 6 Jan 2012 08:12:08 +0000 (19:12 +1100)]
s3-build: smbtorture4 can be built regardless of use_ads
Andrew Bartlett [Sun, 8 Jan 2012 22:47:47 +0000 (09:47 +1100)]
s3-selftest: remove smb4torture_possible and add have_ads_support
The smb4torture_possible check has already been hidden in
plansmbtorturetestsuite to reduce extra complexity and indentation.
The have_ads_support check will allow ADS tests to be run when we
do not have the ability to run smbtorture4
Andrew Bartlett
Andrew Bartlett [Sun, 8 Jan 2012 22:26:57 +0000 (09:26 +1100)]
s3-selftest Hide smb4torture_possible inside plansmbtorturetestsuite()
Ira Cooper [Fri, 6 Jan 2012 23:45:06 +0000 (15:45 -0800)]
Add "repack" command to tdbtool.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jan 7 02:18:41 CET 2012 on sn-devel-104
Jeremy Allison [Fri, 6 Jan 2012 22:56:36 +0000 (14:56 -0800)]
Remove the commented out code.
Jeremy Allison [Fri, 6 Jan 2012 22:55:30 +0000 (14:55 -0800)]
Comment out sys_get_number_of_cores() as we're no longer using this.
Jeremy Allison [Fri, 6 Jan 2012 22:33:56 +0000 (14:33 -0800)]
Add "aio num threads" parameter to allow manual configuration of
threads via smb.conf if required. Ignore the number of cores. See
comments inline.
Jeremy Allison [Fri, 6 Jan 2012 22:25:06 +0000 (14:25 -0800)]
Fix format warning message.
Volker Lendecke [Fri, 6 Jan 2012 15:42:08 +0000 (16:42 +0100)]
s3: Avoid a potential alignment requirement issue
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 6 18:58:11 CET 2012 on sn-devel-104
Volker Lendecke [Fri, 6 Jan 2012 15:38:44 +0000 (16:38 +0100)]
s3: Avoid a potential alignment requirement issue
Volker Lendecke [Fri, 6 Jan 2012 13:28:55 +0000 (14:28 +0100)]
s3: Use DELETE_ON_CLOSE instead of unlink
Volker Lendecke [Fri, 6 Jan 2012 13:21:37 +0000 (14:21 +0100)]
s3: No value change, just use the correct enum value
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 6 16:33:42 CET 2012 on sn-devel-104
Andrew Bartlett [Tue, 27 Dec 2011 08:39:32 +0000 (19:39 +1100)]
s3-ntlmssp Remove unused ntlmssp_set_hashes() and do not set an invalid LM hash
When E_deshash() returns false, it indicates that the password is either > 14 chars
in length, or could not be represented as an LM hash value for some other
reason. In this case, we should not regard the LM hash being missing
as an error or a no-password situation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 14:59:13 CET 2012 on sn-devel-104
Andrew Bartlett [Tue, 27 Dec 2011 08:16:14 +0000 (19:16 +1100)]
ntlmssp: merge initial packet implementations
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 27 Dec 2011 03:59:17 +0000 (14:59 +1100)]
s3-winbindd: convert cached credentials to use auth_generic/gensec for NTLMSSP
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 27 Dec 2011 02:27:45 +0000 (13:27 +1100)]
s3-torture convert smb2 test to use auth_generic/gensec for NTLMSSP
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 6 12:09:12 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 6 Jan 2012 07:31:16 +0000 (08:31 +0100)]
s3:SMB2-SESSION-RECONNECT: also expect NETWORK_NAME_DELETED is signing isn't used
metze
Andrew Bartlett [Tue, 27 Dec 2011 01:27:11 +0000 (12:27 +1100)]
s3-libads Use NTLMSSP via auth_generic/gensec
This allows us to use the shared gensec_wrap() implementation already used by the
smb sealing code, as well as making this code more generic.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Dec 2011 23:25:55 +0000 (10:25 +1100)]
s3-libsmb Make auth_ntlmssp client more generic
As well as renaming, this allows us to start the mech by DCE/RPC auth
type or OID.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Dec 2011 23:33:36 +0000 (10:33 +1100)]
s3-libsmb Use gensec_settings to set s3 ntlmssp client backend
This prepares us for making the code generic to multiple mechansims
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Dec 2011 04:58:11 +0000 (15:58 +1100)]
s3-auth Rename make_auth_ntlmssp() -> make_auth_gensec()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ira Cooper [Fri, 6 Jan 2012 01:13:27 +0000 (17:13 -0800)]
Fix compile when TDB_TRACE is enabled.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 6 04:16:41 CET 2012 on sn-devel-104
Jeremy Allison [Thu, 5 Jan 2012 23:48:24 +0000 (15:48 -0800)]
Add a sys_get_number_of_cores() function that calls sysconf or sysctl
and tunes the aio threads.
Amitay Isaacs [Thu, 5 Jan 2012 23:28:52 +0000 (10:28 +1100)]
samba-tool:dns: Check through all the DNS records for a match
There can be multiple dns records for a specified record type.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 6 02:41:22 CET 2012 on sn-devel-104
Amitay Isaacs [Thu, 5 Jan 2012 22:26:49 +0000 (09:26 +1100)]
s4-rpc:dnsserver: Do not replace @ with zone_name in update operation
This fixes the problem when updating DNS record for '@' or domain name.
Jeremy Allison [Thu, 5 Jan 2012 21:54:29 +0000 (13:54 -0800)]
Fix bug #8687 - net memberships usage info is wrong
Typo in usage.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jan 6 00:30:20 CET 2012 on sn-devel-104
Volker Lendecke [Thu, 5 Jan 2012 12:12:26 +0000 (13:12 +0100)]
Fix the local-memcache test for 64-bit
The memcache test walks the purge functionality. The maximum memcache size also
takes all memcache internal headers into account. Those headers contain
pointers, so on 64-bit they take more space...
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 5 22:01:00 CET 2012 on sn-devel-104
Volker Lendecke [Thu, 5 Jan 2012 16:47:16 +0000 (17:47 +0100)]
s3: Run the CLEANUP2 test