amitay/samba.git
9 years agos3-auth Replace True with true in auth_util.c
Andrew Bartlett [Tue, 19 Jul 2011 10:15:12 +0000 (20:15 +1000)]
s3-auth Replace True with true in auth_util.c

9 years agos3-auth Fix spelling
Andrew Bartlett [Tue, 19 Jul 2011 10:11:22 +0000 (20:11 +1000)]
s3-auth Fix spelling

9 years agos3-auth Remove pointless destructor in make_server_info
Andrew Bartlett [Tue, 19 Jul 2011 06:05:32 +0000 (16:05 +1000)]
s3-auth Remove pointless destructor in make_server_info

All the callers allocate ->info3 as a talloc child already.

As regardes the TALLOC_ZERO(), I added this originally out of parinoia
many years ago.  We do not consistantly zero session keys in memory,
and for NTLMv2 and Kerberos they are random for each sesssion, so
breaking into smbd far enough to read an old session key isn't a
particularly interesting attack, compared with (say) reading the
keytab or the password database.  (NTLM and LM session keys are fixed
derivitives of the passwords however).

Andrew Bartlett

9 years agos3-auth inline make_auth_session_info into only caller
Andrew Bartlett [Tue, 19 Jul 2011 05:58:20 +0000 (15:58 +1000)]
s3-auth inline make_auth_session_info into only caller

9 years agosecurity.idl: Use gid_t for gid in security_unix_token
Andrew Bartlett [Tue, 19 Jul 2011 05:50:49 +0000 (15:50 +1000)]
security.idl: Use gid_t for gid in security_unix_token

9 years agos3-auth Remove seperate guest boolean
Andrew Bartlett [Tue, 19 Jul 2011 01:57:05 +0000 (11:57 +1000)]
s3-auth Remove seperate guest boolean

Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: Set NETLOGON_GUEST and use it to determine guest status
Andrew Bartlett [Tue, 19 Jul 2011 00:51:08 +0000 (10:51 +1000)]
auth: Set NETLOGON_GUEST and use it to determine guest status

These additional measures should help ensure we do not accidentily upgrade
a guest to an authenticated user in the future.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoselftest: Add tests to verify that the named pipe proxy works.
Andrew Bartlett [Mon, 18 Jul 2011 10:26:26 +0000 (20:26 +1000)]
selftest: Add tests to verify that the named pipe proxy works.

This verifies that for NTLM authenticated connections, named pipe
forwarding works as expected, including the session keys.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoselftest: Pass lsass and epmapper across the named pipe proxy to the AD server
Andrew Bartlett [Mon, 18 Jul 2011 09:56:17 +0000 (19:56 +1000)]
selftest: Pass lsass and epmapper across the named pipe proxy to the AD server

Eventually we will have just one end point mapper, but for now we need
to use the source4 one for the AD tests.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: remove now unused auth3_session_info from auth.idl
Andrew Bartlett [Mon, 18 Jul 2011 08:29:47 +0000 (18:29 +1000)]
auth: remove now unused auth3_session_info from auth.idl

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory checking
Andrew Bartlett [Mon, 18 Jul 2011 04:00:14 +0000 (14:00 +1000)]
auth: Move make_user_info_SamBaseInfo() to talloc_strdup and out of memory checking

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: Split out make_user_info_SamBaseInfo and add authenticated argument
Andrew Bartlett [Mon, 18 Jul 2011 03:55:20 +0000 (13:55 +1000)]
auth: Split out make_user_info_SamBaseInfo and add authenticated argument

This will allow the source3 auth code to call this without needing to
double-parse the SIDs

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-rpc_server remove per-element copies of auth_session_info
Andrew Bartlett [Mon, 18 Jul 2011 03:10:30 +0000 (13:10 +1000)]
s3-rpc_server remove per-element copies of auth_session_info

This is not required any more now that they are the same structure,
and shows the value in having a common structure across the codebase.

In particular, now any additional state that needs to be added to the
auth_session_info will be transparently available across the named
pipe proxy, without a need to modify the mapping layer.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use the common auth_session_info
Andrew Bartlett [Mon, 18 Jul 2011 03:06:47 +0000 (13:06 +1000)]
s3-auth Use the common auth_session_info

This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.

This will allow of our session handling to be accomplished with common code.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
Andrew Bartlett [Mon, 18 Jul 2011 02:58:25 +0000 (12:58 +1000)]
s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info

This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-rpc_server read and write the unix_token and unix_info across named_pipe_auth
Andrew Bartlett [Mon, 18 Jul 2011 02:23:04 +0000 (12:23 +1000)]
s3-rpc_server read and write the unix_token and unix_info across named_pipe_auth

This ensures that the exact same token is used on both sides of the
pipe, when a full token is passed (ie, source3 to source3, but not yet
source4 to to source3 as the unix info isn't calculated there yet).

If we do not have unix_token, we fall back to the old behaviour and go
via create_local_token().  (However, in this case the security_token
is now overwritten, as it is better to have it match the rest of the
session_info create_local_token() builds).

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth reimplement copy_session_info via NDR pull/push
Andrew Bartlett [Mon, 18 Jul 2011 02:38:05 +0000 (12:38 +1000)]
s3-auth reimplement copy_session_info via NDR pull/push

This ensures we do not miss elements.  Pattern copied from auth_netlogond.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: use char * pointers in auth.idl
Andrew Bartlett [Mon, 18 Jul 2011 08:04:12 +0000 (18:04 +1000)]
auth: use char * pointers in auth.idl

We need to use this, and not utf8string because we need to
transport NULL pointers correctly.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Remove pointless destructor
Andrew Bartlett [Mon, 18 Jul 2011 02:29:50 +0000 (12:29 +1000)]
s3-auth Remove pointless destructor

All the users of this structure allocate info3 on the session_info

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth import auth3_session_info into IDL
Andrew Bartlett [Mon, 18 Jul 2011 02:28:50 +0000 (12:28 +1000)]
s3-auth import auth3_session_info into IDL

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Avoid redundant copies in create_local_token()
Andrew Bartlett [Mon, 18 Jul 2011 01:40:36 +0000 (11:40 +1000)]
s3-auth Avoid redundant copies in create_local_token()

These values were not read before being overwritten again.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Add comments to copy_session_info_serverinfo_guest()
Andrew Bartlett [Mon, 18 Jul 2011 01:31:49 +0000 (11:31 +1000)]
s3-auth Add comments to copy_session_info_serverinfo_guest()

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth inline copy_serverinfo_session_info into only caller
Andrew Bartlett [Mon, 18 Jul 2011 01:30:55 +0000 (11:30 +1000)]
s3-auth inline copy_serverinfo_session_info into only caller

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth use a cached auth_serversupplied_info in make_server_info_guest()
Andrew Bartlett [Mon, 18 Jul 2011 01:22:50 +0000 (11:22 +1000)]
s3-auth use a cached auth_serversupplied_info in make_server_info_guest()

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth remove extra from auth3_session_info
Andrew Bartlett [Mon, 18 Jul 2011 00:20:25 +0000 (10:20 +1000)]
s3-auth remove extra from auth3_session_info

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Clarify inputs and ouptuts by using elements from server_info
Andrew Bartlett [Mon, 18 Jul 2011 00:14:19 +0000 (10:14 +1000)]
s3-auth Clarify inputs and ouptuts by using elements from server_info

This allows us not the put all of these elements into the auth3_session_info
if they are only used as inputs to these functions.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth assert that security_token is present in the copy, and explain why nss_token...
Andrew Bartlett [Fri, 15 Jul 2011 08:05:42 +0000 (18:05 +1000)]
s3-auth assert that security_token is present in the copy, and explain why nss_token can be skipped

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Remove unused nss_token variable
Andrew Bartlett [Fri, 15 Jul 2011 07:57:55 +0000 (17:57 +1000)]
s3-auth Remove unused nss_token variable

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth: Remove unused lm_session_key from auth3_session_info
Andrew Bartlett [Fri, 15 Jul 2011 07:45:48 +0000 (17:45 +1000)]
s3-auth: Remove unused lm_session_key from auth3_session_info

The long term authorization state needs only the final, negotiated
session key, and not the original LM key that may possibly have been
an input.

The special case of the guest account simply needs both values filled
back in with the zeros to avoid changing behaviour in the cached
server_info.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth remove unused copy_serverinfo
Andrew Bartlett [Fri, 15 Jul 2011 06:49:21 +0000 (16:49 +1000)]
s3-auth remove unused copy_serverinfo

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use system boolean in auth_user_info_unix
Andrew Bartlett [Fri, 15 Jul 2011 06:12:41 +0000 (16:12 +1000)]
s3-auth Use system boolean in auth_user_info_unix

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use guest boolean in auth_user_info_unix
Andrew Bartlett [Fri, 15 Jul 2011 06:09:52 +0000 (16:09 +1000)]
s3-auth Use guest boolean in auth_user_info_unix

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: Put 'guest' and 'system' booleans into auth_user_info_unix
Andrew Bartlett [Fri, 15 Jul 2011 05:10:03 +0000 (15:10 +1000)]
auth: Put 'guest' and 'system' booleans into auth_user_info_unix

This will allow a transformation of auth3_session_info into
auth_session_info by substitution.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
Andrew Bartlett [Fri, 15 Jul 2011 05:55:31 +0000 (15:55 +1000)]
s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username

This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: include auth.idl structures into common_auth.h
Andrew Bartlett [Fri, 15 Jul 2011 05:22:41 +0000 (15:22 +1000)]
auth: include auth.idl structures into common_auth.h

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use *unix_token rather than utok in struct auth3_session_info
Andrew Bartlett [Fri, 15 Jul 2011 04:59:14 +0000 (14:59 +1000)]
s3-auth Use *unix_token rather than utok in struct auth3_session_info

This brings this structure one step closer to the struct auth_session_info.

A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.

NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL.  This patch has not changed this behaviour however.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Use struct auth3_session_info outside the auth subsystem
Andrew Bartlett [Fri, 15 Jul 2011 02:45:17 +0000 (12:45 +1000)]
s3-auth Use struct auth3_session_info outside the auth subsystem

This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)

The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Add struct auth3_session_info to aid transition to auth_session info
Andrew Bartlett [Fri, 15 Jul 2011 01:38:49 +0000 (11:38 +1000)]
s3-auth Add struct auth3_session_info to aid transition to auth_session info

This will allow a gradual conversion of the required elements from the
current struct auth_serversupplied_info.

This commit adds the structure definition and some helper functions to
copy between the two structures.

At this stage these structures and functions are IDENTICAL to the
existing code, and so show the past history of that code.  The plan is
to slowly modify them over the course of the patch series, so that the
changes being made a clear.

By using a seperate structure to auth_serversupplied_info we can
remove elements that are not needed after the authentication, and we
can choose a layout that best reflects the needs of runtime users,
rather than the internals of the authentication subsystem.

By eventually using the auth_session_info from auth.idl, we will gain
a single session authorization structure across the whole codebase,
allowing more code to be shared, and a much more transparent process
for forwarding authorization credentials over the named pipe proxy.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Add const to indicate input elements
Andrew Bartlett [Mon, 18 Jul 2011 00:19:27 +0000 (10:19 +1000)]
s3-auth Add const to indicate input elements

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoauth: Preserve guest flag on transition via netr_SamInfo3
Andrew Bartlett [Tue, 19 Jul 2011 00:43:23 +0000 (10:43 +1000)]
auth: Preserve guest flag on transition via netr_SamInfo3

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos3-auth Restore nss_token behaviour by reading from server_info
Andrew Bartlett [Fri, 15 Jul 2011 07:57:35 +0000 (17:57 +1000)]
s3-auth Restore nss_token behaviour by reading from server_info

The implementation of copy_serverinfo(), used to copy server_info into
session_info never copied the nss_token variable, and so
17d8f0ad30847bb940f645ee1817d782ddaaee74 introduced this regression.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoAdd my copyright
Andrew Bartlett [Mon, 18 Jul 2011 12:26:31 +0000 (22:26 +1000)]
Add my copyright

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agos4-param Handle P_CHAR and P_BOOLREV in pyparam
Andrew Bartlett [Fri, 15 Jul 2011 01:37:39 +0000 (11:37 +1000)]
s4-param Handle P_CHAR and P_BOOLREV in pyparam

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agodebug: log early messages to stdout, and keep it open
Andrew Bartlett [Mon, 18 Jul 2011 07:07:25 +0000 (17:07 +1000)]
debug: log early messages to stdout, and keep it open

The --log-stdout option was compromised by the log file descriptors being
closed once the file process forked.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agolib/util Change debug priority order: DEBUG_STDOUT now overrides DEBUG_FILE
Andrew Bartlett [Mon, 18 Jul 2011 06:00:16 +0000 (16:00 +1000)]
lib/util Change debug priority order: DEBUG_STDOUT now overrides DEBUG_FILE

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoSecond part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems.
Jeremy Allison [Tue, 19 Jul 2011 20:35:45 +0000 (13:35 -0700)]
Second part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems.

Re-add:
smb_ucs2_t toupper_w(smb_ucs2_t v);

and ensure it is called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jul 19 23:48:05 CEST 2011 on sn-devel-104

9 years agoFirst part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems
Jeremy Allison [Tue, 19 Jul 2011 20:19:29 +0000 (13:19 -0700)]
First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems

Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);

and replace with their _m equivalents, as they are identical.

9 years agos3-libsmb: remove unused cli_lock()
Björn Baumbach [Mon, 18 Jul 2011 12:14:01 +0000 (14:14 +0200)]
s3-libsmb: remove unused cli_lock()

Replaced with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 19 00:43:03 CEST 2011 on sn-devel-104

9 years agos3-torture: run_locktest5(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 12:09:50 +0000 (14:09 +0200)]
s3-torture: run_locktest5(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_locktest4(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 12:03:55 +0000 (14:03 +0200)]
s3-torture: run_locktest4(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_oplock2(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 11:19:12 +0000 (13:19 +0200)]
s3-torture: run_oplock2(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_locktest9(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 11:15:49 +0000 (13:15 +0200)]
s3-torture: run_locktest9(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_locktest8(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 11:09:52 +0000 (13:09 +0200)]
s3-torture: run_locktest8(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_locktest7(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 10:51:19 +0000 (12:51 +0200)]
s3-torture: run_locktest7(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-torture: run_locktest3(): replace cli_lock() with cli_lock32()
Björn Baumbach [Mon, 18 Jul 2011 10:39:35 +0000 (12:39 +0200)]
s3-torture: run_locktest3(): replace cli_lock() with cli_lock32()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3-rpc_server: Fixed segfaults in rpc daemons.
Andreas Schneider [Mon, 18 Jul 2011 09:42:43 +0000 (11:42 +0200)]
s3-rpc_server: Fixed segfaults in rpc daemons.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Jul 18 14:01:02 CEST 2011 on sn-devel-104

9 years agoFix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks
Jeremy Allison [Fri, 15 Jul 2011 23:11:07 +0000 (16:11 -0700)]
Fix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks

Reported by herb@samba.org. Remove the (premature) optimization
on file close.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Jul 16 02:32:02 CEST 2011 on sn-devel-104

9 years agos4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth...
Günther Deschner [Fri, 15 Jul 2011 16:38:21 +0000 (18:38 +0200)]
s4-lsa: prepare dcesrv_lsa_CreateTrustedDomain_base() to deal with unencrypted auth info.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Jul 15 19:57:48 CEST 2011 on sn-devel-104

9 years agos4-smbtorture: add very basic tests for lsa_CreateTrustedDomainEx.
Günther Deschner [Fri, 15 Jul 2011 13:38:12 +0000 (15:38 +0200)]
s4-smbtorture: add very basic tests for lsa_CreateTrustedDomainEx.

Guenther

9 years agolsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
Günther Deschner [Fri, 15 Jul 2011 09:18:00 +0000 (11:18 +0200)]
lsa: lsa_CreateTrustedDomainEx takes lsa_TrustDomainInfoAuthInfo, not
lsa_TrustDomainInfoAuthInfoInternal.

Guenther

9 years agolsa: rename auth info argument in lsa_CreateTrustedDomainEx2
Günther Deschner [Fri, 15 Jul 2011 15:26:16 +0000 (17:26 +0200)]
lsa: rename auth info argument in lsa_CreateTrustedDomainEx2

Guenther

9 years agos4:kdc: set *_strongest_*_key to true to restore the old behavior
Stefan Metzmacher [Thu, 14 Jul 2011 19:02:20 +0000 (21:02 +0200)]
s4:kdc: set *_strongest_*_key to true to restore the old behavior

TODO: check why this is needed.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104

9 years agos4:auth/credentials: with the build after heimdal import
Stefan Metzmacher [Thu, 14 Jul 2011 12:15:29 +0000 (14:15 +0200)]
s4:auth/credentials: with the build after heimdal import

metze

9 years agos4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL
Stefan Metzmacher [Thu, 14 Jul 2011 12:51:15 +0000 (14:51 +0200)]
s4:heimdal_build: define HAVE_KRB5_PDU_NONE_DECL

metze

9 years agos4:heimdal: add missing files
Stefan Metzmacher [Thu, 14 Jul 2011 12:32:16 +0000 (14:32 +0200)]
s4:heimdal: add missing files

metze

9 years agos4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31...
Stefan Metzmacher [Fri, 15 Jul 2011 07:10:30 +0000 (09:10 +0200)]
s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)

9 years agos3: Avoid leaking http_timestring in print_registry_key
Volker Lendecke [Fri, 15 Jul 2011 06:20:12 +0000 (08:20 +0200)]
s3: Avoid leaking http_timestring in print_registry_key

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jul 15 09:44:05 CEST 2011 on sn-devel-104

9 years agos3:registry avoid pruning the sequencenumber while flushing the regsubkey_ctr
Gregor Beck [Wed, 13 Jul 2011 14:51:54 +0000 (16:51 +0200)]
s3:registry avoid pruning the sequencenumber while flushing the regsubkey_ctr

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jul 15 08:34:47 CEST 2011 on sn-devel-104

9 years agos3:registry avoid leaking an old regsubkey_ctr on regsubkey_ctr_init
Gregor Beck [Thu, 14 Jul 2011 10:19:01 +0000 (12:19 +0200)]
s3:registry avoid leaking an old regsubkey_ctr on regsubkey_ctr_init

Signed-off-by: Stefan Metzmacher <metze@samba.org>
9 years agos3:clikrb5: fix the build with newer heimdal versions
Stefan Metzmacher [Thu, 14 Jul 2011 12:50:18 +0000 (14:50 +0200)]
s3:clikrb5: fix the build with newer heimdal versions

krb5_get_default_in_tkt_etypes() requires a 3rd argument
if KRB5_PDU_NONE is available.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jul 14 21:21:13 CEST 2011 on sn-devel-104

9 years agos4:heimdal_build: we need k5crypto and gssapi_krb5 aliases also when using system...
Stefan Metzmacher [Thu, 14 Jul 2011 13:55:32 +0000 (15:55 +0200)]
s4:heimdal_build: we need k5crypto and gssapi_krb5 aliases also when using system libraries

metze

9 years agos4:heimdal_build: only maintain lib/gssapi/{spnego,krb5} file lists once
Stefan Metzmacher [Thu, 14 Jul 2011 13:26:03 +0000 (15:26 +0200)]
s4:heimdal_build: only maintain lib/gssapi/{spnego,krb5} file lists once

This also makes sure we only create private headers if we
use internal heimdal.

metze

9 years agos4:heimdal_build: provide HEIMDAL_UNUSED_ATTRIBUTE
Stefan Metzmacher [Thu, 14 Jul 2011 12:15:03 +0000 (14:15 +0200)]
s4:heimdal_build: provide HEIMDAL_UNUSED_ATTRIBUTE

metze

9 years agolib/util/attr: add _UNUSED_ marco
Stefan Metzmacher [Thu, 14 Jul 2011 12:14:12 +0000 (14:14 +0200)]
lib/util/attr: add _UNUSED_ marco

metze

9 years agos3-docs: fix a typo in rpcclient manpage
Christian Ambach [Thu, 14 Jul 2011 15:23:37 +0000 (17:23 +0200)]
s3-docs: fix a typo in rpcclient manpage

Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu Jul 14 20:10:12 CEST 2011 on sn-devel-104

9 years agos3-rpc_server: Pass event and messaging context to accept function.
Andreas Schneider [Fri, 8 Jul 2011 09:38:03 +0000 (11:38 +0200)]
s3-rpc_server: Pass event and messaging context to accept function.

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Jul 14 17:22:16 CEST 2011 on sn-devel-104

9 years agos3-librpc: Pass messaging context to dcerpc register functions.
Andreas Schneider [Fri, 8 Jul 2011 09:34:24 +0000 (11:34 +0200)]
s3-librpc: Pass messaging context to dcerpc register functions.

9 years agos3-smbd: Pass event and messaging context to smbd_parent_housekeeping().
Andreas Schneider [Fri, 8 Jul 2011 09:28:12 +0000 (11:28 +0200)]
s3-smbd: Pass event and messaging context to smbd_parent_housekeeping().

9 years agos3-smbd: Pass ev_ctx to remove_child_pid().
Andreas Schneider [Tue, 21 Jun 2011 12:46:16 +0000 (14:46 +0200)]
s3-smbd: Pass ev_ctx to remove_child_pid().

9 years agos3-smbd: Pass msg_ctx to smbd_accept_connection.
Andreas Schneider [Tue, 21 Jun 2011 12:45:45 +0000 (14:45 +0200)]
s3-smbd: Pass msg_ctx to smbd_accept_connection.

9 years agos3-smbd: Pass ev_ctx to smbd_setup_sig_chld_handler().
Andreas Schneider [Tue, 21 Jun 2011 12:24:03 +0000 (14:24 +0200)]
s3-smbd: Pass ev_ctx to smbd_setup_sig_chld_handler().

9 years agos3-smbd: Pass ev_ctx and msg_ctx to smbd_accept_connection().
Andreas Schneider [Tue, 21 Jun 2011 12:14:18 +0000 (14:14 +0200)]
s3-smbd: Pass ev_ctx and msg_ctx to smbd_accept_connection().

9 years agos3-smbd: Pass ev_ctx and msg_ctx to open_sockets_smbd().
Andreas Schneider [Tue, 21 Jun 2011 12:11:51 +0000 (14:11 +0200)]
s3-smbd: Pass ev_ctx and msg_ctx to open_sockets_smbd().

9 years agos3-smbd: Pass ev_ctx to smbd_parent_loop().
Andreas Schneider [Tue, 21 Jun 2011 12:07:25 +0000 (14:07 +0200)]
s3-smbd: Pass ev_ctx to smbd_parent_loop().

9 years agos3-smbd: Create ev_ctx and msg_ctx and use it.
Andreas Schneider [Tue, 21 Jun 2011 11:58:54 +0000 (13:58 +0200)]
s3-smbd: Create ev_ctx and msg_ctx and use it.

9 years agos4-winbind handle all values for server role
Andrew Bartlett [Wed, 13 Jul 2011 07:26:30 +0000 (17:26 +1000)]
s4-winbind handle all values for server role

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jul 14 08:20:13 CEST 2011 on sn-devel-104

9 years agos3-lib Remove unused get_cmdline_auth_info_copy
Andrew Bartlett [Tue, 12 Jul 2011 06:36:34 +0000 (16:36 +1000)]
s3-lib Remove unused get_cmdline_auth_info_copy

9 years agos4-param finish services hooks for s4->s3 loadparm context
Andrew Bartlett [Tue, 12 Jul 2011 06:03:11 +0000 (16:03 +1000)]
s4-param finish services hooks for s4->s3 loadparm context

9 years agos4-param cope with parameters of type char
Andrew Bartlett [Tue, 12 Jul 2011 04:55:24 +0000 (14:55 +1000)]
s4-param cope with parameters of type char

9 years agos3-param Plug 'netbios aliases' via the parameter bridge
Andrew Bartlett [Tue, 12 Jul 2011 04:53:57 +0000 (14:53 +1000)]
s3-param Plug 'netbios aliases' via the parameter bridge

9 years agoAdd intrasite code test switch
Dave Craft [Wed, 6 Jul 2011 02:39:05 +0000 (21:39 -0500)]
Add intrasite code test switch

kcc_service struct gets a intrasite_code
boolean that is filled in via parametric parameter
kccsrv:intrasite = [true/false] in smb.conf.   This
will allow us to continue to utilize old simple
KCC topology as continuing default while newer
intra-site topology matures further.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Jul 14 00:19:12 CEST 2011 on sn-devel-104

9 years agoAdd kccsrv_add_repsFrom() possibility of NULL res argument
Dave Craft [Wed, 6 Jul 2011 02:34:32 +0000 (21:34 -0500)]
Add kccsrv_add_repsFrom() possibility of NULL res argument

We need the ability to utilize this function in a different
manner.  KCC intra-site topology has already vetted the
replica as being appropriate to produce a repsFrom from.
We do not want kccsrv_add_repsFrom() to produce further
checking as was the case for simple topology.   Thus if
we pass a NULL (res) parameter this extra check will
be skipped.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoRemove static to allow availability to other KCC files
Dave Craft [Wed, 6 Jul 2011 02:31:45 +0000 (21:31 -0500)]
Remove static to allow availability to other KCC files

kccsrv_replica_flags() and
kccsrv_add_repsFrom() need to be available to functions
outside kcc_periodic.c

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agokcc_connection invocation_id added to struct
Dave Craft [Wed, 6 Jul 2011 02:26:07 +0000 (21:26 -0500)]
kcc_connection invocation_id added to struct

Utilized by KCC to carry the invocation id of the NTDSDSA
that we are replicating the name context from.  Utilized
when NTDSConnection is created (much like dsa_guid tracks
the NTDSDSA objectGUID that we are replicating the name
context from).

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoKCC NTDSConnection should utilize NTDSCONN_OPT_IS_GENERATED
Dave Craft [Wed, 6 Jul 2011 02:22:31 +0000 (21:22 -0500)]
KCC NTDSConnection should utilize NTDSCONN_OPT_IS_GENERATED

Previously this set an explicit (0x1) value whereas it
can now utilize NTDSCONN_OPT_IS_GENERATED from flags.h

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoStandalone samdb_ntds_site_settings_options() helper
Dave Craft [Wed, 6 Jul 2011 02:19:54 +0000 (21:19 -0500)]
Standalone samdb_ntds_site_settings_options() helper

A helper function for retrieving the ntds site settings
via standalone function call.  Used within KCC

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agoNTDSConnection and NTDSA Site setting flags
Dave Craft [Wed, 6 Jul 2011 02:17:10 +0000 (21:17 -0500)]
NTDSConnection and NTDSA Site setting flags

Flags that were missing from flags.h or were incorrectly
defined inline to the kcc_topology.c code (and thus unusable
elsewhere).   These are the NTDSConnection and NTDSDSA Site
settings flags.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
9 years agodynconfig/wscript: use $libdir/security for PAMMODULESDIR as in config.m4
Stefan Metzmacher [Wed, 13 Jul 2011 11:06:16 +0000 (13:06 +0200)]
dynconfig/wscript: use $libdir/security for PAMMODULESDIR as in config.m4

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jul 13 17:44:01 CEST 2011 on sn-devel-104

9 years agos3:configure: use the same dynconfig options and default values as the toplevel build
Stefan Metzmacher [Wed, 13 Jul 2011 09:26:12 +0000 (11:26 +0200)]
s3:configure: use the same dynconfig options and default values as the toplevel build

metze

9 years agoFix bug 8305 - nmbd segfaults - when using "smbtree ..."
Günter Kukkukk [Wed, 13 Jul 2011 13:10:13 +0000 (06:10 -0700)]
Fix bug 8305 - nmbd segfaults - when using "smbtree ..."

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jul 13 16:35:16 CEST 2011 on sn-devel-104