Christian Ambach [Tue, 8 May 2012 07:15:12 +0000 (09:15 +0200)]
s3:vfs/shadow_copy2 fix some compiler warnings
about unused variables
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Tue May 8 11:15:07 CEST 2012 on sn-devel-104
Christian Ambach [Tue, 8 May 2012 07:11:36 +0000 (09:11 +0200)]
s3:vfs/shadow_copy2 make descending sort order the default
otherwise Explorer won't work correctly when trying to restore a folder
Christian Ambach [Mon, 7 May 2012 17:17:18 +0000 (19:17 +0200)]
docs:autorid document ignore builtin parameter
Christian Ambach [Mon, 7 May 2012 17:14:56 +0000 (19:14 +0200)]
s3:winbindd/autorid add ignore builtin parameter
BUILTIN should be handled by passdb, however if passdb does not know
about a SID, autorid creates a range for BUILTIN and does deterministic mapping
make it possible to turn off this behavior
Christian Ambach [Mon, 7 May 2012 17:02:23 +0000 (19:02 +0200)]
docs:autorid document read-only parameter
Christian Ambach [Mon, 7 May 2012 12:19:26 +0000 (14:19 +0200)]
s3:winbindd/autorid add support for read-only mode
make it possible to set read-only = yes for the backend
so users can replicate an autorid.tdb to another server
to use the same mappings without risking that updates
are done on both sides
Christian Ambach [Mon, 7 May 2012 17:08:10 +0000 (19:08 +0200)]
docs:autorid document how well-known SIDs will be mapped
they consume space of the allocation pool and a list of most known well-known SIDs is
preallocated to create a deterministic mapping
Christian Ambach [Fri, 4 May 2012 15:56:26 +0000 (17:56 +0200)]
s3:winbindd/autorid preallocate well-known SIDs
preallocate the list of well-known SIDs that Win2008R2 reports
to be groups and that are on the list in KB243330
This will allow for deterministic mapping of these SIDs, even if they
are stored in the allocation pool as this is the first thing that autorid
will allocate from the pool during module initialization
Andreas Schneider [Thu, 3 May 2012 15:10:27 +0000 (17:10 +0200)]
krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 3 May 2012 15:10:53 +0000 (17:10 +0200)]
s4-auth: Use smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Fri, 4 May 2012 15:02:48 +0000 (11:02 -0400)]
krb5samba: Add krb5_free_checksum_contents wrapper
Andrew Bartlett [Mon, 7 May 2012 09:21:10 +0000 (19:21 +1000)]
lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
TIME_T_MAX is not actually INT64_MAX at the moment, so check both
values and set to the magic end-of-time value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue May 8 06:41:43 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 7 May 2012 07:06:23 +0000 (17:06 +1000)]
s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
Andrew Bartlett [Mon, 7 May 2012 06:24:03 +0000 (16:24 +1000)]
s3-python: Add python bindings for posix ACL layer
This will allow us to check that posix ACLs work in the s4 provision, and avoid
--use-s3fs if they do not.
Andrew Bartlett
Stefan Metzmacher [Thu, 3 May 2012 12:41:21 +0000 (14:41 +0200)]
s4:torture/raw/context: add subtests as torture testcases
TODO: add test_session with 'use spnego = false'.
We need a way to do set an option just for one test case.
Note: the 'use spnego = false' was ignored before as it's
only used on the first session setup on a connection.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 04:50:39 CEST 2012 on sn-devel-104
Stefan Metzmacher [Tue, 1 May 2012 10:38:06 +0000 (12:38 +0200)]
s4:torture/raw/context: INVALID_PARAMETER vs. LOGON_FAILURE...
If the try a session setup without EXTENDED_SECURITY after
one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER,
while Windows 2000 sp4 returns LOGON_FAILURE...
metze
Stefan Metzmacher [Wed, 2 May 2012 11:46:34 +0000 (13:46 +0200)]
s4:torture/raw: make torture_raw_context a test suite
metze
Stefan Metzmacher [Tue, 1 May 2012 10:39:21 +0000 (12:39 +0200)]
s4:torture/raw/context: make use of torture_* macros and avoid 'printf'
metze
Stefan Metzmacher [Tue, 1 May 2012 10:35:28 +0000 (12:35 +0200)]
s4:torture/raw/context: pass tctx to test_pid_exit_only_sees_open()
metze
Stefan Metzmacher [Mon, 7 May 2012 09:50:59 +0000 (11:50 +0200)]
selftest: samba4 doesn't support reauth
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 02:43:49 CEST 2012 on sn-devel-104
Stefan Metzmacher [Mon, 7 May 2012 09:32:32 +0000 (11:32 +0200)]
s4:torture/raw/session: make sure we got a reauth of the existing session
metze
Stefan Metzmacher [Mon, 7 May 2012 10:07:30 +0000 (12:07 +0200)]
selftest: mark ^samba4.raw.session.reauth as flapping
Because the test is wrong...
metze
Andreas Schneider [Mon, 7 May 2012 09:57:34 +0000 (11:57 +0200)]
talloc: Update doxygen config.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon May 7 21:13:15 CEST 2012 on sn-devel-104
Pavel Březina [Mon, 7 May 2012 10:30:44 +0000 (12:30 +0200)]
doc: Remove latex to doxygen conversion leftovers in talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 7 May 2012 09:56:39 +0000 (11:56 +0200)]
doc: Fixes for the talloc best practices tutorial.
Andreas Schneider [Mon, 7 May 2012 09:42:44 +0000 (11:42 +0200)]
doc: Fixes for the talloc debugging tutorial.
Andreas Schneider [Mon, 7 May 2012 09:36:37 +0000 (11:36 +0200)]
doc: Fixes for the talloc pool tutorial.
Andreas Schneider [Mon, 7 May 2012 09:30:06 +0000 (11:30 +0200)]
doc: Fixes for the talloc destructor tutorial.
Andreas Schneider [Mon, 7 May 2012 09:25:50 +0000 (11:25 +0200)]
doc: Fixes for the talloc dynamic type system tutorial.
Andreas Schneider [Mon, 7 May 2012 09:18:26 +0000 (11:18 +0200)]
doc: Fixes for the talloc stealing tutorial.
Andreas Schneider [Mon, 7 May 2012 09:09:56 +0000 (11:09 +0200)]
doc: Fixes for the talloc context tutorial.
Pavel Březina [Sun, 6 May 2012 12:34:48 +0000 (14:34 +0200)]
doc: Add talloc tutorial.
Signed-off-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Mon, 7 May 2012 14:43:17 +0000 (16:43 +0200)]
heimdal: Cope with newer Heimdal versions accepting a keyset argument to
hdb_enctype2key.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon May 7 18:33:10 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:09:28 +0000 (14:09 +0200)]
s3:registry: let reg_values_need_update() return true if the backend does not implement the method
Otherwise the value cache might become outdated.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon May 7 16:11:05 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:08:13 +0000 (14:08 +0200)]
s3:registry: let reg_subkeys_need_update() return true if the backend does not implement the method
Otherwise the subkey cache might become outdated.
Amitay Isaacs [Mon, 7 May 2012 01:46:27 +0000 (11:46 +1000)]
s4-dns: Build BIND DLZ modules with correct private library
This fixes rpath for samdb-common private library after make install.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon May 7 07:40:29 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:31:39 +0000 (09:31 +0200)]
lib/param: add support for "SMB3_00"
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:35:17 +0000 (09:35 +0200)]
s3:smb2_negprot: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:55:59 +0000 (09:55 +0200)]
s4:libcli/smb2: use PROTOCOL_LATEST
metze
Stefan Metzmacher [Sat, 5 May 2012 07:42:28 +0000 (09:42 +0200)]
s3:torture/test_smb2: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:43 +0000 (09:33 +0200)]
libcli/smb/smbXcli: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:38:25 +0000 (09:38 +0200)]
libcli/smb: add #define PROTOCOL_LATEST PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:28:57 +0000 (09:28 +0200)]
libcli/smb: add PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:19 +0000 (09:33 +0200)]
libcli/smb: add SMB3_DIALECT_REVISION_300
metze
Stefan Metzmacher [Thu, 3 May 2012 10:07:11 +0000 (12:07 +0200)]
s3:torture: do some query_info and set_info calls in SMB2-SESSION-REAUTH
metze
Stefan Metzmacher [Thu, 3 May 2012 10:02:55 +0000 (12:02 +0200)]
s3:libsmb: add smb2cli_set_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 07:10:53 +0000 (09:10 +0200)]
s3:libsmb: add smb2cli_query_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_tcon*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_ioctl*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_create*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:04:12 +0000 (12:04 +0200)]
s3:libsmb: remove unused reference to talloc_tos()
metze
Stefan Metzmacher [Thu, 3 May 2012 12:48:57 +0000 (14:48 +0200)]
s3:idmap_cache: change DEBUG message to level 10
metze
Andrew Bartlett [Sun, 6 May 2012 06:41:18 +0000 (16:41 +1000)]
s4-s3-upgrade: Max/min password age policy is in seconds, not days
This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
Matthieu Patou [Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)]
s4-schema: Validate more class attribute when adding a new class in the schema
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
Matthieu Patou [Mon, 16 Apr 2012 04:58:49 +0000 (21:58 -0700)]
s4: use intermediate var, increase lisibility
Matthieu Patou [Sun, 15 Apr 2012 21:02:41 +0000 (14:02 -0700)]
olschema2ldif: be more strict where checking for open/closed braces
Michael Adam [Sat, 5 May 2012 00:12:25 +0000 (02:12 +0200)]
s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend
It simply calls to the regdb functions.
This fixes a caching issue uncovered by recent changes.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat May 5 04:10:43 CEST 2012 on sn-devel-104
Michael Adam [Fri, 4 May 2012 16:01:00 +0000 (18:01 +0200)]
s3:registry: return error when Key does not exist in regdb_fetch_values_internal()
Michael Adam [Fri, 4 May 2012 16:00:15 +0000 (18:00 +0200)]
s3:smbd: comment the lp_load call in reload_services()
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 20:32:37 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Volker Lendecke [Fri, 4 May 2012 12:16:45 +0000 (14:16 +0200)]
s3: Remove an unused extern declaration
Volker Lendecke [Fri, 4 May 2012 12:07:13 +0000 (14:07 +0200)]
s3: Remove an unused parameter from check_parent_access()
Volker Lendecke [Fri, 4 May 2012 12:03:42 +0000 (14:03 +0200)]
s3: In mkdir_internal, don't retrieve parent_dir from check_parent_access
We have already created that ourselves a few lines above
Andreas Schneider [Thu, 3 May 2012 09:28:50 +0000 (11:28 +0200)]
waf: Fix com_err detection with MIT krb5.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri May 4 18:43:05 CEST 2012 on sn-devel-104
Alexander Bokovoy [Thu, 3 May 2012 09:33:42 +0000 (12:33 +0300)]
s4:auth/kerberos: don't do tracing in MIT build
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:40:13 +0000 (21:40 +0300)]
s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:16:01 +0000 (21:16 +0300)]
Avoid using Heimdal-specific tests in MIT build
Alexander Bokovoy [Wed, 2 May 2012 17:59:00 +0000 (20:59 +0300)]
s4:ntvfs: add missing headers to vfs_ipc
vfs_ipc.c had system/kerberos.h and system/filesys.h missing
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Wed, 2 May 2012 17:22:08 +0000 (13:22 -0400)]
Fix direct access to krb5_principal structure
Simo Sorce [Wed, 2 May 2012 16:24:34 +0000 (12:24 -0400)]
auth-session: MIT doesn't have import/export cred yet
For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.
Andreas Schneider [Fri, 27 Apr 2012 18:29:47 +0000 (20:29 +0200)]
s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
Signed-off-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Fri, 27 Apr 2012 14:52:26 +0000 (16:52 +0200)]
krb5samba: Add a smb_krb5_cc_get_lifetime() function.
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Thu, 26 Apr 2012 22:11:09 +0000 (18:11 -0400)]
s4-auth-krb: Make srv_keytab.c build against MIT Kerberos
Simo Sorce [Thu, 26 Apr 2012 22:22:43 +0000 (18:22 -0400)]
krb5samba: Add compat function for krb5_kt_compare
Simo Sorce [Thu, 26 Apr 2012 21:56:38 +0000 (17:56 -0400)]
Fix incompatible assignment warning
Simo Sorce [Thu, 26 Apr 2012 21:21:22 +0000 (17:21 -0400)]
krb5samba: Add compat krb5_make_principal for MIT build
Simo Sorce [Thu, 26 Apr 2012 20:54:42 +0000 (16:54 -0400)]
Fix compiler warning
Simo Sorce [Thu, 26 Apr 2012 20:52:55 +0000 (16:52 -0400)]
s4-auth-krb: Use compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:52:37 +0000 (16:52 -0400)]
krb5samba: Add compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:50:53 +0000 (16:50 -0400)]
s4-auth-krb: Disable code in MIT build
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
Simo Sorce [Thu, 26 Apr 2012 19:05:11 +0000 (15:05 -0400)]
Move keytab_copy to krb5samba lib
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
Simo Sorce [Thu, 26 Apr 2012 19:01:48 +0000 (15:01 -0400)]
Fix keytab_copy to compile with MIT librariues too
Simo Sorce [Thu, 26 Apr 2012 16:50:03 +0000 (12:50 -0400)]
keytab_copy: Fix style, whitespaces
Simo Sorce [Thu, 26 Apr 2012 16:41:25 +0000 (12:41 -0400)]
kerberos_pac: Fix code to work with MIT too
Simo Sorce [Thu, 26 Apr 2012 16:27:05 +0000 (12:27 -0400)]
s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
Simo Sorce [Thu, 26 Apr 2012 16:06:24 +0000 (12:06 -0400)]
Split normal kinit from s4u2 flavored kinit
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
Simo Sorce [Thu, 26 Apr 2012 15:05:51 +0000 (11:05 -0400)]
Move kerberos_kinit_password_cc to krb5samba lib
Simo Sorce [Wed, 25 Apr 2012 21:29:09 +0000 (17:29 -0400)]
Move kerberos_kinit_keyblock_cc to krb5samba lib
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
Simo Sorce [Wed, 25 Apr 2012 14:31:12 +0000 (10:31 -0400)]
krb-init: define out heimdal specific stuff in mitkrb build
Simo Sorce [Wed, 25 Apr 2012 14:19:07 +0000 (10:19 -0400)]
s4-auth-krb: avoid useless condition
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
Simo Sorce [Thu, 3 May 2012 15:38:35 +0000 (11:38 -0400)]
krb5samba: Remove unnecessary include file
Simo Sorce [Wed, 2 May 2012 18:53:45 +0000 (14:53 -0400)]
Fix krb5_samba.c build
Volker Lendecke [Wed, 2 May 2012 09:31:30 +0000 (11:31 +0200)]
s4:torture: add a check for talloc success in test_session_reauth
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 16:50:59 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 4 May 2012 11:01:32 +0000 (13:01 +0200)]
s3: remove some unused code
Volker Lendecke [Fri, 4 May 2012 09:49:24 +0000 (11:49 +0200)]
s3: Fix a typo
Andrew Bartlett [Thu, 3 May 2012 22:47:29 +0000 (08:47 +1000)]
s4-dsdb: Use data_blob_string_const and add explaination for open-coded function in samldb
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 3 May 2012 22:46:57 +0000 (08:46 +1000)]
s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldb
Matthias Dieter Wallnöfer [Thu, 3 May 2012 20:55:06 +0000 (22:55 +0200)]
s4:samldb LDB module - make sure to not add identical "servicePrincipalName"s more than once
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
Christian Ambach [Thu, 3 May 2012 16:34:32 +0000 (18:34 +0200)]
s3:passdb fix a compiler warning
this one could have caused crashes
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu May 3 23:22:05 CEST 2012 on sn-devel-104