Günther Deschner [Mon, 7 Apr 2014 13:46:05 +0000 (15:46 +0200)]
pidl: support HRESULT in pidl.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:40:40 +0000 (15:40 +0200)]
librpc/ndr: add ndr_{pull|push|print}_HRESULT and release new 0.0.5 ABI.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:46:32 +0000 (15:46 +0200)]
lib/util: globally include herrors in error.h
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:44:19 +0000 (17:44 +0100)]
libcli/util/hresult: add generated hresult_errstr() function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:42:06 +0000 (17:42 +0100)]
s4-scripting: generate a hresult_errstr() function.
Equivalent to the nt_errstr(), win_errstr(), etc. function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:41:06 +0000 (17:41 +0100)]
libcli/util/hresult: re-generate hresult.c.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:39:46 +0000 (17:39 +0100)]
s4-scripting: add string representation of error code define to generated table.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:36:33 +0000 (17:36 +0100)]
s4-scripting: fix hresult generator python script indentation.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:20:05 +0000 (14:20 +0000)]
ctdb: Fix CID
1125613 Destination buffer too small
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 13 19:14:20 CET 2015 on sn-devel-104
Volker Lendecke [Fri, 13 Mar 2015 14:16:17 +0000 (14:16 +0000)]
ctdb: Introduce a helper var in ctdb_get_script_list
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:12:41 +0000 (14:12 +0000)]
ctdb: Fix memleak in ctdb_get_script_list
scandir allocates every name individually, see example code in susv4 or man
scandir
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:11:20 +0000 (14:11 +0000)]
ctdb: Make for-loop in ctdb_get_script_list more idiomatic
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:01:25 +0000 (14:01 +0000)]
ctdb: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Thu, 12 Mar 2015 21:12:43 +0000 (22:12 +0100)]
replace: Remove superfluous check for gcrypt header.
We only need to check for the header if we need gnutls with gcrypt
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104
Andrew Bartlett [Thu, 12 Mar 2015 04:05:50 +0000 (17:05 +1300)]
backupkey: Explicitly link to gnutls and gcrypt
The gcrypt link will be disabled if gnutls is > 3.0.0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 12 Mar 2015 04:01:05 +0000 (17:01 +1300)]
lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
versions use libnettle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 11 Mar 2015 15:39:05 +0000 (16:39 +0100)]
s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.
Otherwise Windows fails to create a forest trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 12 19:49:33 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 28 Jan 2015 10:02:54 +0000 (10:02 +0000)]
s4:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.
Otherwise Windows fails to create a forest trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 11 Mar 2015 11:09:42 +0000 (12:09 +0100)]
s4-torture: add ndr test for lsa_lsaRQueryForestTrustInformation().
Thanks to Alexander for providing the binary blobs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 4 Feb 2015 18:00:44 +0000 (18:00 +0000)]
drsblobs.idl: improve idl for ForestTrustInfoRecord*
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 4 Feb 2015 18:00:44 +0000 (18:00 +0000)]
lsa.idl: improve idl for lsa_ForestTrust*Record*
The meaning of lsa_ForestTrustRecordFlags is based lsa_ForestTrustRecordType,
but the type is not always available so it's not possible to use an union.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 08:01:58 +0000 (08:01 +0000)]
lsa.idl: use 'boolean8 check_only' instead of 'uint8 check_only'
This is only a cosmetic change to make the idl more verbose,
the resulting C code will still use 'uint8_t'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 08:01:58 +0000 (08:01 +0000)]
lsa.idl: fix idl for lsa_ForestTrustRecordType
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 22:14:38 +0000 (23:14 +0100)]
security.idl: add KERB_ENCTYPE_{FAST_SUPPORTED,COMPOUND_IDENTITY_SUPPORTED,CLAIMS_SUPPORTED,RESOURCE_SID_COMPRESSION_DISABLED}
These are not encryption types, but flags for specific kerberos features.
See [MS-KILE] 2.2.6 Supported Encryption Types Bit Flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 22:14:38 +0000 (23:14 +0100)]
netlogon.idl: remove netr_SupportedEncTypes and use kerb_EncTypes instead
These are the same.
We keep the old defines arround in order to avoid a lot of changes
in the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 18 Dec 2012 14:27:06 +0000 (15:27 +0100)]
netlogon.idl: netr_ServerPasswordGet returns NTSTATUS not WERROR.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Mar 2015 12:18:38 +0000 (13:18 +0100)]
netlogon.idl: improve idl for netr_ServerTrustPasswordsGet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 6 Mar 2015 17:07:15 +0000 (18:07 +0100)]
ldb-samba: implement --show-binary for msDS-RevealedUsers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Mar 2015 15:21:18 +0000 (16:21 +0100)]
drsblobs.idl: make replPropertyMetaData1 public
This is used as binary data for the msDS-RevealedUsers attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 27 Jan 2015 21:46:06 +0000 (21:46 +0000)]
s4:py_net: make domain and address fully optional to py_net_finddc
E.g. address=None is now also possible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 26 Jan 2015 15:02:20 +0000 (16:02 +0100)]
s4:librpc: add auth_type=ncalrpc_as_system as binding option
In future we may want another way to trigger this,
but our current rpc libraries need a lot of cleanup before.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 31 Jan 2015 10:42:09 +0000 (10:42 +0000)]
s4:trust_utils: store new trust/machine passwords before trying it remotely.
If this fails we can still fallback to the old password...
Before trying the password change we verify the dc knows our current password.
This should make the password changes much more robust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 3 Feb 2015 15:22:25 +0000 (16:22 +0100)]
s3:winbindd: make open_internal_lsa_conn() non static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 11 Feb 2015 14:05:55 +0000 (15:05 +0100)]
s3:winbindd_cm: improve detection for the anonymous fallback.
If the kinit results in NT_STATUS_NO_LOGON_SERVERS, we should fallback,
if allowed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 09:26:23 +0000 (09:26 +0000)]
s3:pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 10:07:46 +0000 (10:07 +0000)]
s3:pdb_samba_dsdb: return the domain sid in pdb_samba_dsdb_get_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:53:40 +0000 (16:53 +0000)]
s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 10:33:05 +0000 (11:33 +0100)]
s3:rpc_client: remove unused cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 10:29:49 +0000 (11:29 +0100)]
s3:libnet: use cli_credentials based functions in libnet_join_ok()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:52:45 +0000 (09:52 +0100)]
s3:auth_domain: make use of cli_rpc_pipe_open_schannel()
This simplifies a lot and allows the previous password to be used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 09:33:01 +0000 (10:33 +0100)]
s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
return values of connect_to_domain_password_server() need to be exported
to the callers memory context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:25:35 +0000 (09:25 +0100)]
s3:rpcclient: make use of rpccli_[create|setup]_netlogon_creds_with_creds()
This passing struct cli_credentials allows the usage of the previous password.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 09:05:37 +0000 (10:05 +0100)]
s3:rpc_client: handle !NETLOGON_NEG_AUTHENTICATED_RPC in cli_rpc_pipe_open_schannel()
This is only allowed with special config options ("client schannel = no",
"require strong key = no" and "reject md5 servers = no").
By default we require NETLOGON_NEG_AUTHENTICATED_RPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:34:45 +0000 (09:34 +0100)]
s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()
This simplifies the code and allows the previous password to be passed
through the stack.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:49:16 +0000 (09:49 +0100)]
s3:rpc_client: remove unused auth_level paramter of cli_rpc_pipe_open_schannel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:54:06 +0000 (16:54 +0000)]
s3:cli_netlogon: cli_credentials_get_old_nt_hash() in rpccli_setup_netlogon_creds_with_creds()
This way we'll fallback to use the previous machine/trust account password
if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:20:27 +0000 (16:20 +0000)]
auth/credentials: add cli_credentials_set_old_utf16_password()
This is required to set the previous trust account password.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:04:42 +0000 (09:04 +0100)]
auth/credentials: add cli_credentials_[g|s]et_old_nt_hash()
The machine and trust accounts it's important to retry
netr_Authenticate3() with the previous (old) nt_hash.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:06:32 +0000 (09:06 +0100)]
auth/credentials: add a missing talloc check to cli_credentials_set_nt_hash()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 21 Jan 2015 13:44:44 +0000 (14:44 +0100)]
s4:pydsdb: add DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Thu, 12 Mar 2015 00:43:49 +0000 (13:43 +1300)]
selftest: Change testsuite to use a samAccountName with a space in it
This shows that the previous patch is correct
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Thu, 12 Mar 2015 00:29:56 +0000 (13:29 +1300)]
kdc: Ensure we cope with a samAccountName with a space in it
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Thu, 12 Mar 2015 00:29:56 +0000 (13:29 +1300)]
dsdb: Ensure we cope with a samAccountName with a space in it in DsCrackName()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 11 Mar 2015 23:56:56 +0000 (12:56 +1300)]
selftest: Change testsuite to use a UPN with a space in it
This shows that the previous patch is correct
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 12 Mar 2015 09:43:57 +0000 (10:43 +0100)]
selftest: fix the basedn for local accounts in non-DC environments e.g. s4member
open(LDIF, "|$ldbmodify -H $ctx->{privatedir}/sam.ldb");
doesn't generate an error if the command fails...
'testallowed' is a local account here, with a dn of
CN=testallowed,CN=Users,DC=S4MEMBER instead of domain user
CN=testallowed,CN=Users,DC=samba,DC=example,DC=com
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 11 Mar 2015 23:50:23 +0000 (12:50 +1300)]
dsdb: Allow spaces in userPrincipalName values
This is needed to enable a kinit with a UPN that has a space in it
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 14:33:14 +0000 (15:33 +0100)]
heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY
An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE'
instead of 'administrator\@S4XDOM.BASE'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 14:36:01 +0000 (15:36 +0100)]
heimdal:lib/krb5: allow enterprise principals in verify_logonname()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 11 Mar 2015 02:58:36 +0000 (15:58 +1300)]
torture-krb5: Test accepting the ticket to ensure PAC is well-formed
A future test will ask for impersonation to a different user, and
validate returned principal and the PAC matches that user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 11 Mar 2015 22:27:57 +0000 (11:27 +1300)]
auth/kerberos: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY in kerberos_create_pac()
This ensures that in the all-Samba PAC creation code, we do not escape a space character if present
in the logon name. This matches what we do in the Heimdal code in the KDC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andrew Bartlett [Wed, 11 Mar 2015 02:57:06 +0000 (15:57 +1300)]
auth/kerberos: Do a string comparison in kerberos_decode_pac() not a principal comparison
This ensures that if an enterprise principal is used, we do the
comparison properly
This matters as in the enterprise case, which can be triggered by MIT
kinit -E, does not use canonicalization, and so the enterprise name,
with the @ in it, is in the logon name.
Otherwise, we get errors like:
Name in PAC [TESTALLOWED@WIN2012R2] does not match principal name in ticket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 11:38:55 +0000 (12:38 +0100)]
heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 11:38:55 +0000 (12:38 +0100)]
heimdal:kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 10 Mar 2015 11:38:55 +0000 (12:38 +0100)]
heimdal:lib/krb5: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 5 Mar 2015 13:43:54 +0000 (14:43 +0100)]
selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Mar 12 17:12:11 CET 2015 on sn-devel-104
Michael Adam [Thu, 5 Mar 2015 12:22:35 +0000 (13:22 +0100)]
selftest: add a new environment plugin_s4_dc_no_nss
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 5 Mar 2015 12:22:07 +0000 (13:22 +0100)]
selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Michael Adam [Tue, 17 Feb 2015 15:06:49 +0000 (16:06 +0100)]
selftest: modify python.samba.test.posixacl to cope with nss_winbind active
It was observed that adding libnss_winbind (via nss_wrapper) lets
the posix acl mapping come out slightly differently with respect
to the owner/domain admin who is not explicitly nailed down in
the original NT acl.
This patch extends the test to react to the presence of
nss_winbind in environment and adapts the expected results.
This in particular fixes the run of the test against the
(changed) plugin_s4_dc environment while keeping the possibility
to successfully run it against an env without nss_winbind.
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Christof Schmitt [Wed, 11 Mar 2015 22:54:55 +0000 (15:54 -0700)]
brlock: Use 0 instead of empty initializer list
C does not allow empty initializer lists. Although gcc accepts that, the
SunOS compiler fails in this case with an error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11153
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Mar 12 02:49:36 CET 2015 on sn-devel-104
Lukas Slebodnik [Thu, 5 Mar 2015 10:26:46 +0000 (11:26 +0100)]
lib/util: Include DEBUG macro in internal header files before samba_util.h
It's best practice to include external header files before internal
header files. In this case internal DEBUG macro cannot be defined and
therefore samba version of debug macro will be included
in header file "util/fault.h".
In file included from example.c:27:0:
src/util/util.h:127:0: error: "DEBUG" redefined [-Werror]
#define DEBUG(level, format, ...) do { \
^
In file included from /usr/include/samba-4.0/util/fault.h:29:0,
from /usr/include/samba-4.0/samba_util.h:62,
from /usr/include/samba-4.0/ndr.h:30,
from example.c:24:
/usr/include/samba-4.0/util/debug.h:182:0: note: this is the location of the previous definition
#define DEBUG( level, body ) \
^
CC src/providers/ad/libsss_ad_common_la-ad_domain_info.lo
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11033
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 11 18:47:22 CET 2015 on sn-devel-104
Volker Lendecke [Tue, 10 Mar 2015 20:13:56 +0000 (21:13 +0100)]
smbd: Simplify create_token_from_sid()
This if-statement is unnecessary. First, talloc_array returns non-NULL
even if asked for 0 elements. Second, a bit further down we do a
SMB_ASSERT(num_group_sids > 0);
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Mar 2015 20:09:53 +0000 (21:09 +0100)]
smbd: Simplify create_token_from_sid()
With the previous commit all 3 branches do the same
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Mar 2015 20:03:15 +0000 (21:03 +0100)]
smbd: Streamline the gids handling in create_token_from_sid()
Usually, I'm all for avoiding talloc. But in this case I believe that this
routine is complex enough to justify this change. For an hour or so I suspect
that the winbind case had an uninitialized "*gid" until I discovered the
sid_to_gid(). This makes it more obvious that *gid is assigned.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Mar 2015 19:55:22 +0000 (20:55 +0100)]
smbd: Put a variable definition closer to its use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Mar 2015 21:04:04 +0000 (22:04 +0100)]
lib: Avoid a malloc/realloc in getgroups_unix_user
This avoids a malloc/free in the most common case of a user with just a few
group memberships
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 9 Mar 2015 20:44:04 +0000 (21:44 +0100)]
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Mar 2015 10:58:11 +0000 (10:58 +0000)]
ctdb: Fix CID
1288201 Array compared against 0
"helper_prog" is now declared as a static array
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 30 Jan 2015 10:47:53 +0000 (11:47 +0100)]
idl: define FSCTL_DUPLICATE_EXTENTS_TO_FILE
As specified in the recent
20150129 revision of MS-FSCC.
Add a note regarding the FileHandle field, which was confirmed to
correspond to the volatile part of the fileid:
https://lists.samba.org/archive/samba-technical/2015-February/105454.html
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 8 Mar 2015 19:21:23 +0000 (19:21 +0000)]
tdb: Fix CID
1034842 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 11 00:23:20 CET 2015 on sn-devel-104
Volker Lendecke [Sun, 8 Mar 2015 19:18:21 +0000 (19:18 +0000)]
tdb: Fix CID
1034841 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 8 Mar 2015 19:12:11 +0000 (19:12 +0000)]
lib: Fix CID
1034840 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 8 Mar 2015 19:10:50 +0000 (19:10 +0000)]
lib: Fix CID
1034839 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sun, 8 Mar 2015 19:06:38 +0000 (19:06 +0000)]
lib: Fix CID
1034838 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 7 Mar 2015 11:39:05 +0000 (11:39 +0000)]
smbcontrol: Simplify do_winbind_offline
This saves 128 bytes of .text on x86-64 with -O3. No idea why...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 7 Mar 2015 11:24:33 +0000 (11:24 +0000)]
libreplace: Fix CID
1034926 Destination buffer too small
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 7 Mar 2015 10:29:21 +0000 (10:29 +0000)]
ctdb: Fix
1125553 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Sat, 7 Mar 2015 10:24:18 +0000 (10:24 +0000)]
registry: Fix CID 240989 Buffer not null terminated
This makes it clearer that we don't really have a string in .hdr
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Fri, 6 Mar 2015 11:02:49 +0000 (11:02 +0000)]
registry: Fix CID 241075 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Tue, 10 Mar 2015 10:52:36 +0000 (11:52 +0100)]
torture4: Fix systems with a 32-bit "long"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 10 18:05:13 CET 2015 on sn-devel-104
Martin Schwenke [Fri, 6 Mar 2015 03:05:23 +0000 (14:05 +1100)]
ctdb-daemon: Use statically allocated arrays for helper paths
The use of talloc with a static variable is somewhat confusing.
Statically allocate an array and use ctdb_set_helper() instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Fri, 6 Mar 2015 20:22:32 +0000 (07:22 +1100)]
ctdb-common: New function ctdb_set_helper()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Matthew Newton [Sun, 1 Mar 2015 23:14:07 +0000 (23:14 +0000)]
Update libwbclient version to 0.12
Increment the minor version of the libwbclient library after new
context functions added. (Major version increase not required as
the only two functions with changed parameters are private to the
library.)
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 10 03:24:45 CET 2015 on sn-devel-104
Matthew Newton [Sun, 22 Feb 2015 23:31:48 +0000 (23:31 +0000)]
Move wbc global variables into global context instead
There are some global variables in use in the libwbclient
library. Now that we have a context, move these into it so that
they are thread-safe when the wbcCtx* functions are used.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew Newton [Sat, 21 Feb 2015 22:30:11 +0000 (22:30 +0000)]
Add context versions of wbclient functions
To make the libwbclient library thread-safe, all functions
that call through to wb_common winbindd_request_response need
to have context that they can use. This commit adds all the
necessary functions.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew Newton [Sat, 24 Jan 2015 00:30:00 +0000 (00:30 +0000)]
Add wbcContext to wbcRequestResponse
To enable libwbclient to pass winbindd context through
to the winbind client library in wb_common.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew Newton [Sat, 21 Feb 2015 00:19:32 +0000 (00:19 +0000)]
Add wbcContext struct, create and free functions
The basic context structure and functions for libwbclient so that
libwbclient can be made thread-safe.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew Newton [Fri, 23 Jan 2015 23:58:53 +0000 (23:58 +0000)]
Use global context for winbindd_request_response
Updating API call in libwbclient, wbinfo, ntlm_auth and
winbind_nss_* as per previous commit to wb_common.c.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Matthew Newton [Fri, 23 Jan 2015 22:35:50 +0000 (22:35 +0000)]
Make winbind client library thread-safe by adding context
Rather than keep state in global variables, store the current
context such as the winbind file descriptor in a struct that is
passed in. This makes the winbind client library thread-safe.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 9 Mar 2015 15:21:24 +0000 (16:21 +0100)]
torture/ioctl: add range overflow QAR test
Issue a QAR request with an offset and length that generate an integer
(uint64_t) overflow when summed together. This should result in an
NT_STATUS_INVALID_PARAMETER response, as confirmed against Windows
Server 2012 & 2008.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 10 00:02:18 CET 2015 on sn-devel-104
David Disseldorp [Thu, 26 Feb 2015 00:13:58 +0000 (01:13 +0100)]
torture/ioctl: add multi-range QAR test
Write 10 x 64K ranges, with 64K holes punched in between. Afterwards,
check that all ranges are present in the QAR response.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
git.samba.org / ambi / samba-autobuild / .git / log