ira/wip.git
7 years agos4:torture:smb2:durable-open: rename the open test to open-lease
Michael Adam [Tue, 21 Feb 2012 17:01:57 +0000 (18:01 +0100)]
s4:torture:smb2:durable-open: rename the open test to open-lease

7 years agos4:torture:smb2: move some initialization and call to smb2_create together in durable...
Michael Adam [Tue, 21 Feb 2012 17:00:30 +0000 (18:00 +0100)]
s4:torture:smb2: move some initialization and call to smb2_create together in durable-open.open test

7 years agos4:torture:smb2: fix a typo in the durable-open.open test file name
Michael Adam [Tue, 21 Feb 2012 13:48:03 +0000 (14:48 +0100)]
s4:torture:smb2: fix a typo in the durable-open.open test file name

7 years agos3: Fix smbd -i
Volker Lendecke [Tue, 21 Feb 2012 14:39:45 +0000 (15:39 +0100)]
s3: Fix smbd -i

We end up in a nested event loop without this.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Feb 21 17:24:28 CET 2012 on sn-devel-104

7 years agos3: Fix typos
Volker Lendecke [Tue, 21 Feb 2012 12:25:34 +0000 (13:25 +0100)]
s3: Fix typos

7 years agoupgradedns: Upgrade DNS provision from BIND9_FLATFILE to AD based DNS
Amitay Isaacs [Tue, 31 Jan 2012 04:37:12 +0000 (15:37 +1100)]
upgradedns: Upgrade DNS provision from BIND9_FLATFILE to AD based DNS

This script can be used to convert provision from BIND9_FLATFILE to
BIND9_DLZ or SAMBA_INTERNAL dns backends. In addition, the script
migrates the DNS data in zone file (if available).

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Feb 21 14:50:10 CET 2012 on sn-devel-104

7 years agos4-provision: dns: Add txt DNS record
Amitay Isaacs [Thu, 2 Feb 2012 02:31:53 +0000 (13:31 +1100)]
s4-provision: dns: Add txt DNS record

7 years agos4-provision: dns: Do not re-calculate ntdsguid, use from names
Amitay Isaacs [Thu, 2 Feb 2012 05:08:26 +0000 (16:08 +1100)]
s4-provision: dns: Do not re-calculate ntdsguid, use from names

7 years agos4-provision: dns: Refactor population of dns data code
Amitay Isaacs [Tue, 31 Jan 2012 04:33:54 +0000 (15:33 +1100)]
s4-provision: dns: Refactor population of dns data code

Code is split in 4 functions
 - create_dns_legacy
 - fill_dns_data_legacy
 - create_dns_partitions
 - fill_dns_data_partitions

This is useful to upgrade dns provision from file based DNS backend
to AD based DNS backend.

7 years agodlz_bind9: Fix the log message level
Amitay Isaacs [Wed, 1 Feb 2012 22:27:28 +0000 (09:27 +1100)]
dlz_bind9: Fix the log message level

7 years agosamba-tool: dns: Update the copyright
Amitay Isaacs [Wed, 15 Feb 2012 23:17:25 +0000 (10:17 +1100)]
samba-tool: dns: Update the copyright

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Feb 21 09:55:07 CET 2012 on sn-devel-104

7 years agosamba-tool: dns: Fix the output display of DNS records
Amitay Isaacs [Wed, 15 Feb 2012 09:56:38 +0000 (20:56 +1100)]
samba-tool: dns: Fix the output display of DNS records

7 years agosamba-tool: dns: Add extra references for string objects as workaround
Amitay Isaacs [Wed, 15 Feb 2012 09:45:48 +0000 (20:45 +1100)]
samba-tool: dns: Add extra references for string objects as workaround

This is a workaround for bug in pidl generated python bindings, where
C object hold a pointer to python string without increasing reference
count in python. So when the python string goes out of scope, the
C pointer loses the value.

7 years agosamba-tool: dns: Add support to add/update/delete MX and SRV records
Amitay Isaacs [Tue, 14 Feb 2012 02:41:45 +0000 (13:41 +1100)]
samba-tool: dns: Add support to add/update/delete MX and SRV records

7 years agosamba-tool: dns: Convert dns data into a dns record for comparison
Amitay Isaacs [Tue, 14 Feb 2012 02:32:57 +0000 (13:32 +1100)]
samba-tool: dns: Convert dns data into a dns record for comparison

and compare two dns records directly. Refactor dns name comparision
as dns_name_equal().

7 years agosamba-tool: dns: Convert dns data in a string to DNS record
Amitay Isaacs [Tue, 14 Feb 2012 02:19:36 +0000 (13:19 +1100)]
samba-tool: dns: Convert dns data in a string to DNS record

7 years agosamba-tool: dns: Add MXRecord type to add/update mx records
Amitay Isaacs [Tue, 14 Feb 2012 02:00:35 +0000 (13:00 +1100)]
samba-tool: dns: Add MXRecord type to add/update mx records

7 years agodlz_bind9: Do not remove LDB record in subrdataset and delrdataset
Amitay Isaacs [Wed, 8 Feb 2012 23:17:02 +0000 (10:17 +1100)]
dlz_bind9: Do not remove LDB record in subrdataset and delrdataset

This fixes the problem of large number of deleted records in DNS
partitions due to frequent dynamic dns updates from windows
clients. The typical pattern for dynamic update get converted
into subrdataset() followed by addrdataset().  If there are no
dnsRecord attributes left as a result of sub/delrdataset(),
leave the LDB entry for dns name as is. The subsequent
addrdataset() would add the dnsRecord attribute without
re-creating the same entry.

7 years agolib/tdb2: 2.0.0 ABI
Amitay Isaacs [Tue, 21 Feb 2012 04:59:52 +0000 (15:29 +1030)]
lib/tdb2: 2.0.0 ABI

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Tue Feb 21 07:43:55 CET 2012 on sn-devel-104

7 years agolib/tdb2: Convert tdb2 to a standalone library
Amitay Isaacs [Tue, 21 Feb 2012 04:59:52 +0000 (15:29 +1030)]
lib/tdb2: Convert tdb2 to a standalone library

Adds a Makefile, configure script, and tdb2.pc.in.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agolib/tdb2: Fix wscript
Amitay Isaacs [Tue, 21 Feb 2012 04:59:30 +0000 (15:29 +1030)]
lib/tdb2: Fix wscript

Particularly fix the upcoming standalone build.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agolib/tdb2: Mark public function as such
Amitay Isaacs [Tue, 21 Feb 2012 04:59:22 +0000 (15:29 +1030)]
lib/tdb2: Mark public function as such

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agolib/tdb2: Do not include config.h in (to-be) public library, use replace.
Amitay Isaacs [Tue, 21 Feb 2012 04:59:17 +0000 (15:29 +1030)]
lib/tdb2: Do not include config.h in (to-be) public library, use replace.

Like tdb1, it's the caller's responsibility to set up various config
options (eg. by #include "config.h") before including the public
header.

We use HAVE_CCAN for including the (private) CCAN headers, otherwise
dummy macros are used.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agolib/tdb2: tools should use config.h, and replace where available.
Rusty Russell [Tue, 21 Feb 2012 04:59:12 +0000 (15:29 +1030)]
lib/tdb2: tools should use config.h, and replace where available.

The tdb2 tools should #include "config.h" before tdb2.h (about to
become a requirement) and use libreplace where available.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agolib/ccan: define HAVE_CCAN.
Rusty Russell [Tue, 21 Feb 2012 04:59:06 +0000 (15:29 +1030)]
lib/ccan: define HAVE_CCAN.

This allows public headers to use CCAN if available, and dummy macros
if not (eg. tdb2).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 years agos3: Fix bug 8567 -- segfault in dom_sid_compare
Volker Lendecke [Sun, 19 Feb 2012 11:49:55 +0000 (12:49 +0100)]
s3: Fix bug 8567 -- segfault in dom_sid_compare

The underlying problem was that with ldapsam:trusted we require the
a group mapping for the primary group of every user, including root.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Feb 20 22:36:23 CET 2012 on sn-devel-104

7 years agos4:torture:smb2: invalidate the handle after the connection has been killed
Michael Adam [Mon, 20 Feb 2012 15:25:42 +0000 (16:25 +0100)]
s4:torture:smb2: invalidate the handle after the connection has been killed

Not to run into using the old handle with a new tree connect in the error case.

Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Feb 20 18:34:48 CET 2012 on sn-devel-104

7 years agos4:torture: improve comment for the smb2.durable-open.reopen1 test
Michael Adam [Sat, 18 Feb 2012 23:10:37 +0000 (00:10 +0100)]
s4:torture: improve comment for the smb2.durable-open.reopen1 test

7 years agos3-vfstest: Remove an unused variable
Volker Lendecke [Mon, 20 Feb 2012 14:24:17 +0000 (15:24 +0100)]
s3-vfstest: Remove an unused variable

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Feb 20 17:01:11 CET 2012 on sn-devel-104

7 years agopopt: Check for popt manually as well, not just using pkg-config.
Jelmer Vernooij [Mon, 20 Feb 2012 12:40:52 +0000 (13:40 +0100)]
popt: Check for popt manually as well, not just using pkg-config.

Older systems don't provide a pkg-config file for popt.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 20 15:13:32 CET 2012 on sn-devel-104

7 years agonsstest: Allocate the correct sized buffer for initgroups
Andrew Bartlett [Mon, 20 Feb 2012 02:46:29 +0000 (13:46 +1100)]
nsstest: Allocate the correct sized buffer for initgroups

Found by chance due to a re-order of the tests to start s3member
earlier and chasing down a malloc Abort into a valgrind error.  Only
happens when a user has more than 4 groups.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 05:23:04 CET 2012 on sn-devel-104

7 years agoselftest: test member server tests in security=ads
Andrew Bartlett [Mon, 13 Feb 2012 01:16:07 +0000 (12:16 +1100)]
selftest: test member server tests in security=ads

By testing more things against s3member (which is security=ads against samba4)
we can improve our test coverage.

Andrew Bartlett

7 years agobuild: Add libbsd as a dep for LIBREPLACE_HOSTCC
Andrew Bartlett [Mon, 20 Feb 2012 00:26:15 +0000 (11:26 +1100)]
build: Add libbsd as a dep for LIBREPLACE_HOSTCC

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 02:58:20 CET 2012 on sn-devel-104

7 years agos4-smbd: Show time event was expected to run, as well as the current wall clock time
Andrew Bartlett [Sun, 19 Feb 2012 21:08:19 +0000 (08:08 +1100)]
s4-smbd: Show time event was expected to run, as well as the current wall clock time

7 years agos3-selftest: Add test for ntlm_auth --diagnostics
Andrew Bartlett [Sun, 19 Feb 2012 00:01:55 +0000 (11:01 +1100)]
s3-selftest: Add test for ntlm_auth --diagnostics

7 years agos3-ntlm_auth: allow ntlm_auth --diagnostics to pass again
Andrew Bartlett [Sat, 18 Feb 2012 23:56:12 +0000 (10:56 +1100)]
s3-ntlm_auth: allow ntlm_auth --diagnostics to pass again

This still requires that the server permit LM passwords, but our s3dc test
environment has this enabled.

Andrew Bartlett

7 years agos3-winbindd: pass logon parmeters down to check_sam_security()
Andrew Bartlett [Sun, 19 Feb 2012 00:15:38 +0000 (11:15 +1100)]
s3-winbindd: pass logon parmeters down to check_sam_security()

This allows ntlm_auth --diagnostics to work against the local DC, just
as it works against a member server.

Andrew Bartlett

7 years agos4-selftest: Avoid running kinit for each new connection
Andrew Bartlett [Sun, 19 Feb 2012 10:24:59 +0000 (21:24 +1100)]
s4-selftest: Avoid running kinit for each new connection

Kerberos is efficient when the credentials cache is set up once and
then reused.

Sadly this test creates a user, does a test and deletes the user, over
and over.

For this, using NTLM saves a little time, but we also stress the rest
of the DB, and should rework the test.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 00:49:56 CET 2012 on sn-devel-104

7 years agos3: Remove a pointless else branch
Volker Lendecke [Sat, 18 Feb 2012 15:49:47 +0000 (16:49 +0100)]
s3: Remove a pointless else branch

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sun Feb 19 23:14:15 CET 2012 on sn-devel-104

7 years agos3: Fix some blank line endings
Volker Lendecke [Sat, 18 Feb 2012 15:07:37 +0000 (16:07 +0100)]
s3: Fix some blank line endings

7 years agos3-vfstest: Initialize some more
Volker Lendecke [Sun, 19 Feb 2012 17:48:15 +0000 (18:48 +0100)]
s3-vfstest: Initialize some more

7 years agowaf: make "update-waf" script work on Darwin too
Dave Abrahams [Sun, 19 Feb 2012 18:47:59 +0000 (19:47 +0100)]
waf: make "update-waf" script work on Darwin too

This fixes bug #8766

Reviewed by: Jelmer
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Feb 19 21:35:06 CET 2012 on sn-devel-104

7 years agos3: get_share_mode_lock_fresh->get_share_mode_lock
Volker Lendecke [Sun, 19 Feb 2012 13:27:49 +0000 (14:27 +0100)]
s3: get_share_mode_lock_fresh->get_share_mode_lock

get_share_mode_lock_fresh is just a confusing name

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sun Feb 19 19:16:41 CET 2012 on sn-devel-104

7 years agos3: get_share_mode_lock->get_existing_share_mode_lock
Volker Lendecke [Sun, 19 Feb 2012 13:23:56 +0000 (14:23 +0100)]
s3: get_share_mode_lock->get_existing_share_mode_lock

7 years agoRevert 42d4152ed4255f22ff0718d450f181468d7fb827.
Jelmer Vernooij [Sun, 19 Feb 2012 15:06:01 +0000 (16:06 +0100)]
Revert 42d4152ed4255f22ff0718d450f181468d7fb827.

asn1_compile and com_err already depended on LIBREPLACE_HOSTCC; depending on replace too causes waf to break (source lib/replace/replace.c is in more than one subsystem of target 'asn1_compile': ['LIBREPLACE_HOSTCC', 'replace'])

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Feb 19 17:43:06 CET 2012 on sn-devel-104

7 years agowaf: Use libraries when building.
Jelmer Vernooij [Sun, 19 Feb 2012 03:48:27 +0000 (04:48 +0100)]
waf: Use libraries when building.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Feb 19 06:27:55 CET 2012 on sn-devel-104

7 years agoUse uselib in CHECK_HEADER.
Jelmer Vernooij [Sun, 19 Feb 2012 02:58:32 +0000 (03:58 +0100)]
Use uselib in CHECK_HEADER.

7 years agopopt: Use pkg-config file to look for popt.
Jelmer Vernooij [Sun, 19 Feb 2012 02:10:03 +0000 (03:10 +0100)]
popt: Use pkg-config file to look for popt.

7 years agolibrary_flags: Leave setting of CPPPATH to waf too.
Jelmer Vernooij [Sun, 19 Feb 2012 01:16:14 +0000 (02:16 +0100)]
library_flags: Leave setting of CPPPATH to waf too.

7 years agos4-python: Various formatting fixes.
Jelmer Vernooij [Sat, 18 Feb 2012 22:59:48 +0000 (23:59 +0100)]
s4-python: Various formatting fixes.

7 years agosamba.web_server: Fix use of whitespace.
Jelmer Vernooij [Sat, 18 Feb 2012 22:54:38 +0000 (23:54 +0100)]
samba.web_server: Fix use of whitespace.

7 years agopygensec: Fix whitespace.
Jelmer Vernooij [Sat, 18 Feb 2012 22:52:37 +0000 (23:52 +0100)]
pygensec: Fix whitespace.

7 years agowaf: Update to new upstream version.
Jelmer Vernooij [Sat, 18 Feb 2012 22:19:51 +0000 (23:19 +0100)]
waf: Update to new upstream version.

7 years agowafsamba: Fix some whitespace issues.
Jelmer Vernooij [Sat, 18 Feb 2012 22:17:59 +0000 (23:17 +0100)]
wafsamba: Fix some whitespace issues.

7 years agos3-secrets: Remove unused secrets_delete_generic()
Andrew Bartlett [Thu, 9 Feb 2012 04:14:34 +0000 (15:14 +1100)]
s3-secrets: Remove unused secrets_delete_generic()

Found by callcatcher.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 09:01:15 CET 2012 on sn-devel-104

7 years agos3-secrets: Remove unused secrets_delete_machine_password()
Andrew Bartlett [Thu, 9 Feb 2012 04:15:56 +0000 (15:15 +1100)]
s3-secrets: Remove unused secrets_delete_machine_password()

Found by callcatcher.

Andrew Bartlett

7 years agos3-build: allow gcov testing by linking timelimit with --coverage
Andrew Bartlett [Sat, 18 Feb 2012 06:10:39 +0000 (17:10 +1100)]
s3-build: allow gcov testing by linking timelimit with --coverage

7 years agoFix a bunch of "unused variable" warnings.
Jeremy Allison [Fri, 17 Feb 2012 22:12:40 +0000 (14:12 -0800)]
Fix a bunch of "unused variable" warnings.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104

7 years agoauth: Reorder arguments to generate_session_info
Andrew Bartlett [Sat, 4 Feb 2012 06:49:49 +0000 (17:49 +1100)]
auth: Reorder arguments to generate_session_info

This matches check_ntlm_password() and generate_session_info_pac()

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Feb 18 02:19:35 CET 2012 on sn-devel-104

7 years agoselftest: Fix selftest to check ADS functionalty again
Andrew Bartlett [Fri, 17 Feb 2012 23:35:24 +0000 (10:35 +1100)]
selftest: Fix selftest to check ADS functionalty again

This was found by looking over the lcov output on build.samba.org

The new have_ads() check also now dies if it cannot run smbd, to avoid
this in future.

Andrew Bartlett

7 years agos4:lib/tls - include GNUTLS headers consistently using <...>
Matthias Dieter Wallnöfer [Fri, 17 Feb 2012 21:58:07 +0000 (22:58 +0100)]
s4:lib/tls - include GNUTLS headers consistently using <...>

These are system-specific.

Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Feb 18 00:43:58 CET 2012 on sn-devel-104

7 years agos4:samba-tool fsmo * - fix missing "takes_optiongroups"
Matthias Dieter Wallnöfer [Fri, 17 Feb 2012 20:24:48 +0000 (21:24 +0100)]
s4:samba-tool fsmo * - fix missing "takes_optiongroups"

This has been reported in bug #8755.

Reviewed-by: Jelmer
7 years agolib/util: Remove unused sys_sendto()
Andrew Bartlett [Thu, 9 Feb 2012 01:58:27 +0000 (12:58 +1100)]
lib/util: Remove unused sys_sendto()

Found by callcatcher.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 17 13:48:05 CET 2012 on sn-devel-104

7 years agolib/util: Remove unused sys_recv()
Andrew Bartlett [Thu, 9 Feb 2012 01:57:21 +0000 (12:57 +1100)]
lib/util: Remove unused sys_recv()

Found by callcatcher.

Andrew Bartlett

7 years agolib/util: Remove unused sys_inet_makeaddr()
Andrew Bartlett [Thu, 9 Feb 2012 01:55:10 +0000 (12:55 +1100)]
lib/util: Remove unused sys_inet_makeaddr()

Found by callcatcher.

Andrew Bartlett

7 years agolib/util: Remove unused sys_gethostbyname()
Andrew Bartlett [Thu, 9 Feb 2012 01:54:24 +0000 (12:54 +1100)]
lib/util: Remove unused sys_gethostbyname()

Found by callcatcher.

Andrew Bartlett

7 years agos3-lib: Remove unused standard_sub_conn()
Andrew Bartlett [Thu, 9 Feb 2012 01:51:22 +0000 (12:51 +1100)]
s3-lib: Remove unused standard_sub_conn()

7 years agos3-lib Remove unused sys_fcntl_long()
Andrew Bartlett [Thu, 9 Feb 2012 01:05:58 +0000 (12:05 +1100)]
s3-lib Remove unused sys_fcntl_long()

7 years agos3-lib Remove unused sys_fseek()
Andrew Bartlett [Thu, 9 Feb 2012 01:04:23 +0000 (12:04 +1100)]
s3-lib Remove unused sys_fseek()

7 years agos3-registry Remove unused dup_registry_value() and free_registry_value()
Andrew Bartlett [Thu, 9 Feb 2012 00:06:13 +0000 (11:06 +1100)]
s3-registry Remove unused dup_registry_value() and free_registry_value()

7 years agoauth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3
Andrew Bartlett [Mon, 6 Feb 2012 07:02:11 +0000 (18:02 +1100)]
auth: Allow the netbios name and domain to be set from winbindd in ntlm_auth3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 17 12:18:51 CET 2012 on sn-devel-104

7 years agoauth: Make more of the ntlmssp code private or static
Andrew Bartlett [Tue, 31 Jan 2012 10:20:34 +0000 (21:20 +1100)]
auth: Make more of the ntlmssp code private or static

Now that there is only one gensec_ntlmssp server, some of these functions can be static

For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Use common gensec_ntlmssp
Andrew Bartlett [Tue, 31 Jan 2012 05:29:02 +0000 (16:29 +1100)]
s3-auth: Use common gensec_ntlmssp

There is no longer any samba3-specific code left here.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Use common gensec_ntlmssp_server_start
Andrew Bartlett [Tue, 31 Jan 2012 05:19:32 +0000 (16:19 +1100)]
s3-auth: Use common gensec_ntlmssp_server_start

This is now identical code, so there is no need to duplicate it.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Use the gensec-supplied DNS domain name and hostname.
Andrew Bartlett [Tue, 31 Jan 2012 05:17:48 +0000 (16:17 +1100)]
s3-auth: Use the gensec-supplied DNS domain name and hostname.

Also have a reasonable fallback for when it is not set.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agoauth: Provide a way to specify the NTLMSSP server name to GENSEC
Andrew Bartlett [Tue, 31 Jan 2012 05:17:04 +0000 (16:17 +1100)]
auth: Provide a way to specify the NTLMSSP server name to GENSEC

This avoids us needing to assume lp_netbios_name().lp_dnsdomain() if the caller
knows better.  This will allow preservation of current s3 behaviour.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing
Andrew Bartlett [Tue, 31 Jan 2012 05:01:45 +0000 (16:01 +1100)]
s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agoauth: Rearrange ntlmssp code for clarity
Andrew Bartlett [Tue, 31 Jan 2012 04:57:06 +0000 (15:57 +1100)]
auth: Rearrange ntlmssp code for clarity

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Use the lpcfg_ wrapper calls to set some variables
Andrew Bartlett [Tue, 31 Jan 2012 04:52:17 +0000 (15:52 +1100)]
s3-auth: Use the lpcfg_ wrapper calls to set some variables

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Remove a layer of indirection and reorder to match gensec_ntlmssp_server_start()
Andrew Bartlett [Tue, 31 Jan 2012 04:50:15 +0000 (15:50 +1100)]
s3-auth: Remove a layer of indirection and reorder to match gensec_ntlmssp_server_start()

7 years agoauth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required
Andrew Bartlett [Tue, 31 Jan 2012 04:40:53 +0000 (15:40 +1100)]
auth: Set NTLMSSP_NEGOTIATE_SIGN when session key support is required

This matches the s3 NTLMSSP server.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Only allow LM_KEY cryptography when extra options are set
Andrew Bartlett [Tue, 31 Jan 2012 04:38:02 +0000 (15:38 +1100)]
s3-auth: Only allow LM_KEY cryptography when extra options are set

This crypto is incredibly poor, and can technically be enabled on an otherwise more
secure connection that uses NTLM for the actual authentication leg.  Therefore
disable it by default.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()
Andrew Bartlett [Tue, 31 Jan 2012 04:36:08 +0000 (15:36 +1100)]
s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()

This will help syncing this rotuine up with gensec_ntlmssp_server_start().

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server
Andrew Bartlett [Tue, 31 Jan 2012 03:43:25 +0000 (14:43 +1100)]
s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_server

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server
Andrew Bartlett [Tue, 31 Jan 2012 03:39:34 +0000 (14:39 +1100)]
s3-auth: Use common gensec_ntlmssp server functions for more of gensec_ntlmssp3_server

This is possible because we now supply the auth4_context abstraction that this
code is looking for.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth: Add extra error messages on authentication or authorization failure
Andrew Bartlett [Tue, 31 Jan 2012 01:53:30 +0000 (12:53 +1100)]
s3-auth: Add extra error messages on authentication or authorization failure

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agoauth: Cope with NO_USER_SESSION_KEY from security=server
Andrew Bartlett [Tue, 31 Jan 2012 07:14:19 +0000 (18:14 +1100)]
auth: Cope with NO_USER_SESSION_KEY from security=server

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agoauth: Move the rest of the source4 gensec_ntlmssp code to the top level
Andrew Bartlett [Mon, 30 Jan 2012 11:42:39 +0000 (22:42 +1100)]
auth: Move the rest of the source4 gensec_ntlmssp code to the top level

The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess.  We will also get the client code in common very soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-auth Hook checking passwords and generating session_info via the auth4_context
Andrew Bartlett [Mon, 30 Jan 2012 11:11:41 +0000 (22:11 +1100)]
s3-auth Hook checking passwords and generating session_info via the auth4_context

This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agos3-build: Use credentials_ntlm.c in the autoconf build as well
Andrew Bartlett [Tue, 31 Jan 2012 09:50:36 +0000 (20:50 +1100)]
s3-build: Use credentials_ntlm.c in the autoconf build as well

Signed-off-by: Stefan Metzmacher <metze@samba.org>
7 years agobuild: Add exceptions for callcatcher unused function detection
Andrew Bartlett [Fri, 17 Feb 2012 04:42:25 +0000 (15:42 +1100)]
build: Add exceptions for callcatcher unused function detection

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 17 09:12:47 CET 2012 on sn-devel-104

7 years agowintest: Update Win2003 VM
Andrew Bartlett [Fri, 17 Feb 2012 02:43:12 +0000 (13:43 +1100)]
wintest: Update Win2003 VM

7 years agoauth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi
Andrew Bartlett [Fri, 17 Feb 2012 02:36:35 +0000 (13:36 +1100)]
auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi

Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.

Andrew Bartlett

7 years agos3-gse: Allow kerberos key type OID to be optional
Andrew Bartlett [Fri, 17 Feb 2012 01:35:14 +0000 (12:35 +1100)]
s3-gse: Allow kerberos key type OID to be optional

7 years agos3-gse: Fix OID to read for kerberos key type
Andrew Bartlett [Fri, 17 Feb 2012 01:30:55 +0000 (12:30 +1100)]
s3-gse: Fix OID to read for kerberos key type

7 years agos3-librpc: Remove backup declaration of GSS_C_DCE_STYLE
Andrew Bartlett [Fri, 17 Feb 2012 01:04:19 +0000 (12:04 +1100)]
s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE

All our supported krb5 libs provide this.

Andrew Bartlett

7 years agos3-gse: Remove unused OID declaration
Andrew Bartlett [Fri, 17 Feb 2012 01:00:56 +0000 (12:00 +1100)]
s3-gse: Remove unused OID declaration

7 years agowintest: give host longer to register the SRV record
Andrew Bartlett [Fri, 17 Feb 2012 00:27:29 +0000 (11:27 +1100)]
wintest: give host longer to register the SRV record

7 years agowintest: use net rpc to put authenticated users into TelentClients if we need to
Andrew Bartlett [Fri, 17 Feb 2012 00:27:02 +0000 (11:27 +1100)]
wintest: use net rpc to put authenticated users into TelentClients if we need to

7 years agowintest: Allow Windows VM to have no default route
Andrew Bartlett [Fri, 17 Feb 2012 00:26:23 +0000 (11:26 +1100)]
wintest: Allow Windows VM to have no default route