Andrew Bartlett [Mon, 7 May 2012 07:06:23 +0000 (17:06 +1000)]
s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
Andrew Bartlett [Mon, 7 May 2012 06:24:03 +0000 (16:24 +1000)]
s3-python: Add python bindings for posix ACL layer
This will allow us to check that posix ACLs work in the s4 provision, and avoid
--use-s3fs if they do not.
Andrew Bartlett
Stefan Metzmacher [Thu, 3 May 2012 12:41:21 +0000 (14:41 +0200)]
s4:torture/raw/context: add subtests as torture testcases
TODO: add test_session with 'use spnego = false'.
We need a way to do set an option just for one test case.
Note: the 'use spnego = false' was ignored before as it's
only used on the first session setup on a connection.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 04:50:39 CEST 2012 on sn-devel-104
Stefan Metzmacher [Tue, 1 May 2012 10:38:06 +0000 (12:38 +0200)]
s4:torture/raw/context: INVALID_PARAMETER vs. LOGON_FAILURE...
If the try a session setup without EXTENDED_SECURITY after
one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER,
while Windows 2000 sp4 returns LOGON_FAILURE...
metze
Stefan Metzmacher [Wed, 2 May 2012 11:46:34 +0000 (13:46 +0200)]
s4:torture/raw: make torture_raw_context a test suite
metze
Stefan Metzmacher [Tue, 1 May 2012 10:39:21 +0000 (12:39 +0200)]
s4:torture/raw/context: make use of torture_* macros and avoid 'printf'
metze
Stefan Metzmacher [Tue, 1 May 2012 10:35:28 +0000 (12:35 +0200)]
s4:torture/raw/context: pass tctx to test_pid_exit_only_sees_open()
metze
Stefan Metzmacher [Mon, 7 May 2012 09:50:59 +0000 (11:50 +0200)]
selftest: samba4 doesn't support reauth
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 02:43:49 CEST 2012 on sn-devel-104
Stefan Metzmacher [Mon, 7 May 2012 09:32:32 +0000 (11:32 +0200)]
s4:torture/raw/session: make sure we got a reauth of the existing session
metze
Stefan Metzmacher [Mon, 7 May 2012 10:07:30 +0000 (12:07 +0200)]
selftest: mark ^samba4.raw.session.reauth as flapping
Because the test is wrong...
metze
Andreas Schneider [Mon, 7 May 2012 09:57:34 +0000 (11:57 +0200)]
talloc: Update doxygen config.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon May 7 21:13:15 CEST 2012 on sn-devel-104
Pavel Březina [Mon, 7 May 2012 10:30:44 +0000 (12:30 +0200)]
doc: Remove latex to doxygen conversion leftovers in talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 7 May 2012 09:56:39 +0000 (11:56 +0200)]
doc: Fixes for the talloc best practices tutorial.
Andreas Schneider [Mon, 7 May 2012 09:42:44 +0000 (11:42 +0200)]
doc: Fixes for the talloc debugging tutorial.
Andreas Schneider [Mon, 7 May 2012 09:36:37 +0000 (11:36 +0200)]
doc: Fixes for the talloc pool tutorial.
Andreas Schneider [Mon, 7 May 2012 09:30:06 +0000 (11:30 +0200)]
doc: Fixes for the talloc destructor tutorial.
Andreas Schneider [Mon, 7 May 2012 09:25:50 +0000 (11:25 +0200)]
doc: Fixes for the talloc dynamic type system tutorial.
Andreas Schneider [Mon, 7 May 2012 09:18:26 +0000 (11:18 +0200)]
doc: Fixes for the talloc stealing tutorial.
Andreas Schneider [Mon, 7 May 2012 09:09:56 +0000 (11:09 +0200)]
doc: Fixes for the talloc context tutorial.
Pavel Březina [Sun, 6 May 2012 12:34:48 +0000 (14:34 +0200)]
doc: Add talloc tutorial.
Signed-off-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Mon, 7 May 2012 14:43:17 +0000 (16:43 +0200)]
heimdal: Cope with newer Heimdal versions accepting a keyset argument to
hdb_enctype2key.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon May 7 18:33:10 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:09:28 +0000 (14:09 +0200)]
s3:registry: let reg_values_need_update() return true if the backend does not implement the method
Otherwise the value cache might become outdated.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon May 7 16:11:05 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:08:13 +0000 (14:08 +0200)]
s3:registry: let reg_subkeys_need_update() return true if the backend does not implement the method
Otherwise the subkey cache might become outdated.
Amitay Isaacs [Mon, 7 May 2012 01:46:27 +0000 (11:46 +1000)]
s4-dns: Build BIND DLZ modules with correct private library
This fixes rpath for samdb-common private library after make install.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon May 7 07:40:29 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:31:39 +0000 (09:31 +0200)]
lib/param: add support for "SMB3_00"
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:35:17 +0000 (09:35 +0200)]
s3:smb2_negprot: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:55:59 +0000 (09:55 +0200)]
s4:libcli/smb2: use PROTOCOL_LATEST
metze
Stefan Metzmacher [Sat, 5 May 2012 07:42:28 +0000 (09:42 +0200)]
s3:torture/test_smb2: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:43 +0000 (09:33 +0200)]
libcli/smb/smbXcli: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:38:25 +0000 (09:38 +0200)]
libcli/smb: add #define PROTOCOL_LATEST PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:28:57 +0000 (09:28 +0200)]
libcli/smb: add PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:19 +0000 (09:33 +0200)]
libcli/smb: add SMB3_DIALECT_REVISION_300
metze
Stefan Metzmacher [Thu, 3 May 2012 10:07:11 +0000 (12:07 +0200)]
s3:torture: do some query_info and set_info calls in SMB2-SESSION-REAUTH
metze
Stefan Metzmacher [Thu, 3 May 2012 10:02:55 +0000 (12:02 +0200)]
s3:libsmb: add smb2cli_set_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 07:10:53 +0000 (09:10 +0200)]
s3:libsmb: add smb2cli_query_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_tcon*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_ioctl*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_create*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:04:12 +0000 (12:04 +0200)]
s3:libsmb: remove unused reference to talloc_tos()
metze
Stefan Metzmacher [Thu, 3 May 2012 12:48:57 +0000 (14:48 +0200)]
s3:idmap_cache: change DEBUG message to level 10
metze
Andrew Bartlett [Sun, 6 May 2012 06:41:18 +0000 (16:41 +1000)]
s4-s3-upgrade: Max/min password age policy is in seconds, not days
This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
Matthieu Patou [Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)]
s4-schema: Validate more class attribute when adding a new class in the schema
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
Matthieu Patou [Mon, 16 Apr 2012 04:58:49 +0000 (21:58 -0700)]
s4: use intermediate var, increase lisibility
Matthieu Patou [Sun, 15 Apr 2012 21:02:41 +0000 (14:02 -0700)]
olschema2ldif: be more strict where checking for open/closed braces
Michael Adam [Sat, 5 May 2012 00:12:25 +0000 (02:12 +0200)]
s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend
It simply calls to the regdb functions.
This fixes a caching issue uncovered by recent changes.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat May 5 04:10:43 CEST 2012 on sn-devel-104
Michael Adam [Fri, 4 May 2012 16:01:00 +0000 (18:01 +0200)]
s3:registry: return error when Key does not exist in regdb_fetch_values_internal()
Michael Adam [Fri, 4 May 2012 16:00:15 +0000 (18:00 +0200)]
s3:smbd: comment the lp_load call in reload_services()
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 20:32:37 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Volker Lendecke [Fri, 4 May 2012 12:16:45 +0000 (14:16 +0200)]
s3: Remove an unused extern declaration
Volker Lendecke [Fri, 4 May 2012 12:07:13 +0000 (14:07 +0200)]
s3: Remove an unused parameter from check_parent_access()
Volker Lendecke [Fri, 4 May 2012 12:03:42 +0000 (14:03 +0200)]
s3: In mkdir_internal, don't retrieve parent_dir from check_parent_access
We have already created that ourselves a few lines above
Andreas Schneider [Thu, 3 May 2012 09:28:50 +0000 (11:28 +0200)]
waf: Fix com_err detection with MIT krb5.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri May 4 18:43:05 CEST 2012 on sn-devel-104
Alexander Bokovoy [Thu, 3 May 2012 09:33:42 +0000 (12:33 +0300)]
s4:auth/kerberos: don't do tracing in MIT build
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:40:13 +0000 (21:40 +0300)]
s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:16:01 +0000 (21:16 +0300)]
Avoid using Heimdal-specific tests in MIT build
Alexander Bokovoy [Wed, 2 May 2012 17:59:00 +0000 (20:59 +0300)]
s4:ntvfs: add missing headers to vfs_ipc
vfs_ipc.c had system/kerberos.h and system/filesys.h missing
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Wed, 2 May 2012 17:22:08 +0000 (13:22 -0400)]
Fix direct access to krb5_principal structure
Simo Sorce [Wed, 2 May 2012 16:24:34 +0000 (12:24 -0400)]
auth-session: MIT doesn't have import/export cred yet
For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.
Andreas Schneider [Fri, 27 Apr 2012 18:29:47 +0000 (20:29 +0200)]
s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
Signed-off-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Fri, 27 Apr 2012 14:52:26 +0000 (16:52 +0200)]
krb5samba: Add a smb_krb5_cc_get_lifetime() function.
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Thu, 26 Apr 2012 22:11:09 +0000 (18:11 -0400)]
s4-auth-krb: Make srv_keytab.c build against MIT Kerberos
Simo Sorce [Thu, 26 Apr 2012 22:22:43 +0000 (18:22 -0400)]
krb5samba: Add compat function for krb5_kt_compare
Simo Sorce [Thu, 26 Apr 2012 21:56:38 +0000 (17:56 -0400)]
Fix incompatible assignment warning
Simo Sorce [Thu, 26 Apr 2012 21:21:22 +0000 (17:21 -0400)]
krb5samba: Add compat krb5_make_principal for MIT build
Simo Sorce [Thu, 26 Apr 2012 20:54:42 +0000 (16:54 -0400)]
Fix compiler warning
Simo Sorce [Thu, 26 Apr 2012 20:52:55 +0000 (16:52 -0400)]
s4-auth-krb: Use compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:52:37 +0000 (16:52 -0400)]
krb5samba: Add compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:50:53 +0000 (16:50 -0400)]
s4-auth-krb: Disable code in MIT build
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
Simo Sorce [Thu, 26 Apr 2012 19:05:11 +0000 (15:05 -0400)]
Move keytab_copy to krb5samba lib
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
Simo Sorce [Thu, 26 Apr 2012 19:01:48 +0000 (15:01 -0400)]
Fix keytab_copy to compile with MIT librariues too
Simo Sorce [Thu, 26 Apr 2012 16:50:03 +0000 (12:50 -0400)]
keytab_copy: Fix style, whitespaces
Simo Sorce [Thu, 26 Apr 2012 16:41:25 +0000 (12:41 -0400)]
kerberos_pac: Fix code to work with MIT too
Simo Sorce [Thu, 26 Apr 2012 16:27:05 +0000 (12:27 -0400)]
s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
Simo Sorce [Thu, 26 Apr 2012 16:06:24 +0000 (12:06 -0400)]
Split normal kinit from s4u2 flavored kinit
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
Simo Sorce [Thu, 26 Apr 2012 15:05:51 +0000 (11:05 -0400)]
Move kerberos_kinit_password_cc to krb5samba lib
Simo Sorce [Wed, 25 Apr 2012 21:29:09 +0000 (17:29 -0400)]
Move kerberos_kinit_keyblock_cc to krb5samba lib
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
Simo Sorce [Wed, 25 Apr 2012 14:31:12 +0000 (10:31 -0400)]
krb-init: define out heimdal specific stuff in mitkrb build
Simo Sorce [Wed, 25 Apr 2012 14:19:07 +0000 (10:19 -0400)]
s4-auth-krb: avoid useless condition
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
Simo Sorce [Thu, 3 May 2012 15:38:35 +0000 (11:38 -0400)]
krb5samba: Remove unnecessary include file
Simo Sorce [Wed, 2 May 2012 18:53:45 +0000 (14:53 -0400)]
Fix krb5_samba.c build
Volker Lendecke [Wed, 2 May 2012 09:31:30 +0000 (11:31 +0200)]
s4:torture: add a check for talloc success in test_session_reauth
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 16:50:59 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 4 May 2012 11:01:32 +0000 (13:01 +0200)]
s3: remove some unused code
Volker Lendecke [Fri, 4 May 2012 09:49:24 +0000 (11:49 +0200)]
s3: Fix a typo
Andrew Bartlett [Thu, 3 May 2012 22:47:29 +0000 (08:47 +1000)]
s4-dsdb: Use data_blob_string_const and add explaination for open-coded function in samldb
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 3 May 2012 22:46:57 +0000 (08:46 +1000)]
s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldb
Matthias Dieter Wallnöfer [Thu, 3 May 2012 20:55:06 +0000 (22:55 +0200)]
s4:samldb LDB module - make sure to not add identical "servicePrincipalName"s more than once
The service principal names need to be case-insensitively unique, otherwise we
end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error.
This issue has been discovered on the technical mailing list (thread:
cannot rename windows xp machine in samba4) when trying to rename a AD
client workstation.
Christian Ambach [Thu, 3 May 2012 16:34:32 +0000 (18:34 +0200)]
s3:passdb fix a compiler warning
this one could have caused crashes
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu May 3 23:22:05 CEST 2012 on sn-devel-104
Christian Ambach [Thu, 3 May 2012 16:32:06 +0000 (18:32 +0200)]
s3:vfs fix compiler warning
vfs_default.c:1875:10: warning: no previous prototype for 'vfswrap_audit_file'
Christian Ambach [Thu, 3 May 2012 16:30:38 +0000 (18:30 +0200)]
s3:lib fix compiler warnings
g_lock.c:182:20: warning: no previous prototype for ‘g_lock_lock_send’
g_lock.c:270:10: warning: no previous prototype for ‘g_lock_lock_recv’
Jelmer Vernooij [Thu, 3 May 2012 16:26:35 +0000 (18:26 +0200)]
UTIL_TDB: lowercase name.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
Jelmer Vernooij [Thu, 3 May 2012 14:38:31 +0000 (16:38 +0200)]
libtorture: Improve suggestion to mention torture_assert_*() rather than
torture_result().
Michael Adam [Thu, 3 May 2012 13:35:52 +0000 (15:35 +0200)]
s4:torture: add a new smb2.session.reauth3 test - getting security descriptor
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu May 3 17:38:14 CEST 2012 on sn-devel-104
Jelmer Vernooij [Thu, 3 May 2012 11:42:57 +0000 (13:42 +0200)]
torture: Suggest torture_fail() / torture_result().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu May 3 15:31:06 CEST 2012 on sn-devel-104
Jelmer Vernooij [Thu, 26 Apr 2012 18:08:04 +0000 (20:08 +0200)]
provision: remove reference to no longer existing template files.
Andrew Bartlett [Wed, 2 May 2012 06:44:27 +0000 (16:44 +1000)]
s4-samba-tool: make new samba-tool group listmembers use samAccountName
This is the unique username value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 3 01:57:41 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 2 May 2012 06:05:25 +0000 (16:05 +1000)]
s4-s3upgrade: Force ldapsam:trusted = yes
While this setting is not the default in Samba3, any domain that is
in a suitable condition to upgrade to Samba4 should already be in the
layout that ldapsam:trusted uses. It can be turned off by setting
ldapsam:trusted=false in the smb.conf.
Many upgrades to Samba4 happen on a different host to the old Samba3 domain
and this avoids the need to configure nss_ldap only for the duration of
the upgrade.
Andrew Bartlett
Lukasz Zalewski [Tue, 1 May 2012 20:17:33 +0000 (21:17 +0100)]
Extension to the samba-tool group subcommand functionality to allow listing of the members of an AD group
Andrew Bartlett [Wed, 2 May 2012 03:01:29 +0000 (13:01 +1000)]
s4-s3upgrade: Try harder to get group memberships on upgrade
This fixes an issue where some group types were not upgraded, as we
did not upgrade alias memberships.
It also uses enum_group_memberships() to try and find the memberships
from the other direction, by asking which groups a user is a member
of. As Samba3 (and NT4) does not implement nested groups, this should
be safe.
Andrew Bartlett
Andrew Bartlett [Wed, 2 May 2012 02:57:27 +0000 (12:57 +1000)]
s3-pypassdb: add wrapper for enum_group_memberships
This will be used in samba3upgrade to try and get the group memberships by instead asking
for the groups each user is in. This reverse lookup may be more reliable, as this
is used at login time.
Andrew Bartlett