Stefan Metzmacher [Sun, 15 Mar 2015 22:06:47 +0000 (23:06 +0100)]
selftest: use server_maxtime = 9000 by default
With something like this:
samba.stdout:
[1730(16549)/1735 at 2h9m58s] samba4.blackbox.dbcheck(dc)
ERROR: Testsuite[samba4.blackbox.dbcheck(dc)]
REASON: unable to set up environment dc:local - exiting
samba.stderr:
samba: maximum runtime exceeded - terminating at
1426447450, current ts:
1426447450
samba child process 653 exited with value 0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Steve Howells [Sat, 31 Jan 2015 16:09:17 +0000 (16:09 +0000)]
s4.2/fsmo.py: fixed fsmo transfer exception
In transfer_role() there is an duplicate call to samdb.modify() inside the if statement
where the type of role is being determined (specifically for the naming fsmo). This
call is unnecessary as after the if statement their is a correct call, with a try/catch
block, used by all fsmo transfers that will handle errors - such as the DC with the
fsmo role being offline.
The call to samdb.modify() inside the if statement for naming fsmo has been removed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10924
Signed-off-by: Steve Howells <steve.howells@moscowfirst.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Mar 2015 13:39:10 +0000 (14:39 +0100)]
s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors
The 'nt_status' variable is set to NT_STATUS_OK before.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11164
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Günther Deschner [Wed, 11 Mar 2015 09:37:00 +0000 (10:37 +0100)]
librpc: use the correct "MSServerClusterMgmtAPI" auth service for clusapi.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Mar 14 02:36:33 CET 2015 on sn-devel-104
Günther Deschner [Tue, 10 Mar 2015 09:51:39 +0000 (10:51 +0100)]
s4-torture: establish a torture_clusapi_context to make it easier to keep state
between tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 19:15:25 +0000 (20:15 +0100)]
librpc: add ncacn_ip_tcp: endpoint to clusapi.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 19:02:44 +0000 (20:02 +0100)]
pidl: align s4 dcesrv template generation with coding standards.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 21 Jan 2013 17:42:45 +0000 (18:42 +0100)]
pidl: add --template3 option to generate s3 server stubs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 08:26:25 +0000 (09:26 +0100)]
s4-torture: add testing for clusapi Registry.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 23:28:53 +0000 (00:28 +0100)]
s4-torture: add testing for clusapi NetInterfaces.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 23:08:20 +0000 (00:08 +0100)]
s4-torture: add testing for clusapi Networks.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 23:06:25 +0000 (00:06 +0100)]
s4-torture: add tests for clusapi_BackupClusterDatabase and clusapi_SetServiceAccountPassword.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 23:05:09 +0000 (00:05 +0100)]
s4-torture: test all available groups on the cluster.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 22:54:43 +0000 (23:54 +0100)]
s4-torture: test all available nodes on the cluster.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 22:52:41 +0000 (23:52 +0100)]
s4-torture: pass down node name down to clusapi_OpenNode.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 22:51:41 +0000 (23:51 +0100)]
s4-torture: add test for clusapi_OpenGroupEx.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 22:50:00 +0000 (23:50 +0100)]
s4-torture: pass down group name down to clusapi_OpenGroup.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 22:43:40 +0000 (23:43 +0100)]
s4-torture: add test for clusapi_OpenResourceEx.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 20:31:17 +0000 (21:31 +0100)]
s4-torture: add test for clusapi_OpenClusterEx.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 19:06:50 +0000 (20:06 +0100)]
librpc: add clusapi_DesiredAccessMask to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 15:49:02 +0000 (16:49 +0100)]
s4-torture: test all available resources on the cluster.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 15:39:37 +0000 (16:39 +0100)]
s4-torture: pass down resource name down to clusapi_OpenResource.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 11:06:46 +0000 (12:06 +0100)]
librpc: add clusapi_ClusterNetworkState and clusapi_ClusterNetInterfaceState.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 11:06:05 +0000 (12:06 +0100)]
s4-torture: add more cluster group tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 11:04:54 +0000 (12:04 +0100)]
s4-torture: add test for clusapi_SetResourceName.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 11:04:02 +0000 (12:04 +0100)]
clusapi: add clusapi_CreateResourceFlags to IDL and torture test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 5 Mar 2015 10:42:30 +0000 (11:42 +0100)]
librpc: add clusapi_ClusterGroupState enum to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 14:34:29 +0000 (15:34 +0100)]
s4-torture: fix clusapi_SetClusterName test by re-setting existing cluster name.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 14:33:45 +0000 (15:33 +0100)]
s4-torture: use clusapi_ClusterNodeState enum in torture test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 14:31:25 +0000 (15:31 +0100)]
librpc: add clusapi_ClusterNodeState enum to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 14:28:32 +0000 (15:28 +0100)]
s4-torture: use clusapi_ClusterResourceState enum in torture test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 14:27:46 +0000 (15:27 +0100)]
librpc: add clusapi_ClusterResourceState enum to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:53:13 +0000 (13:53 +0100)]
s4-torture: use a specific resource clusapi testcase.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:52:46 +0000 (13:52 +0100)]
s4-torture: rename clusapi testcase to cluster testcase.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:51:34 +0000 (13:51 +0100)]
s4-torture: use a real cluster group handle in cluster resource tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:50:45 +0000 (13:50 +0100)]
s4-torture: add tests for clusapi_OpenGroup and clusapi_CloseGroup.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:49:13 +0000 (13:49 +0100)]
s4-torture: add tests for cluster nodes.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 4 Mar 2015 08:45:56 +0000 (09:45 +0100)]
s4-torture: add test for clusapi_CreateResEnum.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Tue, 3 Mar 2015 17:00:55 +0000 (18:00 +0100)]
s4-torture: add test for clusapi_GetClusterVersion2().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 2 Mar 2015 19:52:59 +0000 (20:52 +0100)]
librpc: use WERROR in the clusapi interface.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:34:44 +0000 (13:34 +0100)]
s4-torture: add tests for cluster resources.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 12:25:24 +0000 (13:25 +0100)]
s4-torture: add test for clusapi_CreateEnum.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 27 Feb 2015 16:45:02 +0000 (17:45 +0100)]
s4-torture: add tests for ClusterName and ClusterVersion.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Feb 2015 22:03:36 +0000 (23:03 +0100)]
s4-torture: add clusapi torture test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Feb 2015 14:36:47 +0000 (15:36 +0100)]
clusapi: use ClusterEnumType.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Feb 2015 14:19:10 +0000 (15:19 +0100)]
clusapi: add more enums to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Thu, 26 Feb 2015 11:57:53 +0000 (12:57 +0100)]
s3-rpcclient: add very basic clusapi client.
Note that you need to call rpcclient with ncacn_ip_tcp:$target[sign,seal],
otherwise clusapi will not allow success.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 25 Feb 2015 09:15:25 +0000 (10:15 +0100)]
librpc: build clusapi.idl
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Wed, 25 Feb 2015 09:10:38 +0000 (10:10 +0100)]
librpc: add clusapi idl version 3.0.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:47:02 +0000 (15:47 +0200)]
pidl/python: support HRESULT errors in generated python bindings.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:46:05 +0000 (15:46 +0200)]
pidl: support HRESULT in pidl.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:40:40 +0000 (15:40 +0200)]
librpc/ndr: add ndr_{pull|push|print}_HRESULT and release new 0.0.5 ABI.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 7 Apr 2014 13:46:32 +0000 (15:46 +0200)]
lib/util: globally include herrors in error.h
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:44:19 +0000 (17:44 +0100)]
libcli/util/hresult: add generated hresult_errstr() function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:42:06 +0000 (17:42 +0100)]
s4-scripting: generate a hresult_errstr() function.
Equivalent to the nt_errstr(), win_errstr(), etc. function.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:41:06 +0000 (17:41 +0100)]
libcli/util/hresult: re-generate hresult.c.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:39:46 +0000 (17:39 +0100)]
s4-scripting: add string representation of error code define to generated table.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 6 Mar 2015 16:36:33 +0000 (17:36 +0100)]
s4-scripting: fix hresult generator python script indentation.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:20:05 +0000 (14:20 +0000)]
ctdb: Fix CID
1125613 Destination buffer too small
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 13 19:14:20 CET 2015 on sn-devel-104
Volker Lendecke [Fri, 13 Mar 2015 14:16:17 +0000 (14:16 +0000)]
ctdb: Introduce a helper var in ctdb_get_script_list
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:12:41 +0000 (14:12 +0000)]
ctdb: Fix memleak in ctdb_get_script_list
scandir allocates every name individually, see example code in susv4 or man
scandir
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:11:20 +0000 (14:11 +0000)]
ctdb: Make for-loop in ctdb_get_script_list more idiomatic
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 13 Mar 2015 14:01:25 +0000 (14:01 +0000)]
ctdb: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Thu, 12 Mar 2015 21:12:43 +0000 (22:12 +0100)]
replace: Remove superfluous check for gcrypt header.
We only need to check for the header if we need gnutls with gcrypt
support.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104
Andrew Bartlett [Thu, 12 Mar 2015 04:05:50 +0000 (17:05 +1300)]
backupkey: Explicitly link to gnutls and gcrypt
The gcrypt link will be disabled if gnutls is > 3.0.0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 12 Mar 2015 04:01:05 +0000 (17:01 +1300)]
lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
We no longer link against gcrypt if gnutls > 3.0.0 is found, as these
versions use libnettle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 11 Mar 2015 15:39:05 +0000 (16:39 +0100)]
s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.
Otherwise Windows fails to create a forest trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 12 19:49:33 CET 2015 on sn-devel-104
Stefan Metzmacher [Wed, 28 Jan 2015 10:02:54 +0000 (10:02 +0000)]
s4:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
If there're no collisions we should not fill the collision_info pointer.
Otherwise Windows fails to create a forest trust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 11 Mar 2015 11:09:42 +0000 (12:09 +0100)]
s4-torture: add ndr test for lsa_lsaRQueryForestTrustInformation().
Thanks to Alexander for providing the binary blobs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 4 Feb 2015 18:00:44 +0000 (18:00 +0000)]
drsblobs.idl: improve idl for ForestTrustInfoRecord*
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 4 Feb 2015 18:00:44 +0000 (18:00 +0000)]
lsa.idl: improve idl for lsa_ForestTrust*Record*
The meaning of lsa_ForestTrustRecordFlags is based lsa_ForestTrustRecordType,
but the type is not always available so it's not possible to use an union.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 08:01:58 +0000 (08:01 +0000)]
lsa.idl: use 'boolean8 check_only' instead of 'uint8 check_only'
This is only a cosmetic change to make the idl more verbose,
the resulting C code will still use 'uint8_t'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 08:01:58 +0000 (08:01 +0000)]
lsa.idl: fix idl for lsa_ForestTrustRecordType
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 22:14:38 +0000 (23:14 +0100)]
security.idl: add KERB_ENCTYPE_{FAST_SUPPORTED,COMPOUND_IDENTITY_SUPPORTED,CLAIMS_SUPPORTED,RESOURCE_SID_COMPRESSION_DISABLED}
These are not encryption types, but flags for specific kerberos features.
See [MS-KILE] 2.2.6 Supported Encryption Types Bit Flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 2 Feb 2015 22:14:38 +0000 (23:14 +0100)]
netlogon.idl: remove netr_SupportedEncTypes and use kerb_EncTypes instead
These are the same.
We keep the old defines arround in order to avoid a lot of changes
in the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 18 Dec 2012 14:27:06 +0000 (15:27 +0100)]
netlogon.idl: netr_ServerPasswordGet returns NTSTATUS not WERROR.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Mar 2015 12:18:38 +0000 (13:18 +0100)]
netlogon.idl: improve idl for netr_ServerTrustPasswordsGet()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 6 Mar 2015 17:07:15 +0000 (18:07 +0100)]
ldb-samba: implement --show-binary for msDS-RevealedUsers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Mar 2015 15:21:18 +0000 (16:21 +0100)]
drsblobs.idl: make replPropertyMetaData1 public
This is used as binary data for the msDS-RevealedUsers attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 27 Jan 2015 21:46:06 +0000 (21:46 +0000)]
s4:py_net: make domain and address fully optional to py_net_finddc
E.g. address=None is now also possible.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 26 Jan 2015 15:02:20 +0000 (16:02 +0100)]
s4:librpc: add auth_type=ncalrpc_as_system as binding option
In future we may want another way to trigger this,
but our current rpc libraries need a lot of cleanup before.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 31 Jan 2015 10:42:09 +0000 (10:42 +0000)]
s4:trust_utils: store new trust/machine passwords before trying it remotely.
If this fails we can still fallback to the old password...
Before trying the password change we verify the dc knows our current password.
This should make the password changes much more robust.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 3 Feb 2015 15:22:25 +0000 (16:22 +0100)]
s3:winbindd: make open_internal_lsa_conn() non static
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 11 Feb 2015 14:05:55 +0000 (15:05 +0100)]
s3:winbindd_cm: improve detection for the anonymous fallback.
If the kinit results in NT_STATUS_NO_LOGON_SERVERS, we should fallback,
if allowed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 09:26:23 +0000 (09:26 +0000)]
s3:pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 5 Feb 2015 10:07:46 +0000 (10:07 +0000)]
s3:pdb_samba_dsdb: return the domain sid in pdb_samba_dsdb_get_trusteddom_pw()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:53:40 +0000 (16:53 +0000)]
s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 10:33:05 +0000 (11:33 +0100)]
s3:rpc_client: remove unused cli_rpc_pipe_open_schannel_with_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 10:29:49 +0000 (11:29 +0100)]
s3:libnet: use cli_credentials based functions in libnet_join_ok()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:52:45 +0000 (09:52 +0100)]
s3:auth_domain: make use of cli_rpc_pipe_open_schannel()
This simplifies a lot and allows the previous password to be used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 09:33:01 +0000 (10:33 +0100)]
s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
return values of connect_to_domain_password_server() need to be exported
to the callers memory context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:25:35 +0000 (09:25 +0100)]
s3:rpcclient: make use of rpccli_[create|setup]_netlogon_creds_with_creds()
This passing struct cli_credentials allows the usage of the previous password.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 09:05:37 +0000 (10:05 +0100)]
s3:rpc_client: handle !NETLOGON_NEG_AUTHENTICATED_RPC in cli_rpc_pipe_open_schannel()
This is only allowed with special config options ("client schannel = no",
"require strong key = no" and "reject md5 servers = no").
By default we require NETLOGON_NEG_AUTHENTICATED_RPC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:34:45 +0000 (09:34 +0100)]
s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()
This simplifies the code and allows the previous password to be passed
through the stack.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:49:16 +0000 (09:49 +0100)]
s3:rpc_client: remove unused auth_level paramter of cli_rpc_pipe_open_schannel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:54:06 +0000 (16:54 +0000)]
s3:cli_netlogon: cli_credentials_get_old_nt_hash() in rpccli_setup_netlogon_creds_with_creds()
This way we'll fallback to use the previous machine/trust account password
if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 16:20:27 +0000 (16:20 +0000)]
auth/credentials: add cli_credentials_set_old_utf16_password()
This is required to set the previous trust account password.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:04:42 +0000 (09:04 +0100)]
auth/credentials: add cli_credentials_[g|s]et_old_nt_hash()
The machine and trust accounts it's important to retry
netr_Authenticate3() with the previous (old) nt_hash.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 9 Feb 2015 08:06:32 +0000 (09:06 +0100)]
auth/credentials: add a missing talloc check to cli_credentials_set_nt_hash()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 21 Jan 2015 13:44:44 +0000 (14:44 +0100)]
s4:pydsdb: add DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>