Jeremy Allison [Mon, 13 Jan 2014 18:20:25 +0000 (10:20 -0800)]
s3:dir - We now pass the previously spinning directory tests on ext4.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 15 11:39:12 CET 2014 on sn-devel-104
Jeremy Allison [Sat, 11 Jan 2014 23:45:48 +0000 (15:45 -0800)]
s3:dir - Introduce a 64-bit directory offset <-> 32 bit wire offset map using memcache.
Should fix the DOS clients against 64-bit smbd's bug.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 21:58:46 +0000 (13:58 -0800)]
s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP.
We will use this in mapping 64-bit directory offset
cookies to a 32-bit counter.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 23:04:38 +0000 (15:04 -0800)]
s3:dir - Map wire offsets to native directory cookies.
Take care of the special offsets.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 22:59:00 +0000 (14:59 -0800)]
s3:dir - Cope with fixed mapping of 'special' values.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 22:56:57 +0000 (14:56 -0800)]
s3: dir - Introduce 32-bit wire versions of the 'special' values.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 22:48:00 +0000 (14:48 -0800)]
s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie.
Make this an identity for now.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Sat, 11 Jan 2014 22:36:17 +0000 (14:36 -0800)]
s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets.
Rename uint32 type to correct uint32_t.
https://bugzilla.samba.org/show_bug.cgi?id=2662
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 10 Jan 2014 12:02:59 +0000 (13:02 +0100)]
smbd: Avoid duplicate debug header lines
This is what gets created in log.smbd: DEBUGLVL generates an empty
header line, CHECK_DEBUGLVL avoids this.
[2014/01/10 12:58:24.971658, 10, pid=2329, effective(1001, 1001), real(0, 0)] ../source3/smbd/smbXsrv_open.c:696(smbXsrv_open_global_store)
[2014/01/10 12:58:24.971690, 10, pid=2329, effective(1001, 1001), real(0, 0)] ../source3/smbd/smbXsrv_open.c:698(smbXsrv_open_global_store)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 04:02:58 CET 2014 on sn-devel-104
Björn Jacke [Tue, 7 Jan 2014 14:57:50 +0000 (15:57 +0100)]
s3: set native os according to Windows and NBT_ANNOUNCE_VERSION defines
When the native os in sessionsetup is "Unix" then broken Konica Minolta
printers refuse to talk to those CIFS servers. Other CIFS servers also announce
themselves with native os Windows. Let's do the same to improve
interoperability with broken devices like those printers from Konica Minolta.
Thanks to Daniel Hoffmann for finding and reporting this Konika printer
brokenness.
https://bugzilla.samba.org/show_bug.cgi?id=10168
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 14 Jan 2014 22:45:06 +0000 (14:45 -0800)]
smbcontrol: fix NUM_CHILDREN message deregister
smbcontrol registers for MSG_SMB_NUM_CHILDREN response messages before
sending a MSG_SMB_TELL_NUM_CHILDREN request.
The same MSG_SMB_NUM_CHILDREN response message should be deregistered.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Mon, 16 Dec 2013 03:51:10 +0000 (16:51 +1300)]
Revert "pam_winbind: fix segfault in pam_sm_authenticate()"
This reverts commit
ec0f51b200d6e5b99bbd872e169621c17f33524c.
A more generic fix is now in use.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104
Garming Sam [Mon, 16 Dec 2013 03:51:04 +0000 (16:51 +1300)]
pam_winbind: Do not honour require_membership_of in the acct module parameters
This needs a password to work, and it confuses users for it to appear to be valid here.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Garming Sam [Mon, 16 Dec 2013 03:50:37 +0000 (16:50 +1300)]
pam_winbind: Fix segfault caused by invalid configuration options
This is a better fix for 8564 and will allow
ec0f51b200d6e5b99bbd872e169621c17f33524c to be reverted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Garming Sam [Wed, 8 Jan 2014 00:28:23 +0000 (13:28 +1300)]
lib/param: fix unix extensions setting to be consistent with s3 and docs
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
Andrew Bartlett [Fri, 10 Jan 2014 01:19:38 +0000 (14:19 +1300)]
ntvfs: Remove CAP_UNIX from the ntvfs file server as it was never finished
Only some of the unix extensions where implemented, but this was enough
to caused the samba3.smbtorture_s3.plain(dc).LARGE_READX to fail when they
are enabled (as is the default in source3/param).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
Garming Sam [Wed, 18 Dec 2013 20:55:44 +0000 (09:55 +1300)]
dfs: always call create_conn_struct with root privileges
This fixes a bug in dfs_samba4 identified by Daniel Müller.
create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.
Calls were made to this function without ever becoming root (notably via setup_dfs_referral)
which resulted in an error and the VFS connect failing. This happens when you have an active
directory domain controller with host msdfs = yes in smb.conf and dfs links in place.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Bjoern Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104
Volker Lendecke [Wed, 8 Jan 2014 15:32:39 +0000 (16:32 +0100)]
messaging: Fix a memleak (master only..)
Immediate tevents don't free themselves as timed events do :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 01:20:04 CET 2014 on sn-devel-104
Volker Lendecke [Wed, 8 Jan 2014 15:15:27 +0000 (16:15 +0100)]
messaging: Use talloc_pooled_object
... not as a speed improvement, it saves the second NULL check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 Jan 2014 15:13:11 +0000 (16:13 +0100)]
messaging: Move the self-send logic out of messaging_tdb
This is not specific to tdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 8 Jan 2014 09:32:37 +0000 (09:32 +0000)]
messaging: Fix a memleak with clustering
We have to properly throw away unexpected messages that came in via ctdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 9 Jan 2014 14:20:21 +0000 (15:20 +0100)]
s3-passdb: Fix string duplication to pointers.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 9 22:35:25 CET 2014 on sn-devel-104
Andreas Schneider [Thu, 9 Jan 2014 14:12:24 +0000 (15:12 +0100)]
wbinfo: Fix a memory leak in wbinfo_ping_dc().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 9 Jan 2014 14:06:14 +0000 (15:06 +0100)]
s3-libads: Fix memory leaks in ads_build_path().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Andreas Schneider [Thu, 9 Jan 2014 13:50:18 +0000 (14:50 +0100)]
lib: Fix strict-aliasing warning in md5 code.
If the compiler detects strict aliasing problems it isn't able to
optimize the code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Volker Lendecke [Tue, 3 Dec 2013 15:01:35 +0000 (16:01 +0100)]
group_mapping: Avoid a talloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 9 20:41:15 CET 2014 on sn-devel-104
Matthias Dieter Wallnöfer [Wed, 8 Jan 2014 14:42:50 +0000 (15:42 +0100)]
samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4
http://www.python.org/doc//current/c-api/none.html
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104
Christof Schmitt [Tue, 7 Jan 2014 18:55:46 +0000 (11:55 -0700)]
s3: Avoid oplock break by storing timestamps with gpfs_set_times
The gpfs_set_times API call allows setting timestamps directly in GPFS
without going through the utime() call. Using this API call fixes an
unecessary oplock break when a client sends a SET_FILE_ALLOCATION_INFO
request and no other client has opened the file. The call to utime()
triggers the oplock break through the Linux kernel. Using the
gpfs_set_times call for updating the timestamp avoids the call to
utime() and the oplock break.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Jan 9 00:04:48 CET 2014 on sn-devel-104
Jeremy Allison [Mon, 6 Jan 2014 23:22:59 +0000 (15:22 -0800)]
s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().
Ensure it only gets called when a new domain is allocated
and added to the list.
This should fix problems with the previous logic where
setup_domain_child() was called in places where an existing
domain was returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
Jeremy Allison [Mon, 6 Jan 2014 23:15:37 +0000 (15:15 -0800)]
s3: winbindd: Move the logic of whether to set 'domain->primary' into add_trusted_domain().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Stefan Metzmacher [Wed, 8 Jan 2014 09:57:44 +0000 (10:57 +0100)]
s4:rpc_server: remember the hdr_signing negotiation result in dcesrv_auth
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 8 18:37:22 CET 2014 on sn-devel-104
Stefan Metzmacher [Wed, 8 Jan 2014 09:57:19 +0000 (10:57 +0100)]
s4:rpc_server: use talloc_zero for struct dcesrv_connection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 8 Jan 2014 09:52:51 +0000 (10:52 +0100)]
s4:rpc_server: remove unused DCESRV_CALL_STATE_FLAG_HEADER_SIGNING
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Gregor Beck [Mon, 6 Jan 2014 10:19:04 +0000 (11:19 +0100)]
ndrdump: dump verification trailer
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Gregor Beck [Thu, 2 Jan 2014 14:30:52 +0000 (15:30 +0100)]
librpc/ndr: add ndr_pop_dcerpc_sec_verification_trailer()
This extracts the dcerpc_sec_verification_trailer from the end
of an ndr_pull structure, it found it reduces ndr->data_size.
NDR_ERR_ALLOC is the only possible error, all other errors
are ignored and a trailer with command count = 0 is returned.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Aug 2013 07:48:06 +0000 (09:48 +0200)]
librpc/rpc: simplify tevent_req_nterror() usage in binding_handle.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 8 Jan 2014 11:04:22 +0000 (12:04 +0100)]
libcli/auth: fix usage of an uninitialized variable in netlogon_creds_cli_check_caps()
If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Björn Jacke [Tue, 7 Jan 2014 14:55:57 +0000 (15:55 +0100)]
crypto: fix build on OS X
we also need to use the CC_MD5_CTX from CommonCrypto here instead of the MD5_CTX
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 8 08:12:29 CET 2014 on sn-devel-104
Björn Jacke [Tue, 7 Jan 2014 14:55:56 +0000 (15:55 +0100)]
build: test the generic md5 function after importing it from hashlib
otherwise we used the one from md5 which lead to the following warning on SerNet-imini:
the md5 module is deprecated; use hashlib instead import md5
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Günther Deschner [Thu, 19 Dec 2013 21:23:44 +0000 (22:23 +0100)]
libgpo: apply some const.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 7 18:52:42 CET 2014 on sn-devel-104
Günther Deschner [Fri, 20 Dec 2013 16:23:22 +0000 (17:23 +0100)]
libgpo: when running in verbose mode, printout the parsed PReg file.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 20 Dec 2013 16:22:23 +0000 (17:22 +0100)]
libgpo: only use libgpo/gpext/gpext.h where really needed.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 16:29:10 +0000 (17:29 +0100)]
libgpo: allow to pass down a list of deleted GPOs in gpo_process_gpo_list().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 16:28:35 +0000 (17:28 +0100)]
libgpo: remove some unused code and remove that important FIXME note.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 16:26:59 +0000 (17:26 +0100)]
libgpo: directly call gpext_process_extension() from gpo_process_gpo_list.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 16:25:37 +0000 (17:25 +0100)]
libgpo: implement CSE filtering in gpext_process_extension().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 15:12:13 +0000 (16:12 +0100)]
libgpo: remove gpext_process_gpo_list_with_extension in favor of gpext_process_extension.
gpext_preocess_extension properly deals with GPO lists now.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 13:34:53 +0000 (14:34 +0100)]
libgpo: remove extension_guid and snapin_guid (the tool guid) from the process callback.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 18:33:28 +0000 (19:33 +0100)]
libgpo: allow to pass down deleted and changed gpo list to CSE plugins.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 18:59:09 +0000 (19:59 +0100)]
libgpo/gpext: add new gpext_check_gpo_for_gpext_presence() helper function.
It will be used to inspect single members of a gpo list for the presence of a CSE guid.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 12:27:45 +0000 (13:27 +0100)]
libgpo: add gpo_copy().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 19:02:58 +0000 (20:02 +0100)]
libgpo: make gpo_get_gp_ext_from_gpo public.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 16:59:38 +0000 (17:59 +0100)]
libgpo: make gpo_process_a_gpo() static to the util code.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 15:29:36 +0000 (16:29 +0100)]
libgpo: remove unused gp_registry_entry2 struct.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 14:45:58 +0000 (15:45 +0100)]
libgpo: remove ads reference from dump calls and make them take const structs.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 14:43:23 +0000 (15:43 +0100)]
libgpo: prefix some more calls with gpext_.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Wed, 18 Dec 2013 14:24:17 +0000 (15:24 +0100)]
libgpo: rename debug_gpext_header to gpext_debug_header.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 21:22:39 +0000 (22:22 +0100)]
libgpo/CSE/scripts: fix a build warning.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 19 Dec 2013 20:29:32 +0000 (21:29 +0100)]
s3-registry: fix typo in DEBUG statement.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 6 Dec 2013 11:08:50 +0000 (12:08 +0100)]
s4:netlogon: implement "allow nt4 crypto" and "reject md5 clients" features.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 7 16:53:31 CET 2014 on sn-devel-104
Stefan Metzmacher [Mon, 23 Dec 2013 09:10:17 +0000 (10:10 +0100)]
s4:netlogon: don't generate a debug message for SEC_CHAN_NULL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 23 Dec 2013 09:12:24 +0000 (10:12 +0100)]
s4:netlogon: correctly calculate the negotiate_flags
We need to bit-wise AND the client and server flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 6 Dec 2013 12:41:43 +0000 (13:41 +0100)]
selftest/Samba4: use "allow nt4 crypto = yes" for testing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 6 Dec 2013 10:39:15 +0000 (11:39 +0100)]
lib/param: add "reject md5 client" option, defaulting to false
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 6 Dec 2013 10:38:21 +0000 (11:38 +0100)]
lib/param: add "allow nt4 crypto" option, defaulting to false
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 17 Oct 2013 17:17:12 +0000 (19:17 +0200)]
libcli/auth: remove unused netlogon_creds_cli_context_copy()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:25:27 +0000 (19:25 +0200)]
s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:23:54 +0000 (19:23 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:23:18 +0000 (19:23 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_sam_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 6 Sep 2013 11:06:53 +0000 (13:06 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_setup_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 6 Sep 2013 11:54:30 +0000 (13:54 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 18:53:51 +0000 (20:53 +0200)]
s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible
It expects a messaging_context now
and returns a netlogon_creds_cli_context.
This way we can finally avoid having a rpc_pipe_client->netlogon_creds.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 22:56:15 +0000 (00:56 +0200)]
s3:winbindd: make use of rpccli_netlogon_network_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 22:48:31 +0000 (00:48 +0200)]
s3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 22:46:09 +0000 (00:46 +0200)]
s3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmd
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 29 Nov 2013 01:45:20 +0000 (14:45 +1300)]
s3:rpcclient: give errors and clean up correctly after failing to obtain secret
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 18:51:25 +0000 (20:51 +0200)]
s3:rpcclient: make use of rpccli_{create,setup}_netlogon_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:19:39 +0000 (19:19 +0200)]
s3:libnet: pass in struct netlogon_creds_cli_context from the caller.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:39:52 +0000 (18:39 +0200)]
s3:libsmb: remove unused trust_pw_find_change_and_store_it()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:37:34 +0000 (18:37 +0200)]
s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:36:43 +0000 (18:36 +0200)]
s3:winbindd: make use of trust_pw_change() for periodic password changes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:35:39 +0000 (18:35 +0200)]
s3:winbindd: use invalidate_cm_connection() to kill the netlogon connection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:34:48 +0000 (18:34 +0200)]
s3:net_rpc: make use of trust_pw_change()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:33:51 +0000 (18:33 +0200)]
s3:rpcclient: make use of trust_pw_change()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 15 Sep 2013 11:19:52 +0000 (13:19 +0200)]
s3:libsmb: add trust_pw_change()
This protects the password change using a domain specific g_lock,
so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret'
even on multiple cluster nodes doesn't race anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:59:11 +0000 (19:59 +0200)]
s3:net_rpc: add net_context->netlogon_creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 17:00:22 +0000 (19:00 +0200)]
s3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:57:09 +0000 (18:57 +0200)]
s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from cmd_netlogon_database_redo()
rpccli_netlogon_setup_creds() is already called in the main do_cmd()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:29:30 +0000 (18:29 +0200)]
s3:rpcclient: add rpcclient_netlogon_creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 16 Sep 2013 16:24:44 +0000 (18:24 +0200)]
s3:rpcclient: add rpcclient_msg_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Sep 2013 08:06:41 +0000 (10:06 +0200)]
s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schannel()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 5 Sep 2013 18:57:02 +0000 (20:57 +0200)]
s3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_unsecure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 2 Sep 2013 17:32:23 +0000 (19:32 +0200)]
s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 27 Aug 2013 13:02:26 +0000 (15:02 +0200)]
s3:auth_domain: make use of rpccli_netlogon_network_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 27 Aug 2013 13:01:10 +0000 (15:01 +0200)]
s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 27 Aug 2013 11:07:45 +0000 (13:07 +0200)]
s3:auth_domain: simplify connect_to_domain_password_server()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 7 Aug 2013 09:32:44 +0000 (11:32 +0200)]
s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 17 Dec 2013 19:06:14 +0000 (20:06 +0100)]
s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parent
This opens the CLEAR_IF_FIRST tdb in the long living parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 27 Aug 2013 12:56:06 +0000 (14:56 +0200)]
s3:rpc_client: add rpccli_netlogon_password_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 27 Aug 2013 12:36:24 +0000 (14:36 +0200)]
s3:rpc_client: add rpccli_netlogon_network_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>