Michael Adam [Mon, 22 Dec 2014 11:48:44 +0000 (12:48 +0100)]
ADD TODO.build
Thomas Nagy [Mon, 16 Sep 2013 22:00:40 +0000 (00:00 +0200)]
backported the openbsd fixes from waf 1.7
Michael Adam [Mon, 22 Dec 2014 10:30:21 +0000 (11:30 +0100)]
wafsamba: remove commented out code.
This code has only ever been there as commented out...
Signed-off-by: Michael Adam <obnox@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 22 Dec 2014 10:27:40 +0000 (11:27 +0100)]
Revert "waf: added suncc_wrap"
This reverts commit
65743f932b511db009655847e77288c95c0aa525.
Conflicts:
buildtools/wafsamba/samba_optimisation.py
Stefan Metzmacher [Fri, 19 Dec 2014 12:10:30 +0000 (13:10 +0100)]
wafsamba: generate an empty.c file if a SAMBA_{LIBRARY,SUBSYSTEM} doesn't have any source files
This is better than passing '-' as filename to the compiler/linker.
This replaces commit
65743f932b511db009655847e77288c95c0aa525.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9334
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10315
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 22 Dec 2014 10:06:41 +0000 (11:06 +0100)]
SQ2
Michael Adam [Mon, 22 Dec 2014 10:02:16 +0000 (11:02 +0100)]
SQ
Ralph Boehme [Fri, 19 Dec 2014 08:05:33 +0000 (09:05 +0100)]
wafsamba: flags from enviroment are put before our own internal versions
Ensure user provided CPPFLAGS and LDFLAGS are put *behind* our
internally computed compiler and linker flags.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10877
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 20:36:07 +0000 (21:36 +0100)]
wafsamba: STANDARD_LIBPATH...
Michael Adam [Mon, 22 Dec 2014 09:38:37 +0000 (10:38 +0100)]
TODO wafsamba: fix treatment of rpath-linkflags
Stefan Metzmacher [Thu, 18 Dec 2014 17:09:15 +0000 (18:09 +0100)]
wafsamba: fix ordering problems with lib-provided and internal RPATHs
When a library or system (like cups) provides an RPATH,
e.g. with -Wl,-R or -Wl,-rpath, this was added by waf
to the LINKFLAGS, wich was later prepended to our RPATH.
But if the path by chance contains an older version of
one of our internal libraries like talloc, this would lead
to linking the too old talloc into our binaries.
This has been observed on, e.g., FreeBSD, but it is a general
problem.
This patch fixes the problem by specially parsing the RPATH
linker options from the pkg-config(, cups-config, ....) output
and putting the paths into the RPATH_<lib> container, which
is then later correctly appended to our internal RPATH.
This is a better fix than commit
64f5e24100a764ec198cab9a8d2c43fa86e7027c
as it touches wafsamba only. We can revert
64f5e24100a764ec198cab9a8d2c43fa86e7027c in the following commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10548
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 18 Dec 2014 22:22:25 +0000 (23:22 +0100)]
Revert "TMP: autobuild: build samba-ctdb-target with -j"
This reverts commit
45d0d04d014acd6048c24b9ac02872103aa3013e.
Michael Adam [Thu, 18 Dec 2014 22:22:10 +0000 (23:22 +0100)]
Revert "TODO: build: fix issue with standard libpaths introduced by cups-config and friends"
This reverts commit
85ade6d617218e7465a2ceb317570e11f1e9996b.
Michael Adam [Thu, 18 Dec 2014 22:22:07 +0000 (23:22 +0100)]
Revert "TODO: build ... libpath ..."
This reverts commit
abfd878e0ddee4afbc33e5217d86f303c89e2804.
Michael Adam [Sun, 30 Nov 2014 20:25:01 +0000 (21:25 +0100)]
TODO: build ... libpath ...
Michael Adam [Wed, 11 Jun 2014 13:49:33 +0000 (15:49 +0200)]
TODO: build: fix issue with standard libpaths introduced by cups-config and friends
Problem:
Some tools like cups-config and python-config list system standard library
paths with -L in the ldflags.
Since these flags are in treated as flags required by libraries
and not as standard flags, this can lead to situations where
configure correctly detects a version of a library (e.g. talloc)
as installed into a special location, but the link process fails
because the unsupported old version of the library is found first
in the library path reported by foo-config.
See e.g.:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10515
Solution:
The solution of this patch is to filter out the standard
library paths. The difficulty here is that the list of standard
paths varies between the systems. This patch calls "${CC} -print-search-dirs"
to get this list, which is supported at least by gcc and clang.
TODOS:
- is_standard_libpath() : correct place in ccroot.py ??
- can/should we do it in wafsamba only?
Michael Adam [Mon, 27 Oct 2014 16:03:10 +0000 (17:03 +0100)]
TMP: autobuild: build samba-ctdb-target with -j
Michael Adam [Wed, 20 Aug 2014 16:47:34 +0000 (18:47 +0200)]
TODO: script: add test-loop.sh: loop over make test TESTS=<pat> until failure occurs
call:
TESTS="pattern" ./test-loop.sh
Andrew Bartlett [Fri, 19 Dec 2014 02:14:22 +0000 (15:14 +1300)]
dns.py: Always remove the test zone in tearDown()
Change-Id: Ic6d6c51579f8859b4e396179123974382c253bf7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 08:21:22 CET 2014 on sn-devel-104
Andrew Bartlett [Fri, 19 Dec 2014 01:42:08 +0000 (14:42 +1300)]
dsdb: Ignore errors from search in dns_notify module
This ensures the error messages are unchanged
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 01:41:40 +0000 (14:41 +1300)]
dsdb: Use a fixed set of attributes in search in dns_notify module
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 01:40:28 +0000 (14:40 +1300)]
dsdb: Use ldb_attr_cmp() for comparing objectclass names
This is the same as strcasecmp, but it is best to remain consistent.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 16 Dec 2014 17:04:13 +0000 (18:04 +0100)]
dns.py: Test dns server reload zones from DSDB when are created or deleted
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Tue, 16 Dec 2014 09:58:50 +0000 (10:58 +0100)]
s4-dns: Reload DNS zones from dsdb when zones are modified through RPC or DRS
Setup a RPC management call on the internal DNS server triggered a new LDB
module which sniffs dnsZone object add, delete and modify operations. This
way the notification is triggered when zones are modified either from RPC or
replicated by inbound DRS.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(shadowed variable error corrected by abartlet)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 19 Dec 2014 01:58:01 +0000 (14:58 +1300)]
selftest: Run samba.tests.dns in :local environment so it can access credentials
This allows it to access the machine account, and use that to modify the DNS zones
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 03:02:40 +0000 (16:02 +1300)]
lib/ldb-samba: Add comment dicouraging use of schemaUpgradeInProgress
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 02:42:42 CET 2014 on sn-devel-104
Andrew Bartlett [Fri, 19 Dec 2014 02:46:30 +0000 (15:46 +1300)]
dsdb: Only parse SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL as a DN
This avoids trying to parse some other rule, like bitwise and, that may be applied to this attribute
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Mon, 10 Nov 2014 15:06:45 +0000 (16:06 +0100)]
s4:dsdb: Fix not freed temp memory context
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Mon, 27 Oct 2014 17:21:04 +0000 (18:21 +0100)]
ldb-samba-tests: Add tests for transitive matching rule
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Fri, 24 Oct 2014 15:52:47 +0000 (17:52 +0200)]
ldb-samba: Implement transitive extended matching
Documented in [MS-ADTS] section 3.1.1.3.4.4.3 LDAP_MATCHING_RULE_TRANSITIVE_EVAL
This allows a search filter such as:
member:1.2.840.113556.1.4.1941:=cn=user,cn=users,dc=samba,dc=example,dc=com
This searches not only the member attribute, but also any member
attributes that point at an object with this member in them. All the
various DN syntax types are supported, not just plain DNs.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
(abartlet: Fixed compile error: return makes integer from pointer without a cast)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Thu, 23 Oct 2014 14:47:07 +0000 (16:47 +0200)]
dsdb: Define syntax access point oid string as a macro
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 19 Dec 2014 02:25:03 +0000 (15:25 +1300)]
ldb: bump to version 1.1.19
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Samuel Cabrero [Wed, 5 Nov 2014 10:02:25 +0000 (11:02 +0100)]
ldb: Allow to register extended match rules
This allows to extend LDB by registering extended match rules from outside
the library itself. This is necessary when the implementation requires
knowledge about syntaxes implemented in samba extensions, like the
LDAP_MATCHING_RULE_TRANSITIVE_EVAL match.
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Singed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 19 Dec 2014 02:39:59 +0000 (15:39 +1300)]
dsdb: Improve code clarity for ldb_extended_dn_in_openldap mode
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 28 Oct 2014 10:53:01 +0000 (11:53 +0100)]
s4:dsdb/extended_dn_in: Fix DNs and filter expressions in extended match ops
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Wed, 3 Dec 2014 17:44:37 +0000 (18:44 +0100)]
torture/spoolss: issue GetJob after StartDocPrinter
This reflects Windows XP spoolss client behaviour. This fails if the job
is not yet instantiated on the server, and prior to the bso#10984 fix
resulted in an unsable DCERPC pipe.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 19 18:03:20 CET 2014 on sn-devel-104
David Disseldorp [Wed, 17 Dec 2014 15:54:42 +0000 (16:54 +0100)]
spoolss: clear PrinterInfo on GetPrinter error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 15:47:50 +0000 (16:47 +0100)]
spoolss: clear info on GetPrinterDriverDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:54:22 +0000 (15:54 +0100)]
spoolss: clear info on GetPrintProcessorDirectory error
If an error is returned without zeroing a pre-allocated @info pointer,
then marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:29:52 +0000 (15:29 +0100)]
spoolss: clear FormInfo on GetForm error
In handling a spoolss GetForm request, the handler may return an
immediate error if one of the input parameters is invalid. If this is
done without zeroing the pre-allocated @info pointer, then marshalling
of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 17 Dec 2014 14:21:33 +0000 (15:21 +0100)]
spoolss: clear DriverInfo on GetPrinterDriver2 error
In handling a spoolss GetPrinterDriver2 request, the handler may
return an immediate error if one of the input parameters is invalid.
If this is done without zeroing the pre-allocated @info pointer, then
marshalling of the response will fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Thu, 4 Dec 2014 19:03:39 +0000 (20:03 +0100)]
spoolss: clear JobInfo on GetJob error
In handling a spoolss GetJob request, the _spoolss_GetJob() handler may
return an immediate error if one of the input parameters is invalid. If
this is done without zeroing the pre-allocated @info pointer, then
api_spoolss_GetJob() will attempt to marshall @info, which in the case
of an @offered value of zero results in a marshalling error:
ndr_push_error(7): Bad subcontext (PUSH) content_size 64 is larger
than size_is(0)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10984
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:48:27 +0000 (16:48 +0100)]
s4:kdc: add aes key support for trusted domains
We have a look at "msDS-SupportedEncryptionTypes" and >= DS_DOMAIN_FUNCTION_2008
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 19 15:39:40 CET 2014 on sn-devel-104
Stefan Metzmacher [Mon, 15 Dec 2014 15:47:50 +0000 (16:47 +0100)]
s4:rpc_server/lsa: fix segfault in check_ft_info()
This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.
The nb_name variable was uninitialized and dereferenced without checking.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:37:17 +0000 (16:37 +0100)]
s4:rpc_server/lsa: remove unused allow_warnings=True
We compile without warnings now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:33:38 +0000 (16:33 +0100)]
s4:rpc_server/lsa: remove trustAuthIncoming/trustAuthOutgoing when the related flag is removed.
When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared
we should also remove the related credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Mon, 15 Dec 2014 15:03:49 +0000 (16:03 +0100)]
s4:rpc_server/lsa: pass the correct variable to setInfoTrustedDomain_base()
This requires 'struct lsa_policy_state', we now pass this directly
instead of a instead of an opaque 'struct dcesrv_handle'.
dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle'
with 'struct lsa_trusted_domain_state' before, which results in segfaults.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 15:57:49 +0000 (15:57 +0000)]
s3:pdb_samba_dsdb: use SEC_CHAN_DNS_DOMAIN in pdb_samba_dsdb_get_trusteddom_creds()
If both ends have a dns domain, we can use SEC_CHAN_DNS_DOMAIN in order to match
a Windows DC.
For kerberos we still need to use MY_NETBIOS_DOMAIN$@REMOTE_REALM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 15:06:56 +0000 (15:06 +0000)]
s3:pdb_samba_dsdb: add pdb_samba_dsdb_get_trusteddom_creds
We have the password as raw UTF16 blob, which might not be
valid utf16, so we need to use cli_credentials_set_utf16_password().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 13:05:45 +0000 (13:05 +0000)]
s3:winbindd: make use of cli_rpc_pipe_open_schannel_with_creds()
This way we pass down enough information for SEC_CHAN_DNS_DOMAIN to work.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 08:48:38 +0000 (08:48 +0000)]
s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds_with_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 23:17:52 +0000 (23:17 +0000)]
s3:winbindd: we only need a an netlogon connection to a rwdc if we're a rodc ourself
If we're a member or RWDC there's no need to require talking to a rwdc,
an rodc will forward the request if required.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 23:17:52 +0000 (23:17 +0000)]
s3:winbindd: make sure we try to use NCACN_IP_TCP in cm_connect_netlogon
We need to call init_dc_connection_rpc() before we can decide if we want to try
NCACN_IP_TCP.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 09:19:49 +0000 (09:19 +0000)]
s3:rpc_client: add cli_rpc_pipe_open_schannel_with_creds() helper function
This will simplify the callers and add potential support for SEC_CHAN_DNS_DOMAIN
as cli_credentials_get_realm() will return the correct value compared to
cli_credentials_get_domain().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 08:40:49 +0000 (08:40 +0000)]
s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() helper functions
This simplifies the callers, then can just pass in a cli_credentials structure.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 13:58:11 +0000 (13:58 +0000)]
auth/credentials: add cli_credentials_set_utf16_password()
We need a way to initialize the cli_credentials from the raw utf16 blob,
which might not be completely valid utf16, which means the conversion
from CH_UTF16MUNGED to CH_UTF8 might loose information.
This would result in an invalid nt_hash, when we convert back
from CH_UTF8 to CH_UTF16LE.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 21:49:05 +0000 (21:49 +0000)]
auth/gensec: add support for SEC_CHAN_DNS_DOMAIN to schannel_update()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 18:42:55 +0000 (18:42 +0000)]
auth/gensec: make sure we keep a DCERPC_AUTH_TYPE_SCHANNEL backend if required
Even with CRED_MUST_USE_KERBEROS we should keep the DCERPC_AUTH_TYPE_SCHANNEL
backend arround, this can only be specified explicitely by the caller
and cli_credentials_get_netlogon_creds() != NULL is the strong indication
that the caller is using DCERPC_AUTH_TYPE_SCHANNEL *now*.
With trusts against AD domain we can reliable use kerberos and netlogon
secure channel for authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 14:03:55 +0000 (14:03 +0000)]
nsswitch/wbinfo: allow 'wbinfo --ping-dc --domain=SOMEDOMAIN'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 14:02:18 +0000 (14:02 +0000)]
nsswitch: allow passing the domain name to wbcPingDC[2]()
winbindd already supports this.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 11:27:21 +0000 (11:27 +0000)]
s3:winbindd: use find_domain_from_name_noinit() in winbindd_ping_dc_send()
We should not try to connect to the given domain from within the winbindd parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 12:25:55 +0000 (12:25 +0000)]
s3:winbindd: report our own name for PING_DC and internal domains
This means "wbinfo --ping-dc" works fine on a DC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Thu, 18 Dec 2014 05:37:28 +0000 (06:37 +0100)]
wafsamba: check for rpath compiler/linker flags
Older SunOS linker only support -Wl,-R,/path instead of -Wl,-rpath,/path.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 14:05:12 +0000 (15:05 +0100)]
wafsamba: fill PRIVATE_NAME() logic again
We append bld.env.PRIVATE_EXTENSION to the name of private libraries
again, but only unless they have a abi_directory, vnum or soname defined.
This avoids naming conflicts with system libraries, e.g. libidmap.so
on Solaris
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10112
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 09:33:34 +0000 (10:33 +0100)]
nsswitch: fix soname of linux nss_*.so.2 modules
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 19:13:44 +0000 (20:13 +0100)]
selftest: use shared/libnss_wrapper_winbind.so.2
This library is always available in make test.
nss-wrapper strictly requires the linux nss api.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 09:21:30 +0000 (10:21 +0100)]
wafsamba: add optional keep_underscore=True to SAMBA_LIBRARY()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Thu, 11 Dec 2014 02:16:47 +0000 (13:16 +1100)]
ctdb-daemon: Use correct tdb flags when enabling robust mutex support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11000
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Dec 2014 11:28:47 +0000 (12:28 +0100)]
tdb: version 1.3.4
Transactions are supported with TDB_MUTEX_LOCKING.
This fixes https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec 19 11:41:26 CET 2014 on sn-devel-104
Stefan Metzmacher [Fri, 12 Dec 2014 11:53:37 +0000 (12:53 +0100)]
tdb/toos: allow transactions with TDB_MUTEX_LOCKING
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Fri, 12 Dec 2014 11:24:50 +0000 (12:24 +0100)]
tdb/test: add tdb1-run-mutex-transaction1 test
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Stefan Metzmacher [Fri, 12 Dec 2014 10:22:47 +0000 (11:22 +0100)]
tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING
There's no real reason to disallow transactions as the
allrecord lock is also available with mutexes enabled.
E.g. ctdbd requires transactions also on non-persistent databases
opened with TDB_CLEAR_IF_FIRST and TDB_MUTEX_LOCKING.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11004
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Tue, 16 Dec 2014 08:38:54 +0000 (09:38 +0100)]
vfs_fruit: Avoid double ()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Dec 18 19:19:04 CET 2014 on sn-devel-104
Volker Lendecke [Tue, 16 Dec 2014 08:38:21 +0000 (09:38 +0100)]
vfs_fruit: Avoid double initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 10 Dec 2014 12:23:04 +0000 (12:23 +0000)]
lib/texpect: prefer bsd/libutil.h if available
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Dec 18 16:31:48 CET 2014 on sn-devel-104
Stefan Metzmacher [Thu, 18 Dec 2014 02:05:28 +0000 (02:05 +0000)]
s4:heimdal_build: remove unused openpty check
commit
638a8edd7ce708cf550c054ac16dade795b6448b removed
HEIMDAL_BINARY('rkpty', 'lib/roken/rkpty.c',...)
(the only heimdal user of openpty().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 10:37:35 +0000 (11:37 +0100)]
libcli-dns: Remove obsolete dns_host_file subsystem.
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 18 09:09:38 CET 2014 on sn-devel-104
Andreas Schneider [Thu, 20 Nov 2014 10:37:13 +0000 (11:37 +0100)]
s3-libsmb: Remove obsolete support for dns_host_file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 10:35:48 +0000 (11:35 +0100)]
s4-libcli: Remove obsolete support for file resolving.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 10:31:29 +0000 (11:31 +0100)]
addns: Remove support for dns_host_file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 4 Sep 2014 12:33:05 +0000 (14:33 +0200)]
selftest: Use resolv_wrapper in the samba3 targets to join AD.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 10 Sep 2014 09:00:28 +0000 (11:00 +0200)]
selftest: Use resolv_wrapper in the samba4 target.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 20 Nov 2014 09:48:47 +0000 (10:48 +0100)]
selftest: Always enable dns fakeing.
FIXME: This should be removed once we fixed adding records to the DNS
server using nsupdate!
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 3 Nov 2014 12:22:38 +0000 (13:22 +0100)]
selftest: Define if we should fake dns resolving.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 11 Sep 2014 08:59:20 +0000 (10:59 +0200)]
samba_dnsupdate: Allow the tool to work in 'make test'.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 7 Oct 2014 13:35:34 +0000 (15:35 +0200)]
samba_dnsupdate: Always fill out the nameservers of a dns object.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 9 Sep 2014 07:47:05 +0000 (09:47 +0200)]
selftest: Wait for the logon server to register to join the member.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 9 Sep 2014 07:45:51 +0000 (09:45 +0200)]
nmblookup: Return if the lookup was successful or not.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10803
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 10 Sep 2014 10:23:38 +0000 (12:23 +0200)]
selftest: Print better DC provisioning info.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 10 Sep 2014 08:59:39 +0000 (10:59 +0200)]
selftest: Also pass the IPv6 address for the KDC around.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 3 Sep 2014 15:16:36 +0000 (17:16 +0200)]
selftest: Preload resolv_wrapper in selftest.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 09:05:39 +0000 (09:05 +0000)]
s3:winbindd: try to use the trust account with kerberos if possible
This trust account is usable for SMB authentication via kerberos,
so we should try that if we think the domain is active directory.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 11:28:41 +0000 (11:28 +0000)]
s3:winbindd: fix anon fallback in cm_prepare_connection()
We should not crash with machine_password==NULL.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 18 Dec 2014 01:20:29 +0000 (01:20 +0000)]
s3:winbindd: also try to fallback to anonymous if we get NT_STATUS_INVALID_ACCOUNT_NAME
Kerberos authentication may return NT_STATUS_INVALID_ACCOUNT_NAME (PRINCIPAL_UNKNOWN)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 09:45:15 +0000 (09:45 +0000)]
s3:libsmb: let cli_session_setup_kerberos_recv() return a useful error code
Forcing NT_STATUS_UNSUCCESSFUL is not a good idea, we should return
NT_STATUS_LOGON_FAILURE instead.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11010
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Dec 2014 15:05:17 +0000 (15:05 +0000)]
s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first
NT_STATUS_NOT_IMPLEMENTED lets it fallback to the old get_trust_pw_clear2()
code.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 18 06:46:05 CET 2014 on sn-devel-104
Stefan Metzmacher [Thu, 11 Dec 2014 10:52:53 +0000 (10:52 +0000)]
s3:passdb: add optional get_trusteddom_creds() hooks
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11016
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 3 Dec 2014 21:44:26 +0000 (10:44 +1300)]
pdb: fix build issues with shared modules
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10355
Change-Id: I26e78b56ead0c66afcda6b3fb8b1fd09130b24a5
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Wed, 17 Dec 2014 09:43:33 +0000 (10:43 +0100)]
s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser()
In a cluster this can be called with an empty record, while
brl_parse_data() relies on an initialized structure.
This is a regression in commit
837e29035c911f3509135252c3f423d0f56b606d.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10911
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 16 Dec 2014 05:07:44 +0000 (18:07 +1300)]
torture: improve rpc.remote_pac test so we check if LogonSamLogon actually succeeds
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 18 02:51:02 CET 2014 on sn-devel-104