Kai Blin [Thu, 19 Apr 2012 05:51:49 +0000 (07:51 +0200)]
WIP: stashed code
Kai Blin [Thu, 19 Apr 2012 05:43:26 +0000 (07:43 +0200)]
WIP: More fixes to get code to build
Kai Blin [Wed, 18 Apr 2012 16:33:22 +0000 (18:33 +0200)]
WIP: more tkey work
Kai Blin [Mon, 9 Apr 2012 10:16:41 +0000 (12:16 +0200)]
TMP s4 dns: initialize gensec on incoming gssapi tkeys
Kai Blin [Mon, 9 Apr 2012 10:16:02 +0000 (12:16 +0200)]
TMP: disable broken libdns code
Kai Blin [Tue, 3 Apr 2012 06:01:40 +0000 (08:01 +0200)]
WIP: s4 dns: Store transaction keys in memory
Kai Blin [Tue, 3 Apr 2012 06:00:57 +0000 (08:00 +0200)]
WIP: libdns: Also do TCP requests
Kai Blin [Tue, 3 Apr 2012 06:00:01 +0000 (08:00 +0200)]
s4 dns: Use TKEY mode enum to decide what to do with TKEY records
Kai Blin [Fri, 30 Mar 2012 23:34:04 +0000 (01:34 +0200)]
TMP: s4 dns: helper tool for gss-tsig
Kai Blin [Fri, 30 Mar 2012 21:44:15 +0000 (23:44 +0200)]
TMP: s4 dns: deal with tkeys
Kai Blin [Thu, 29 Mar 2012 14:57:18 +0000 (16:57 +0200)]
TMP s4 dns: More work on the tsig-helper tool
Kai Blin [Thu, 29 Mar 2012 13:06:39 +0000 (15:06 +0200)]
TMP s4 dns: Get the server to do the full TSIG routine
Doesn't pass dig's verification step yet, wonder what the matter is there
Kai Blin [Thu, 29 Mar 2012 09:20:16 +0000 (11:20 +0200)]
TMP: s4 dns: get test tool to correctly verify a signature. :)
Kai Blin [Thu, 29 Mar 2012 08:08:26 +0000 (10:08 +0200)]
TMP s4 dns: tsig test program
Kai Blin [Thu, 29 Mar 2012 08:07:13 +0000 (10:07 +0200)]
TMP: s4 dns: play with TSIG a bit more
Kai Blin [Wed, 28 Mar 2012 12:44:45 +0000 (14:44 +0200)]
s4 dns: Initial TSIG record handling
For now, there's no way to look up TSIG keys, so all
TSIG-signed packets are rejected.
The server correctly handles TSIGs on incoming and outgoint
records, however.
Kai Blin [Wed, 28 Mar 2012 10:19:51 +0000 (12:19 +0200)]
s4 dns: unify error handling when bailing out
Kai Blin [Tue, 13 Mar 2012 07:04:14 +0000 (08:04 +0100)]
s4 dns: Add TSIG and TKEY records to idl
Andreas Schneider [Thu, 3 May 2012 15:10:27 +0000 (17:10 +0200)]
krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 3 May 2012 15:10:53 +0000 (17:10 +0200)]
s4-auth: Use smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Fri, 4 May 2012 15:02:48 +0000 (11:02 -0400)]
krb5samba: Add krb5_free_checksum_contents wrapper
Andrew Bartlett [Mon, 7 May 2012 09:21:10 +0000 (19:21 +1000)]
lib/util: Map 0x7fffffffffffffffLL as 0x7fffffffffffffffLL in time conversion
TIME_T_MAX is not actually INT64_MAX at the moment, so check both
values and set to the magic end-of-time value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue May 8 06:41:43 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 7 May 2012 07:06:23 +0000 (17:06 +1000)]
s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured
Andrew Bartlett [Mon, 7 May 2012 06:24:03 +0000 (16:24 +1000)]
s3-python: Add python bindings for posix ACL layer
This will allow us to check that posix ACLs work in the s4 provision, and avoid
--use-s3fs if they do not.
Andrew Bartlett
Stefan Metzmacher [Thu, 3 May 2012 12:41:21 +0000 (14:41 +0200)]
s4:torture/raw/context: add subtests as torture testcases
TODO: add test_session with 'use spnego = false'.
We need a way to do set an option just for one test case.
Note: the 'use spnego = false' was ignored before as it's
only used on the first session setup on a connection.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 04:50:39 CEST 2012 on sn-devel-104
Stefan Metzmacher [Tue, 1 May 2012 10:38:06 +0000 (12:38 +0200)]
s4:torture/raw/context: INVALID_PARAMETER vs. LOGON_FAILURE...
If the try a session setup without EXTENDED_SECURITY after
one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER,
while Windows 2000 sp4 returns LOGON_FAILURE...
metze
Stefan Metzmacher [Wed, 2 May 2012 11:46:34 +0000 (13:46 +0200)]
s4:torture/raw: make torture_raw_context a test suite
metze
Stefan Metzmacher [Tue, 1 May 2012 10:39:21 +0000 (12:39 +0200)]
s4:torture/raw/context: make use of torture_* macros and avoid 'printf'
metze
Stefan Metzmacher [Tue, 1 May 2012 10:35:28 +0000 (12:35 +0200)]
s4:torture/raw/context: pass tctx to test_pid_exit_only_sees_open()
metze
Stefan Metzmacher [Mon, 7 May 2012 09:50:59 +0000 (11:50 +0200)]
selftest: samba4 doesn't support reauth
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 8 02:43:49 CEST 2012 on sn-devel-104
Stefan Metzmacher [Mon, 7 May 2012 09:32:32 +0000 (11:32 +0200)]
s4:torture/raw/session: make sure we got a reauth of the existing session
metze
Stefan Metzmacher [Mon, 7 May 2012 10:07:30 +0000 (12:07 +0200)]
selftest: mark ^samba4.raw.session.reauth as flapping
Because the test is wrong...
metze
Andreas Schneider [Mon, 7 May 2012 09:57:34 +0000 (11:57 +0200)]
talloc: Update doxygen config.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon May 7 21:13:15 CEST 2012 on sn-devel-104
Pavel Březina [Mon, 7 May 2012 10:30:44 +0000 (12:30 +0200)]
doc: Remove latex to doxygen conversion leftovers in talloc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 7 May 2012 09:56:39 +0000 (11:56 +0200)]
doc: Fixes for the talloc best practices tutorial.
Andreas Schneider [Mon, 7 May 2012 09:42:44 +0000 (11:42 +0200)]
doc: Fixes for the talloc debugging tutorial.
Andreas Schneider [Mon, 7 May 2012 09:36:37 +0000 (11:36 +0200)]
doc: Fixes for the talloc pool tutorial.
Andreas Schneider [Mon, 7 May 2012 09:30:06 +0000 (11:30 +0200)]
doc: Fixes for the talloc destructor tutorial.
Andreas Schneider [Mon, 7 May 2012 09:25:50 +0000 (11:25 +0200)]
doc: Fixes for the talloc dynamic type system tutorial.
Andreas Schneider [Mon, 7 May 2012 09:18:26 +0000 (11:18 +0200)]
doc: Fixes for the talloc stealing tutorial.
Andreas Schneider [Mon, 7 May 2012 09:09:56 +0000 (11:09 +0200)]
doc: Fixes for the talloc context tutorial.
Pavel Březina [Sun, 6 May 2012 12:34:48 +0000 (14:34 +0200)]
doc: Add talloc tutorial.
Signed-off-by: Andreas Schneider <asn@samba.org>
Jelmer Vernooij [Mon, 7 May 2012 14:43:17 +0000 (16:43 +0200)]
heimdal: Cope with newer Heimdal versions accepting a keyset argument to
hdb_enctype2key.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon May 7 18:33:10 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:09:28 +0000 (14:09 +0200)]
s3:registry: let reg_values_need_update() return true if the backend does not implement the method
Otherwise the value cache might become outdated.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon May 7 16:11:05 CEST 2012 on sn-devel-104
Michael Adam [Mon, 7 May 2012 12:08:13 +0000 (14:08 +0200)]
s3:registry: let reg_subkeys_need_update() return true if the backend does not implement the method
Otherwise the subkey cache might become outdated.
Amitay Isaacs [Mon, 7 May 2012 01:46:27 +0000 (11:46 +1000)]
s4-dns: Build BIND DLZ modules with correct private library
This fixes rpath for samdb-common private library after make install.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon May 7 07:40:29 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:31:39 +0000 (09:31 +0200)]
lib/param: add support for "SMB3_00"
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
Stefan Metzmacher [Sat, 5 May 2012 07:35:17 +0000 (09:35 +0200)]
s3:smb2_negprot: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:55:59 +0000 (09:55 +0200)]
s4:libcli/smb2: use PROTOCOL_LATEST
metze
Stefan Metzmacher [Sat, 5 May 2012 07:42:28 +0000 (09:42 +0200)]
s3:torture/test_smb2: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:43 +0000 (09:33 +0200)]
libcli/smb/smbXcli: add support for PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:38:25 +0000 (09:38 +0200)]
libcli/smb: add #define PROTOCOL_LATEST PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:28:57 +0000 (09:28 +0200)]
libcli/smb: add PROTOCOL_SMB3_00
metze
Stefan Metzmacher [Sat, 5 May 2012 07:33:19 +0000 (09:33 +0200)]
libcli/smb: add SMB3_DIALECT_REVISION_300
metze
Stefan Metzmacher [Thu, 3 May 2012 10:07:11 +0000 (12:07 +0200)]
s3:torture: do some query_info and set_info calls in SMB2-SESSION-REAUTH
metze
Stefan Metzmacher [Thu, 3 May 2012 10:02:55 +0000 (12:02 +0200)]
s3:libsmb: add smb2cli_set_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 07:10:53 +0000 (09:10 +0200)]
s3:libsmb: add smb2cli_query_info*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_tcon*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_ioctl*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:05:13 +0000 (12:05 +0200)]
s3:libsmb: use 'state' instead of 'talloc_tos()' in smb2cli_create*
metze
Stefan Metzmacher [Thu, 3 May 2012 10:04:12 +0000 (12:04 +0200)]
s3:libsmb: remove unused reference to talloc_tos()
metze
Stefan Metzmacher [Thu, 3 May 2012 12:48:57 +0000 (14:48 +0200)]
s3:idmap_cache: change DEBUG message to level 10
metze
Andrew Bartlett [Sun, 6 May 2012 06:41:18 +0000 (16:41 +1000)]
s4-s3-upgrade: Max/min password age policy is in seconds, not days
This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
Matthieu Patou [Sun, 6 May 2012 00:03:37 +0000 (17:03 -0700)]
s4-schema: Validate more class attribute when adding a new class in the schema
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
Matthieu Patou [Mon, 16 Apr 2012 04:58:49 +0000 (21:58 -0700)]
s4: use intermediate var, increase lisibility
Matthieu Patou [Sun, 15 Apr 2012 21:02:41 +0000 (14:02 -0700)]
olschema2ldif: be more strict where checking for open/closed braces
Michael Adam [Sat, 5 May 2012 00:12:25 +0000 (02:12 +0200)]
s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend
It simply calls to the regdb functions.
This fixes a caching issue uncovered by recent changes.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sat May 5 04:10:43 CEST 2012 on sn-devel-104
Michael Adam [Fri, 4 May 2012 16:01:00 +0000 (18:01 +0200)]
s3:registry: return error when Key does not exist in regdb_fetch_values_internal()
Michael Adam [Fri, 4 May 2012 16:00:15 +0000 (18:00 +0200)]
s3:smbd: comment the lp_load call in reload_services()
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 4 20:32:37 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 4 May 2012 12:56:25 +0000 (14:56 +0200)]
s3: Use hex_encode_buf
Volker Lendecke [Fri, 4 May 2012 12:16:45 +0000 (14:16 +0200)]
s3: Remove an unused extern declaration
Volker Lendecke [Fri, 4 May 2012 12:07:13 +0000 (14:07 +0200)]
s3: Remove an unused parameter from check_parent_access()
Volker Lendecke [Fri, 4 May 2012 12:03:42 +0000 (14:03 +0200)]
s3: In mkdir_internal, don't retrieve parent_dir from check_parent_access
We have already created that ourselves a few lines above
Andreas Schneider [Thu, 3 May 2012 09:28:50 +0000 (11:28 +0200)]
waf: Fix com_err detection with MIT krb5.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri May 4 18:43:05 CEST 2012 on sn-devel-104
Alexander Bokovoy [Thu, 3 May 2012 09:33:42 +0000 (12:33 +0300)]
s4:auth/kerberos: don't do tracing in MIT build
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:40:13 +0000 (21:40 +0300)]
s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
Signed-off-by: Simo Sorce <idra@samba.org>
Alexander Bokovoy [Wed, 2 May 2012 18:16:01 +0000 (21:16 +0300)]
Avoid using Heimdal-specific tests in MIT build
Alexander Bokovoy [Wed, 2 May 2012 17:59:00 +0000 (20:59 +0300)]
s4:ntvfs: add missing headers to vfs_ipc
vfs_ipc.c had system/kerberos.h and system/filesys.h missing
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Wed, 2 May 2012 17:22:08 +0000 (13:22 -0400)]
Fix direct access to krb5_principal structure
Simo Sorce [Wed, 2 May 2012 16:24:34 +0000 (12:24 -0400)]
auth-session: MIT doesn't have import/export cred yet
For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.
Andreas Schneider [Fri, 27 Apr 2012 18:29:47 +0000 (20:29 +0200)]
s4-auth: Use smb_krb5_cc_get_lifetime() wrapper.
Signed-off-by: Simo Sorce <idra@samba.org>
Andreas Schneider [Fri, 27 Apr 2012 14:52:26 +0000 (16:52 +0200)]
krb5samba: Add a smb_krb5_cc_get_lifetime() function.
Signed-off-by: Simo Sorce <idra@samba.org>
Simo Sorce [Thu, 26 Apr 2012 22:11:09 +0000 (18:11 -0400)]
s4-auth-krb: Make srv_keytab.c build against MIT Kerberos
Simo Sorce [Thu, 26 Apr 2012 22:22:43 +0000 (18:22 -0400)]
krb5samba: Add compat function for krb5_kt_compare
Simo Sorce [Thu, 26 Apr 2012 21:56:38 +0000 (17:56 -0400)]
Fix incompatible assignment warning
Simo Sorce [Thu, 26 Apr 2012 21:21:22 +0000 (17:21 -0400)]
krb5samba: Add compat krb5_make_principal for MIT build
Simo Sorce [Thu, 26 Apr 2012 20:54:42 +0000 (16:54 -0400)]
Fix compiler warning
Simo Sorce [Thu, 26 Apr 2012 20:52:55 +0000 (16:52 -0400)]
s4-auth-krb: Use compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:52:37 +0000 (16:52 -0400)]
krb5samba: Add compat code to initialize keyblock contents
Simo Sorce [Thu, 26 Apr 2012 20:50:53 +0000 (16:50 -0400)]
s4-auth-krb: Disable code in MIT build
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
Simo Sorce [Thu, 26 Apr 2012 19:05:11 +0000 (15:05 -0400)]
Move keytab_copy to krb5samba lib
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
Simo Sorce [Thu, 26 Apr 2012 19:01:48 +0000 (15:01 -0400)]
Fix keytab_copy to compile with MIT librariues too
Simo Sorce [Thu, 26 Apr 2012 16:50:03 +0000 (12:50 -0400)]
keytab_copy: Fix style, whitespaces
Simo Sorce [Thu, 26 Apr 2012 16:41:25 +0000 (12:41 -0400)]
kerberos_pac: Fix code to work with MIT too
Simo Sorce [Thu, 26 Apr 2012 16:27:05 +0000 (12:27 -0400)]
s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
Simo Sorce [Thu, 26 Apr 2012 16:06:24 +0000 (12:06 -0400)]
Split normal kinit from s4u2 flavored kinit
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
Simo Sorce [Thu, 26 Apr 2012 15:05:51 +0000 (11:05 -0400)]
Move kerberos_kinit_password_cc to krb5samba lib
Simo Sorce [Wed, 25 Apr 2012 21:29:09 +0000 (17:29 -0400)]
Move kerberos_kinit_keyblock_cc to krb5samba lib
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
Simo Sorce [Wed, 25 Apr 2012 14:31:12 +0000 (10:31 -0400)]
krb-init: define out heimdal specific stuff in mitkrb build