Stefan Metzmacher [Tue, 24 Jan 2012 09:31:54 +0000 (10:31 +0100)]
s3-gse: add GENSEC_FEATURE_NEW_SPNEGO detection in gensec_gse_have_feature()
metze
Stefan Metzmacher [Tue, 24 Jan 2012 12:48:33 +0000 (13:48 +0100)]
s3:build: require gss_krb5_export_lucid_sec_context() for ads support
This is needed to detect krb5 with aes for GENSEC_FEATURE_NEW_SPNEGO
at runtime.
metze
Stefan Metzmacher [Tue, 24 Jan 2012 10:17:09 +0000 (11:17 +0100)]
Revert "s3:build: for now do not require gsskrb5_extract_authz_data_from_sec_context"
This reverts commit
74abe369df26c58094a601dd6ff8c27c3d0b2b2a.
Having gsskrb5_extract_authz_data_from_sec_context as symbol in the
library is in indicator that gss_inquire_sec_context_by_oid() would work.
metze
Stefan Metzmacher [Tue, 24 Jan 2012 13:12:12 +0000 (14:12 +0100)]
Revert "build: Add -lz to wbinfo to fix build on some hosts"
This reverts commit
88daf798fec56a99e5eb3aed67f3b58572d97d34.
This is not needed as
5c88cfcc525290d0ad1c322401685c60c1abdf10 is the better
fix, see https://bugzilla.samba.org/show_bug.cgi?id=8711
metze
Volker Lendecke [Tue, 24 Jan 2012 12:18:42 +0000 (13:18 +0100)]
s3: Add debug when a message is registered
We've always had the corresponding deregister message
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 24 15:27:51 CET 2012 on sn-devel-104
Gregor Beck [Tue, 24 Jan 2012 09:45:32 +0000 (10:45 +0100)]
s3:registry: do not write empty value lists to registry.tdb
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Jan 24 13:54:09 CET 2012 on sn-devel-104
Andrew Bartlett [Tue, 24 Jan 2012 08:23:20 +0000 (19:23 +1100)]
selftest: Add test for smbpasswd against pdb_samba4
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jan 24 11:05:09 CET 2012 on sn-devel-104
Andrew Bartlett [Tue, 24 Jan 2012 07:38:09 +0000 (18:38 +1100)]
s3-passdb: Fix pdb_samba4 setting of plaintext passwords
We were setting a UTF8 password into the UTF16 clearTextPassword.
Converting from CH_UNIX to CH_UTF16 should fix this.
Andrew Bartlett
Andrew Bartlett [Tue, 24 Jan 2012 07:37:24 +0000 (18:37 +1100)]
s3-passdb: Use DSDB_PASSWORD_BYPASS_LAST_SET flags in pdb_samba4
Andrew Bartlett [Tue, 24 Jan 2012 07:36:49 +0000 (18:36 +1100)]
dsdb: Allow DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID to be specified as a flag
Amitay Isaacs [Tue, 24 Jan 2012 00:54:54 +0000 (11:54 +1100)]
python: Change except: statement to except Exception:
This way we only catch true exceptions and keyboard interrupts
are not caught here.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
Amitay Isaacs [Tue, 24 Jan 2012 00:43:46 +0000 (11:43 +1100)]
autobuild.py: Catch only true exceptions in except statement
sys.exit(0) raises systemExit which is caught in empty except:
statement. This can change the exit status if except: condition is
supposed to exit with different status value.
Jeremy Allison [Mon, 23 Jan 2012 22:09:32 +0000 (14:09 -0800)]
Another fix for bug #8556 - ACL permissions ignored when SMBsetatr is requested.
Remove erroneous check on FILE_WRITE_ATTRIBUTES when changing POSIX
permissions - this isn't an attribute set call (unless you're storing
attributes in POSIX permissions, which is not recommended).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jan 24 00:44:24 CET 2012 on sn-devel-104
Richard Sharpe [Mon, 23 Jan 2012 20:50:25 +0000 (12:50 -0800)]
Another fix for bug #8556 - ACL permissions ignored when SMBsetatr is requested.
Prevent systems with "store dos attributes = yes" from overriding
FILE_WRITE_ATTRIBUITES.
David Disseldorp [Mon, 23 Jan 2012 20:18:20 +0000 (12:18 -0800)]
lib: use differing NTSTATUS and WERROR struct members
This allows the compiler to catch uses of incorrectly typed arguments
for [NT_STATUS|W_ERROR]_IS_OK() and [NT_STATUS|W_ERROR]_EQUAL(). I.e.
WERROR werr;
werr = my_fn(); /* XXX returns WERROR type */
if (NT_STATUS_EQUAL(werr, NT_STATUS_OBJECT_NAME_COLLISION)) {
David Disseldorp [Mon, 23 Jan 2012 20:18:01 +0000 (12:18 -0800)]
WERROR type variable being incorrectly checked with a NT_STATUS_IS_X
type macro.
David Disseldorp [Sun, 22 Jan 2012 03:21:33 +0000 (04:21 +0100)]
s3-spoolss: fix incorrect error check type
NT_STATUS_IS_OK used to check WERROR type.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Sun Jan 22 05:03:36 CET 2012 on sn-devel-104
Michael Wood [Fri, 20 Jan 2012 06:30:18 +0000 (08:30 +0200)]
Log short_princ instead of uninitialised filter.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Jan 21 13:06:35 CET 2012 on sn-devel-104
Andrew Bartlett [Sat, 21 Jan 2012 05:50:43 +0000 (16:50 +1100)]
param: handle P_BYTES in more places
Stefan Metzmacher [Sat, 21 Jan 2012 08:29:35 +0000 (09:29 +0100)]
script/autobuild.py: cleanup on rebase failure
We can improve this to generate logs.tar.gz later...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Jan 21 11:29:58 CET 2012 on sn-devel-104
Andrew Bartlett [Sat, 14 Jan 2012 01:03:27 +0000 (12:03 +1100)]
s3-libsmb: Always allow SMB_TRANS_ENC_GSS to be defined
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Jan 21 01:28:54 CET 2012 on sn-devel-104
Andrew Bartlett [Sat, 14 Jan 2012 01:01:12 +0000 (12:01 +1100)]
s3-libsmb: Remove unused smb_tran_enc_state_gss and gssapi headers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 14 Jan 2012 01:00:53 +0000 (12:00 +1100)]
s3-libsmb: use struct gensec_security directly
This is rather than via a now one-element union.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 13 Jan 2012 09:34:10 +0000 (20:34 +1100)]
s3-libcli Change krb5 smb sealing to call via gensec and gensec_gse
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 20 Jan 2012 14:56:17 +0000 (15:56 +0100)]
s4:auth/gensec: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG
metze
Stefan Metzmacher [Fri, 20 Jan 2012 14:55:55 +0000 (15:55 +0100)]
s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAG
metze
Stefan Metzmacher [Fri, 20 Jan 2012 08:31:55 +0000 (09:31 +0100)]
s3-gse: implement fill_mem_keytab_from_[system|dedicated]_keytab
metze
Stefan Metzmacher [Fri, 20 Jan 2012 10:51:59 +0000 (11:51 +0100)]
s3-gse: create memory keytab in gse_krb5_get_server_keytab()
The other functions just add entries to it.
metze
Stefan Metzmacher [Fri, 20 Jan 2012 10:50:20 +0000 (11:50 +0100)]
s3-gse: fix SECRETS_AND_KEYTAB fallback in gse_krb5_get_server_keytab()
metze
Stefan Metzmacher [Fri, 20 Jan 2012 11:20:47 +0000 (12:20 +0100)]
s3:kerberos_verify: ads_dedicated_keytab_verify_ticket() only needs read access
metze
Stefan Metzmacher [Sat, 14 Jan 2012 11:30:21 +0000 (12:30 +0100)]
s3:smbd/proto.h: remove unused do_map_to_guest() prototype
metze
Andrew Bartlett [Fri, 6 Jan 2012 09:35:25 +0000 (20:35 +1100)]
build: Add -lz to wbinfo to fix build on some hosts
This is required after the rework of the object lists for gensec_gse
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jan 20 23:33:14 CET 2012 on sn-devel-104
Volker Lendecke [Fri, 20 Jan 2012 15:46:41 +0000 (16:46 +0100)]
s3: Fix the build on FreeBSD8
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 20 21:58:04 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 20 Jan 2012 15:59:10 +0000 (16:59 +0100)]
s3:configure.in: move gss_wrap_iov check to the other function checks
This also makes sure we search for it if it's in -lgssapi
instead of -lgssapi_krb5 or -lgss.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 20 20:23:13 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 20 Jan 2012 15:58:14 +0000 (16:58 +0100)]
s3:configure.in: require gssapi for ads support
This matches the waf checks.
metze
Stefan Metzmacher [Fri, 20 Jan 2012 15:56:47 +0000 (16:56 +0100)]
s3:configure.in: move krb5_set_real_time check to other function checks
metze
Stefan Metzmacher [Fri, 20 Jan 2012 15:55:43 +0000 (16:55 +0100)]
s3:build: for now do not require gsskrb5_extract_authz_data_from_sec_context
We do not use it yet.
metze
Stefan Metzmacher [Fri, 20 Jan 2012 15:52:03 +0000 (16:52 +0100)]
s3:configure.in: fix the shell logic in krb5 checks
metze
David Disseldorp [Tue, 17 Jan 2012 16:07:01 +0000 (17:07 +0100)]
torture: add spoolss overlapping driver deletion tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Fri Jan 20 18:20:14 CET 2012 on sn-devel-104
David Disseldorp [Tue, 17 Jan 2012 16:06:38 +0000 (17:06 +0100)]
s3-spoolss: fix printer_driver_files_in_use() call ordering
printer_driver_files_in_use() performs two tasks: it returns whether any
of the files in the to-be-deleted driver overlap with other drivers, it
also trims such files from the info structure passed in.
In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES
set, printer_driver_files_in_use() must be called to ensure files in
use by other drivers are not removed.
https://bugzilla.samba.org/show_bug.cgi?id=4942
Signed-off-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Tue, 17 Jan 2012 14:20:51 +0000 (15:20 +0100)]
torture: confirm printer driver file removal
Signed-off-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Mon, 16 Jan 2012 15:30:17 +0000 (16:30 +0100)]
torture: add spoolss del printer driver test
Test handling of DeletePrinterDriverEx when the DPD_DELETE_ALL_FILES
flag is set.
Signed-off-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Thu, 12 Jan 2012 15:27:37 +0000 (16:27 +0100)]
s3-spoolss: fix printer driver version deletion
Spoolss delete printer driver code currently makes invalid version
assumptions based on the architecture requested by the client.
Ugly hacks are in place to cover removal of other versions (2 and 3).
This change wraps multi version deletion in a simple for loop.
Signed-off-by: Andreas Schneider <asn@samba.org>
David Disseldorp [Wed, 11 Jan 2012 18:50:36 +0000 (19:50 +0100)]
s3-spoolss: prefix print$ path on driver file deletion
Driver file paths stored in the registry do not include the server path
prefix. delete_driver_files() incorrectly assumes such a prefix.
https://bugzilla.samba.org/show_bug.cgi?id=8697
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 19 Jan 2012 11:10:38 +0000 (12:10 +0100)]
s3: Fix a typo
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 19 13:43:07 CET 2012 on sn-devel-104
Jeremy Allison [Thu, 19 Jan 2012 04:52:47 +0000 (20:52 -0800)]
Now make_connection_snum() is a static function that takes a
connection_struct as a parameter, fix the interface to allow
it to return an NTSTATUS.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 19 07:25:49 CET 2012 on sn-devel-104
Stefan Metzmacher [Wed, 18 Jan 2012 21:54:28 +0000 (22:54 +0100)]
dynconfig/wscript: correctly cleanup PRIVATELIBDIR and MODULESDIR defaults
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 19 00:47:50 CET 2012 on sn-devel-104
Jeremy Allison [Wed, 18 Jan 2012 20:38:14 +0000 (12:38 -0800)]
Fix bug 8710 - connections.tdb - major leak with SMB2.
Ensure the cnum used to claim the connection for SMB2 is the
id that will be used for the SMB2 tcon. Based on code from
Ira Cooper <ira@wakeful.net>.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
Volker Lendecke [Wed, 18 Jan 2012 17:12:57 +0000 (18:12 +0100)]
s3-aio-pthread: num threads should be int
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 18 21:04:20 CET 2012 on sn-devel-104
Andrew Bartlett [Wed, 11 Jan 2012 00:52:13 +0000 (11:52 +1100)]
auth/gensec: align common elements between gse_context and gensec_gssapi_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 18 19:29:40 CET 2012 on sn-devel-104
Andrew Bartlett [Wed, 11 Jan 2012 00:52:13 +0000 (11:52 +1100)]
s3-gse: align common elements between gse_context and gensec_gssapi_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 12 Jan 2012 10:16:36 +0000 (21:16 +1100)]
s3-gensec: Add hook to allow gensec to know if kerberos is permitted
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 14 Jan 2012 00:40:18 +0000 (11:40 +1100)]
s3-gse: Make gensec_gse cope with non-DCE GSSAPI
The validation of the mutual authentication reply produces no further
data to send to the server.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 14 Jan 2012 10:28:28 +0000 (11:28 +0100)]
s3-gse: the server should not check for GSS_C_MUTUAL_FLAG
It up to the client to ask for GSS_C_MUTUAL_FLAG,
except for the dcerpc case, where the server is stricter.
metze
Stefan Metzmacher [Sat, 14 Jan 2012 10:27:21 +0000 (11:27 +0100)]
s3-gse: verify that we got GSS_C_DCE_STYLE when expected
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.
metze
Andrew Bartlett [Wed, 11 Jan 2012 00:39:17 +0000 (11:39 +1100)]
s3-gse Remove authenticated flag from gse
The only user for this flag is called only directly after it was set.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:36:58 +0000 (11:36 +1100)]
s3-gse remove special more_processing hook from gse
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:29:01 +0000 (11:29 +1100)]
s3-gse Rename gss_c_flags and ret_flags in gse
This make it clearer what type of flags these are and matches
gensec_gssapi
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:18:16 +0000 (11:18 +1100)]
s3-gse Rename gss_ctx to match gensec_gssapi_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 11 Jan 2012 00:17:26 +0000 (11:17 +1100)]
s3-gse Rename delegated_creds to match gensec_gssapi_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 10:53:42 +0000 (21:53 +1100)]
s3-librpc: pass struct ndr_interface_table down to cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 10:53:42 +0000 (21:53 +1100)]
s3-utils/net: pass struct ndr_interface_table down
This will allow the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 10:53:42 +0000 (21:53 +1100)]
s3-rpcclient: pass struct ndr_interface_table down
This will allow the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 10:03:02 +0000 (21:03 +1100)]
s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() generic
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 6 Jan 2012 15:58:51 +0000 (16:58 +0100)]
s3-gse gss_wrap_iov_length() only needs the type and length
metze
Andrew Bartlett [Tue, 3 Jan 2012 13:42:35 +0000 (00:42 +1100)]
s3-gse Make seal parameter a boolean for clarity
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 3 Jan 2012 11:00:11 +0000 (22:00 +1100)]
s3-librpc Remove special case for spnego session key
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 3 Jan 2012 10:54:49 +0000 (21:54 +1100)]
s3-librpc Remove special case for spnego dcerpc sign/seal
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 10:04:57 +0000 (21:04 +1100)]
s3-gse Move GSS_C_DCE_STYLE backup definition to gse.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:38:31 +0000 (20:38 +1100)]
s3-gse Add const
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:30:41 +0000 (20:30 +1100)]
s3-gse Remove or make static unused/local-only GSE functions
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:30:41 +0000 (20:30 +1100)]
s3-librpc Remove unused dcesrv_gssapi.[ch] functions
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:50:07 +0000 (15:50 +1100)]
s3-librpc Remove layer around struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:48:09 +0000 (15:48 +1100)]
s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_security
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:38:38 +0000 (15:38 +1100)]
s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 04:26:15 +0000 (15:26 +1100)]
s3-librpc Allow spnego_generic_init_client to handle kerberos too
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 02:06:29 +0000 (13:06 +1100)]
s3-librpc Call GSSAPI via the auth_generic layer and gensec
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:22:38 +0000 (20:22 +1100)]
s3-libsmb Use the gse_krb5 gensec module as client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 09:22:38 +0000 (20:22 +1100)]
s3-gse Make gse available as a gensec client module
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 2 Jan 2012 23:52:06 +0000 (00:52 +0100)]
s3-build: Rework object lists to allow gse gensec module
This also allows the spnego_parse_krb5_wrap() function to be shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 27 Dec 2011 22:55:55 +0000 (09:55 +1100)]
s3-gse: Add gensec wrapper for gse GSSAPI client
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 10 Jan 2012 11:01:44 +0000 (22:01 +1100)]
s3-auth Match session setup handling of krb5, store the PAC
This will allow non-krb5 services to get the full user groups
without need to do an online s4u2self.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 31 Dec 2011 11:57:18 +0000 (22:57 +1100)]
s3-auth Add auth hook for PAC parsing
This will allow gensec_gse to parse the PAC.
This is a copy from source3/rpc_server/dcesrv_generic.c to preserve
behaviour. A future commit will enable the samlogon cache.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Mon, 16 Jan 2012 12:42:52 +0000 (13:42 +0100)]
s3: Use lock_order for setting the db priority
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 18 16:21:52 CET 2012 on sn-devel-104
Volker Lendecke [Mon, 16 Jan 2012 11:50:44 +0000 (12:50 +0100)]
s3: Pass down lock_order to db_open_ctdb
Volker Lendecke [Fri, 13 Jan 2012 13:10:44 +0000 (14:10 +0100)]
Revert "Fix bug #8175 - smbd deadlock."
This reverts commit
5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
Volker Lendecke [Fri, 13 Jan 2012 12:26:41 +0000 (13:26 +0100)]
s3: Change locking order between brlock and locking
But 8175 was fixed in a way that brlock.tdb was always locked before
locking.tdb. This patch fixes the bug in a different way. locking.tdb
is the central tdb for files and should always be locked first.
This patch solves the problem by postponing the level2 break messages,
which are async anyway.
Volker Lendecke [Sun, 8 Jan 2012 18:04:39 +0000 (19:04 +0100)]
s3: Enforce a lock order in dbwrap
This makes sure we do not deadlock from doing two dbwrap_fetch_locked in two
processes in different orders. At open time, we assign a strict order to all
databases. lock_order 1 will be locked first, lock_order 2 second. No two
records of the same lock order may be locked at the same time.
Volker Lendecke [Fri, 6 Jan 2012 16:19:54 +0000 (17:19 +0100)]
s3: Add a "lock_order" argument to db_open
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
Günther Deschner [Mon, 17 Oct 2011 20:00:45 +0000 (22:00 +0200)]
s3-passdb: trying to decouple passdb and secrets a little.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 17 Jan 2012 16:14:38 +0000 (17:14 +0100)]
s3: Fix bug 8695
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: *.msg files moved
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: *.dat files moved
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: CP*so are no more
Volker Lendecke [Tue, 17 Jan 2012 13:21:30 +0000 (14:21 +0100)]
RHEL-CTDB: --with-mandir -> --mandir
Stefan Metzmacher [Tue, 17 Jan 2012 11:51:57 +0000 (12:51 +0100)]
dynconfig: overwrite --with-privatelibdir as a Samba option
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 17:17:56 CET 2012 on sn-devel-104
Stefan Metzmacher [Tue, 17 Jan 2012 11:32:47 +0000 (12:32 +0100)]
dynconfig: --with-modulesdir should be a Samba option
This also restores the defaults from Samba 3.6.x:
"${libdir}" or "${libdir}/samba" in FHS mode.
metze
Stefan Metzmacher [Tue, 17 Jan 2012 11:29:53 +0000 (12:29 +0100)]
dynconfig/config.m4: expand prefix, exec_prefix, sysconfdir, localstatedir and datarootdir in Makefile
Otherwise $prefix is "NONE" without explicit --prefix
metze
Stefan Metzmacher [Mon, 16 Jan 2012 15:15:59 +0000 (16:15 +0100)]
s3:lib/messages: remove unused messaging_event_context()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 09:45:30 CET 2012 on sn-devel-104
Stefan Metzmacher [Mon, 16 Jan 2012 15:14:35 +0000 (16:14 +0100)]
s3:smbcontrol: avoid using messaging_event_context()
metze