Stefan Metzmacher [Tue, 4 Sep 2012 09:06:15 +0000 (11:06 +0200)]
TODO file_server: task_server_terminate ...
Stefan Metzmacher [Tue, 4 Sep 2012 09:04:16 +0000 (11:04 +0200)]
file_server: use 'subreq' as variable instead of 'req'
This matches the style of all other tevent_req users.
metze
Stefan Metzmacher [Wed, 15 Aug 2012 11:14:37 +0000 (13:14 +0200)]
Revert "HACK always encrypt"
This reverts commit
c99413dd9be4b8ec9962086ea448e33a89f8663f.
Stefan Metzmacher [Tue, 14 Aug 2012 18:11:22 +0000 (20:11 +0200)]
Revert "smb3 encryption hacks"
This reverts commit
66e3a9793f230dd13a12558a9cef66ec57019bd9.
Stefan Metzmacher [Tue, 14 Aug 2012 08:38:46 +0000 (10:38 +0200)]
smb3 encryption hacks
Stefan Metzmacher [Mon, 23 Jul 2012 11:47:07 +0000 (13:47 +0200)]
HACK always encrypt
Stefan Metzmacher [Thu, 16 Aug 2012 10:34:16 +0000 (12:34 +0200)]
Revert "TODO implement REPLAY and channel_sequence checks"
This reverts commit
610d48c661d49e05abfe98bb4a005362be14a16d.
Stefan Metzmacher [Tue, 7 Aug 2012 08:11:29 +0000 (10:11 +0200)]
TODO implement REPLAY and channel_sequence checks
metze
Stefan Metzmacher [Fri, 3 Aug 2012 06:45:57 +0000 (08:45 +0200)]
Revert "HACK two tconX... still works=> server doesn't send SMB_EXTENDED_SIGNATURES on the 2nd response"
This reverts commit
ab9053e2e7985431a655de718225e5078675a42b.
Stefan Metzmacher [Fri, 3 Aug 2012 06:45:52 +0000 (08:45 +0200)]
Revert "client hacks"
This reverts commit
43dd88375e6e946135c1dd1efac72db5362881f5.
Stefan Metzmacher [Thu, 2 Aug 2012 10:18:40 +0000 (12:18 +0200)]
client hacks
Stefan Metzmacher [Thu, 2 Aug 2012 08:01:06 +0000 (10:01 +0200)]
HACK two tconX... still works=> server doesn't send SMB_EXTENDED_SIGNATURES on the 2nd response
Stefan Metzmacher [Fri, 10 Aug 2012 13:37:43 +0000 (15:37 +0200)]
Revert "HACK start with smb_transport_direct..."
This reverts commit
2da19a55333ad431da5f71b9efd71c2c51a99afc.
Stefan Metzmacher [Fri, 10 Aug 2012 13:36:16 +0000 (15:36 +0200)]
HACK start with smb_transport_direct...
Stefan Metzmacher [Fri, 3 Aug 2012 13:47:28 +0000 (15:47 +0200)]
Revert "HACK break s4 server signing"
This reverts commit
854ce33d93b8bbb7f058c1852d3732c46f41171d.
Stefan Metzmacher [Fri, 3 Aug 2012 08:31:32 +0000 (10:31 +0200)]
HACK break s4 server signing
Stefan Metzmacher [Thu, 16 Aug 2012 11:44:03 +0000 (13:44 +0200)]
Revert "TODO s3:smb2_server: don't echo back SMB2_HDR_FLAG_SIGNED"
This reverts commit
62aaa72cb9db10f610e362312d63720af457e9f7.
Stefan Metzmacher [Thu, 16 Aug 2012 10:07:39 +0000 (12:07 +0200)]
TODO s3:smb2_server: don't echo back SMB2_HDR_FLAG_SIGNED
metze
Stefan Metzmacher [Fri, 17 Aug 2012 06:33:26 +0000 (08:33 +0200)]
Revert "HACK debug encryption"
This reverts commit
893820bd4fadfd067015f4c49380c34cd11e3238.
Stefan Metzmacher [Fri, 17 Aug 2012 06:33:11 +0000 (08:33 +0200)]
HACK debug encryption
Volker Lendecke [Fri, 17 Aug 2012 10:22:17 +0000 (12:22 +0200)]
TODO review tdis/logoff s3: Fix a panic when shutting down
When a client disconnects while we have aio open, there is no close
request that cleans up. We can't send out the replies anymore, so
just drop the aio requests that are pending.
Found using the new python lib writing multiple files simultaneously
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Björn Jacke [Sun, 1 Jul 2012 12:35:55 +0000 (14:35 +0200)]
s3: add sysquotas_4B support
this is from James Peach's darwin patch, that exists since a couple of years
already.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Sep 2 01:00:41 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 31 Aug 2012 12:11:45 +0000 (14:11 +0200)]
s3: Make an if statement a bit easier to read
Fix indentation a bit
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 1 07:07:12 CEST 2012 on sn-devel-104
Jeremy Allison [Fri, 31 Aug 2012 21:42:21 +0000 (14:42 -0700)]
Now SEC_RIGHTS_PRIV_RESTORE and SEC_RIGHTS_PRIV_BACKUP don't include any generic bits (they're used directly in the fileserver where the generic bits have already been mapped into file specific bits) we need to add the generic bits to the test when we have these privileges.
Mark samba4.base.maximum_allowed knownfail until we implement NTCREATEX_OPTIONS_BACKUP_INTENT.
Jeremy Allison [Fri, 31 Aug 2012 19:42:16 +0000 (12:42 -0700)]
Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share security descriptor testing.
Jeremy Allison [Fri, 31 Aug 2012 19:41:48 +0000 (12:41 -0700)]
Add a comment showing where to set log level in tests.
Jeremy Allison [Mon, 27 Aug 2012 23:07:32 +0000 (16:07 -0700)]
Change the S3 fileserver over to se_file_access_check().
Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.
Jeremy Allison [Mon, 27 Aug 2012 22:41:18 +0000 (15:41 -0700)]
Factor out privilege checking code into se_file_access_check() which takes a bool priv_open_requested parameter.
Jeremy Allison [Mon, 27 Aug 2012 21:15:35 +0000 (14:15 -0700)]
SEC_RIGHTS_DIR_PRIV_BACKUP and SEC_RIGHTS_DIR_PRIV_RESTORE aren't used anywhere. Remove (can re-add if needed).
Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.
Andrew Bartlett [Sat, 1 Sep 2012 01:36:36 +0000 (11:36 +1000)]
s4-dsdb: Remove unused variables
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
Andrew Bartlett [Sat, 1 Sep 2012 01:34:33 +0000 (11:34 +1000)]
s4-kdc: Improve grammer and clarity of password change failure messages.
This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.
Andrew Bartlett
Volker Lendecke [Fri, 31 Aug 2012 12:45:08 +0000 (14:45 +0200)]
s3: Fix warnings in aio_fork.c
Volker Lendecke [Fri, 31 Aug 2012 12:17:49 +0000 (14:17 +0200)]
s3: Remove a shadowing variable declaration
Andrew Bartlett [Sat, 1 Sep 2012 01:29:46 +0000 (11:29 +1000)]
s4-dsdb: Remove unused tmp_ctx leaked onto long-term ldb_context
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Kai Blin [Fri, 31 Aug 2012 11:41:19 +0000 (13:41 +0200)]
s4 dns: Store TKEYs in a ringbuffer
This stops us from potentially being DoSed by tons of TKEYs
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
David Disseldorp [Fri, 31 Aug 2012 15:41:31 +0000 (17:41 +0200)]
tdb: return unpack error on strdup failure
Signed-off-by: Lars Müller <lars@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 31 21:05:21 CEST 2012 on sn-devel-104
Volker Lendecke [Fri, 31 Aug 2012 12:10:02 +0000 (14:10 +0200)]
s3: Fix a few "warning: ISO C90 forbids mixed declarations and code"
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 31 19:24:47 CEST 2012 on sn-devel-104
Christian Ambach [Fri, 31 Aug 2012 09:00:23 +0000 (11:00 +0200)]
s3:build fix autoconf build on RHEL5
RHEL5 only has autoconf 2.59, so autogen.sh still needs to find autoconf-2.60.m4
somewhere, but it was removed with
5f58359
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Aug 31 12:50:03 CEST 2012 on sn-devel-104
Christof Schmitt [Thu, 30 Aug 2012 22:42:51 +0000 (15:42 -0700)]
s3:doc Fix name of timeout parameter in documentation
The name is time_audit:timeout, not time_audit:audit_timeout.
Signed-off-by: Christian Ambach <ambi@samba.org>
Christof Schmitt [Thu, 30 Aug 2012 20:16:24 +0000 (13:16 -0700)]
s3:dbwrap_ctdb: Add DB name and key to warning message
When a operation takes too long, it is useful for debugging to know the
DB and the key.
Signed-off-by: Christian Ambach <ambi@samba.org>
Kai Blin [Thu, 30 Aug 2012 07:04:07 +0000 (09:04 +0200)]
s4 dns: Negotiate GSSAPI-based TKEYs
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 31 Aug 2012 04:02:28 +0000 (14:02 +1000)]
s4-kdc: Give information on how long the password history is
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 31 Aug 2012 02:38:41 +0000 (12:38 +1000)]
s4-libnet: Fix memory leak of lsa_RefDomainList and lsa_String onto libnet_ctx
These are only needed for as long as the call, and should be children of the
private context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Andrew Bartlett [Fri, 31 Aug 2012 01:19:54 +0000 (11:19 +1000)]
auth/credentials: Do not print passwords in a talloc memory dump
The fact that a password was created here is enough information, so
overwrite with the function name and line.
Andrew Bartlett
Andrew Bartlett [Thu, 30 Aug 2012 22:34:03 +0000 (08:34 +1000)]
VERSION: Move on to beta9
We home beta8 will be the last beta, but to avoid confusion and allow
more releases if required I won't mark it as rc1 until the actual
release candidate.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 30 Aug 2012 22:32:15 +0000 (08:32 +1000)]
VERSION: Mark as the beta8 release
Andrew Bartlett [Thu, 30 Aug 2012 22:31:45 +0000 (08:31 +1000)]
WHATSNEW: prepare for 4.0 beta8
Jeremy Allison [Thu, 30 Aug 2012 15:45:43 +0000 (08:45 -0700)]
The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104
Jeremy Allison [Wed, 29 Aug 2012 22:18:19 +0000 (15:18 -0700)]
Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress.
Jeremy Allison [Wed, 29 Aug 2012 21:22:33 +0000 (14:22 -0700)]
With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS.
Jeremy Allison [Wed, 29 Aug 2012 20:44:57 +0000 (13:44 -0700)]
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
Jeremy Allison [Wed, 29 Aug 2012 20:40:29 +0000 (13:40 -0700)]
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/
11f77b68-731e-407d-b1b3-
064750716531
for details.
Jeremy Allison [Wed, 29 Aug 2012 20:37:51 +0000 (13:37 -0700)]
Change the other two places where we set a security descriptor given by the client to got through set_sd(),
the canonicalize sd function.
Jeremy Allison [Wed, 29 Aug 2012 20:29:34 +0000 (13:29 -0700)]
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization.
Jeremy Allison [Wed, 29 Aug 2012 20:23:06 +0000 (13:23 -0700)]
Rename set_sd() to set_sd_blob() - this describes what it does.
Christian Ambach [Thu, 30 Aug 2012 14:43:33 +0000 (16:43 +0200)]
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 30 Aug 2012 11:55:17 +0000 (13:55 +0200)]
selftest: Remove spoolss tests from knownfail.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 30 Aug 2012 12:09:49 +0000 (14:09 +0200)]
selftest: Add missing printing options for plugin_s4_dc.
Andreas Schneider [Thu, 30 Aug 2012 13:11:41 +0000 (15:11 +0200)]
file_server: Fix spoolss support with s3fs.
Andreas Schneider [Thu, 30 Aug 2012 12:09:10 +0000 (14:09 +0200)]
selftest: Define the log directory for s3fs.
Andrew Bartlett [Wed, 29 Aug 2012 21:49:21 +0000 (07:49 +1000)]
auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 24 Aug 2012 00:01:42 +0000 (10:01 +1000)]
s4-torture: Add start of a test to confirm winbindd PAC parsing
So far this confirms that we can accept a ticket using the secrets.tdb
entry.
Andrew Bartlett
Andrew Bartlett [Wed, 29 Aug 2012 07:58:45 +0000 (17:58 +1000)]
lib/krb4_wrap: Add const to kt_copy_one_principal
Christof Schmitt [Thu, 16 Aug 2012 19:47:52 +0000 (12:47 -0700)]
s3:vfs_gpfs: Use directory not file to get fileset id
The query of the fileset quota needs to determine the file set id first.
With the currently available interface, this requires opening the file
to get a file descriptor. For files, this open can fail when a share
mode is set.
Workaround this by querying the fileset id on the directory instead.
The proper solution would be getting an interface for getting the
fileset id that does not require opening the file.
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
Björn Jacke [Wed, 29 Aug 2012 11:37:05 +0000 (13:37 +0200)]
vfs_media_harmony: fix some compile warnings with llvm
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
David Disseldorp [Tue, 28 Aug 2012 16:58:24 +0000 (18:58 +0200)]
s3-printing: fix bug 9123 lprng job tracking errors
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
Andreas Schneider [Wed, 29 Aug 2012 08:36:21 +0000 (10:36 +0200)]
libkrb5: Fix build with MIT Kerberos.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 06:22:24 +0000 (16:22 +1000)]
s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 01:32:26 +0000 (11:32 +1000)]
s4-dsdb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
To indicate that these attributes are secret, we set an opaque.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 01:29:44 +0000 (11:29 +1000)]
lib/ldb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:44:52 +0000 (09:44 +1000)]
auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()
Andrew Bartlett [Tue, 28 Aug 2012 23:44:12 +0000 (09:44 +1000)]
auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records
By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them. We also avoid the need to work
around the setting of anonymous.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:21:52 +0000 (09:21 +1000)]
auth/credentials: Improve memory handling in cli_credentials_set_machine_account
By using a tempoary talloc context this is much tidier and more reliable code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 23:10:40 +0000 (09:10 +1000)]
selftest: Add a test for smbclient --machine-pass without secrets.tdb
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults
in the server. This essentially tests both sides.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:09:10 +0000 (09:09 +1000)]
auth/credentials: Avoid double-free in the failure case
This pointer is only valid if dbwrap_fetch returned success.
Andrew Bartlett
Andreas Schneider [Tue, 28 Aug 2012 12:17:22 +0000 (14:17 +0200)]
s3-smbd: Fix flooding the logs with records we don't find in pcap.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 01:19:04 +0000 (11:19 +1000)]
s3-classicupgrade: Fix import from ldap
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 00:00:34 +0000 (10:00 +1000)]
lib/ldb: Bump ldb version to 1.1.11
This will ensure the next Samba release requires an ldb with the recent
fixes.
Andrew Bartlett
Andrew Bartlett [Tue, 3 Jul 2012 03:09:33 +0000 (13:09 +1000)]
s3-vfs: Indicate the symlink destination when failing check_reduced_name
Andrew Bartlett [Mon, 2 Jul 2012 12:31:49 +0000 (22:31 +1000)]
s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2
With the ability to handle times a abolute time_t values since 1970
this becomes more important to get absolutly correct.
Andrew Bartlett
Andrew Bartlett [Mon, 2 Jul 2012 09:31:58 +0000 (19:31 +1000)]
s3-vfs_shadow_copy2: Also accept a sscanf result
Andrew Bartlett [Mon, 27 Aug 2012 21:43:06 +0000 (07:43 +1000)]
VERSION: Move on to beta8
We actually expect beta7 to be the last beta, but to avoid
confusion I won't mark it as rc1 until the actual release candidate.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 01:48:16 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 27 Aug 2012 21:41:11 +0000 (07:41 +1000)]
VERSION: Mark as the beta7 release
Andrew Bartlett [Mon, 27 Aug 2012 21:39:36 +0000 (07:39 +1000)]
WHATSNEW: prepare for 4.0 beta7
Andrew Bartlett [Mon, 27 Aug 2012 12:39:35 +0000 (22:39 +1000)]
selftest: Fix comment in blackbox_s3upgrade.sh
Andrew Bartlett [Mon, 27 Aug 2012 12:38:53 +0000 (22:38 +1000)]
s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 12:37:19 +0000 (22:37 +1000)]
s3-passdb: Allow reload of the static passdb from python
This is then used in provision when the passdb backend is forced.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:37:19 +0000 (21:37 +1000)]
auth/credentials: Rework credentials handling to try and find the most recent machine pw
As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:02:28 +0000 (21:02 +1000)]
selftest: Add test of smbclient --machine-pass against and using both s3 and s4
This uses both smbclient binaries to ensure that both work in both environments.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:01:10 +0000 (21:01 +1000)]
auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm
These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 09:46:11 +0000 (19:46 +1000)]
s4-dsdb: Remove double-free in update_keytab module
Andrew Bartlett [Mon, 27 Aug 2012 09:29:38 +0000 (19:29 +1000)]
s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 09:42:44 +0000 (19:42 +1000)]
s3-secrets: Use talloc_stackframe() in secrets_init_path()
Andrew Bartlett [Mon, 27 Aug 2012 09:28:56 +0000 (19:28 +1000)]
s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()
Andrew Bartlett [Mon, 27 Aug 2012 09:28:22 +0000 (19:28 +1000)]
s3-secrets: Add helper function to set machine account password from secrets_tdb_sync
secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 08:34:02 +0000 (18:34 +1000)]
lib/krb5_wrap: Move enctype conversion functions into a simple helper file
Andrew Bartlett [Mon, 27 Aug 2012 07:27:16 +0000 (17:27 +1000)]
s4-classicupgrade: Read WINS DB before the provision
Andrew Bartlett [Mon, 27 Aug 2012 07:20:51 +0000 (17:20 +1000)]
s4-classicupgrade: Do all the queries of data before the provision()
This allows provision to change the s3 smb.conf settings if required.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 06:56:35 +0000 (16:56 +1000)]
s4-classicupgrade: Use s3param.get_context() instead of result.lp
We should not need the guessed values here, but by changing to using the s3 loadparm context
we can move this block to before the provision.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 05:52:47 +0000 (15:52 +1000)]
lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap
git.samba.org / metze / samba / wip.git / log