Karolin Seeger [Tue, 13 Nov 2012 07:57:55 +0000 (08:57 +0100)]
VERSION: Disable GIT snapshot to prepare rc5 release.
Karolin
Karolin Seeger [Mon, 12 Nov 2012 08:50:35 +0000 (09:50 +0100)]
WHATSNEW: Update changes since rc4.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Nov 12 11:36:41 CET 2012 on sn-devel-104
Karolin Seeger [Mon, 12 Nov 2012 08:19:05 +0000 (09:19 +0100)]
WHATSNEW: Update changes since rc4.
Karolin
Karolin Seeger [Fri, 9 Nov 2012 08:07:38 +0000 (09:07 +0100)]
samba-tool: Fix typo in --help output.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Part of a fix for bug #9373 - Output of 'samba-tool' does not look very nice.
Stefan Metzmacher [Mon, 22 Oct 2012 11:47:48 +0000 (13:47 +0200)]
lib/krb5_wrap: request enc_types in the correct order (bug #9272)
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
should have a higher priority than arcfour-hmac-md5,
otherwise the KDC still gives us arcfour-hmac-md5 session keys.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
24f3f87706329e6e280dc6be6d025e997d46c910)
The last 3 patches address bug #9272 - net ads join does not provide AES keys in
host keytab.
Günther Deschner [Mon, 19 Dec 2011 09:52:58 +0000 (10:52 +0100)]
s3-kerberos: add aes enctypes to generated krb5.conf.
Guenther
Günther Deschner [Thu, 15 Dec 2011 17:12:41 +0000 (18:12 +0100)]
s3-krb5: use and request AES keys in kerberos operations.
Guenther
David Disseldorp [Tue, 6 Nov 2012 11:49:42 +0000 (12:49 +0100)]
doc: describe samlogon cache caveat for winbindd -n
The samlogon cache is never bypassed, even when winbindd is run with the
-n argument.
See https://bugzilla.samba.org/show_bug.cgi?id=9125
David Disseldorp [Tue, 6 Nov 2012 11:29:24 +0000 (12:29 +0100)]
Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache access."
This reverts commit
ae6a779bf9f816680e724ede37324b7f5355996b.
Bug 9125 analysis from Volker:
The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.
Andrew Bartlett [Sun, 11 Nov 2012 10:32:22 +0000 (21:32 +1100)]
ntp_signd: Only allow group access to the ntp signd directory.
Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)
The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.
Permissions should be changed to:
ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)
If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed. As the error
is declared fatal, in the future, Samba may totally refused to start.
Andrew Bartlett
The last 2 patches address bug #9379 - [SECURITY] ntp_signd permissions are too
broad.
Andrew Bartlett [Sun, 11 Nov 2012 21:44:02 +0000 (08:44 +1100)]
ntp_signd: move socket directory to var/lib not var/run for permissions change
With the next patch, this becomes a socket directory on which we must
maintain administrator-specified permissions we will need to move it
away from directories that wipe at boot.
This means the ntp.conf will need to change from (eg)
ntpsigndsocket /usr/local/samba/var/run/ntp_signd/
to
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
Andrew Bartlett
Stefan Metzmacher [Fri, 9 Nov 2012 16:23:53 +0000 (17:23 +0100)]
s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104
(cherry picked from commit
e0ab14f52a52c8317473b4c4cd3cf50265e1f9e4)
The last 5 patches address bug #8620 - Read ACL are not enabled by default on
DS.
Stefan Metzmacher [Fri, 9 Nov 2012 16:22:44 +0000 (17:22 +0100)]
s4:dsdb/acl_read: fix whitespace formatting errors
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
21dfaefda0e22f7ddaac62bfd8b32e6fb9fc253d)
Stefan Metzmacher [Fri, 9 Nov 2012 16:05:44 +0000 (17:05 +0100)]
s4:dsdb/acl: only give administrators access to attributes marked as confidential (bug #8620)
The full fix will to implement and use the code of the read_acl module,
but this is better than nothing for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f6fa7243f81891cb7703264da526fd873a9745e4)
Stefan Metzmacher [Fri, 9 Nov 2012 10:23:47 +0000 (11:23 +0100)]
s4:dsdb/acl: reorganize the logic flow in the password filtering checks
This avoids some nesting levels and does early returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ed8b27516b212b59167bb932de949a7b54dc44cb)
Stefan Metzmacher [Fri, 9 Nov 2012 10:25:21 +0000 (11:25 +0100)]
s4:dsdb/acl: fix search filter cleanup for password attributes
We need to this when we're *not* system.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
54ad5c70e3cc731c872913841cbcd2ef29ec0e54)
Karolin Seeger [Fri, 9 Nov 2012 11:33:56 +0000 (12:33 +0100)]
WHATSNEW: Update changes since rc4.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Nov 9 14:19:31 CET 2012 on sn-devel-104
Jelmer Vernooij [Mon, 5 Nov 2012 18:36:30 +0000 (19:36 +0100)]
wafsamba.abi: Fix abi_match with both excludes and includes.
This fixes a regression introduced by
9c3e294400234ebdf9b98031bae583524fd0b0ac
which caused internal symbols in libldb to be exposed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit
ec3cbb6c476698523c9b5ac047787df101746891)
Jelmer Vernooij [Mon, 5 Nov 2012 18:36:29 +0000 (19:36 +0100)]
wafsamba.samba_abi: Add basic unit tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit
d02c8ba122cef7d8b254e5be3ae757eb3bb14235)
Andrew Bartlett [Mon, 5 Nov 2012 20:48:52 +0000 (07:48 +1100)]
buildtools: Remove extra space from global: line
This makes it easier to put the expected values in a file
as we will not have trailing whitespace that is against git style.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
97102fa9963ba88f4ab72165a02071990031a73b)
Jelmer Vernooij [Mon, 5 Nov 2012 18:36:28 +0000 (19:36 +0100)]
wafsamba.samba_abi: Refactor abi_write_vscript to take file argument.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
(cherry picked from commit
ea5ef95fbebe28cca11f86a9015aab77522f5e18)
Karolin Seeger [Fri, 9 Nov 2012 08:33:04 +0000 (09:33 +0100)]
WHATSNEW: Update changes since rc4.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Nov 9 11:12:53 CET 2012 on sn-devel-104
Volker Lendecke [Tue, 9 Oct 2012 07:41:41 +0000 (09:41 +0200)]
s3: Pass down smb_filename to smbacl4_fill_ace4
A full fsp is a bit overkill here
The last three patches fix
Bug 9208 Cannot migrate files with inheritance flags to share on top of NFSv4 filesystem
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
Christian Ambach [Tue, 25 Sep 2012 01:25:36 +0000 (03:25 +0200)]
s3:nfs4acls filter away inheritance flags on files
While it is possible to define inheritance flags on files on Windows, this will
be denied by GPFS and UFS (and potentially others).
So it will be better to strip of these bits when being set for files instead of
failing to set the ACL completely (this is current behavior).
Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as
other pieces of the SD are also lost when translating to NFSv4. So this should
not be a too intrusive change, but allow users to migrate data with such flags
instead of failing to migrate the ACL completely.
Christian Ambach [Mon, 24 Sep 2012 23:34:04 +0000 (01:34 +0200)]
s3:nfs4acls pass down fsp instead of just the filename
Volker Lendecke [Sat, 3 Nov 2012 08:36:29 +0000 (09:36 +0100)]
dsdb: Simplify DsCrackNameOneFilter a bit
For me "else" branches clutter my flow reading code. If we do a hard
return at the end of an "if" branch, "else" is not required.
The last 3 patches address bug #9352 - samba crashes with certain RPC calls.
Andrew Bartlett [Wed, 24 Oct 2012 05:41:52 +0000 (16:41 +1100)]
dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID
If there is no SID for an object being mapped, then there is no NT4 name.
We need to return DRSUAPI_DS_NAME_STATUS_NO_MAPPING rather than
error out with anything other than WERR_OK as the return value.
Andrew Bartlett
Andrew Bartlett [Wed, 24 Oct 2012 00:56:02 +0000 (11:56 +1100)]
dsdb-cracknames: Always use talloc_zero()
Otherwise, we will return un-initialised values to the caller, which will
attempt to push them onto the wire.
Found by Greg Dickie <greg@justaguy.ca>.
Andrew Bartlett
Karolin Seeger [Thu, 8 Nov 2012 07:58:29 +0000 (08:58 +0100)]
WHATSNEW: Update changes since rc4.
Karolin
Christian Ambach [Fri, 28 Sep 2012 05:09:23 +0000 (22:09 -0700)]
s3:smb2_getinfo ensure proper error for not yet present quota support
non-existing quota support needs to be signaled by NT_STATUS_NOT_SUPPORTED,
not NT_STATUS_INVALID_PARAMETER
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Oct 12 13:37:37 CEST 2012 on sn-devel-104
(cherry picked from commit
bddd1182ea44875f28e12cf15fd07a86f43d8716)
Fix bug #9361 - Quotas management doesn't work with SMB2/3.
Karolin Seeger [Wed, 7 Nov 2012 09:58:38 +0000 (10:58 +0100)]
WHATSNEW: Start release notes for Samba 4.0.0rc5.
Karolin
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Wed Nov 7 12:40:32 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 2 Nov 2012 11:52:51 +0000 (12:52 +0100)]
s3:vfs_default: optimize vfswrap_asys_finished() and read as much as we can
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 5 19:01:13 CET 2012 on sn-devel-104
(cherry picked from commit
c2ca9e02106108c024b0daf27325e8eba35437f2)
Fix bug #9359 - Optimization needed for SMB2 performance sensitive workloads.
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Wed Nov 7 10:35:40 CET 2012 on sn-devel-104
Stefan Metzmacher [Fri, 2 Nov 2012 12:56:53 +0000 (13:56 +0100)]
lib/tsocket: optimize syscalls in tstream_readv_pdu_send()
Once we've got the first part of a pdu we try to optimize
readv calls for the rest of the pdu.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
719595b6f7f8745f2608dddb2b86476b9cc2f598)
Stefan Metzmacher [Fri, 2 Nov 2012 12:45:49 +0000 (13:45 +0100)]
lib/tsocket: disable the syscall optimization for recvfrom/readv by default
We only do the optimization on recvfrom/readv if the caller asked for it.
This is needed because in most cases we preferr to flush send
buffers before receiving incoming requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
e42889f83f261e2ac34014649476fae638a6e1f2)
Stefan Metzmacher [Thu, 1 Nov 2012 12:53:27 +0000 (13:53 +0100)]
s3:smbd: pass the current time to make_connection[_smb1]()
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
(cherry picked from commit
3d9361612d30725a3d14fa4d3a085256a91800db)
Fix bug #9360 - SMB1 tree connect time is wrong.
Björn Baumbach [Fri, 2 Nov 2012 09:25:27 +0000 (10:25 +0100)]
docs-xml: fix use of <smbconfoption> tag (fix bug #9345)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Karolin Seeger <ks@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Fri Nov 2 12:37:42 CET 2012 on sn-devel-104
(cherry picked from commit
3ecbe8c83a003825fc58f6dcb9e02a35aad2d86e)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Mon Nov 5 13:09:12 CET 2012 on sn-devel-104
Andrew Bartlett [Thu, 1 Nov 2012 00:26:16 +0000 (11:26 +1100)]
s3-param: Move the options needed for running smbd in the AD DC to loadparm
This avoids the whole fileserver.conf thing, and simply handles everything in C.
The main challenge is that if s3fs is enabled in a member server
configuration (unlikely) then these options will not be set, and it
overrides any other attempt to set these as globals. (The previous
approach essentially just changed defaults, because the include =
of smb.conf was after the values were set in fileserver.conf).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104
(cherry picked from commit
75c51d6561f6f39dd02fd942709039b871957f44)
The last 2 patches address bug #9355 - set mask values to 0777 and use
fileserver.conf.
Andrew Bartlett [Thu, 1 Nov 2012 00:24:00 +0000 (11:24 +1100)]
file_server: put set create mask and directory mask in fileserver.conf
This allows any ACL to be set from the client, without restriction
from the Samba side.
Based on advise from Jermey at https://lists.samba.org/archive/samba-technical/2012-October/088414.html
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
fc5caffbc139d63cab1ec105884863f73772586f)
Michael Adam [Tue, 30 Oct 2012 13:43:42 +0000 (14:43 +0100)]
build(waf): fix the cluster(ctdb) build without system talloc installed
This is analogous to the earlier patch for tdb.
It temporarily adds the talloc include path to the
includes search list for the ctdb-header configure checks.
Patch 2/2 for fixing bug #9353.
Signed-off-by: Michael Adam <obnox@samba.org>
Tested-by: Björn Baumbach <bb@sernet.de>
Michael Adam [Tue, 30 Oct 2012 13:41:04 +0000 (14:41 +0100)]
build(waf): fix a tab indentation to spaces
Patch 1/2 for fixing bug #9353.
Signed-off-by: Michael Adam <obnox@samba.org>
Björn Baumbach [Tue, 30 Oct 2012 15:04:10 +0000 (16:04 +0100)]
build(waf): Fail "configure --with-cluster-support" if ctdb support is not available.
Currently, configure only warns if cluster support is not found.
Fix for bug #9351
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
d551b4ab4bb06dac7d90389febbc21c2afae8bca)
Björn Baumbach [Tue, 30 Oct 2012 15:45:30 +0000 (16:45 +0100)]
s3-torture:test_ctdbconn: fix the build against older ctdb versions
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Part 4/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
5f1b5404b8e642dd18b55e37793068216f668242)
Björn Baumbach [Wed, 17 Oct 2012 14:54:33 +0000 (16:54 +0200)]
s3:ctdb library: fix the build against older ctdb versions
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Part 3/4 of fix bug #9348.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
541bde605e8a1158411436c4f7fdc314dfdbff23)
Björn Baumbach [Tue, 30 Oct 2012 12:59:41 +0000 (13:59 +0100)]
build(waf): check if we have ctdb_protocol.h in the cluster checks
Part 2/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
bf269d6b5a6783e2479ac455b8e085a5d8ad9e9e)
Björn Baumbach [Tue, 30 Oct 2012 12:26:24 +0000 (13:26 +0100)]
build(autoconf): check if we have ctdb_protocol.h in the cluster checks
Part 1/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
d113d8aea5411e5e0701891f44b95d6d916b1271)
Björn Baumbach [Tue, 30 Oct 2012 12:40:48 +0000 (13:40 +0100)]
build(autoconf): fix check for ctdb_private.h (bug #9349)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
e5cce4f47274a02b752e47e3d1f23d3f64f72123)
Andrew Bartlett [Fri, 21 Sep 2012 22:59:11 +0000 (15:59 -0700)]
auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104
The last 5 patches address bug #9347 - winbind: Extend wbcAuthenticateUserEx to
provide PAC.
Andrew Bartlett [Fri, 21 Sep 2012 02:46:31 +0000 (19:46 -0700)]
libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 21 06:37:15 CEST 2012 on sn-devel-104
(cherry picked from commit
914b02be5a3e7805110f517e39ed9f6fe760c2bc)
Christof Schmitt [Fri, 21 Sep 2012 01:30:07 +0000 (18:30 -0700)]
s4-torture: Complete test for winbindd PAC parsing
Decode the PAC through the wbcAuthenticateUserEx call, also decode it
locally and compare the result.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d9747b15c4a737a1422d0156d92efed762bb672d)
Christof Schmitt [Mon, 30 Jul 2012 18:03:54 +0000 (11:03 -0700)]
auth/kerberos: Adjust log level for failed PAC signature verification
With winbindd trying to verify the signature of an application provided
PAC, this message can be easily triggered. Adjust the debug level to
avoid filling up the logs.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
05befd2f734d3962619ebc0cc137bbe5cedfd81d)
Christof Schmitt [Wed, 18 Jul 2012 21:38:47 +0000 (14:38 -0700)]
winbind: Extend wbcAuthenticateUserEx to provide PAC
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1bc2f28b9420829645ed571daf2a17e6688b2103)
Andrew Bartlett [Tue, 16 Oct 2012 04:08:30 +0000 (15:08 +1100)]
dns_server: Try and use the dns-SERVER account if we were configured with it
Fix bug #9317 - Cannot easily change to internal DNS server.
Stefan Metzmacher [Mon, 22 Oct 2012 12:35:41 +0000 (14:35 +0200)]
s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175)
We should use the latest supported dialect.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewd-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104
(cherry picked from commit
2a3eb641fe34fb95bf713f0e7184581847af1357)
Stefan Metzmacher [Mon, 22 Oct 2012 12:31:20 +0000 (14:31 +0200)]
s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
45105afffc5678082b23165ff74610d67e57a82a)
Stefan Metzmacher [Mon, 22 Oct 2012 12:18:20 +0000 (14:18 +0200)]
libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)
This should be a short term hack until the upper layers have implemented
re-authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit
c5cd22b5bbce724dcd68fe94320382b3f772cabf)
Stefan Metzmacher [Tue, 30 Oct 2012 10:08:19 +0000 (11:08 +0100)]
s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341)
Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
Autobuild-User(v4-0-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-0-test): Fri Nov 2 12:41:37 CET 2012 on sn-devel-104
Andrew Bartlett [Tue, 16 Oct 2012 02:08:22 +0000 (13:08 +1100)]
provision: No longer use the wheel group in new AD Domains
The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).
There is no particularly useful reason for us to enforce this matching
a system group.
Andrew Bartlett
Fix bug #9340 - We should not use the wheel group for 'administrators'.
Björn Jacke [Wed, 31 Oct 2012 14:31:08 +0000 (15:31 +0100)]
util: remove accidently committed hunk
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Oct 31 19:25:30 CET 2012 on sn-devel-104
(cherry picked from commit
ffb608b54d452e2c96222840f1bd48759f32d0b5)
The last 51 patches address bug #9339 - Build and quota fixes from master.
Andrew Bartlett [Tue, 23 Oct 2012 06:14:55 +0000 (17:14 +1100)]
lib/replace: Fix detection of prctl
(cherry picked from commit
80f42df4ec9194ff00aeeb3c2cf6acfa1f2ab5c3)
Ricky Nance [Tue, 25 Sep 2012 06:10:42 +0000 (01:10 -0500)]
wscript: Removed executable bit.
Removed the executable for both wscript and wscript_build.
(cherry picked from commit
6146b609e7add16a34067a4c40902f63d19fe5fe)
Björn Jacke [Tue, 30 Oct 2012 11:19:24 +0000 (12:19 +0100)]
wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5
(cherry picked from commit
9a03cc93f45a6908c73afe2d059a4ebf5534fdb7)
Andrew Bartlett [Sun, 23 Sep 2012 03:20:45 +0000 (13:20 +1000)]
ntdb: Try to fix the build on Solaris which does not have err
(cherry picked from commit
08d3062fc3ece6b5d98e32bad5f1d54c088b0dd0)
Björn Jacke [Tue, 30 Oct 2012 11:07:26 +0000 (12:07 +0100)]
ccan/wafbuild: use WERROR_CFLAGS instead of -Werror
(cherry picked from commit
fdead585dc11101761ac975935134c6a84ea3b4f)
Rusty Russell [Sun, 14 Oct 2012 05:35:58 +0000 (16:05 +1030)]
ccan: check for all the used config.h defines
In particular, not checking for byteswap.h meant we defined duplicates:
https://bugzilla.samba.org/show_bug.cgi?id=9286
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Oct 17 01:55:14 CEST 2012 on sn-devel-104
(cherry picked from commit
029654897d721308c9ee782aee420abddce7edee)
Björn Jacke [Tue, 30 Oct 2012 10:48:25 +0000 (11:48 +0100)]
wafbuild: reorder the Werror checks so that the ambigous w2 option is being checked last
(cherry picked from commit
7fcb2532b99ddf65d78dd02ea06ce8a1a6229949)
Björn Jacke [Tue, 30 Oct 2012 10:37:34 +0000 (11:37 +0100)]
wafbuild: merge the missing IBM compiler Werror flag "-qhalt=w" to waf
(cherry picked from commit
51692042d9f898c5e8f1cbc78031e37d23ec032a)
Björn Jacke [Tue, 30 Oct 2012 10:32:52 +0000 (11:32 +0100)]
wfabuild: fix the -errwarn compile flag test
as in the autoconf build this must be "-errwarn=%all"
(cherry picked from commit
0342ca40629d5a57db02c7f840809dfa0bde6780)
Andrew Bartlett [Tue, 23 Oct 2012 06:14:43 +0000 (17:14 +1100)]
lib/replace: Fix detection of rpcsrv/yp_prot.h on FreeBSD
Andrew Bartlett [Tue, 23 Oct 2012 06:31:03 +0000 (17:31 +1100)]
lib/replace: Fix configure on FreeBSD: define_ret is not correct here
define_ret is for when the output of the compiled and run program
should be put into the configure define. This is not the case
here.
Andrew Bartlett
Andrew Bartlett [Sun, 28 Oct 2012 08:57:58 +0000 (19:57 +1100)]
pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGS
This in turn causes an include of <net/if.h> to hang on some systems, as
/net/ means to run the automounter!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104
(cherry picked from commit
aa411045a5ee52d440ccb259a37c6c7489099884)
Andrew Bartlett [Sun, 28 Oct 2012 08:38:10 +0000 (19:38 +1100)]
build: Remove support for IDL-generated files in git tree
This was added in
a9ea3d6fa510286b83c4bda42c9a857da3625451 but is no
longer required, as we do not store IDL-generated files in GIT.
Andrew Bartlett
Michael Adam [Tue, 23 Oct 2012 13:53:17 +0000 (15:53 +0200)]
build(waf): Fix the --with-cluster build
The problem with the cluster/ctdb configure checks in Samba
currently is, that the headers need to include <tdb.h>.
If there are no system tdb headers, configure fails to find
tdb headers at this stage. Since the include is only required
for some defines (TDB_DATA), the workaround is to temporarily
add the included tdb copy's include path to the include search
path in the configure test. The ctdb we run against will most
likely have been compiled against a different version of TDB
anyways...
To properly fix this, we might need to change ctdb to rely
on an external tdb library. Or to incorporate ctdb into samba
as a component that uses the same shipped tdb version.
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct 23 18:29:26 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 23 Oct 2012 06:53:58 +0000 (17:53 +1100)]
build: Add #define FREEBSD on FreeBSD
This makes waf match autoconf
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 23 11:11:44 CEST 2012 on sn-devel-104
Andreas Schneider [Wed, 17 Oct 2012 16:17:27 +0000 (18:17 +0200)]
waf: Create a libnss_wins.so symlink.
The last 3 patches fixe bug #9299 - nsswitch modules under Linux need a symbolic
to their so version library.
https://bugzilla.samba.org/show_bug.cgi?id=9299
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Oct 22 10:48:16 CEST 2012 on sn-devel-104
Andreas Schneider [Wed, 17 Oct 2012 16:16:15 +0000 (18:16 +0200)]
waf: Create a libnss_winbind.so symlink.
This fixes bug #9299.
Andreas Schneider [Wed, 17 Oct 2012 16:03:55 +0000 (18:03 +0200)]
wafsamba: If we define a realname and a soname create a symlink.
This is needed that libnss_winbind.so.2 and libnss_wins.so.2 will get a
corresponding symlinks.
Andrew Bartlett [Wed, 10 Oct 2012 10:20:24 +0000 (21:20 +1100)]
build: Remove --disable-shared
This does not work, and has no known use cases. Remove it so we do
not waste time trying to support it.
This also removes it for ldb/tdb/ntdb/talloc, but as these are first
shared libraries, and then tools on top of those, rpath or (for
emergency tools) --nonshared-binary= seems more appropriate.
Andrew Bartlett
Andrew Bartlett [Wed, 10 Oct 2012 01:44:14 +0000 (12:44 +1100)]
build: Add vfs_media_harmony to the waf build
Andrew Bartlett [Mon, 1 Oct 2012 22:12:16 +0000 (08:12 +1000)]
nsswitch: Build nss_winbind on all supported platforms
This matches what the autoconf build can do.
Andrew Bartlett
Andrew Bartlett [Wed, 3 Oct 2012 06:36:34 +0000 (16:36 +1000)]
selftest: Always build a linux-style nss_winbind for nss_wrapper
Alexander Bokovoy [Tue, 2 Oct 2012 11:53:38 +0000 (14:53 +0300)]
Fix release script to build full set of documentation
build-docs script was not setting XML catalog properly.
In addition, some time ago pdf versions of images were introduced as
generated dependencies in our books but svg -> pdf rule was not added,
so building books never finished properly.
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 2 16:21:23 CEST 2012 on sn-devel-104
Ira Cooper [Sun, 30 Sep 2012 19:02:13 +0000 (19:02 +0000)]
s3: Fix libnss_winbind.so's build on Illumos/Solaris
Due to not building and linking in the winbind_nss_solaris bits in addition
to the linux bits, nss was broken on Solaris.
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Sep 30 22:56:30 CEST 2012 on sn-devel-104
Andrew Bartlett [Sat, 29 Sep 2012 04:31:28 +0000 (14:31 +1000)]
build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 29 08:51:03 CEST 2012 on sn-devel-104
Andrew Bartlett [Sat, 29 Sep 2012 04:28:57 +0000 (14:28 +1000)]
build: Fix quota tests, including move of sysquotas.c to the top level
This correctly detects quotas on FreeBSD
Andrew Bartlett
Andrew Bartlett [Sat, 29 Sep 2012 04:36:41 +0000 (14:36 +1000)]
lib/replace: Add test for what flag we need for -Werror behaviour
(cherry picked from commit
931ed2509d93110b525f763ffb15ee3feff87fa0)
Andrew Bartlett [Wed, 26 Sep 2012 08:09:20 +0000 (18:09 +1000)]
nsswitch: Add waf tests for solaris special cases
These are in configure.in for autoconf. Found in the config.h comparison on
the smbtorture4 build.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 11:50:10 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 26 Sep 2012 03:10:17 +0000 (13:10 +1000)]
build: Remove unused --with-sys-quotas option
Andrew Bartlett [Wed, 26 Sep 2012 02:42:15 +0000 (12:42 +1000)]
build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend
Andrew Bartlett [Wed, 26 Sep 2012 02:33:50 +0000 (12:33 +1000)]
build: Remove unused samba_cv_sysquotas_file variable from autoconf configure
Andrew Bartlett [Wed, 26 Sep 2012 02:33:13 +0000 (12:33 +1000)]
build: Add waf configure support for non-linux quotas
Andrew Bartlett [Tue, 25 Sep 2012 22:10:29 +0000 (08:10 +1000)]
lib/util/charset: We do not use fucntions from wchar.h any more
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 02:13:10 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 25 Sep 2012 21:41:38 +0000 (07:41 +1000)]
lib/util/charset: Try to find iconv on HP-UX
Andrew Bartlett [Mon, 24 Sep 2012 08:02:01 +0000 (18:02 +1000)]
build: Fix detection of quotas on macos
This is a weird one. While visually OK, the . in sys/types.h was not
made up of the typical ASCII character, so of course did not find
types.h!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 24 12:24:45 CEST 2012 on sn-devel-104
Andrew Bartlett [Sun, 23 Sep 2012 21:06:53 +0000 (07:06 +1000)]
build: Add missing dep on tdb_compat
Andrew Bartlett [Sun, 23 Sep 2012 04:37:24 +0000 (14:37 +1000)]
build: Remove unused define UNIXWARE
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Sep 23 08:33:02 CEST 2012 on sn-devel-104
Andrew Bartlett [Sun, 23 Sep 2012 04:35:58 +0000 (14:35 +1000)]
lib/replace: Remove unused nap and therefore the SCO define
In any case, the Samba Team stopped supporting SCO systems a long time ago.
Andrew Bartlett
Andrew Bartlett [Sun, 23 Sep 2012 04:30:37 +0000 (14:30 +1000)]
build: Make waf configure match autoconf for HPUX ACLs
Andrew Bartlett [Sun, 23 Sep 2012 04:30:10 +0000 (14:30 +1000)]
build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default
The autoconf build simply has 512 as the default, without a warning. Rather than
enumerate every OS ever made, just handle the known exceptions.
Andrew Bartlett
Andrew Bartlett [Sun, 23 Sep 2012 04:25:00 +0000 (14:25 +1000)]
lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM
Removing this unbuilt file allows removing BROKEN_GETGRNAM which was only
ever defined per-OS, not based on an actual test.
Andrew Bartlett
Andrew Bartlett [Sun, 23 Sep 2012 03:57:44 +0000 (13:57 +1000)]
build: Remove unused IRIX and IRIX6 defines