summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-01-18s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett7-17/+16
cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-utils/net: pass struct ndr_interface_table downAndrew Bartlett13-138/+137
This will allow the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-rpcclient: pass struct ndr_interface_table downAndrew Bartlett16-192/+187
This will allow the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() genericAndrew Bartlett5-130/+56
This also avoids passing NULL as the server to gensec_set_target_hostname() in spnego_generic_init_client(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse gss_wrap_iov_length() only needs the type and lengthStefan Metzmacher1-2/+4
metze
2012-01-18s3-gse Make seal parameter a boolean for clarityAndrew Bartlett1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove special case for spnego session keyAndrew Bartlett3-16/+8
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove special case for spnego dcerpc sign/sealAndrew Bartlett1-92/+18
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Move GSS_C_DCE_STYLE backup definition to gse.cAndrew Bartlett2-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Add constAndrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Remove or make static unused/local-only GSE functionsAndrew Bartlett2-270/+33
The GSE layer is now used via the GENSEC module, so we do not need these functions exposed any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove unused dcesrv_gssapi.[ch] functionsAndrew Bartlett6-269/+1
The code from dcesrv_gssapi.c is now in source3/auth/auth_generic.c as an auth callback. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove layer around struct gensec_securityAndrew Bartlett3-13/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_securityAndrew Bartlett5-96/+32
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensecAndrew Bartlett6-231/+53
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Allow spnego_generic_init_client to handle kerberos tooAndrew Bartlett1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett5-329/+17
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-libsmb Use the gse_krb5 gensec module as clientAndrew Bartlett2-2/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Make gse available as a gensec client moduleAndrew Bartlett2-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-build: Rework object lists to allow gse gensec moduleAndrew Bartlett3-73/+40
This also allows the spnego_parse_krb5_wrap() function to be shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: Add gensec wrapper for gse GSSAPI clientAndrew Bartlett2-0/+441
This brings in part of the s4 gensec_gssapi as the boilerplate for the new module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Match session setup handling of krb5, store the PACAndrew Bartlett1-1/+4
This will allow non-krb5 services to get the full user groups without need to do an online s4u2self. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-auth Add auth hook for PAC parsingAndrew Bartlett1-2/+128
This will allow gensec_gse to parse the PAC. This is a copy from source3/rpc_server/dcesrv_generic.c to preserve behaviour. A future commit will enable the samlogon cache. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3: Use lock_order for setting the db priorityVolker Lendecke1-0/+18
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 18 16:21:52 CET 2012 on sn-devel-104
2012-01-18s3: Pass down lock_order to db_open_ctdbVolker Lendecke3-4/+10
2012-01-18Revert "Fix bug #8175 - smbd deadlock."Volker Lendecke1-68/+26
This reverts commit 5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
2012-01-18s3: Change locking order between brlock and lockingVolker Lendecke1-8/+58
But 8175 was fixed in a way that brlock.tdb was always locked before locking.tdb. This patch fixes the bug in a different way. locking.tdb is the central tdb for files and should always be locked first. This patch solves the problem by postponing the level2 break messages, which are async anyway.
2012-01-18s3: Enforce a lock order in dbwrapVolker Lendecke4-1/+85
This makes sure we do not deadlock from doing two dbwrap_fetch_locked in two processes in different orders. At open time, we assign a strict order to all databases. lock_order 1 will be locked first, lock_order 2 second. No two records of the same lock order may be locked at the same time.
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke30-40/+97
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2012-01-18s3-passdb: trying to decouple passdb and secrets a little.Günther Deschner8-105/+173
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
2012-01-17s3: Fix bug 8695Volker Lendecke1-0/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
2012-01-17RHEL-CTDB: *.msg files movedVolker Lendecke1-1/+1
2012-01-17RHEL-CTDB: *.dat files movedVolker Lendecke1-3/+3
2012-01-17RHEL-CTDB: CP*so are no moreVolker Lendecke1-2/+0
2012-01-17RHEL-CTDB: --with-mandir -> --mandirVolker Lendecke2-2/+2
2012-01-17dynconfig: overwrite --with-privatelibdir as a Samba optionStefan Metzmacher1-1/+8
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 17 17:17:56 CET 2012 on sn-devel-104
2012-01-17dynconfig: --with-modulesdir should be a Samba optionStefan Metzmacher2-11/+29
This also restores the defaults from Samba 3.6.x: "${libdir}" or "${libdir}/samba" in FHS mode. metze
2012-01-17dynconfig/config.m4: expand prefix, exec_prefix, sysconfdir, localstatedir ↵Stefan Metzmacher1-18/+18
and datarootdir in Makefile Otherwise $prefix is "NONE" without explicit --prefix metze
2012-01-17s3:lib/messages: remove unused messaging_event_context()Stefan Metzmacher2-6/+0
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 17 09:45:30 CET 2012 on sn-devel-104
2012-01-17s3:smbcontrol: avoid using messaging_event_context()Stefan Metzmacher1-10/+7
metze
2012-01-17s3:smbcontrol: pass tevent_context down to wait_replies()Stefan Metzmacher1-10/+11
metze
2012-01-17s3:smbcontrol: pass tevent_context down to subcommandsStefan Metzmacher1-38/+69
metze
2012-01-17s3:printing: avoid messaging_event_context() in print_queue_housekeeping()Stefan Metzmacher1-6/+21
metze
2012-01-16s3-install: Don't let MANDIR and SRCDIR be overwrittenVolker Lendecke1-1/+2
In installman.sh, we get them via cmd line args Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Jan 16 18:55:40 CET 2012 on sn-devel-104
2012-01-16s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher1-0/+16
supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
2012-01-16s3:selftest: rpcclient doesn't support smb2Stefan Metzmacher1-29/+27
metze
2012-01-14s3: ADS support is needed for dns updatesVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Jan 14 15:32:15 CET 2012 on sn-devel-104
2012-01-14KCC importldif/exportldif and intersite topologyDave Craft2-376/+2429
Add options for extracting an LDIF file from a database and reimporting the LDIF into a schema-less database for subsequent topology test/debug. Add intersite topology generation with computation of ISTG and bridgehead servers Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Jan 14 07:45:11 CET 2012 on sn-devel-104
2012-01-14Intersite KCC flags for pythonDave Craft1-0/+5
Add NTDSSITELINK options to dsdb class for use in python samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
2012-01-14Intersite KCC flagsDave Craft1-0/+5
NTDSSITELINK option flags added Signed-off-by: Andrew Tridgell <tridge@samba.org>