Age | Commit message (Collapse) | Author | Files | Lines |
|
When reloading zones, named first creates new zone instance and then shuts down
the old instance. Since ldb layer, keeps the same LDB open, talloc_free() on samdb
handle, causes talloc "access after use" error.
This patch keeps only single context (dlz_bind9_data) and uses reference counting
to decide when to actually free the context. Since samdb handle is reused, use
talloc_unlink() instead of talloc_free() on samdb handle.
|
|
version.h moved from include -> include/autoconf.
Autobuild-User: Ira Cooper <ira@samba.org>
Autobuild-Date: Thu May 24 01:34:24 CEST 2012 on sn-devel-104
|
|
DCERPC code can't be smb2 specific!
I'm not sure if 'true' is the correct value here, but at least
it matches the old behavior and the tcp and smb1 cases.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 21:56:05 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
This mapps between NT_STATUS_CONNECTION_* to NT_STATUS_PIPE_*
metze
|
|
This deserves some explanation.
With commit 518232d4578d700f5f5ea1609275a6cd1de3a1e7 samba4.blackbox.kinit test set
was wrapped with password settings reset before and after the tests with an idea to
maintain reliable state for the tests. As result, the resetting of the password
settings was done after the test that tried to use smbclient with a Kerberos ticket
obtained with machine account credentials.
However, the code in credentials_krb5.c, function cli_credentials_get_client_gss_creds(),
never worked correctly when credentials were already in ccache. Instead, gensec_gssapi module
always re-kinited even if existing credentials were available in the ccache. This had an effect
on 'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' test equal to
never having initialized ccache at all, as if 'rm -f $KRB5CCNAME' was run before the test.
When the issue of not using already initialized credentials from ccache was fixed with
d0aae88f1290e6a7a6d4bfc24aa62795e4892a31 'auth-credentials: Support using pre-fetched ccache
when obtaining kerberos credentials' commit, Samba 4 credentials library started to correctly
re-used already obtained credentials from ccaches. This caused failure of the test
'samba4.blackbox.kinit(dc:local).reset password policies(dc:local)' because machine account
has no permissions to modify password settings.
Thus, the correct fix is to reset ccache state before performing the test.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed May 23 18:46:12 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
After consolidating DNS resolver code to lib/addns, there is one piece
that still needs to be moved into a common DNS resolver library: DNS_HOSTS_FILE
subsystem. Unfortunately, direct move would require lib/addns to depend on
libcli/util/{ntstatus.h,werror.h} (provided by errors subsystem).
In addition, moving libcli/dns/* code to lib/addns/ would make conflicting
the dns_tkey_record struct. The conflict comes from source4/dns_server/ and is due
to use of IDL to define the struct. lib/addns/ library also provides its own definition
so we either need to keep them in sync (rewrite code in lib/addns/ a bit) or
depend on generated IDL headers.
Thus, making a private library and subsystem clidns is an intermediate step
that allows to buy some time fore refactoring.
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
not break
When export_keytab is not compiled in (pure client-side Samba 4 build as with
system MIT krb5), export-keytab command of samba-tool will not be available.
Make sure it is not provided but its absence does not break the Python tool.
|
|
credentials
When credentials API is used by a client-side program that already as fetched required
tickets into a ccache, we need to skip re-initializing ccache. This is used in FreeIPA
when Samba 4 Python bindings are run after mod_auth_kerb has obtained user tickets
already.
|
|
struct unixid is defined in idmap.idl and therefore to use it one
would need generated headers from librpc/gen_ndr. Not all of these
files are installed and available as public headers. Also, they
pull in some support headers which requires them to be available
via specific locations like <librpc/gen_ndr/*> or <libcli/util>.
Instead of pulling the headers to get structure and enum definitions,
introduce three simple helpers to fill in 'struct unixid' based on
the type of id. This is sufficient for PASSDB users and does not
require exposing generated headers or code.
|
|
After migrating to use libaddns, reply_to_addrs() needed to change the
way answers are iterated through. Originally libroken implementation
gave all answers as separate records with last one being explicitly NULL.
libaddns unmarshalling code gives all non-NULL answers and should be
iterated with explicit reply->num_answers in use.
|
|
In case krb5_cc_get_lifetime is not available, iterate over
existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL,
and use its lifetime. This is how it is implemented in Heimdal and
how it was suggested to be done by MIT Kerberos developers.
|
|
We need to ifdef out some minor things here because there is no available API
to set these options in MIT.
The realm and canonicalize options should be not interesting in the client
case. Same for the send_to_kdc hacks.
Also the OLD DES3 enctype is not at all interesting. I am not aware that
Windows will ever use DES3 and no modern implementation relies on that enctype
anymore as it has been fully deprecated long ago, so we can simply ignore it.
|
|
with MIT Kerbros build
|
|
Use available native samba resolver functions
|
|
|
|
|
|
|
|
In preparation of making this code common to s3 and s4
|
|
In preparation of making this code common to s3 and s4
|
|
Attach request to local memory context not to potentially long lived connection
|
|
We don't support security = share anymore, so we should always have
a valid session.
Found by the raw.context test.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 12:47:37 CEST 2012 on sn-devel-104
|
|
timeout.
If we're running with SEC_ADS and we don't get a cldap response from
the server when querying its name, don't fall back to NetBIOS requests
as they're unlikely to succeed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 23 03:49:36 CEST 2012 on sn-devel-104
|
|
Add a timeout_in_seconds parameter to nbt_getdc() to make it fail
after that time with NT_STATUS_IO_TIMEOUT.
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 22 01:31:17 CEST 2012 on sn-devel-104
|
|
"size" is the maximum buffer, only copy what we actually got. For me, this
fixes valgrind errors in the DIR1 test that might potentially make DIR1
non-flaky again.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon May 21 22:10:15 CEST 2012 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon May 21 19:27:44 CEST 2012 on sn-devel-104
|
|
control is presented
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat May 19 20:28:01 CEST 2012 on sn-devel-104
|
|
|
|
|
|
returns with a share mode.
get_existing_share_mode_lock() isn't really the right
call here, as we're being called after
close_remove_share_mode() inside close_normal_file()
so it's quite normal to not have an existing share
mode here. However, get_share_mode_lock() doesn't
work because that will create a new share mode if
one doesn't exist - so stick with this call (just
ignore any error we get if the share mode doesn't
exist.
The previous commit raised the error message debug
level inside get_share_mode_lock_internal() so
we don't always get a level 1 error message if
get_existing_share_mode_lock() fails.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May 19 06:26:33 CEST 2012 on sn-devel-104
|
|
This isn't a fatal condition, there is a valid codepath
that can cause this message.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri May 18 18:25:42 CEST 2012 on sn-devel-104
|
|
metze
|
|
Found by the raw.context test.
metze
|
|
Found by the raw.context test.
metze
|
|
metze
|
|
idmap_cache_find_sid2unixid()
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri May 18 16:34:27 CEST 2012 on sn-devel-104
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May 18 13:12:14 CEST 2012 on sn-devel-104
|