Age | Commit message (Collapse) | Author | Files | Lines |
|
After consolidating DNS resolver code to lib/addns, there is one piece
that still needs to be moved into a common DNS resolver library: DNS_HOSTS_FILE
subsystem. Unfortunately, direct move would require lib/addns to depend on
libcli/util/{ntstatus.h,werror.h} (provided by errors subsystem).
In addition, moving libcli/dns/* code to lib/addns/ would make conflicting
the dns_tkey_record struct. The conflict comes from source4/dns_server/ and is due
to use of IDL to define the struct. lib/addns/ library also provides its own definition
so we either need to keep them in sync (rewrite code in lib/addns/ a bit) or
depend on generated IDL headers.
Thus, making a private library and subsystem clidns is an intermediate step
that allows to buy some time fore refactoring.
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
After migrating to use libaddns, reply_to_addrs() needed to change the
way answers are iterated through. Originally libroken implementation
gave all answers as separate records with last one being explicitly NULL.
libaddns unmarshalling code gives all non-NULL answers and should be
iterated with explicit reply->num_answers in use.
|
|
In case krb5_cc_get_lifetime is not available, iterate over
existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL,
and use its lifetime. This is how it is implemented in Heimdal and
how it was suggested to be done by MIT Kerberos developers.
|
|
We need to ifdef out some minor things here because there is no available API
to set these options in MIT.
The realm and canonicalize options should be not interesting in the client
case. Same for the send_to_kdc hacks.
Also the OLD DES3 enctype is not at all interesting. I am not aware that
Windows will ever use DES3 and no modern implementation relies on that enctype
anymore as it has been fully deprecated long ago, so we can simply ignore it.
|
|
Use available native samba resolver functions
|
|
|
|
|
|
Attach request to local memory context not to potentially long lived connection
|
|
Taking the size of "db" is correct, but a bit fishy. Silence Coverity.
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 15 16:12:54 CEST 2012 on sn-devel-104
|
|
"security=server" has a lot of problems in the world with
modern security (ntlmv2 and krb5). It was also not very
reliable, as it needed a stable connection to the password
server for the lifetime of the whole client connection!
Please use "security=domain" or "security=ads" is you
authentication against remote servers (domain controllers).
metze
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SERVER |
| security=server |
| |
| |
| 12 May |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
metze
|
|
metze
|
|
metze
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon May 14 04:04:55 CEST 2012 on sn-devel-104
|
|
(accidentially commited in 5e8dee8d96a7522cdcde57dbbf93fbe9c614992e)
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May 13 10:41:27 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun May 13 05:16:28 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri May 11 22:05:32 CEST 2012 on sn-devel-104
|
|
This has been around since a long time: In non-developer builds,
we don't panic in SMB_ASSERT but happly continue with the error
condition, which is ridiculous and dangerous...
|
|
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed May 9 17:38:33 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
|
|
|
|
TIME_T_MAX is not actually INT64_MAX at the moment, so check both
values and set to the magic end-of-time value.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue May 8 06:41:43 CEST 2012 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon May 7 21:13:15 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun May 6 16:38:00 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
|
|
|
|
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
|
|
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
|
|
|
|
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
|
|
torture_result().
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Thu May 3 15:31:06 CEST 2012 on sn-devel-104
|