summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-05-08s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 ↵Andrew Bartlett1-0/+14
to be configured
2012-05-08s4:torture/raw/context: add subtests as torture testcasesStefan Metzmacher1-46/+20
TODO: add test_session with 'use spnego = false'. We need a way to do set an option just for one test case. Note: the 'use spnego = false' was ignored before as it's only used on the first session setup on a connection. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue May 8 04:50:39 CEST 2012 on sn-devel-104
2012-05-08s4:torture/raw/context: INVALID_PARAMETER vs. LOGON_FAILURE...Stefan Metzmacher1-1/+7
If the try a session setup without EXTENDED_SECURITY after one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER, while Windows 2000 sp4 returns LOGON_FAILURE... metze
2012-05-08s4:torture/raw: make torture_raw_context a test suiteStefan Metzmacher2-3/+12
metze
2012-05-08s4:torture/raw/context: make use of torture_* macros and avoid 'printf'Stefan Metzmacher1-100/+87
metze
2012-05-08s4:torture/raw/context: pass tctx to test_pid_exit_only_sees_open()Stefan Metzmacher1-1/+3
metze
2012-05-08s4:torture/raw/session: make sure we got a reauth of the existing sessionStefan Metzmacher1-0/+2
metze
2012-05-07heimdal: Cope with newer Heimdal versions accepting a keyset argument toJelmer Vernooij2-4/+26
hdb_enctype2key. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon May 7 18:33:10 CEST 2012 on sn-devel-104
2012-05-07s4-dns: Build BIND DLZ modules with correct private libraryAmitay Isaacs1-2/+2
This fixes rpath for samdb-common private library after make install. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon May 7 07:40:29 CEST 2012 on sn-devel-104
2012-05-06s4:libcli/smb2: use PROTOCOL_LATESTStefan Metzmacher1-1/+1
metze
2012-05-06s4-s3-upgrade: Max/min password age policy is in seconds, not daysAndrew Bartlett1-2/+2
This cases upgraded domains to have a too-long password expiry, which in extreme cases can cause the KDC to misfunction. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun May 6 14:49:39 CEST 2012 on sn-devel-104
2012-05-06s4-schema: Validate more class attribute when adding a new class in the schemaMatthieu Patou1-0/+29
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun May 6 04:17:56 CEST 2012 on sn-devel-104
2012-05-05s4: use intermediate var, increase lisibilityMatthieu Patou1-6/+5
2012-05-05olschema2ldif: be more strict where checking for open/closed bracesMatthieu Patou1-3/+15
2012-05-04s4:auth/kerberos: don't do tracing in MIT buildAlexander Bokovoy1-17/+0
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_initAlexander Bokovoy1-4/+4
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04Avoid using Heimdal-specific tests in MIT buildAlexander Bokovoy3-3/+14
2012-05-04s4:ntvfs: add missing headers to vfs_ipcAlexander Bokovoy1-0/+2
vfs_ipc.c had system/kerberos.h and system/filesys.h missing Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04Fix direct access to krb5_principal structureSimo Sorce1-2/+4
2012-05-04auth-session: MIT doesn't have import/export cred yetSimo Sorce2-3/+7
For now let's just loose this functionality with the MIT build. gss_import/export_cred should be availa ble when MIT 1.11 is released and this code is used only in some proxy scenario. Not normally needed for common configurations.
2012-05-04krb5samba: Add a smb_krb5_cc_get_lifetime() function.Andreas Schneider1-0/+1
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04s4-auth-krb: Make srv_keytab.c build against MIT KerberosSimo Sorce1-8/+11
2012-05-04Fix incompatible assignment warningSimo Sorce1-1/+1
2012-05-04krb5samba: Add compat krb5_make_principal for MIT buildSimo Sorce1-0/+1
2012-05-04Fix compiler warningSimo Sorce1-1/+1
2012-05-04s4-auth-krb: Use compat code to initialize keyblock contentsSimo Sorce1-1/+1
2012-05-04krb5samba: Add compat code to initialize keyblock contentsSimo Sorce1-0/+1
2012-05-04s4-auth-krb: Disable code in MIT buildSimo Sorce1-1/+4
Unfortunately these functions are not available in MIT and there is no easy workaround or compat funciton I can see at this stage. Will fix properly once MIT gets the necessary functions or if another workaround can be found.
2012-05-04Move keytab_copy to krb5samba libSimo Sorce2-231/+1
This is a helper fucntion that uses purely krb5 code, so it belongs to krb5samba which is the krb5 wrapper for samba.
2012-05-04Fix keytab_copy to compile with MIT librariues tooSimo Sorce1-10/+12
2012-05-04keytab_copy: Fix style, whitespacesSimo Sorce1-8/+17
2012-05-04kerberos_pac: Fix code to work with MIT tooSimo Sorce1-3/+3
2012-05-04s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5Simo Sorce5-2/+13
Make it clearly a gensec_krb5 accessory file. This function should never be used anywhere else. This function was copied out from the Heimdal tree and is kept in a separate file for clarity and to keep the original license boilerplate.
2012-05-04Split normal kinit from s4u2 flavored kinitSimo Sorce1-7/+21
This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences.
2012-05-04Move kerberos_kinit_password_cc to krb5samba libSimo Sorce3-427/+1
2012-05-04Move kerberos_kinit_keyblock_cc to krb5samba libSimo Sorce3-55/+1
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not available.
2012-05-04krb-init: define out heimdal specific stuff in mitkrb buildSimo Sorce1-3/+12
2012-05-04s4-auth-krb: avoid useless conditionSimo Sorce1-1/+1
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
2012-05-04s4:torture: add a check for talloc success in test_session_reauthVolker Lendecke1-0/+1
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Fri May 4 16:50:59 CEST 2012 on sn-devel-104
2012-05-04s4-dsdb: Use data_blob_string_const and add explaination for open-coded ↵Andrew Bartlett1-4/+6
function in samldb Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri May 4 02:34:41 CEST 2012 on sn-devel-104
2012-05-04s4-dsdb: Use strcasecmp_m() to compare possibly multibyte strings in samldbAndrew Bartlett1-5/+5
2012-05-04s4:samldb LDB module - make sure to not add identical ↵Matthias Dieter Wallnöfer2-16/+88
"servicePrincipalName"s more than once The service principal names need to be case-insensitively unique, otherwise we end up in a LDB ERR_ATTRIBUTE_OR_VALUE_EXISTS error. This issue has been discovered on the technical mailing list (thread: cannot rename windows xp machine in samba4) when trying to rename a AD client workstation.
2012-05-03UTIL_TDB: lowercase name.Jelmer Vernooij3-3/+3
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu May 3 20:18:22 CEST 2012 on sn-devel-104
2012-05-03s4:torture: add a new smb2.session.reauth3 test - getting security descriptorMichael Adam1-0/+100
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu May 3 17:38:14 CEST 2012 on sn-devel-104
2012-05-03provision: remove reference to no longer existing template files.Jelmer Vernooij2-9/+6
2012-05-03s4-samba-tool: make new samba-tool group listmembers use samAccountNameAndrew Bartlett2-4/+4
This is the unique username value. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu May 3 01:57:41 CEST 2012 on sn-devel-104
2012-05-03s4-s3upgrade: Force ldapsam:trusted = yesAndrew Bartlett1-0/+3
While this setting is not the default in Samba3, any domain that is in a suitable condition to upgrade to Samba4 should already be in the layout that ldapsam:trusted uses. It can be turned off by setting ldapsam:trusted=false in the smb.conf. Many upgrades to Samba4 happen on a different host to the old Samba3 domain and this avoids the need to configure nss_ldap only for the duration of the upgrade. Andrew Bartlett
2012-05-03Extension to the samba-tool group subcommand functionality to allow listing ↵Lukasz Zalewski3-0/+91
of the members of an AD group
2012-05-03s4-s3upgrade: Try harder to get group memberships on upgradeAndrew Bartlett1-5/+20
This fixes an issue where some group types were not upgraded, as we did not upgrade alias memberships. It also uses enum_group_memberships() to try and find the memberships from the other direction, by asking which groups a user is a member of. As Samba3 (and NT4) does not implement nested groups, this should be safe. Andrew Bartlett
2012-05-02s4:torture:rpc: add a new test samba3.smb2-pipe-read-logoffMichael Adam1-0/+85
- open a pipe via smb2 - trigger a read which hangs since there is nothing to read - do a logoff - wait for the read to return and check the status (STATUS_PIPE_BROKEN) Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed May 2 19:57:45 CEST 2012 on sn-devel-104