Age | Commit message (Collapse) | Author | Files | Lines |
|
Note: this doesn't work against a Samba4 KDC yet.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
|
|
If the KDC does not support S4U2Proxy, it might return a ticket
for the TGT client principal.
metze
|
|
For S4U2Proxy we need to use the ticket from the S4U2Self stage
and ask the kdc for the delegated ticket for the target service.
metze
|
|
this allows dbcheck to fix bad attributes
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 12:27:06 CEST 2011 on sn-devel-104
|
|
this is useful for running it against a Windows server
|
|
this now checks for bad GUID elements in DN links, and offers to fix
them when possible
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
if we search with a base DN that has both a GUID and a SID, then use
the GUID first. This matters for the S-1-5-17 SID.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
When searching using extended DNs, if there are multiple matches then
return an object not found error. This is needed for the case of a
duplicate objectSid, which happens for S-1-5-17
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Old KDCs may not support S4U2Self (or S4U2Proxy) and return tickets
which belongs to the client principal of the TGT.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 09:10:55 CEST 2011 on sn-devel-104
|
|
This will make the following changes easier to review.
metze
|
|
In order to make the following changes easier to review.
metze
|
|
It's important that we don't store the tgt for the machine account
in the same krb5_ccache as the ticket for the impersonated principal.
We may pass it to some krb5/gssapi functions and they may use them
in the wrong way, which would grant machine account privileges to
the client.
metze
|
|
This will make the following changes easier to review.
metze
|
|
metze
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun 22 07:59:30 CEST 2011 on sn-devel-104
|
|
this will be used by the dbcheck code
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives you access to the syntax oid of an attribute
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this gives access to ldb_dn_get_extended_linearized() from python
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
keep individual error handlers together and separate from driver code
|
|
When converting from DRS to ldb format for a BINARY_DN, don't add the
GUID extended DN element if the GUID is all zeros.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
connections for now.
Guenther
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
This makes it much easier and less error prone to add new parameters
as we merge the s3 and s4 loadparm systems.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Jun 21 04:41:54 CEST 2011 on sn-devel-104
|
|
This adds the known failure for the one test (netbios browsing) that
fails.
Andrew Bartlett
|
|
Because we now always build the source3 code, we can link directly
against a private libnetapi and libsmbclient to test the behaviour of
these important APIs.
We use a private libnetapi_net_init(), and by using this interface
rather than the public one, we can ensure that the correct smb.conf is
loaded (as smbtorture4 is a Samba4 semantics binary).
The #include of the source3 includes.h is required to do the manual
lp_load().
Andrew Bartlett
|
|
These same names are use in the source3 popt code, which is called from
in libsmbclient and libnet. These are then included in the smbtorture
binary for testing
Andrew Bartlett
|
|
This removes the lang_tdb based varient, the only user of the lang_tdb
code is SWAT, which calls that directly.
'net' and 'pam_winbind' are internationalised using gettext.
Andrew Bartlett
|
|
|
|
This fixes a few Coverity errors
|
|
This is simplistic. We need to support making TDB2 a standalone library,
but for now, we simply built it in-tree.
Once we have tdb1 compatibility in tdb2, we can rename this option to
--enable-tdb2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Soon, TDB2 will handle tdb1 files, but until then, we substitute.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This is a helper for the common case of opening a tdb with a logging
function, but it doesn't do all the work, since TDB1 and TDB2's log
functions are different types.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
These don't exist in tdb2. The former is used in one weird place in
tdb1, and the latter not at all.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The typedef is TDB2 compatible, the struct isn't.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns void here. tdb_unlockall will *always* return with the
database unlocked, but it will complain via the log function if it wasn't
locked.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for < 0 instead of == -1.
Also, there's no tdb_traverse_read in TDB2: we don't try to make
traverse reliable any more, so there are no write locks anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns void here. tdb_transaction_cancel will *always* return
with the transaction cancelled, but it will complain via the log
function if a transaction wasn't in progress.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This is a noop for tdb1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
We change all the headers and wscript files to use tdb_compat; this
means we have one place to decide whether to use TDB1 or TDB2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jun 20 09:23:15 CEST 2011 on sn-devel-104
|
|
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
|
|
Due to library link orders, this is already the function that is being
used. However we still need to sort out the duplicate symbol issues,
probably by renaming things.
Andrew Bartlett
|
|
The functions which uesed these tables have since moved in common.
Andrew Bartlett
|
|
This does not move statedir, leaving it in PREFIX/var/locks because
state files such as idmap are dangerous to move, as they might
re-create, causing chaos.
This isn't ideal, but I don't have a better solution right now.
Andrew Bartlett
|
|
The following changes are made since Samba 3.6:
* --with-ncalrpcdir and --with-nmbdsocketdir are replaced with --with-socket-dir
(with ntp_signd, winbindd, nmbd subdirs)
* This moves the winbind socket out of /tmp. Distributions have moved
this out of /tmp for quite some time now, and /var/run in the FHS
blessed location these days. --with-socketdir should point to
/var/run in a distribution package.
* Configuration files are expected in PREFIX/etc instead of PREFIX/lib
(they need to be moved manually)
* SWAT data files have moved to PREFIX/share/swat (alongside
PREFIX/share/setup containing samba4 provision templates).
* The --with-fhs option is no longer available (it was never very
useful, and major distributions (Debian, OpenSuSE, Fedora) either
specified every option (overriding the effect) or didn't specify it
at all.
* PID files are now in PREFIX/var/run, moved from PREFIX/var/locks
* The ncalrpc and nmbd sockets are now in PREFIX/var/run by default
The following changes are made for users of Samba3 binaries built with the top level build in master
* 'state' files are now expected to be in their Samba 3.6 location
PREFIX/var/locks (and will need to be moved manually)
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|