1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

28864 Commits

Author SHA1 Message Date
Lukasz Zalewski
be5bf2c991 When listing group members allow fallback to cn attribute when samAccountName is not available 2012-05-10 14:58:46 +10:00
Stefan Metzmacher
49dbd38047 s4:smb_server/smb: only create a new session with vuid == 0
metze
2012-05-09 01:02:16 +02:00
Stefan Metzmacher
865e9c4560 s4:torture/raw/context: test a session setup with a given invalid vuid
On a session setup with EXTENDED_SECURITY we'll get ERRSRV:ERRbaduid,
while a session setup without EXTENDED_SECURITY ignores the given vuid.

Before this test was doing a reauth of a given vuid, which works for newer
Windows versions, but Windows 2000 gives INVALID_PARAMETER.

metze
2012-05-09 01:02:16 +02:00
Michael Adam
d36aecc9c5 s4:libcli:raw: fix a comment typo in smb_setfileinfo()
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue May  8 20:45:16 CEST 2012 on sn-devel-104
2012-05-08 20:45:16 +02:00
Michael Adam
6713ebfd60 s4:torture: add a new smb2.session.reauth5 test: rename after reauth to anon - fails 2012-05-08 18:49:05 +02:00
Michael Adam
35009eb3a9 s4:torture: add a new smb2.session.reauth4 test: setting security descriptor after reauth to anon - works 2012-05-08 18:49:05 +02:00
Kai Blin
f01c6cf707 s4 dns: unify error handling when bailing out
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue May  8 15:48:25 CEST 2012 on sn-devel-104
2012-05-08 15:48:25 +02:00
Andreas Schneider
e8e5afd4d4 krb5samba: Add smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>

Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue May  8 08:30:52 CEST 2012 on sn-devel-104
2012-05-08 08:30:51 +02:00
Andreas Schneider
7f9e4d70b9 s4-auth: Use smb_krb5_make_pac_checksum.
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-08 06:42:56 +02:00
Simo Sorce
3ef95a0b59 krb5samba: Add krb5_free_checksum_contents wrapper 2012-05-08 06:42:56 +02:00
Andrew Bartlett
0678eb6cdf s4-provision Ensure we have posix ACLs before we permit a s3fs-based Samba4 to be configured 2012-05-08 04:51:59 +02:00
Stefan Metzmacher
5d4d8fefe2 s4:torture/raw/context: add subtests as torture testcases
TODO: add test_session with 'use spnego = false'.
      We need a way to do set an option just for one test case.

Note: the 'use spnego = false' was ignored before as it's
      only used on the first session setup on a connection.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May  8 04:50:39 CEST 2012 on sn-devel-104
2012-05-08 04:50:39 +02:00
Stefan Metzmacher
dd804dd8ca s4:torture/raw/context: INVALID_PARAMETER vs. LOGON_FAILURE...
If the try a session setup without EXTENDED_SECURITY after
one with EXTENDED_SECURITY Windows 2008 R2 returns INVALID_PARAMETER,
while Windows 2000 sp4 returns LOGON_FAILURE...

metze
2012-05-08 02:57:07 +02:00
Stefan Metzmacher
7c0c1fabd0 s4:torture/raw: make torture_raw_context a test suite
metze
2012-05-08 02:57:07 +02:00
Stefan Metzmacher
05bed62371 s4:torture/raw/context: make use of torture_* macros and avoid 'printf'
metze
2012-05-08 02:57:07 +02:00
Stefan Metzmacher
27efeabab4 s4:torture/raw/context: pass tctx to test_pid_exit_only_sees_open()
metze
2012-05-08 02:57:07 +02:00
Stefan Metzmacher
c68cba36aa s4:torture/raw/session: make sure we got a reauth of the existing session
metze
2012-05-08 00:50:55 +02:00
Jelmer Vernooij
890485bd17 heimdal: Cope with newer Heimdal versions accepting a keyset argument to
hdb_enctype2key.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon May  7 18:33:10 CEST 2012 on sn-devel-104
2012-05-07 18:33:10 +02:00
Amitay Isaacs
246409e17e s4-dns: Build BIND DLZ modules with correct private library
This fixes rpath for samdb-common private library after make install.

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon May  7 07:40:29 CEST 2012 on sn-devel-104
2012-05-07 07:40:29 +02:00
Stefan Metzmacher
49acba37e7 s4:libcli/smb2: use PROTOCOL_LATEST
metze
2012-05-06 14:50:39 +02:00
Andrew Bartlett
c2b094ffbc s4-s3-upgrade: Max/min password age policy is in seconds, not days
This cases upgraded domains to have a too-long password expiry, which in extreme
cases can cause the KDC to misfunction.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun May  6 14:49:39 CEST 2012 on sn-devel-104
2012-05-06 14:49:39 +02:00
Matthieu Patou
db11c1b120 s4-schema: Validate more class attribute when adding a new class in the schema
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun May  6 04:17:56 CEST 2012 on sn-devel-104
2012-05-06 04:17:56 +02:00
Matthieu Patou
191dd54cbc s4: use intermediate var, increase lisibility 2012-05-05 17:26:11 -07:00
Matthieu Patou
aae8085c61 olschema2ldif: be more strict where checking for open/closed braces 2012-05-05 17:26:10 -07:00
Alexander Bokovoy
822e6794f0 s4:auth/kerberos: don't do tracing in MIT build
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04 16:51:29 +02:00
Alexander Bokovoy
21d383d04f s4:torture: auth/pac.c: use Kerberos wrapper for krb5_keyblock_init
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04 16:51:29 +02:00
Alexander Bokovoy
4875a12ab8 Avoid using Heimdal-specific tests in MIT build 2012-05-04 16:51:29 +02:00
Alexander Bokovoy
566884553c s4:ntvfs: add missing headers to vfs_ipc
vfs_ipc.c had system/kerberos.h and system/filesys.h missing

Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04 16:51:29 +02:00
Simo Sorce
27549b4e31 Fix direct access to krb5_principal structure 2012-05-04 16:51:29 +02:00
Simo Sorce
eb9e3e8a54 auth-session: MIT doesn't have import/export cred yet
For now let's just loose this functionality with the MIT build.
gss_import/export_cred should be availa ble when MIT 1.11 is released and this
code is used only in some proxy scenario. Not normally needed for common
configurations.
2012-05-04 16:51:29 +02:00
Andreas Schneider
4d77466daf krb5samba: Add a smb_krb5_cc_get_lifetime() function.
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04 16:51:29 +02:00
Simo Sorce
6bec64b12a s4-auth-krb: Make srv_keytab.c build against MIT Kerberos 2012-05-04 16:51:29 +02:00
Simo Sorce
548046ff4d Fix incompatible assignment warning 2012-05-04 16:51:29 +02:00
Simo Sorce
b776bc5f72 krb5samba: Add compat krb5_make_principal for MIT build 2012-05-04 16:51:29 +02:00
Simo Sorce
205b032061 Fix compiler warning 2012-05-04 16:51:29 +02:00
Simo Sorce
cf7d15e075 s4-auth-krb: Use compat code to initialize keyblock contents 2012-05-04 16:51:29 +02:00
Simo Sorce
93de8e4570 krb5samba: Add compat code to initialize keyblock contents 2012-05-04 16:51:28 +02:00
Simo Sorce
62f3be7af3 s4-auth-krb: Disable code in MIT build
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
2012-05-04 16:51:28 +02:00
Simo Sorce
c2f663263c Move keytab_copy to krb5samba lib
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
2012-05-04 16:51:28 +02:00
Simo Sorce
94b9af6ac6 Fix keytab_copy to compile with MIT librariues too 2012-05-04 16:51:28 +02:00
Simo Sorce
07953e19fc keytab_copy: Fix style, whitespaces 2012-05-04 16:51:28 +02:00
Simo Sorce
57dc8aa1b2 kerberos_pac: Fix code to work with MIT too 2012-05-04 16:51:28 +02:00
Simo Sorce
a2de8a12d3 s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
2012-05-04 16:51:28 +02:00
Simo Sorce
3109a3de1f Split normal kinit from s4u2 flavored kinit
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
2012-05-04 16:51:28 +02:00
Simo Sorce
29d284c245 Move kerberos_kinit_password_cc to krb5samba lib 2012-05-04 16:51:28 +02:00
Simo Sorce
38a5a2c5c5 Move kerberos_kinit_keyblock_cc to krb5samba lib
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
2012-05-04 16:51:28 +02:00
Simo Sorce
aa1a0d80de krb-init: define out heimdal specific stuff in mitkrb build 2012-05-04 16:51:28 +02:00
Simo Sorce
9a585a3141 s4-auth-krb: avoid useless condition
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
2012-05-04 16:51:28 +02:00
Volker Lendecke
eb6e22bcab s4:torture: add a check for talloc success in test_session_reauth
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri May  4 16:50:59 CEST 2012 on sn-devel-104
2012-05-04 16:50:58 +02:00
Andrew Bartlett
c8e6d8b487 s4-dsdb: Use data_blob_string_const and add explaination for open-coded function in samldb
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May  4 02:34:41 CEST 2012 on sn-devel-104
2012-05-04 02:34:40 +02:00