1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

45179 Commits

Author SHA1 Message Date
Andrew Bartlett
f4ab082d2b librpc/idl: Merge wbint.idl with winbind.idl so we can forward IRPC requests to internal winbind calls
Change-Id: Iba3913d5a1c7f851b93f37e9beb6dbb20fbf7e55
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
223fbdaf38 s3-winbindd: Listen on IRPC and do forwarded DNS updates on an RODC
Change-Id: Ib87933c318f510d95f7008e122216d73803ede68
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
cb79cc342e s3-winbindd: Register winbindd with irpc
Change-Id: Ie3c7109fef6982d95e8cad06870334565352e329
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
597d2a7a29 auth: Provide a way to use the auth stack for winbindd authentication
This adds in flags that allow winbindd to request authentication
without directly calling into the auth_sam module.

That in turn will allow winbindd to call auth_samba4 and so permit
winbindd operation in the AD DC.

Andrew Bartlett

Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
2e961bf598 winbindd: Call set_dc_type_and_flags on the internal domain
This allows the AD DC to be picked up correctly and gives the correct DNS name.

To ensure no confusion, we also always init it with the full DNS name.

It also means that, aside from the BUILTIN domain the initialized
flag is set only in one place, which will help when we add more details
to the domain structure in the future.

This in turn allows kerberos authentication against winbindd on the AD DC.

Andrew Bartlett

Change-Id: Idc829cfe5f2e867c87107b49275b17f294821dcd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-11 10:18:26 +02:00
Andrew Bartlett
cda32d4e47 passdb: Do not routinely clear the global memory returned by get_global_sam_sid()
This avoids use-after-free errors and tdb database churn.

Andrew Bartlett

Change-Id: If7ab2e24556d9dffc7ad22c0489d665dd75a0cab
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-11 10:18:26 +02:00
Volker Lendecke
7c2b5e77b0 Use GUID_equal in a few places
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-06-10 19:19:13 +02:00
Jeremy Allison
9c6f1a589f s3: libsmb: Change cli_disk_size() to use the trans2/SMB_FS_FULL_SIZE_INFORMATION call in preference to the old SMB1 call.
Fallback to the old CORE protocol SMBdskattr if
trans2/SMB_FS_FULL_SIZE_INFORMATION is not supported.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  7 05:41:44 CEST 2014 on sn-devel-104
2014-06-07 05:41:44 +02:00
Jeremy Allison
d0a7d7e87e s3: libsmb: Make cli_smb2_dskattr() a 64-bit interface.
Remove the fallback call from cli_dskattr() (now it's
not called from external client code).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2014-06-07 03:15:14 +02:00
Jeremy Allison
66a04ba7c1 s3: libsmb : Move users of cli_dskattr to a 64-bit interface cli_disk_free().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
2014-06-07 03:15:14 +02:00
Jeremy Allison
463311422c s3/s4: smbd, rpc, ldap, cldap, kdc services.
Allow us to start if we bind to *either* :: or 0.0.0.0.

Allows us to cope with systems configured as only IPv4
or only IPv6.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
Reviewed-By: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun  7 01:01:44 CEST 2014 on sn-devel-104
2014-06-07 01:01:43 +02:00
Christian Ambach
2ee7d017e8 s3:vfs_afsacl fix compiler warnings
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jun  4 22:34:51 CEST 2014 on sn-devel-104
2014-06-04 22:34:51 +02:00
Christian Ambach
c3607d2edf vfs_afsacl: remove unused includes
* auth.h might cause collisions with the Heimdal headers
* we should not include afs/afs.h directly, see
https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1319336
http://rt.central.org/rt/Ticket/Display.html?id=131737

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-06-04 20:09:39 +02:00
Christian Ambach
b7ce3f6ce3 waf: fixup build with fake kaserver enabled
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-06-04 20:09:39 +02:00
Christian Ambach
eafb7e33bc waf: add --with-fake-kaserver option
This option was not added during the transition from autoconf
to waf.
Bring it back so that the code can be used again.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9916
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-06-04 20:09:38 +02:00
Christian Ambach
558850c495 s3:lib/afs move afs_settoken.c to common lib dir
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-06-04 20:09:38 +02:00
Christian Ambach
89961ca297 s3:lib/afs move afs.c to common lib dir
some of the code in afs.c is needed by wbinfo that lives in the toplevel
nsswitch directory, so move the afs.c file to a new top-level lib/afs
directory. Use the name afs_funcs to avoid collisions with the afs.h
header from OpenAFS

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-06-04 20:09:38 +02:00
Andreas Schneider
62b4d442b9 s3-winbind: Use strlcpy to avoid log entry.
The full_name from Windows can be longer than 255 chars which results in
a warning on log level 0 that we have a string overflow. This will avoid
the warning. However we should fix this sooner or later on the protocol
level to have no limit.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun  4 16:49:11 CEST 2014 on sn-devel-104
2014-06-04 16:49:11 +02:00
Andrew Bartlett
23848f3547 s3-rpc_server: Use C99 types in rpc_pipes.h
Change-Id: Ic282f02f421870ff8a8623005979f8a034902d88
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun  4 05:48:29 CEST 2014 on sn-devel-104
2014-06-04 05:48:29 +02:00
Andrew Bartlett
191d754091 s3-param: Add lp_dnsdomain() for use by winbindd
Change-Id: I987aa533ebe11c93b9e836fafc7b19c81bf600a5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
5a71f46f46 winbindd: Use rpc_pipe_open_interface() so that winbindd uses the correct rpc servers
This means that in the AD DC, we use the AD DC servers, while in the classic DC or file server we continue
to use the built-in SAMR and LSA servers.

Andrew Bartlett

Change-Id: I63b1443f5665016f7fcbed35907ec29d4424ab18
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
902f14c084 s3-rpc_server: Give log messages on failure
Change-Id: I240d58fdf71bbab42d1ffb63bb52b9650fd4bd85
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
e85ab68518 winbindd: Remove pointless if statement
Change-Id: I7d2646078f6e7ba596b92da7d37c285d10ad38c0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
04bc200e95 winbindd: explain that this check protects the AD DC machine account password (for now at least)
Change-Id: I2e2eb2e7fc4a12f27025f42e4cc41560311ce6c8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
5f29774071 selftest: move all winbind test rules to one place
We now run wbinfo_simple additionally against plugin_s4_dc and dc

This also extends many of the tests to run against more environments,
hence the additional knownfail entries.

For winbind.wbclient, the fl2003dc environment has been selected not
to run with password history so as to allow the winindd.wbinfo test to
complete (once switched to running winbindd).

Andrew Bartlett

Change-Id: I475fd9937e515796b5e47c042a8bfa85f76441ca
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
2b558f2096 selftest: Set winbind separator = /
This avoids a pile of shell-script escape pain, and fixes some tests.

Andrew Bartlett

Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:25 +02:00
Volker Lendecke
5afd30edcb messaging3: Fix a talloc_tos memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-06-03 19:00:13 +02:00
Michael Adam
6a0ebc4596 s3:messaging: protect use of msg_control with HAVE_STRUCT_MSGHDR_MSG_CONTROL
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jun  3 01:14:17 CEST 2014 on sn-devel-104
2014-06-03 01:14:17 +02:00
Michael Adam
65a6c31d9d build: rename HAVE_MSGHDR_MSG_ACCTRIGHTS to HAVE_STRUCT_MSGHDR_MSG_ACCTRIGHTS
for consistency.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-02 22:48:12 +02:00
Michael Adam
86be491912 build: rename HAVE_MSGHDR_MSG_CONTROL to HAVE_STRUCT_MSGHDR_MSG_CONTROL
So that we are consistent with the socket_wrapper define.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-02 22:48:12 +02:00
Michael Adam
abedc7116e vfs:aio_fork: simplify checking of MSG_CONTROL and MSG_ACCTRIGHTS
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-02 22:48:12 +02:00
Stefan Metzmacher
51077c6be6 s3:smb2_server: call smbd_smb2_flush_send_queue() directly
This avoids recursion into smbd_smb2_io_handler(),
which avoids confusion when analysing out put of
performance analysing tools, e.g. callgrind.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 31 04:25:36 CEST 2014 on sn-devel-104
2014-05-31 04:25:36 +02:00
Stefan Metzmacher
629f4e8769 s3:smb2_server: fix invalid TALLOC_FREE(iov) in smbd_smb2_inbuf_parse_compound()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:18 +02:00
Volker Lendecke
c81f1aab93 messaging3: Enforce just one messaging context
The current messaging implementation is based on a tdb indexed by server_id. If
we have more than one messaging context in a process, messages might not arrive
at the right context and be dropped, depending on which signal handler is
triggered first.

This is the same patch as bd55fdb lifted to messaging.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:18 +02:00
Volker Lendecke
c487937b01 messaging3: Make messaging_context private
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:18 +02:00
Volker Lendecke
8ddbf18115 messaging3: Add and use messaging_tevent_context()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:17 +02:00
Volker Lendecke
56a7ddd777 messaging3: Introduce messaging_local_backend()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:17 +02:00
Volker Lendecke
331296df94 messaging3: The backend send_fn doesn't need a messaging_context
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-31 01:59:17 +02:00
Samuel Cabrero
90f9db9c06 Fix several talloc stack frames not freed
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Fri May 30 15:29:29 CEST 2014 on sn-devel-104
2014-05-30 15:29:29 +02:00
Michael Adam
bd22312442 s3:messaging: change unix_dgram_recv_handler() to use recvmsg, not recv
This is in preparation of adding fd-passing to messaging.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 30 02:28:15 CEST 2014 on sn-devel-104
2014-05-30 02:28:15 +02:00
Michael Adam
e4453bdc37 s3:messaging: change messaging_backend to use iovec instead of data blob in send_fn
This also changes the layering

messaging_send_iov -> messaging_send_buf -> messaging_send

to

messaging_send_buf -> messaging_send -> messaging_send_iov

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-30 00:03:20 +02:00
David Disseldorp
bc70d58cbc s3/smbcacls: use security_ace_equal instead of sec_ace_equal
Both offer the same functionality, sec_ace_equal() will be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
124775ca81 s3/sharesec: use security_ace_equal instead of sec_ace_equal
Both offer the same functionality, sec_ace_equal() will be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
3e1a477fda s3/libsmb_xattr: use security_ace_equal instead of sec_ace_equal
Both offer the same functionality, sec_ace_equal() will be removed.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-29 01:08:25 +02:00
David Disseldorp
8605564f41 s3/profiles: improve copy_registry_tree() errors
The current error logic doesn't distinguish between a NULL source
security descriptor and ENOMEM.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 28 20:18:21 CEST 2014 on sn-devel-104
2014-05-28 20:18:21 +02:00
David Disseldorp
b82d436586 s3/rpc_server/lsa: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
4be7800801 s3/rpc_server/spoolss: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
0c5911fc78 s3/posix_acls: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
40bca3bdd5 s3/net_rpc_printer: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-05-28 17:52:13 +02:00
David Disseldorp
aef195d0b3 s3/profiles: replace dup_sec_desc() usage
Use security_descriptor_copy() instead, which is also provided by
libcli.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-28 17:52:13 +02:00