The branch, v3-6-test has been updated via a2f082e... s3-waf: remove pointless RPC_PARSE_SRC2. via d55f8c7... s3-build: remove pointless RPC_PARSE_OBJ2. via 94ebdbe... s3-libnet: also remove libnet/libnet_samsync_keytab.c.orig. via 1cd68f7... s3-libnet: remove source3/libnet/libnet_join.c.orig, added by a previous commit. via c6d9dbf... s3:libnet Add other required headers for libnet_samsync_keytab.c via 87442e5... s3-krb5 Only build ADS support if arcfour-hmac-md5 is available via 62d6142... tdb: add TDB_DEPS variable filled with required libraries via 0c82bf0... s3-build: separate out libads_printer. via d60b00d... s3-waf: separate out libads_printer. via 1fca2c4... s3: fall back to cups-config for underlinked libs via 117e9c9... Revert "s3: Use cups-config --libs" via 6b550e6... pidl:Samba3/ClientNDR: ignore "todo" functions from 5720be0... tdb: workaround starvation problem in locking entire database.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit a2f082e1dda4c762090973695a2e63b4dcbea78f Author: Günther Deschner <g...@samba.org> Date: Fri Aug 13 16:02:28 2010 +0200 s3-waf: remove pointless RPC_PARSE_SRC2. Guenther (cherry picked from commit 0f264935e0946f5d369df643028d1cf4b408cf76) commit d55f8c70bb3cf74f714164e7fe4602f44b31d80b Author: Günther Deschner <g...@samba.org> Date: Fri Aug 13 16:01:56 2010 +0200 s3-build: remove pointless RPC_PARSE_OBJ2. Guenther (cherry picked from commit 2c99eef35561cf83b3e75d5d56d4fb03311c4aa8) commit 94ebdbe8ba8e87b8ca4884f255945678b1822b23 Author: Günther Deschner <g...@samba.org> Date: Fri Aug 13 15:24:00 2010 +0200 s3-libnet: also remove libnet/libnet_samsync_keytab.c.orig. Guys, what are you doing here ? ;-) Guenther (cherry picked from commit 06a2c2364120f6c5a64545d0007ae3eb77f8afed) commit 1cd68f7c1a4226af4667b001f93c4e474300100e Author: Günther Deschner <g...@samba.org> Date: Fri Aug 13 15:22:06 2010 +0200 s3-libnet: remove source3/libnet/libnet_join.c.orig, added by a previous commit. Guenther (cherry picked from commit f0475ac36cf4a7e186f0cbaab08202a3306bd496) commit c6d9dbf89ea2d9ae9ee6ddd59e1ea524b2917dbb Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 10 12:00:29 2010 +1000 s3:libnet Add other required headers for libnet_samsync_keytab.c Due to missing defines in modern kerberos libraries, this code was not compiled and so this wasn't noticed. Andrew Bartlett Signed-off-by: Simo Sorce <i...@samba.org> (cherry picked from commit fff6fa72ffa7890cee516bd7e65b50bdb8daf51d) commit 87442e5a98179b35a1c48ce3387f230f32bcda8a Author: Andrew Bartlett <abart...@samba.org> Date: Tue Aug 10 08:25:02 2010 +1000 s3-krb5 Only build ADS support if arcfour-hmac-md5 is available Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <i...@samba.org> (cherry picked from commit 71d80e6be0687ac7c2f3caab5e7b8caf400fe37e) commit 62d614225bb2a6e65a2c8d33550cf14a27d055fd Author: Björn Jacke <b...@sernet.de> Date: Fri Aug 13 14:53:22 2010 +0200 tdb: add TDB_DEPS variable filled with required libraries This is required for Solaris, which needs to link in librt to make use of fdatasync(). (cherry picked from commit 5390baeb6b97acbfde89bdb6a2c678a516a0e360) commit 0c82bf028d296533c1e7fdab8fc2226343367af3 Author: Günther Deschner <g...@samba.org> Date: Thu Aug 12 17:08:08 2010 +0200 s3-build: separate out libads_printer. Guenther (cherry picked from commit 3f76555ebea15cafbb635b116e67df4fd99bd734) commit d60b00dd2516dd414f04acce4cdc8b168d97f240 Author: Günther Deschner <g...@samba.org> Date: Thu Aug 12 17:04:12 2010 +0200 s3-waf: separate out libads_printer. Guenther (cherry picked from commit d1be71f1e0f5df19f978eecd8a2b96ab3cae44e0) commit 1fca2c4f698694c62a183371365e77562978b7b4 Author: Björn Jacke <b...@sernet.de> Date: Thu Aug 12 16:18:45 2010 +0200 s3: fall back to cups-config for underlinked libs some OpenBSD systems have underlinked cups libraries. If linking against cups alone fails, try to link against all the cups-config --libs cruft, which we usually don't want. (bugzila #7244) (cherry picked from commit 616e187d68e3e7b202413a96518b31d029e9563a) commit 117e9c9c449cf2d364e6d3b92c7456fede136158 Author: Björn Jacke <b...@sernet.de> Date: Mon Aug 9 18:37:58 2010 +0200 Revert "s3: Use cups-config --libs" This reverts commit 911db761148. This was introduced in 18f1f5b56b140 intentionally. (cherry picked from commit 1d443f6bc251303e827e97401771a66c03fc33e7) commit 6b550e642281278c2db522bb6888f24bb26cffb4 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Aug 10 14:29:42 2010 +0200 pidl:Samba3/ClientNDR: ignore "todo" functions metze (cherry picked from commit a2e1f54b3eac810e147ee5e608c6bdee03f5a8a7) ----------------------------------------------------------------------- Summary of changes: lib/replace/libreplace.m4 | 8 ++++++- lib/tdb/Makefile.in | 3 +- lib/tdb/libtdb.m4 | 6 +++++ lib/tdb/tdb.mk | 12 +++++----- pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 7 +++-- source3/Makefile.in | 21 +++++++++-------- source3/configure.in | 35 ++++++++++++++++++++++++++---- source3/include/smb_krb5.h | 2 +- source3/libads/kerberos_keytab.c | 9 +++---- source3/libads/kerberos_verify.c | 2 - source3/libnet/libnet_dssync_keytab.c | 4 +- source3/libnet/libnet_join.c | 6 ----- source3/libnet/libnet_samsync_keytab.c | 7 ++++- source3/libsmb/clikrb5.c | 2 - source3/wscript_build | 12 +++++----- 15 files changed, 84 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4 index 6da209d..2303641 100644 --- a/lib/replace/libreplace.m4 +++ b/lib/replace/libreplace.m4 @@ -108,7 +108,13 @@ AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror strerro AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid wait4 strlcpy strlcat initgroups memmove strdup) AC_CHECK_FUNCS(pread pwrite strndup strcasestr strtok_r mkdtemp dup2 dprintf vdprintf) -AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath fdatasync) +AC_CHECK_FUNCS(isatty chown lchown link readlink symlink realpath) +AC_CHECK_FUNCS(fdatasync,,[ + # if we didn't find it, look in librt (Solaris hides it there...) + AC_CHECK_LIB(rt, fdatasync, + [libreplace_cv_HAVE_FDATASYNC_IN_LIBRT=yes + AC_DEFINE(HAVE_FDATASYNC, 1, Define to 1 if there is support for fdatasync)]) +]) AC_CHECK_FUNCS(get_current_dir_name) AC_HAVE_DECL(setresuid, [#include <unistd.h>]) AC_HAVE_DECL(setresgid, [#include <unistd.h>]) diff --git a/lib/tdb/Makefile.in b/lib/tdb/Makefile.in index dc22ee3..f12a27a 100644 --- a/lib/tdb/Makefile.in +++ b/lib/tdb/Makefile.in @@ -35,6 +35,7 @@ tdbdir = @tdbdir@ EXTRA_TARGETS = @DOC_TARGET@ TDB_OBJ = @TDB_OBJ@ @LIBREPLACEOBJ@ +TDB_DEPS = @TDB_DEPS@ SONAMEFLAG = @SONAMEFLAG@ VERSIONSCRIPT = @VERSIONSCRIPT@ @@ -51,7 +52,7 @@ all:: showflags dirs $(PROGS) $(TDB_SOLIB) libtdb.a $(PYTHON_BUILD_TARGET) $(EXT install:: all $(TDB_SOLIB): $(TDB_OBJ) - $(SHLD) $(SHLD_FLAGS) -o $@ $(TDB_OBJ) $(VERSIONSCRIPT) $(EXPORTSFILE) $(SONAMEFLAG)$(TDB_SONAME) + $(SHLD) $(SHLD_FLAGS) -o $@ $(TDB_OBJ) $(VERSIONSCRIPT) $(EXPORTSFILE) $(TDB_DEPS) $(SONAMEFLAG)$(TDB_SONAME) shared-build: all ${INSTALLCMD} -d $(sharedbuilddir)/lib diff --git a/lib/tdb/libtdb.m4 b/lib/tdb/libtdb.m4 index feae1c2..fb8913a 100644 --- a/lib/tdb/libtdb.m4 +++ b/lib/tdb/libtdb.m4 @@ -20,6 +20,12 @@ AC_SUBST(LIBREPLACEOBJ) TDB_LIBS="" AC_SUBST(TDB_LIBS) +TDB_DEPS="" +if test x$libreplace_cv_HAVE_FDATASYNC_IN_LIBRT = xyes ; then + TDB_DEPS="$TDB_DEPS -lrt" +fi +AC_SUBST(TDB_DEPS) + TDB_CFLAGS="-I$tdbdir/include" AC_SUBST(TDB_CFLAGS) diff --git a/lib/tdb/tdb.mk b/lib/tdb/tdb.mk index ecc6f9f..0dcd419 100644 --- a/lib/tdb/tdb.mk +++ b/lib/tdb/tdb.mk @@ -12,19 +12,19 @@ TDB_STLIB = libtdb.a TDB_LIB = $(TDB_STLIB) bin/tdbtest$(EXEEXT): tools/tdbtest.o $(TDB_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtest tools/tdbtest.o -L. -ltdb -lgdbm + $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtest tools/tdbtest.o -L. -ltdb -lgdbm $(TDB_DEPS) bin/tdbtool$(EXEEXT): tools/tdbtool.o $(TDB_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtool tools/tdbtool.o -L. -ltdb + $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtool tools/tdbtool.o -L. -ltdb $(TDB_DEPS) bin/tdbtorture$(EXEEXT): tools/tdbtorture.o $(TDB_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtorture tools/tdbtorture.o -L. -ltdb + $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbtorture tools/tdbtorture.o -L. -ltdb $(TDB_DEPS) bin/tdbdump$(EXEEXT): tools/tdbdump.o $(TDB_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbdump tools/tdbdump.o -L. -ltdb + $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbdump tools/tdbdump.o -L. -ltdb $(TDB_DEPS) bin/tdbbackup$(EXEEXT): tools/tdbbackup.o $(TDB_LIB) - $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbbackup tools/tdbbackup.o -L. -ltdb + $(CC) $(CFLAGS) $(LDFLAGS) -o bin/tdbbackup tools/tdbbackup.o -L. -ltdb $(TDB_DEPS) test:: abi_checks @@ -48,7 +48,7 @@ pytdb.o: $(tdbdir)/pytdb.c $(CC) $(PICFLAG) -c $(tdbdir)/pytdb.c $(CFLAGS) `$(PYTHON_CONFIG) --cflags` tdb.$(SHLIBEXT): libtdb.$(SHLIBEXT) pytdb.o - $(SHLD) $(SHLD_FLAGS) -o $@ pytdb.o -L. -ltdb `$(PYTHON_CONFIG) --ldflags` + $(SHLD) $(SHLD_FLAGS) -o $@ pytdb.o -L. -ltdb `$(PYTHON_CONFIG) --ldflags` $(TDB_DEPS) install:: installdirs installbin installheaders installlibs \ $(PYTHON_INSTALL_TARGET) installdocs diff --git a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm index 1738424..cb6c1f2 100644 --- a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm +++ b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm @@ -495,9 +495,10 @@ sub ParseInterface($$) $self->pidl_hdr("#ifndef __CLI_$uif\__"); $self->pidl_hdr("#define __CLI_$uif\__"); - foreach (@{$if->{FUNCTIONS}}) { - next if ($_->{PROPERTIES}{noopnum}); - $self->ParseFunction($if->{NAME}, $_); + foreach my $fn (@{$if->{FUNCTIONS}}) { + next if has_property($fn, "noopnum"); + next if has_property($fn, "todo"); + $self->ParseFunction($if->{NAME}, $fn); } $self->pidl_hdr("#endif /* __CLI_$uif\__ */"); } diff --git a/source3/Makefile.in b/source3/Makefile.in index af26549..872ed06 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -83,6 +83,7 @@ libtalloc_li...@libtalloc_libs@ libreplace_li...@libreplace_libs@ libt...@libtdb_static@ @LIBTDB_SHARED@ libtdb_li...@libtdb_libs@ +tdb_de...@tdb_deps@ libneta...@libnetapi_static@ @LIBNETAPI_SHARED@ libnetapi_li...@libnetapi_libs@ libsmbclient_li...@libsmbclient_libs@ @@ -358,7 +359,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ # that requires knowledge of security contexts REG_PARSE_PRS_OBJ = registry/reg_parse_prs.o -RPC_PARSE_OBJ2 = rpc_client/init_netlogon.o \ +RPC_PARSE_OBJ = rpc_client/init_netlogon.o \ rpc_client/init_lsa.o LIBREPLACE_OBJ = @LIBREPLACE_OBJS@ @@ -454,7 +455,7 @@ LIBGPO_OBJ0 = ../libgpo/gpo_ldap.o ../libgpo/gpo_ini.o ../libgpo/gpo_util.o \ $(GPEXT_OBJ) LIBGPO_OBJ = $(LIBGPO_OBJ0) -LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \ +LIBADS_OBJ = libads/ldap.o \ libads/sasl.o libads/sasl_wrapping.o \ libads/krb5_setpw.o \ libads/kerberos_util.o \ @@ -467,6 +468,8 @@ LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \ ../librpc/ndr/ndr_krb5pac.o \ librpc/gen_ndr/ndr_krb5pac.o +LIBADS_PRINTER_OBJ = libads/ldap_printer.o + SECRETS_OBJ = passdb/secrets.o passdb/machine_account_secrets.o passdb/machine_sid.o \ librpc/gen_ndr/ndr_secrets.o @@ -676,8 +679,6 @@ RPC_ECHO_OBJ = rpc_server/srv_echo_nt.o librpc/gen_ndr/srv_echo.o RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) $(NPA_TSTREAM_OBJ) -RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2) - RPC_CLIENT_OBJ = rpc_client/cli_pipe.o \ librpc/rpc/dcerpc_gssapi.o \ librpc/rpc/dcerpc_spnego.o \ @@ -853,7 +854,7 @@ SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \ $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) \ $(NOTIFY_OBJ) $(FNAME_UTIL_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(AVAHI_OBJ) \ - $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) \ + $(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) $(LIBADS_PRINTER_OBJ) \ $(REG_FULL_OBJ) $(POPT_LIB_OBJ) $(BUILDOPT_OBJ) \ $(SMBLDAP_OBJ) $(LIBNET_OBJ) \ $(LIBSMBCONF_OBJ) \ @@ -913,7 +914,7 @@ SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \ $(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ - $(RPC_CLIENT_OBJ) ../librpc/rpc/binding.o $(RPC_PARSE_OBJ2) \ + $(RPC_CLIENT_OBJ) ../librpc/rpc/binding.o $(RPC_PARSE_OBJ) \ $(RPC_CLIENT_OBJ1) \ $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ $(LIBMSRPC_GEN_OBJ) @@ -1007,7 +1008,7 @@ CLIENT_OBJ1 = client/client.o client/clitar.o $(RPC_CLIENT_OBJ) \ ../librpc/rpc/binding.o \ client/dnsbrowse.o \ $(RPC_CLIENT_OBJ1) \ - $(RPC_PARSE_OBJ2) + $(RPC_PARSE_OBJ) CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(LIBMSRPC_GEN_OBJ) \ @@ -1073,7 +1074,7 @@ NET_OBJ = $(NET_OBJ1) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(LIBADDNS_OBJ0) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \ - $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ + $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(LIBADS_PRINTER_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(READLINE_OBJ) \ $(LIBGPO_OBJ) @BUILD_INIPARSER@ $(DISPLAY_SEC_OBJ) \ @@ -1358,7 +1359,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) \ $(LIB_NONSMBD_OBJ) \ $(KRBCLIENT_OBJ) \ - $(RPC_PARSE_OBJ2) \ + $(RPC_PARSE_OBJ) \ $(RPC_CLIENT_OBJ1) \ librpc/rpc/rpc_common.o \ rpc_client/cli_pipe.o \ @@ -1968,7 +1969,7 @@ $(LIBTDB_SYMS): $(LIBTDB_HEADERS) $(LIBTDB_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBTDB_OBJ) $(LIBTDB_SYMS) @echo Linking shared library $@ - @$(SHLD_DSO) $(LIBTDB_OBJ) $(LIBREPLACE_LIBS) \ + @$(SHLD_DSO) $(LIBTDB_OBJ) $(LIBREPLACE_LIBS) $(TDB_DEPS) \ @sonamef...@`basename $...@` $(LIBTDB_SHARED_TARGET): $(LIBTDB_SHARED_TARGET_SONAME) diff --git a/source3/configure.in b/source3/configure.in index 3868ee7..bfd6abb 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -813,15 +813,21 @@ if test x$enable_cups != xno; then if test "x$CUPS_CONFIG" != x; then - ac_save_CFLAGS=$CFLAGS ac_save_LDFLAGS=$LDFLAGS ac_save_PRINT_LIBS=$PRINT_LIBS - CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`" - LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`" - PRINT_LIBS="$PRINT_LIBS `$CUPS_CONFIG --libs`" AC_CHECK_HEADERS(cups/cups.h cups/language.h) + if test x"$ac_cv_header_cups_cups_h" = xyes -a \ x"$ac_cv_header_cups_language_h" = xyes; then + # try linking with -lcups alone first. That should work unless libcups is + # underlinked. With cups-config --libs we pull in unwanted and unneeded + # dendencies including thread libraries - use cups-config only if really + # required. + AC_CHECK_LIB_EXT(cups, ac_save_PRINT_LIBS , httpConnect, + [PRINT_LIBS"$ac_save_PRINT_LIBS -lcups"], + [AC_MSG_WARN([your cups library doesn't link with -lcups alone, it might be underlinked.]) ; + PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"]) + AC_DEFINE(HAVE_CUPS,1,[Whether we have CUPS]) samba_cv_HAVE_CUPS=yes AC_CHECK_LIB_EXT(cups, PRINT_LIBS, httpConnectEncrypt) @@ -2131,6 +2137,7 @@ then LINK_LIBTDB=STATIC SMB_LIBRARY(tdb, 1) LIBTDB_OBJ0="" + LIBTDB_LIBS="$LIBTDB_LIBS $TDB_DEPS" for obj in ${TDB_OBJ}; do LIBTDB_OBJ0="${LIBTDB_OBJ0} ${tdbdir}/${obj}" done @@ -4033,6 +4040,7 @@ if test x"$with_ads_support" != x"no"; then [Whether the krb5_keyblock struct has a keyvalue property]) fi + found_arcfour_hmac=no AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC_MD5], samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,[ AC_TRY_COMPILE([#include <krb5.h>], @@ -4050,7 +4058,19 @@ if test x"$with_ads_support" != x"no"; then if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC_MD5" = x"yes" -a\ x"$samba_cv_HAVE_KEYTYPE_ARCFOUR_56" = x"yes"; then AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5,1, - [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type is available]) + [Whether the ENCTYPE_ARCFOUR_HMAC_MD5 key type definition is available]) + found_arcfour_hmac=yes + fi + AC_CACHE_CHECK([for ENCTYPE_ARCFOUR_HMAC], + samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC,[ + AC_TRY_COMPILE([#include <krb5.h>], + [krb5_enctype enctype; enctype = ENCTYPE_ARCFOUR_HMAC;], + samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=yes, + samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC=no)]) + if test x"$samba_cv_HAVE_ENCTYPE_ARCFOUR_HMAC" = x"yes"; then + AC_DEFINE(HAVE_ENCTYPE_ARCFOUR_HMAC,1, + [Whether the ENCTYPE_ARCFOUR_HMAC key type definition is available]) + found_arcfour_hmac=yes fi AC_CACHE_CHECK([for AP_OPTS_USE_SUBKEY], @@ -4293,6 +4313,11 @@ if test x"$with_ads_support" != x"no"; then # NOTE: all tests should be done before this block! # # + if test x"$found_arcfour_hmac" != x"yes"; then + AC_MSG_WARN(arcfour-hmac-md5 encryption type not found in -lkrb5) + use_ads=no + fi + if test x"$ac_cv_lib_ext_krb5_krb5_mk_req_extended" != x"yes"; then AC_MSG_WARN(krb5_mk_req_extended not found in -lkrb5) use_ads=no diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 35cc047..0a6ba79 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -25,7 +25,7 @@ #endif /* Heimdal uses a slightly different name */ -#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) +#if defined(HAVE_ENCTYPE_ARCFOUR_HMAC_MD5) && !defined(HAVE_ENCTYPE_ARCFOUR_HMAC) #define ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC_MD5 #endif diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index a874901..386ce83 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -236,17 +236,16 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) krb5_keytab keytab = NULL; krb5_data password; krb5_kvno kvno; - krb5_enctype enctypes[4] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, 0, 0 }; + krb5_enctype enctypes[4] = { ENCTYPE_DES_CBC_CRC, + ENCTYPE_DES_CBC_MD5, + ENCTYPE_ARCFOUR_HMAC, + 0 }; char *princ_s = NULL, *short_princ_s = NULL; char *password_s = NULL; char *my_fqdn; TALLOC_CTX *ctx = NULL; char *machine_name; -#if defined(ENCTYPE_ARCFOUR_HMAC) - enctypes[2] = ENCTYPE_ARCFOUR_HMAC; -#endif - initialize_krb5_error_table(); ret = krb5_init_context(&context); if (ret) { diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 887dac0..7eda7fd 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -344,9 +344,7 @@ static krb5_error_code ads_secrets_verify_ticket(krb5_context context, /* Let's make some room for 2 password (old and new)*/ krb5_data passwords[2]; krb5_enctype enctypes[] = { -#if defined(ENCTYPE_ARCFOUR_HMAC) ENCTYPE_ARCFOUR_HMAC, -#endif ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_NULL diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index b0c745d..96fb9c9 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -25,7 +25,7 @@ #include "libnet/libnet_keytab.h" #include "librpc/gen_ndr/ndr_drsblobs.h" -#if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) +#if defined(HAVE_ADS) static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob **pold_utdv) @@ -601,7 +601,7 @@ static NTSTATUS keytab_process_objects(struct dssync_context *ctx, { return NT_STATUS_NOT_SUPPORTED; } -#endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ +#endif /* defined(HAVE_ADS) */ const struct dssync_ops libnet_dssync_keytab_ops = { .startup = keytab_startup, diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c710f9e..7d83dc3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -982,12 +982,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Fill in the additional account flags now */ acct_flags |= ACB_PWNOEXP; - if (r->out.domain_is_ad) { -#if !defined(ENCTYPE_ARCFOUR_HMAC) - acct_flags |= ACB_USE_DES_KEY_ONLY; -#endif - ;; - } /* Set account flags on machine account */ ZERO_STRUCT(user_info.info16); diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 246bcad..faba1e7 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -19,9 +19,12 @@ */ #include "includes.h" +#include "smb_krb5.h" +#include "ads.h" +#include "libnet/libnet_keytab.h" #include "libnet/libnet_samsync.h" -#if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) +#if defined(HAVE_ADS) /**************************************************************** ****************************************************************/ @@ -293,7 +296,7 @@ static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, return NT_STATUS_NOT_SUPPORTED; } -#endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ +#endif /* defined(HAVE_ADS) */ const struct samsync_ops libnet_samsync_keytab_ops = { .startup = init_keytab, diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 4eb43cf..344fdac 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -964,9 +964,7 @@ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, krb5_ccache ccdef = NULL; krb5_auth_context auth_context = NULL; krb5_enctype enc_types[] = { -#ifdef ENCTYPE_ARCFOUR_HMAC ENCTYPE_ARCFOUR_HMAC, -#endif ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_CRC, ENCTYPE_NULL}; diff --git a/source3/wscript_build b/source3/wscript_build index 1babb54..aa47d16 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -92,7 +92,7 @@ LIBNDR_GEN_SRC = '''../librpc/gen_ndr/ndr_wkssvc.c # that requires knowledge of security contexts REG_PARSE_PRS_SRC = '''registry/reg_parse_prs.c''' -RPC_PARSE_SRC2 = '''rpc_client/init_netlogon.c +RPC_PARSE_SRC = '''rpc_client/init_netlogon.c rpc_client/init_lsa.c''' LIBREPLACE_SRC = '''${LIBREPLACE_SRCS}''' @@ -203,7 +203,7 @@ LIBGPO_SRC0 = '''../libgpo/gpo_ldap.c ../libgpo/gpo_ini.c ../libgpo/gpo_util.c ${GPEXT_SRC}''' LIBGPO_SRC = '''${LIBGPO_SRC0}''' -LIBADS_SRC = '''libads/ldap.c libads/ldap_printer.c +LIBADS_SRC = '''libads/ldap.c libads/sasl.c libads/sasl_wrapping.c libads/krb5_setpw.c libads/kerberos_util.c @@ -212,6 +212,8 @@ LIBADS_SRC = '''libads/ldap.c libads/ldap_printer.c libads/disp_sec.c libads/ads_utils.c libads/ldap_utils.c libads/ldap_schema.c libads/util.c libads/ndr.c''' +LIBADS_PRINTER_SRC = '''libads/ldap_printer.c''' + LIBADS_SERVER_SRC = '''libads/kerberos_verify.c libads/authdata.c ../librpc/ndr/ndr_krb5pac.c ../librpc/gen_ndr/ndr_krb5pac.c''' @@ -416,8 +418,6 @@ RPC_ECHO_SRC = '''rpc_server/srv_echo_nt.c ../librpc/gen_ndr/srv_echo.c''' #TODO: RPC_SERVER_SRC used to include RPC_STATIC modules RPC_SERVER_SRC = '''${RPC_PIPE_SRC} ${NPA_TSTREAM_SRC}''' -RPC_PARSE_SRC = '''${RPC_PARSE_SRC2}''' - RPC_CLIENT_SRC = '''rpc_client/cli_pipe.c librpc/rpc/rpc_common.c librpc/rpc/dcerpc_gssapi.c @@ -738,7 +738,7 @@ SMBD_SRC_BASE = '''${SMBD_SRC_SRV} ${OPLOCK_SRC} ${NOTIFY_SRC} ${FNAME_UTIL_SRC} ${LIBMSRPC_SRC} ${LIBMSRPC_GEN_SRC} ${LIBADS_SRC} - ${LIBADS_SERVER_SRC} ${REG_FULL_SRC} + ${LIBADS_SERVER_SRC} ${LIBADS_PRINTER_SRC} ${REG_FULL_SRC} ${BUILDOPT_SRC} ${LIBNET_SRC} ${LIBSMBCONF_SRC} ${RPC_LSA_SRC} @@ -807,7 +807,7 @@ DISPLAY_SEC_SRC= '../libcli/security/display_sec.c' CLIENT_SRC1 = '''client/client.c client/clitar.c ${RPC_CLIENT_SRC} ../librpc/rpc/binding.c client/dnsbrowse.c - ${RPC_CLIENT_SRC1} ${RPC_PARSE_SRC2}''' + ${RPC_CLIENT_SRC1} ${RPC_PARSE_SRC}''' CLIENT_SRC = '''${CLIENT_SRC1} ${LIBMSRPC_GEN_SRC} ${READLINE_SRC} ${DISPLAY_SEC_SRC}''' -- Samba Shared Repository