svn commit: samba r11210 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tpot
Date: 2005-10-20 06:31:51 + (Thu, 20 Oct 2005)
New Revision: 11210
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11210
Log:
Log registry open function name when starting hive tests.
Modified:
branches/SAMBA_4_0/source/torture/rpc/winreg.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c
===
--- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-10-20 05:09:58 UTC
(rev 11209)
+++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2005-10-20 06:31:51 UTC
(rev 11210)
@@ -686,13 +686,16 @@
typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
-static BOOL test_Open(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
winreg_open_fn open_fn)
+static BOOL test_Open(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ const char *name, winreg_open_fn open_fn)
{
struct policy_handle handle, newhandle;
BOOL ret = True, created = False, deleted = False;
struct winreg_OpenHKLM r;
NTSTATUS status;
+ printf(Testing %s\n, name);
+
r.in.system_name = 0;
r.in.access_required = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = handle;
@@ -791,10 +794,13 @@
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
- winreg_open_fn open_fns[] = { (winreg_open_fn)dcerpc_winreg_OpenHKLM,
- (winreg_open_fn)dcerpc_winreg_OpenHKU,
- (winreg_open_fn)dcerpc_winreg_OpenHKCR,
- (winreg_open_fn)dcerpc_winreg_OpenHKCU };
+ struct {
+ const char *name;
+ winreg_open_fn fn;
+ } open_fns[] = {{OpenHKLM, (winreg_open_fn)dcerpc_winreg_OpenHKLM },
+ {OpenHKU, (winreg_open_fn)dcerpc_winreg_OpenHKU },
+ {OpenHKCR, (winreg_open_fn)dcerpc_winreg_OpenHKCR },
+ {OpenHKCU, (winreg_open_fn)dcerpc_winreg_OpenHKCU }};
int i;
mem_ctx = talloc_init(torture_rpc_winreg);
@@ -819,7 +825,7 @@
}
for (i = 0; i ARRAY_SIZE(open_fns); i++) {
- if (!test_Open(p, mem_ctx, open_fns[i]))
+ if (!test_Open(p, mem_ctx, open_fns[i].name, open_fns[i].fn))
ret = False;
}
svn commit: samba r11211 - in branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal: .
Author: tpot
Date: 2005-10-20 07:06:49 + (Thu, 20 Oct 2005)
New Revision: 11211
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11211
Log:
Append an error message to COL_INFO if the RPC call returned an error.
Modified:
branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm
Changeset:
Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm
===
--- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm
2005-10-20 06:31:51 UTC (rev 11210)
+++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Ethereal/NDR.pm
2005-10-20 07:06:49 UTC (rev 11211)
@@ -401,6 +401,7 @@
pidl_code $ifname\_dissect\_${fn_name}_response(tvbuff_t *tvb _U_, int
offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_);
pidl_code {;
indent;
+ pidl_code guint32 status;\n;
foreach (@{$fn-{ELEMENTS}}) {
if (grep(/out/,@{$_-{DIRECTION}})) {
pidl_code $dissectornames{$_-{NAME}};
@@ -411,10 +412,15 @@
if (not defined($fn-{RETURN_TYPE})) {
} elsif ($fn-{RETURN_TYPE} eq NTSTATUS) {
- pidl_code offset = dissect_ntstatus(tvb, offset, pinfo, tree,
drep, hf\_$ifname\_status, NULL);;
+ pidl_code offset = dissect_ntstatus(tvb, offset, pinfo, tree,
drep, hf\_$ifname\_status, status);\n;
+ pidl_code if (status != 0 check_col(pinfo-cinfo,
COL_INFO));
+ pidl_code \tcol_append_fstr(pinfo-cinfo, COL_INFO, \, Error:
%s\, val_to_str(status, NT_errors, \Unknown NT status 0x%08x\));\n;
$hf_used{hf\_$ifname\_status} = 1;
} elsif ($fn-{RETURN_TYPE} eq WERROR) {
- pidl_code offset = dissect_ndr_uint32(tvb, offset, pinfo,
tree, drep, hf\_$ifname\_werror, NULL);;
+ pidl_code offset = dissect_ndr_uint32(tvb, offset, pinfo,
tree, drep, hf\_$ifname\_werror, status);\n;
+ pidl_code if (status != 0 check_col(pinfo-cinfo,
COL_INFO));
+ pidl_code \tcol_append_fstr(pinfo-cinfo, COL_INFO, \, Error:
%s\, val_to_str(status, DOS_errors, \Unknown DOS error 0x%08x\));\n;
+
$hf_used{hf\_$ifname\_werror} = 1;
} else {
print $fn-{FILE}:$fn-{LINE}: error: return type
`$fn-{RETURN_TYPE}' not yet supported\n;
svn commit: samba r11212 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2005-10-20 07:36:08 + (Thu, 20 Oct 2005)
New Revision: 11212
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11212
Log:
Enable sealing of data with raw krb5, consolidate some code into the
main gensec_krb5_start and always ask for sequence numbers.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2005-10-20 07:06:49 UTC
(rev 11211)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c 2005-10-20 07:36:08 UTC
(rev 11212)
@@ -84,9 +84,12 @@
static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
{
+ krb5_error_code ret;
struct gensec_krb5_state *gensec_krb5_state;
+ struct cli_credentials *creds;
- if (!gensec_get_credentials(gensec_security)) {
+ creds = gensec_get_credentials(gensec_security);
+ if (!creds) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -96,7 +99,6 @@
}
gensec_security-private_data = gensec_krb5_state;
-
gensec_krb5_state-smb_krb5_context = NULL;
gensec_krb5_state-auth_context = NULL;
gensec_krb5_state-ticket = NULL;
@@ -108,13 +110,37 @@
talloc_set_destructor(gensec_krb5_state, gensec_krb5_destroy);
+ if (cli_credentials_get_krb5_context(creds,
gensec_krb5_state-smb_krb5_context)) {
+ talloc_free(gensec_krb5_state);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ret =
krb5_auth_con_init(gensec_krb5_state-smb_krb5_context-krb5_context,
gensec_krb5_state-auth_context);
+ if (ret) {
+ DEBUG(1,(gensec_krb5_start: krb5_auth_con_init failed (%s)\n,
+
smb_get_krb5_error_message(gensec_krb5_state-smb_krb5_context-krb5_context,
+ ret, gensec_krb5_state)));
+ talloc_free(gensec_krb5_state);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ ret =
krb5_auth_con_setflags(gensec_krb5_state-smb_krb5_context-krb5_context,
+gensec_krb5_state-auth_context,
+KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+ if (ret) {
+ DEBUG(1,(gensec_krb5_start: krb5_auth_con_setflags failed
(%s)\n,
+
smb_get_krb5_error_message(gensec_krb5_state-smb_krb5_context-krb5_context,
+ ret, gensec_krb5_state)));
+ talloc_free(gensec_krb5_state);
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
return NT_STATUS_OK;
}
static NTSTATUS gensec_krb5_server_start(struct gensec_security
*gensec_security)
{
NTSTATUS nt_status;
- krb5_error_code ret = 0;
struct gensec_krb5_state *gensec_krb5_state;
nt_status = gensec_krb5_start(gensec_security);
@@ -123,24 +149,6 @@
}
gensec_krb5_state = gensec_security-private_data;
-
- ret = smb_krb5_init_context(gensec_krb5_state,
- gensec_krb5_state-smb_krb5_context);
- if (ret) {
- DEBUG(1,(gensec_krb5_start: krb5_init_context failed (%s)\n,
-error_message(ret)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- ret =
krb5_auth_con_init(gensec_krb5_state-smb_krb5_context-krb5_context,
gensec_krb5_state-auth_context);
- if (ret) {
- DEBUG(1,(gensec_krb5_start: krb5_auth_con_init failed (%s)\n,
-
smb_get_krb5_error_message(gensec_krb5_state-smb_krb5_context-krb5_context,
- ret, gensec_krb5_state)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- gensec_krb5_state = gensec_security-private_data;
gensec_krb5_state-state_position = GENSEC_KRB5_SERVER_START;
return NT_STATUS_OK;
@@ -167,6 +175,9 @@
const char *hostname;
krb5_flags ap_req_options = AP_OPTS_USE_SUBKEY |
AP_OPTS_MUTUAL_REQUIRED;
+ char *principal;
+ krb5_data in_data;
+
hostname = gensec_get_target_hostname(gensec_security);
if (!hostname) {
DEBUG(1, (Could not determine hostname for target computer,
cannot use kerberos\n));
@@ -196,45 +207,31 @@
return NT_STATUS_UNSUCCESSFUL;
}
- gensec_krb5_state-smb_krb5_context =
talloc_reference(gensec_krb5_state, ccache_container-smb_krb5_context);
-
- ret =
krb5_auth_con_init(gensec_krb5_state-smb_krb5_context-krb5_context,
gensec_krb5_state-auth_context);
- if (ret) {
- DEBUG(1,(gensec_krb5_start: krb5_auth_con_init failed (%s)\n,
-
svn commit: samba r11213 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/smbd trunk/source/include trunk/source/smbd
Author: gd Date: 2005-10-20 08:13:00 + (Thu, 20 Oct 2005) New Revision: 11213 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11213 Log: Fix the build Guenther Modified: branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/smbd/sesssetup.c trunk/source/include/includes.h trunk/source/smbd/sesssetup.c Changeset: Modified: branches/SAMBA_3_0/source/include/includes.h === --- branches/SAMBA_3_0/source/include/includes.h2005-10-20 07:36:08 UTC (rev 11212) +++ branches/SAMBA_3_0/source/include/includes.h2005-10-20 08:13:00 UTC (rev 11213) @@ -1489,6 +1489,7 @@ krb5_const_principal princ2); int cli_krb5_get_ticket(const char *principal, time_t time_offset, DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts); +PAC_LOGON_INFO *get_logon_info_from_pac(PAC_DATA *pac_data); #endif /* HAVE_KRB5 */ Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c === --- branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-10-20 07:36:08 UTC (rev 11212) +++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-10-20 08:13:00 UTC (rev 11213) @@ -156,7 +156,6 @@ fstring real_username; BOOL map_domainuser_to_guest = False; PAC_LOGON_INFO *logon_info = NULL; - int i; ZERO_STRUCT(ticket); ZERO_STRUCT(pac_data); Modified: trunk/source/include/includes.h === --- trunk/source/include/includes.h 2005-10-20 07:36:08 UTC (rev 11212) +++ trunk/source/include/includes.h 2005-10-20 08:13:00 UTC (rev 11213) @@ -1490,6 +1490,7 @@ krb5_const_principal princ2); int cli_krb5_get_ticket(const char *principal, time_t time_offset, DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts); +PAC_LOGON_INFO *get_logon_info_from_pac(PAC_DATA *pac_data); #endif /* HAVE_KRB5 */ Modified: trunk/source/smbd/sesssetup.c === --- trunk/source/smbd/sesssetup.c 2005-10-20 07:36:08 UTC (rev 11212) +++ trunk/source/smbd/sesssetup.c 2005-10-20 08:13:00 UTC (rev 11213) @@ -156,7 +156,6 @@ fstring real_username; BOOL map_domainuser_to_guest = False; PAC_LOGON_INFO *logon_info = NULL; - int i; ZERO_STRUCT(ticket); ZERO_STRUCT(pac_data);
svn commit: samba r11214 - in branches/SAMBA_4_0/source: . auth auth/gensec auth/kerberos auth/ntlmssp cldap_server client dsdb gtk heimdal_build kdc ldap_server lib lib/appweb lib/charset lib/cmdline
Author: jelmer Date: 2005-10-20 10:04:57 + (Thu, 20 Oct 2005) New Revision: 11214 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11214 Log: Remove scons files (see http://lists.samba.org/archive/samba-technical/2005-October/043443.html) Removed: branches/SAMBA_4_0/source/SConstruct branches/SAMBA_4_0/source/auth/SConscript branches/SAMBA_4_0/source/auth/gensec/SConscript branches/SAMBA_4_0/source/auth/kerberos/SConscript branches/SAMBA_4_0/source/auth/ntlmssp/SConscript branches/SAMBA_4_0/source/cldap_server/SConscript branches/SAMBA_4_0/source/client/SConscript branches/SAMBA_4_0/source/dsdb/SConscript branches/SAMBA_4_0/source/gtk/SConscript branches/SAMBA_4_0/source/heimdal_build/SConscript branches/SAMBA_4_0/source/kdc/SConscript branches/SAMBA_4_0/source/ldap_server/SConscript branches/SAMBA_4_0/source/lib/SConscript branches/SAMBA_4_0/source/lib/appweb/SConscript branches/SAMBA_4_0/source/lib/charset/SConscript branches/SAMBA_4_0/source/lib/cmdline/SConscript branches/SAMBA_4_0/source/lib/com/SConscript branches/SAMBA_4_0/source/lib/events/SConscript branches/SAMBA_4_0/source/lib/ldb/SConscript branches/SAMBA_4_0/source/lib/messaging/SConscript branches/SAMBA_4_0/source/lib/netif/SConscript branches/SAMBA_4_0/source/lib/popt/SConscript branches/SAMBA_4_0/source/lib/registry/SConscript branches/SAMBA_4_0/source/lib/replace/SConscript branches/SAMBA_4_0/source/lib/replace/win32/SConscript branches/SAMBA_4_0/source/lib/samba3/SConscript branches/SAMBA_4_0/source/lib/socket/SConscript branches/SAMBA_4_0/source/lib/socket_wrapper/SConscript branches/SAMBA_4_0/source/lib/talloc/SConscript branches/SAMBA_4_0/source/lib/tdb/SConscript branches/SAMBA_4_0/source/lib/tls/SConscript branches/SAMBA_4_0/source/libcli/SConscript branches/SAMBA_4_0/source/libcli/auth/SConscript branches/SAMBA_4_0/source/libcli/ldap/SConscript branches/SAMBA_4_0/source/libcli/security/SConscript branches/SAMBA_4_0/source/libnet/SConscript branches/SAMBA_4_0/source/nbt_server/SConscript branches/SAMBA_4_0/source/nsswitch/SConscript branches/SAMBA_4_0/source/ntptr/SConscript branches/SAMBA_4_0/source/ntvfs/SConscript branches/SAMBA_4_0/source/ntvfs/posix/SConscript branches/SAMBA_4_0/source/ntvfs/unixuid/SConscript branches/SAMBA_4_0/source/param/SConscript branches/SAMBA_4_0/source/rpc_server/SConscript branches/SAMBA_4_0/source/script/tests/SConscript branches/SAMBA_4_0/source/scripting/SConscript branches/SAMBA_4_0/source/scripting/ejs/SConscript branches/SAMBA_4_0/source/smb_server/SConscript branches/SAMBA_4_0/source/smbd/SConscript branches/SAMBA_4_0/source/torture/SConscript branches/SAMBA_4_0/source/utils/SConscript branches/SAMBA_4_0/source/web_server/SConscript branches/SAMBA_4_0/source/winbind/SConscript Changeset: Sorry, the patch is too large (1545 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11214
svn commit: samba r11215 - in branches/SAMBA_4_0/source/auth/kerberos: .
Author: abartlet
Date: 2005-10-20 10:10:40 + (Thu, 20 Oct 2005)
New Revision: 11215
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11215
Log:
Remove no-op prompter intended to work around bugs in old kerberos libs.
I'm also worried this might cause loops, if we get a 'force password
change', and the prompter tries to 'deal with it'.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/kerberos/kerberos.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos.c
===
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos.c 2005-10-20 10:04:57 UTC
(rev 11214)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos.c 2005-10-20 10:10:40 UTC
(rev 11215)
@@ -35,32 +35,6 @@
#define LIBADS_CCACHE_NAME MEMORY:libads
/*
- we use a prompter to avoid a crash bug in the kerberos libs when
- dealing with empty passwords
- this prompter is just a string copy ...
-*/
-static krb5_error_code
-kerb_prompter(krb5_context ctx, void *data,
- const char *name,
- const char *banner,
- int num_prompts,
- krb5_prompt prompts[])
-{
- if (num_prompts == 0) return 0;
-
- memset(prompts[0].reply-data, '\0', prompts[0].reply-length);
- if (prompts[0].reply-length 0) {
- if (data) {
- strncpy(prompts[0].reply-data, data,
prompts[0].reply-length-1);
- prompts[0].reply-length =
strlen(prompts[0].reply-data);
- } else {
- prompts[0].reply-length = 0;
- }
- }
- return 0;
-}
-
-/*
simulate a kinit, putting the tgt in the given credentials cache.
Orignally by [EMAIL PROTECTED]
@@ -120,7 +94,7 @@
krb5_get_init_creds_opt_init(options);
if ((code = krb5_get_init_creds_password(ctx, my_creds, principal,
password,
-kerb_prompter,
+NULL,
NULL, 0, NULL, options))) {
return code;
}
svn commit: samba r11216 - in branches/SAMBA_4_0/source/auth: gensec kerberos
Author: abartlet Date: 2005-10-20 10:15:31 + (Thu, 20 Oct 2005) New Revision: 11216 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11216 Log: Upgrade to gd's PAC extraction code from Samba3. While I still want to make some this the kerberos library's problem, we may as well use the best code that is around. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c branches/SAMBA_4_0/source/auth/kerberos/clikrb5.c branches/SAMBA_4_0/source/auth/kerberos/kerberos.h Changeset: Sorry, the patch is too large (289 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11216
svn commit: samba r11217 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2005-10-20 10:18:45 + (Thu, 20 Oct 2005) New Revision: 11217 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11217 Log: Ensure the realm is substituted in UPPER case. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-20 10:15:31 UTC (rev 11216) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-20 10:18:45 UTC (rev 11217) @@ -252,7 +252,7 @@ /* some options need to be upper/lower case */ - subobj.REALM = strlower(subobj.REALM); + subobj.REALM = strupper(subobj.REALM); subobj.HOSTNAME= strlower(subobj.HOSTNAME); subobj.DOMAIN = strupper(subobj.DOMAIN); assert(valid_netbios_name(subobj.DOMAIN)); @@ -309,7 +309,7 @@ var rdn_list; random_init(local); - subobj.REALM= lp.get(realm); + subobj.REALM= strupper(lp.get(realm)); subobj.DOMAIN = lp.get(workgroup); subobj.HOSTNAME = hostname();
svn commit: samba r11218 - in branches/SAMBA_4_0/source: auth/kerberos setup
Author: abartlet
Date: 2005-10-20 10:21:04 + (Thu, 20 Oct 2005)
New Revision: 11218
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11218
Log:
Always return the mutual authentication reply (needed for kpasswd),
and remove now duplicated unwrap_pac().
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/kerberos/kerberos_verify.c
branches/SAMBA_4_0/source/setup/secrets.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_verify.c
===
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos_verify.c 2005-10-20
10:18:45 UTC (rev 11217)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos_verify.c 2005-10-20
10:21:04 UTC (rev 11218)
@@ -33,36 +33,6 @@
#ifdef HAVE_KRB5
-DATA_BLOB unwrap_pac(TALLOC_CTX *mem_ctx, DATA_BLOB *auth_data)
-{
- DATA_BLOB out;
- DATA_BLOB pac_contents = data_blob(NULL, 0);
- struct asn1_data data;
- int data_type;
- if (!auth_data-length) {
- return data_blob(NULL, 0);
- }
-
- asn1_load(data, *auth_data);
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_start_tag(data, ASN1_SEQUENCE(0));
- asn1_start_tag(data, ASN1_CONTEXT(0));
- asn1_read_Integer(data, data_type);
- asn1_end_tag(data);
- asn1_start_tag(data, ASN1_CONTEXT(1));
- asn1_read_OctetString(data, pac_contents);
- asn1_end_tag(data);
- asn1_end_tag(data);
- asn1_end_tag(data);
- asn1_free(data);
-
- out = data_blob_talloc(mem_ctx, pac_contents.data, pac_contents.length);
-
- data_blob_free(pac_contents);
-
- return out;
-}
-
/**
Verify an incoming ticket and parse out the principal name and
authorization_data if available.
@@ -83,6 +53,7 @@
int ret;
krb5_flags ap_req_options = 0;
krb5_principal server;
+ krb5_data packet_out;
struct keytab_container *keytab_container;
@@ -119,23 +90,19 @@
return NT_STATUS_LOGON_FAILURE;
}
*keyblock = local_keyblock;
-
- if (ap_req_options AP_OPTS_MUTUAL_REQUIRED) {
- krb5_data packet_out;
- ret = krb5_mk_rep(smb_krb5_context-krb5_context,
*auth_context, packet_out);
- if (ret) {
- krb5_free_ticket(smb_krb5_context-krb5_context, *tkt);
-
- DEBUG(3,(ads_verify_ticket: Failed to generate mutual
authentication reply (%s)\n,
-
smb_get_krb5_error_message(smb_krb5_context-krb5_context, ret, mem_ctx)));
- return NT_STATUS_LOGON_FAILURE;
- }
+
+
+ ret = krb5_mk_rep(smb_krb5_context-krb5_context, *auth_context,
packet_out);
+ if (ret) {
+ krb5_free_ticket(smb_krb5_context-krb5_context, *tkt);
- *ap_rep = data_blob_talloc(mem_ctx, packet_out.data,
packet_out.length);
- krb5_free_data_contents(smb_krb5_context-krb5_context,
packet_out);
- } else {
- *ap_rep = data_blob(NULL, 0);
+ DEBUG(3,(ads_verify_ticket: Failed to generate mutual
authentication reply (%s)\n,
+
smb_get_krb5_error_message(smb_krb5_context-krb5_context, ret, mem_ctx)));
+ return NT_STATUS_LOGON_FAILURE;
}
+
+ *ap_rep = data_blob_talloc(mem_ctx, packet_out.data, packet_out.length);
+ krb5_free_data_contents(smb_krb5_context-krb5_context, packet_out);
return NT_STATUS_OK;
}
Modified: branches/SAMBA_4_0/source/setup/secrets.ldif
===
--- branches/SAMBA_4_0/source/setup/secrets.ldif2005-10-20 10:18:45 UTC
(rev 11217)
+++ branches/SAMBA_4_0/source/setup/secrets.ldif2005-10-20 10:21:04 UTC
(rev 11218)
@@ -48,3 +48,4 @@
msDS-KeyVersionNumber: 1
objectSid: ${DOMAINSID}
servicePrincipalName: kadmin/changepw
+saltPrincipal: [EMAIL PROTECTED]
svn commit: samba r11219 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2005-10-20 10:25:51 + (Thu, 20 Oct 2005)
New Revision: 11219
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11219
Log:
Now that we have the credentials hooked in here, we have a much more
reasonable value to fill in for the mechListMIC.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/spnego.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/spnego.c
===
--- branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-10-20 10:21:04 UTC
(rev 11218)
+++ branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-10-20 10:25:51 UTC
(rev 11219)
@@ -411,6 +411,7 @@
const char **mechTypes = NULL;
DATA_BLOB unwrapped_out = data_blob(NULL, 0);
const struct gensec_security_ops_wrapper *all_sec;
+ const char *principal = NULL;
mechTypes = gensec_security_oids(out_mem_ctx, GENSEC_OID_SPNEGO);
@@ -461,11 +462,19 @@
spnego_out.negTokenInit.reqFlags = 0;
if (spnego_state-state_position == SPNEGO_SERVER_START) {
+ /* server credentails */
+ struct cli_credentials *creds =
gensec_get_credentials(gensec_security);
+ if (creds) {
+ principal =
cli_credentials_get_principal(creds, out_mem_ctx);
+ }
+ }
+ if (principal) {
spnego_out.negTokenInit.mechListMIC
- =
data_blob_string_const(talloc_asprintf(out_mem_ctx, [EMAIL PROTECTED],
lp_netbios_name(), lp_realm()));
+ = data_blob_string_const(principal);
} else {
spnego_out.negTokenInit.mechListMIC = null_data_blob;
}
+
spnego_out.negTokenInit.mechToken = unwrapped_out;
if (spnego_write_data(out_mem_ctx, out, spnego_out) == -1) {
svn commit: samba r11220 - in branches/SAMBA_4_0/source/auth: credentials kerberos
Author: abartlet
Date: 2005-10-20 10:28:16 + (Thu, 20 Oct 2005)
New Revision: 11220
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11220
Log:
Add the ability to handle the salt prinicpal as part of the
credentials. This works with the setup/secrets.ldif change from the
previous patch, and pretty much just re-invents the keytab.
Needed for kpasswdd work.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/credentials/credentials.c
branches/SAMBA_4_0/source/auth/credentials/credentials.h
branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
branches/SAMBA_4_0/source/auth/credentials/credentials_krb5.c
branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.c
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials.c2005-10-20
10:25:51 UTC (rev 11219)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials.c2005-10-20
10:28:16 UTC (rev 11220)
@@ -51,6 +51,7 @@
cred-old_password = NULL;
cred-smb_krb5_context = NULL;
+ cred-salt_principal = NULL;
return cred;
}
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials.h
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials.h2005-10-20
10:25:51 UTC (rev 11219)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials.h2005-10-20
10:28:16 UTC (rev 11220)
@@ -57,6 +57,7 @@
const char *domain;
const char *realm;
const char *principal;
+ const char *salt_principal;
struct samr_Password *nt_hash;
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
2005-10-20 10:25:51 UTC (rev 11219)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials_files.c
2005-10-20 10:28:16 UTC (rev 11220)
@@ -182,6 +182,7 @@
secureChannelType,
ntPwdHash,
msDS-KeyVersionNumber,
+ saltPrincipal,
NULL
};
@@ -191,6 +192,7 @@
const char *domain;
const char *realm;
enum netr_SchannelType sct;
+ const char *salt_principal;
/* ok, we are going to get it now, don't recurse back here */
cred-machine_account_pending = False;
@@ -209,13 +211,13 @@
msgs, attrs,
%s, filter);
if (ldb_ret == 0) {
- DEBUG(1, (Could not find join record to domain: %s\n,
- cli_credentials_get_domain(cred)));
+ DEBUG(1, (Could not find entry to match filter: %s\n,
+ filter));
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
} else if (ldb_ret != 1) {
- DEBUG(1, (Found more than one (%d) join records to domain:
%s\n,
- ldb_ret, cli_credentials_get_domain(cred)));
+ DEBUG(1, (Found more than one (%d) entry to match filter:
%s\n,
+ ldb_ret, filter));
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
@@ -231,6 +233,9 @@
talloc_free(mem_ctx);
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
+
+ salt_principal = ldb_msg_find_string(msgs[0], saltPrincipal, NULL);
+ cli_credentials_set_salt_principal(cred, salt_principal);
sct = ldb_msg_find_int(msgs[0], secureChannelType, 0);
if (sct) {
Modified: branches/SAMBA_4_0/source/auth/credentials/credentials_krb5.c
===
--- branches/SAMBA_4_0/source/auth/credentials/credentials_krb5.c
2005-10-20 10:25:51 UTC (rev 11219)
+++ branches/SAMBA_4_0/source/auth/credentials/credentials_krb5.c
2005-10-20 10:28:16 UTC (rev 11220)
@@ -299,3 +299,12 @@
return cred-kvno;
}
+const char *cli_credentials_get_salt_principal(struct cli_credentials *cred)
+{
+ return cred-salt_principal;
+}
+
+void cli_credentials_set_salt_principal(struct cli_credentials *cred, const
char *principal)
+{
+ cred-salt_principal = talloc_strdup(cred, principal);
+}
Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c
===
--- branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2005-10-20
10:25:51 UTC (rev 11219)
+++ branches/SAMBA_4_0/source/auth/kerberos/kerberos_util.c 2005-10-20
10:28:16 UTC (rev 11220)
@@ -50,38 +50,44 @@
char *machine_username;
char *salt_body;
char *lower_realm;
+ char
svn commit: samba r11221 - in branches/SAMBA_4_0/source/rpc_server/samr: .
Author: abartlet
Date: 2005-10-20 10:29:41 + (Thu, 20 Oct 2005)
New Revision: 11221
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11221
Log:
I don't quite know how I tested this before, but clearly I didn't.
The samdb_set_password_sid helper function now works.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c
===
--- branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2005-10-20
10:28:16 UTC (rev 11220)
+++ branches/SAMBA_4_0/source/rpc_server/samr/samr_password.c 2005-10-20
10:29:41 UTC (rev 11221)
@@ -836,13 +836,14 @@
NTSTATUS nt_status;
struct ldb_dn *user_dn;
struct ldb_message *msg;
- int count;
int ret;
user_dn = samdb_search_dn(ctx, mem_ctx, NULL,
- ((objectSid=%s)(objectClass=user)),
+ ((objectSid=%s)(objectClass=user)),
ldap_encode_ndr_dom_sid(mem_ctx, user_sid));
- if (count != 1) {
+ if (!user_dn) {
+ DEBUG(3, (samdb_set_password_sid: SID %s not found in samdb,
returning NO_SUCH_USER\n,
+ dom_sid_string(mem_ctx, user_sid)));
return NT_STATUS_NO_SUCH_USER;
}
svn commit: samba r11222 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: abartlet
Date: 2005-10-20 11:19:03 + (Thu, 20 Oct 2005)
New Revision: 11222
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11222
Log:
Small provision fixes: canonicalName is now generated, and the DC=
list should be from the dnsdomain (ie lowercae).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/scripting/libjs/provision.js
branches/SAMBA_4_0/source/setup/provision.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js
===
--- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-20
10:29:41 UTC (rev 11221)
+++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2005-10-20
11:19:03 UTC (rev 11222)
@@ -340,7 +340,7 @@
subobj.DNSNAME = sprintf(%s.%s,
strlower(subobj.HOSTNAME),
subobj.DNSDOMAIN);
- rdn_list = split(., subobj.REALM);
+ rdn_list = split(., subobj.DNSDOMAIN);
subobj.BASEDN = DC= + join(,DC=, rdn_list);
return subobj;
}
Modified: branches/SAMBA_4_0/source/setup/provision.ldif
===
--- branches/SAMBA_4_0/source/setup/provision.ldif 2005-10-20 10:29:41 UTC
(rev 11221)
+++ branches/SAMBA_4_0/source/setup/provision.ldif 2005-10-20 11:19:03 UTC
(rev 11222)
@@ -34,7 +34,6 @@
isCriticalSystemObject: TRUE
subRefs: CN=Configuration,${BASEDN}
subRefs: CN=Schema,CN=Configuration,${BASEDN}
-canonicalName: ${REALM}/
dn: CN=Users,${BASEDN}
objectClass: top
svn commit: samba-web r836 - in trunk/patches: .
Author: jerry Date: 2005-10-20 11:19:35 + (Thu, 20 Oct 2005) New Revision: 836 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=836 Log: updating patch page for 3.0.20b Added: trunk/patches/print_lprm.patch trunk/patches/quota.patch Removed: trunk/patches/64bit_segv_v1.patch trunk/patches/bug3010_v1.patch trunk/patches/dosapps_v1.patch trunk/patches/groupname_enumeration_v3.patch trunk/patches/net_rpc_shutdown_v1.patch trunk/patches/regcreatekey_winxp_v1.patch trunk/patches/usrmgr_groups_v1.patch trunk/patches/winbindd_v1.patch Modified: trunk/patches/index.html trunk/patches/series Changeset: Sorry, the patch is too large (1791 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=836
svn commit: samba r11223 - in branches/SAMBA_4_0/source/rpc_server/drsuapi: .
Author: abartlet
Date: 2005-10-20 11:19:52 + (Thu, 20 Oct 2005)
New Revision: 11223
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11223
Log:
Only pass around the ldb handle (make this code easier to seperate
into a general lib).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
===
--- branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
2005-10-20 11:19:03 UTC (rev 11222)
+++ branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
2005-10-20 11:19:52 UTC (rev 11223)
@@ -31,13 +31,13 @@
#include system/kerberos.h
#include auth/kerberos/kerberos.h
-static WERROR DsCrackNameOneFilter(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
+static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX
*mem_ctx,
struct smb_krb5_context *smb_krb5_context,
uint32_t format_flags, uint32_t
format_offered, uint32_t format_desired,
const struct ldb_dn *name_dn, const char
*name,
const char *domain_filter, const char
*result_filter,
struct drsuapi_DsNameInfo1 *info1);
-static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
+static WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX
*mem_ctx,
uint32_t format_flags, uint32_t
format_offered, uint32_t format_desired,
const char *name, struct drsuapi_DsNameInfo1
*info1);
@@ -118,7 +118,7 @@
return DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
}
-static WERROR DsCrackNameSPNAlias(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
+static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX
*mem_ctx,
struct smb_krb5_context *smb_krb5_context,
uint32_t format_flags, uint32_t
format_offered, uint32_t format_desired,
const char *name, struct drsuapi_DsNameInfo1
*info1)
@@ -152,7 +152,7 @@
/* MAP it */
namestatus = LDB_lookup_spn_alias(smb_krb5_context-krb5_context,
- b_state-sam_ctx, mem_ctx,
+ sam_ctx, mem_ctx,
service, new_service);
if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
@@ -182,13 +182,13 @@
return WERR_NOMEM;
}
- wret = DsCrackNameOneName(b_state, mem_ctx, format_flags,
format_offered, format_desired,
+ wret = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags,
format_offered, format_desired,
new_princ, info1);
free(new_princ);
return wret;
}
-static WERROR DsCrackNameUPN(struct drsuapi_bind_state *b_state, TALLOC_CTX
*mem_ctx,
+static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
struct smb_krb5_context *smb_krb5_context,
uint32_t format_flags, uint32_t format_offered,
uint32_t format_desired,
const char *name, struct drsuapi_DsNameInfo1
*info1)
@@ -233,7 +233,7 @@
free(unparsed_name_short);
return WERR_NOMEM;
}
- status = DsCrackNameOneFilter(b_state, mem_ctx,
+ status = DsCrackNameOneFilter(sam_ctx, mem_ctx,
smb_krb5_context,
format_flags, format_offered,
format_desired,
NULL, unparsed_name_short, domain_filter,
result_filter,
@@ -242,7 +242,7 @@
return status;
}
-static WERROR DsCrackNameOneName(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
+static WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX
*mem_ctx,
uint32_t format_flags, uint32_t
format_offered, uint32_t format_desired,
const char *name, struct drsuapi_DsNameInfo1
*info1)
{
@@ -444,7 +444,7 @@
name_dn, name, info1);
}
- return DsCrackNameOneFilter(b_state, mem_ctx,
+ return DsCrackNameOneFilter(sam_ctx, mem_ctx,
smb_krb5_context,
format_flags, format_offered,
format_desired,
name_dn, name,
@@ -484,7 +484,7 @@
}
-static WERROR DsCrackNameOneFilter(struct drsuapi_bind_state *b_state,
TALLOC_CTX *mem_ctx,
+static WERROR DsCrackNameOneFilter(struct
svn commit: samba-docs r844 - in trunk/smbdotconf/security: .
Author: jerry Date: 2005-10-20 11:32:42 + (Thu, 20 Oct 2005) New Revision: 844 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=844 Log: fix typoe in 'map to guest' entry Modified: trunk/smbdotconf/security/maptoguest.xml Changeset: Modified: trunk/smbdotconf/security/maptoguest.xml === --- trunk/smbdotconf/security/maptoguest.xml2005-10-19 21:06:01 UTC (rev 843) +++ trunk/smbdotconf/security/maptoguest.xml2005-10-20 11:32:42 UTC (rev 844) @@ -14,7 +14,7 @@ manvolnum8/manvolnum/citerefentry what to do with user login requests that don't match a valid UNIX user in some way./para -paraThe three settings are :/para +paraThe four settings are :/para itemizedlist listitem
svn commit: samba r11224 - branches/SAMBA_3_0/source/script trunk/source/script
Author: lmuelle
Date: 2005-10-20 12:58:40 + (Thu, 20 Oct 2005)
New Revision: 11224
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11224
Log:
Add feature to get our configuration from config.log into installman.sh.
This allows us to install for example smbsh.1 only if SMBWRAPPER is set.
Removed also one rm call as we copy and do not append to the same file
in the next step. There is no file permission risk as we chmod 0644 in
any case later.
Replaced one basename call by shell substitution.
Modified:
branches/SAMBA_3_0/source/script/installman.sh
trunk/source/script/installman.sh
Changeset:
Modified: branches/SAMBA_3_0/source/script/installman.sh
===
--- branches/SAMBA_3_0/source/script/installman.sh 2005-10-20 11:19:52 UTC
(rev 11223)
+++ branches/SAMBA_3_0/source/script/installman.sh 2005-10-20 12:58:40 UTC
(rev 11224)
@@ -18,6 +18,10 @@
exit 0
fi
+# Get the configured feature set
+test -f config.log \
+ eval $( grep ^[[:alnum:]]*=.* config.log)
+
for lang in $langs; do
if [ X$lang = XC ]; then
echo Installing default man pages in $MANDIR/
@@ -40,13 +44,20 @@
for sect in 1 5 7 8 ; do
for m in $langdir/man$sect ; do
for s in $SRCDIR../docs/manpages/$lang/*$sect; do
- FNAME=$m/`basename $s`
-
+ MP_BASENAME=${s##*/}
+
+ # Check if this man page if required by the configured feature set
+ case ${MP_BASENAME} in
+ smbsh.1) test -z ${SMBWRAPPER} continue ;;
+ *) ;;
+ esac
+
+ FNAME=$m/${MP_BASENAME}
+
# Test for writability. Involves
# blowing away existing files.
if (rm -f $FNAME touch $FNAME); then
- rm $FNAME
if [ x$GROFF = x ] ; then
cp $s $m# Copy raw nroff
else
Modified: trunk/source/script/installman.sh
===
--- trunk/source/script/installman.sh 2005-10-20 11:19:52 UTC (rev 11223)
+++ trunk/source/script/installman.sh 2005-10-20 12:58:40 UTC (rev 11224)
@@ -18,6 +18,10 @@
exit 0
fi
+# Get the configured feature set
+test -f config.log \
+ eval $( grep ^[[:alnum:]]*=.* config.log)
+
for lang in $langs; do
if [ X$lang = XC ]; then
echo Installing default man pages in $MANDIR/
@@ -40,13 +44,20 @@
for sect in 1 5 7 8 ; do
for m in $langdir/man$sect ; do
for s in $SRCDIR../docs/manpages/$lang/*$sect; do
- FNAME=$m/`basename $s`
-
+ MP_BASENAME=${s##*/}
+
+ # Check if this man page if required by the configured feature set
+ case ${MP_BASENAME} in
+ smbsh.1) test -z ${SMBWRAPPER} continue ;;
+ *) ;;
+ esac
+
+ FNAME=$m/${MP_BASENAME}
+
# Test for writability. Involves
# blowing away existing files.
if (rm -f $FNAME touch $FNAME); then
- rm $FNAME
if [ x$GROFF = x ] ; then
cp $s $m# Copy raw nroff
else
svn commit: samba r11225 - in branches/SAMBA_4_0/source/ldap_server: .
Author: abartlet
Date: 2005-10-20 13:10:20 + (Thu, 20 Oct 2005)
New Revision: 11225
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11225
Log:
Remove pointless goto.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
Changeset:
Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2005-10-20 12:58:40 UTC
(rev 11224)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2005-10-20 13:10:20 UTC
(rev 11225)
@@ -100,11 +100,9 @@
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, (Failed to start GENSEC SASL[%s] server code:
%s\n,
req-creds.SASL.mechanism, nt_errstr(status)));
- goto reply;
}
}
-reply:
reply = ldapsrv_init_reply(call, LDAP_TAG_BindResponse);
if (!reply) {
return NT_STATUS_NO_MEMORY;
svn commit: samba r11226 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2005-10-20 13:11:06 + (Thu, 20 Oct 2005)
New Revision: 11226
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11226
Log:
Cope with Samba3's behaviour on LDAP with GSS-SPNEGO.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/spnego.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/spnego.c
===
--- branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-10-20 13:10:20 UTC
(rev 11225)
+++ branches/SAMBA_4_0/source/auth/gensec/spnego.c 2005-10-20 13:11:06 UTC
(rev 11226)
@@ -483,7 +483,6 @@
}
/* set next state */
- spnego_state-expected_packet = SPNEGO_NEG_TOKEN_TARG;
spnego_state-neg_oid = all_sec[i].oid;
if (NT_STATUS_IS_OK(nt_status)) {
@@ -611,7 +610,8 @@
} else {
nt_status =
gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
out_mem_ctx, in, out);
- spnego_state-state_position = SPNEGO_SERVER_TARG;
+ spnego_state-state_position = SPNEGO_SERVER_START;
+ spnego_state-expected_packet = SPNEGO_NEG_TOKEN_INIT;
return nt_status;
}
}
@@ -628,6 +628,7 @@
nt_status =
gensec_spnego_create_negTokenInit(gensec_security, spnego_state,
out_mem_ctx,
in, out);
spnego_state-state_position = SPNEGO_CLIENT_TARG;
+ spnego_state-expected_packet = SPNEGO_NEG_TOKEN_TARG;
return nt_status;
}
svn commit: samba r11230 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jmcd Date: 2005-10-20 16:07:36 + (Thu, 20 Oct 2005) New Revision: 11230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11230 Log: Remove the '//' i was using to test something...oops Modified: branches/SAMBA_3_0/source/lib/util_sid.c trunk/source/lib/util_sid.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_sid.c === --- branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 16:05:12 UTC (rev 11229) +++ branches/SAMBA_3_0/source/lib/util_sid.c2005-10-20 16:07:36 UTC (rev 11230) @@ -267,7 +267,7 @@ return False; } -// ZERO_STRUCTP(sidout); + ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2; Modified: trunk/source/lib/util_sid.c === --- trunk/source/lib/util_sid.c 2005-10-20 16:05:12 UTC (rev 11229) +++ trunk/source/lib/util_sid.c 2005-10-20 16:07:36 UTC (rev 11230) @@ -267,7 +267,7 @@ return False; } -// ZERO_STRUCTP(sidout); + ZERO_STRUCTP(sidout); /* Get the revision number. */ p = sidstr + 2;
svn commit: samba-web r837 - in trunk/news/advocacy: .
Author: deryck Date: 2005-10-20 17:13:05 + (Thu, 20 Oct 2005) New Revision: 837 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=837 Log: Add a link to John's articles on desktop linux. Added: trunk/news/advocacy/jht_desktop_linux.html Changeset: Added: trunk/news/advocacy/jht_desktop_linux.html === --- trunk/news/advocacy/jht_desktop_linux.html 2005-10-20 11:19:35 UTC (rev 836) +++ trunk/news/advocacy/jht_desktop_linux.html 2005-10-20 17:13:05 UTC (rev 837) @@ -0,0 +1,24 @@ +h3a name=jht_desktop_linuxTerpstra On Desktop Linux/a/h3 + +div class=article + pFor those who missed the + a href=http://linux.slashdot.org/article.pl?sid=05/10/18/2036220tid=109tid=106;Slashdot article/a, Samba Team member John H. Terpstra has + written a series of articles for a href=http://searchopensource.techtarget.com/;searchopensource.com/a on obstacles to the adoption of Linux + on the desktop. John offers a real life example to lead into his + thoughts on the subject, which makes for some compelling reading. + + blockquoteSo Linux desktop computers cost more than Microsoft Windows + PCs do, and it's hard to find devices and drivers for Linux. Is that + such a big deal? Well, in this story of just two Linux PC buyers, such + difficulties stopped one from using Linux and the other only succeeded + by being very persistent. Multiply that by millions of PC users, and + you have a big deal./blockquote + + pFor more see + a href=http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1134910,00.html;Part 1/a, + a href=http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1134908,00.html;Part 2/a, and + a href=http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1134909,00.html;part 3/a of Stopping Linux desktop adoption + sabotage./p +/div + +
svn commit: samba r11231 - in trunk: examples/VFS source source/include source/modules source/smbd source/utils
Author: jra Date: 2005-10-20 17:32:43 + (Thu, 20 Oct 2005) New Revision: 11231 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11231 Log: Added ab's POSIX statvfs vfs change. Sorry for the delay ab. Jeremy. Modified: trunk/examples/VFS/skel_opaque.c trunk/examples/VFS/skel_transparent.c trunk/source/Makefile.in trunk/source/include/vfs.h trunk/source/include/vfs_macros.h trunk/source/modules/vfs_full_audit.c trunk/source/smbd/trans2.c trunk/source/smbd/vfs-wrap.c trunk/source/smbd/vfs.c trunk/source/utils/net_lookup.c trunk/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (373 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11231
svn commit: samba r11232 - in branches/SAMBA_3_0: examples/VFS source source/include source/modules source/smbd source/utils
Author: jra Date: 2005-10-20 17:33:17 + (Thu, 20 Oct 2005) New Revision: 11232 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11232 Log: Added ab's POSIX statvfs vfs call. Sorry for the delay ab. Jeremy. Modified: branches/SAMBA_3_0/examples/VFS/skel_opaque.c branches/SAMBA_3_0/examples/VFS/skel_transparent.c branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/vfs.h branches/SAMBA_3_0/source/include/vfs_macros.h branches/SAMBA_3_0/source/modules/vfs_full_audit.c branches/SAMBA_3_0/source/smbd/trans2.c branches/SAMBA_3_0/source/smbd/vfs-wrap.c branches/SAMBA_3_0/source/smbd/vfs.c branches/SAMBA_3_0/source/utils/net_lookup.c branches/SAMBA_3_0/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (373 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11232
svn commit: samba r11233 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2005-10-20 18:15:44 + (Thu, 20 Oct 2005)
New Revision: 11233
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11233
Log:
Forgot to add the statvfs file. Oops.
Jeremy.
Added:
branches/SAMBA_3_0/source/smbd/statvfs.c
Changeset:
Added: branches/SAMBA_3_0/source/smbd/statvfs.c
===
--- branches/SAMBA_3_0/source/smbd/statvfs.c2005-10-20 17:33:17 UTC (rev
11232)
+++ branches/SAMBA_3_0/source/smbd/statvfs.c2005-10-20 18:15:44 UTC (rev
11233)
@@ -0,0 +1,65 @@
+/*
+ Unix SMB/CIFS implementation.
+ VFS API's statvfs abstraction
+ Copyright (C) Alexander Bokovoy 2005
+ Copyright (C) Steve French 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include includes.h
+
+#if defined(LINUX)
+static int linux_statvfs(const char *path, vfs_statvfs_struct *statbuf)
+{
+ struct statvfs statvfs_buf;
+ int result;
+
+ result = statvfs(path, statvfs_buf);
+
+ if (!result) {
+ statbuf-OptimalTransferSize = statvfs_buf.f_frsize;
+ statbuf-BlockSize = statvfs_buf.f_bsize;
+ statbuf-TotalBlocks = statvfs_buf.f_blocks;
+ statbuf-BlocksAvail = statvfs_buf.f_bfree;
+ statbuf-UserBlocksAvail = statvfs_buf.f_bavail;
+ statbuf-TotalFileNodes = statvfs_buf.f_files;
+ statbuf-FreeFileNodes = statvfs_buf.f_ffree;
+ statbuf-FsIdentifier = statvfs_buf.f_fsid;
+ }
+ return result;
+}
+#endif
+
+/*
+ sys_statvfs() is an abstraction layer over system-dependent statvfs()/statfs()
+ for particular POSIX systems. Due to controversy of what is considered more
important
+ between LSB and FreeBSD/POSIX.1 (IEEE Std 1003.1-2001) we need to abstract
the interface
+ so that particular OS would use its preffered interface.
+*/
+int sys_statvfs(const char *path, vfs_statvfs_struct *statbuf)
+{
+#if defined(LINUX)
+ return linux_statvfs(path, statbuf);
+#else
+ /* BB change this to return invalid level */
+#ifdef EOPNOTSUPP
+ return EOPNOTSUPP;
+#else
+ return -1;
+#endif /* EOPNOTSUPP */
+#endif /* LINUX */
+
+}
svn commit: samba r11235 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: jerry
Date: 2005-10-20 20:26:11 + (Thu, 20 Oct 2005)
New Revision: 11235
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11235
Log:
fix segfault in addprinter due to mixing talloc() and malloc()'d memory
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
trunk/source/rpc_server/srv_spoolss_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-10-20
18:16:38 UTC (rev 11234)
+++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-10-20
20:26:11 UTC (rev 11235)
@@ -7413,13 +7413,11 @@
int snum;
WERROR err = WERR_OK;
- if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
+ if ( !(printer = TALLOC_ZERO_P(NULL, NT_PRINTER_INFO_LEVEL)) ) {
DEBUG(0,(spoolss_addprinterex_level_2: malloc fail.\n));
return WERR_NOMEM;
}
- ZERO_STRUCTP(printer);
-
/* convert from UNICODE to ASCII - this allocates the info_2 struct
inside *printer.*/
if (!convert_printer_info(info, printer, 2)) {
free_a_printer(printer, 2);
Modified: trunk/source/rpc_server/srv_spoolss_nt.c
===
--- trunk/source/rpc_server/srv_spoolss_nt.c2005-10-20 18:16:38 UTC (rev
11234)
+++ trunk/source/rpc_server/srv_spoolss_nt.c2005-10-20 20:26:11 UTC (rev
11235)
@@ -7413,13 +7413,11 @@
int snum;
WERROR err = WERR_OK;
- if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
+ if ( !(printer = TALLOC_ZERO_P(NULL, NT_PRINTER_INFO_LEVEL)) ) {
DEBUG(0,(spoolss_addprinterex_level_2: malloc fail.\n));
return WERR_NOMEM;
}
- ZERO_STRUCTP(printer);
-
/* convert from UNICODE to ASCII - this allocates the info_2 struct
inside *printer.*/
if (!convert_printer_info(info, printer, 2)) {
free_a_printer(printer, 2);
svn commit: samba r11236 - branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server trunk/source/passdb trunk/source/rpc_server
Author: jmcd Date: 2005-10-20 20:40:47 + (Thu, 20 Oct 2005) New Revision: 11236 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11236 Log: Implement user rename for smbpasswd and ldap backends. Some cleanup on tdb as well to make naming consistent. Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/passdb/pdb_smbpasswd.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/passdb/pdb_ldap.c trunk/source/passdb/pdb_smbpasswd.c trunk/source/passdb/pdb_tdb.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (449 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11236
svn commit: samba r11237 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2005-10-20 21:10:05 + (Thu, 20 Oct 2005)
New Revision: 11237
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11237
Log:
Fix acl evaluation bug found by Marc Cousin [EMAIL PROTECTED]
We should only check the S_IWGRP permissions if we haven't already
seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
bits. Thanks to Marc Cousin [EMAIL PROTECTED] for pointing
this out.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/posix_acls.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c
===
--- branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-10-20 20:40:47 UTC (rev
11236)
+++ branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-10-20 21:10:05 UTC (rev
11237)
@@ -3910,6 +3910,7 @@
SMB_ACL_ENTRY_T entry;
int i;
BOOL seen_mask = False;
+ BOOL seen_owning_group = False;
int ret = -1;
gid_t cu_gid;
@@ -3950,6 +3951,7 @@
switch(tagtype) {
case SMB_ACL_MASK:
+ seen_mask = True;
if (!have_write) {
/* We don't have any group or explicit
user write permission. */
ret = -1; /* Allow caller to check
other permissions. */
@@ -3957,7 +3959,6 @@
refusing write due to mask.\n, fname));
goto done;
}
- seen_mask = True;
break;
case SMB_ACL_USER:
{
@@ -4019,8 +4020,16 @@
switch(tagtype) {
case SMB_ACL_GROUP:
+ case SMB_ACL_GROUP_OBJ:
{
- gid_t *pgid = (gid_t
*)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ gid_t *pgid = NULL;
+
+ if (tagtype == SMB_ACL_GROUP) {
+ pgid = (gid_t
*)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ } else {
+ seen_owning_group = True;
+ pgid = psbuf-st_gid;
+ }
if (pgid == NULL) {
goto check_stat;
}
@@ -4059,24 +4068,35 @@
check_stat:
- /* Do we match on the owning group entry ? */
/*
-* Does it match the current effective group
-* or supplementary groups ?
+* We only check the S_IWGRP permissions if we haven't already
+* seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
+* SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
+* the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
+* bits. Thanks to Marc Cousin [EMAIL PROTECTED] for pointing
+* this out. JRA.
*/
- for (cu_gid = get_current_user_gid_first(i); cu_gid != (gid_t)-1;
- cu_gid = get_current_user_gid_next(i))
{
- if (cu_gid == psbuf-st_gid) {
- ret = (psbuf-st_mode S_IWGRP) ? 1 : 0;
- DEBUG(10,(check_posix_acl_group_write: file %s \
+
+ if (!seen_owning_group) {
+ /* Do we match on the owning group entry ? */
+ /*
+* Does it match the current effective group
+* or supplementary groups ?
+*/
+ for (cu_gid = get_current_user_gid_first(i); cu_gid !=
(gid_t)-1;
+ cu_gid =
get_current_user_gid_next(i)) {
+ if (cu_gid == psbuf-st_gid) {
+ ret = (psbuf-st_mode S_IWGRP) ? 1 : 0;
+ DEBUG(10,(check_posix_acl_group_write: file %s
\
match on owning group %u - %s.\n, fname, (unsigned int)psbuf-st_gid, ret ?
can write : cannot write));
- break;
+ break;
+ }
}
- }
- if (cu_gid == (gid_t)-1) {
- DEBUG(10,(check_posix_acl_group_write: file %s \
+ if (cu_gid == (gid_t)-1) {
+ DEBUG(10,(check_posix_acl_group_write: file %s \
failed to match on user or group in token (ret = %d).\n, fname, ret ));
+ }
}
done:
svn commit: samba r11238 - in trunk/source/smbd: .
Author: jra
Date: 2005-10-20 21:10:09 + (Thu, 20 Oct 2005)
New Revision: 11238
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11238
Log:
Fix acl evaluation bug found by Marc Cousin [EMAIL PROTECTED]
We should only check the S_IWGRP permissions if we haven't already
seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
bits. Thanks to Marc Cousin [EMAIL PROTECTED] for pointing
this out.
Jeremy.
Modified:
trunk/source/smbd/posix_acls.c
Changeset:
Modified: trunk/source/smbd/posix_acls.c
===
--- trunk/source/smbd/posix_acls.c 2005-10-20 21:10:05 UTC (rev 11237)
+++ trunk/source/smbd/posix_acls.c 2005-10-20 21:10:09 UTC (rev 11238)
@@ -3910,6 +3910,7 @@
SMB_ACL_ENTRY_T entry;
int i;
BOOL seen_mask = False;
+ BOOL seen_owning_group = False;
int ret = -1;
gid_t cu_gid;
@@ -3950,6 +3951,7 @@
switch(tagtype) {
case SMB_ACL_MASK:
+ seen_mask = True;
if (!have_write) {
/* We don't have any group or explicit
user write permission. */
ret = -1; /* Allow caller to check
other permissions. */
@@ -3957,7 +3959,6 @@
refusing write due to mask.\n, fname));
goto done;
}
- seen_mask = True;
break;
case SMB_ACL_USER:
{
@@ -4019,8 +4020,16 @@
switch(tagtype) {
case SMB_ACL_GROUP:
+ case SMB_ACL_GROUP_OBJ:
{
- gid_t *pgid = (gid_t
*)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ gid_t *pgid = NULL;
+
+ if (tagtype == SMB_ACL_GROUP) {
+ pgid = (gid_t
*)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ } else {
+ seen_owning_group = True;
+ pgid = psbuf-st_gid;
+ }
if (pgid == NULL) {
goto check_stat;
}
@@ -4059,24 +4068,35 @@
check_stat:
- /* Do we match on the owning group entry ? */
/*
-* Does it match the current effective group
-* or supplementary groups ?
+* We only check the S_IWGRP permissions if we haven't already
+* seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
+* SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
+* the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
+* bits. Thanks to Marc Cousin [EMAIL PROTECTED] for pointing
+* this out. JRA.
*/
- for (cu_gid = get_current_user_gid_first(i); cu_gid != (gid_t)-1;
- cu_gid = get_current_user_gid_next(i))
{
- if (cu_gid == psbuf-st_gid) {
- ret = (psbuf-st_mode S_IWGRP) ? 1 : 0;
- DEBUG(10,(check_posix_acl_group_write: file %s \
+
+ if (!seen_owning_group) {
+ /* Do we match on the owning group entry ? */
+ /*
+* Does it match the current effective group
+* or supplementary groups ?
+*/
+ for (cu_gid = get_current_user_gid_first(i); cu_gid !=
(gid_t)-1;
+ cu_gid =
get_current_user_gid_next(i)) {
+ if (cu_gid == psbuf-st_gid) {
+ ret = (psbuf-st_mode S_IWGRP) ? 1 : 0;
+ DEBUG(10,(check_posix_acl_group_write: file %s
\
match on owning group %u - %s.\n, fname, (unsigned int)psbuf-st_gid, ret ?
can write : cannot write));
- break;
+ break;
+ }
}
- }
- if (cu_gid == (gid_t)-1) {
- DEBUG(10,(check_posix_acl_group_write: file %s \
+ if (cu_gid == (gid_t)-1) {
+ DEBUG(10,(check_posix_acl_group_write: file %s \
failed to match on user or group in token (ret = %d).\n, fname, ret ));
+ }
}
done:
svn commit: samba-docs r845 - in trunk/smbdotconf/security: .
Author: jht Date: 2005-10-20 21:16:38 + (Thu, 20 Oct 2005) New Revision: 845 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=845 Log: Docscovering the rename user script from jmcd. Added: trunk/smbdotconf/security/renameuserscript.xml Changeset: Added: trunk/smbdotconf/security/renameuserscript.xml === --- trunk/smbdotconf/security/renameuserscript.xml 2005-10-20 11:32:42 UTC (rev 844) +++ trunk/smbdotconf/security/renameuserscript.xml 2005-10-20 21:16:38 UTC (rev 845) @@ -0,0 +1,33 @@ +samba:parameter name=rename user script + context=G + advanced=1 developer=1 +type=boolean + xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; +description +para + This is the full pathname to a script that will be run as root by citerefentryrefentrytitlesmbd/refentrytitle + manvolnum8/manvolnum/citerefentry under special circumstances described below. + /para + + para + When a user with admin authority or SeAddUserPrivilege rights renames a user (e.g.: from the NT4 User Manager + for Domains), this script will be run to rename the POSIX user. Two variables, literal%uold/literal and + literal%unew/literal, will be substituted with the old and new usernames, respectively. The script should + return 0 upon successful completion, and nonzero otherwise. + /para + + notepara + The script has all responsibility to rename all the necessary data that is accessible in this posix method. + This can mean different requirements for different backends. The tdbsam and smbpasswd backends will take care + of the contents of their respective files, so the script is responsible only for changing the POSIX username, and + other data that may required for your circumstances, such as home directory. Please also consider whether or + not you need to rename the actual home directories themselves. The ldapsam backend will not make any changes, + because of the potential issues with renaming the LDAP naming attribute. In this case the script is + responsible for changing the attribute that samba uses (uid) for locating users, as well as any data that + needs to change for other applications using the same directory. + /para/note + +/description + +value type=defaultno/value +/samba:parameter
Build status as of Fri Oct 21 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-10-20 00:00:15.0 + +++ /home/build/master/cache/broken_results.txt 2005-10-21 00:00:08.0 + @@ -1,17 +1,17 @@ -Build status as of Thu Oct 20 00:00:01 2005 +Build status as of Fri Oct 21 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 10 2 0 distcc 11 2 0 -lorikeet-heimdal 15 12 0 +lorikeet-heimdal 19 16 0 ppp 16 0 0 -rsync35 3 0 +rsync35 2 0 samba3 0 0 samba-docs 0 0 0 -samba4 36 19 6 -samba_3_036 16 0 -smb-build26 5 0 -talloc 15 7 0 -tdb 10 3 0 +samba4 36 18 6 +samba_3_036 12 0 +smb-build25 5 0 +talloc 34 14 0 +tdb 34 4 0
svn commit: samba r11239 - in branches/SAMBA_4_0/source: auth/gensec kdc param rpc_server/drsuapi setup
Author: abartlet
Date: 2005-10-21 01:25:55 + (Fri, 21 Oct 2005)
New Revision: 11239
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11239
Log:
Use ${REALM} for the realm in rootdse.ldif
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.
This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues. It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.
This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.
Andrew Bartlett
Added:
branches/SAMBA_4_0/source/kdc/kpasswdd.c
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_krb5.c
branches/SAMBA_4_0/source/kdc/config.mk
branches/SAMBA_4_0/source/kdc/kdc.c
branches/SAMBA_4_0/source/kdc/kdc.h
branches/SAMBA_4_0/source/param/loadparm.c
branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
branches/SAMBA_4_0/source/setup/rootdse.ldif
Changeset:
Sorry, the patch is too large (1103 lines) to include; please use WebSVN to see
it!
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11239
svn commit: samba r11240 - branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/rpc_server trunk/source/libsmb trunk/source/rpc_server
Author: jerry Date: 2005-10-21 02:14:23 + (Fri, 21 Oct 2005) New Revision: 11240 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11240 Log: * fix invalid read reported by valgrind in the spoolss backchannel connection by rewriting spoolss_connect_to_client(). Ensure that we save the cli_state* in the rpc_pipe_client struct. * fix typo in debug message in cli_start_connection Modified: branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c trunk/source/libsmb/cliconnect.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Sorry, the patch is too large (353 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11240
