Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-437-ge16a2a1

[Jelmer Vernooij]

Hi Andrew,

Andrew Bartlett wrote:
 diff --git a/source4/scripting/python/pyglue.c 
 b/source4/scripting/python/pyglue.c
 index 5816d96..c6b731c 100644
 --- a/source4/scripting/python/pyglue.c
 +++ b/source4/scripting/python/pyglue.c
 @@ -204,6 +204,63 @@ static PyObject *py_dsdb_set_ntds_invocation_id(PyObject 
 *self, PyObject *args)
   Py_RETURN_NONE;
  }
  
 +static PyObject *py_dsdb_set_opaque_integer(PyObject *self, PyObject *args)
 +{
 + PyObject *py_ldb;
 + int value;
 + int *old_val, *new_val;
 + char *py_opaque_name, *opaque_name_talloc;
 + struct ldb_context *ldb;
 + TALLOC_CTX *tmp_ctx;
 +
 + if (!PyArg_ParseTuple(args, Osi, py_ldb, py_opaque_name, value))
 + return NULL;
   
^^ Since this is Python, we could just check if the type is of
PyInt_Type in py_dsdb_set_opaque() and special case that? Is it an
intentional choice to have a separate function?

Cheers,

Jelmer

[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-437-ge16a2a1

[Andrew Bartlett]

The branch, master has been updated
   via  e16a2a1fa941511a8eeefd05b397dd934a77c9f6 (commit)
   via  84dca625cab96f72123308d80a5aeed5fc42f0c5 (commit)
   via  bc354fb1a6fd524629434c199e2ca260a8400bb4 (commit)
   via  271b5af92e9aada36adc648a6dd43a13c5aed340 (commit)
   via  ba58edd0bc2d77c6ed1b6a76f33787da9031db5b (commit)
   via  d6c44a704e9a138dba8398f45e9af2601826f659 (commit)
  from  48a07321479c14a6618bb21302d27fd9606efbdd (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e16a2a1fa941511a8eeefd05b397dd934a77c9f6
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Jul 16 08:29:43 2009 +1000

s4:gensec Rework gensec_krb5 mutual authentication defaults

When emulating Samba3 (which we do to ensure we don't break
compatability), don't do mutual authentication by default, as it
breaks the session key with AES and isn't what Samba3 does anyway.

Andrew Bartlett

commit 84dca625cab96f72123308d80a5aeed5fc42f0c5
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Jul 14 13:22:38 2009 +1000

s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIRED

We had previously assumed it was unconditional.  Samba3 didn't mind
very much, but Samba4's samba3-like client did, and the behaviour
differed to Win2008 behaviour.

Andrew Bartlett

commit bc354fb1a6fd524629434c199e2ca260a8400bb4
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Jul 14 10:19:16 2009 +1000

s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'

This allows the older 'like Samba3' GENSEC krb5 implementation to work
against Windows 2008.  I'm using this to track down interop issues in
this area.

Andrew Bartlett

commit 271b5af92e9aada36adc648a6dd43a13c5aed340
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Jul 14 08:15:50 2009 +1000

s4:dsdb Handle dc/domain/forest functional levels properly

Rather than have the functional levels scattered in 4 different,
unconnected locations, the provision script now sets it, and the
rootdse module maintains it's copy only as a cached view onto the
original values.

We also use the functional level to determine if we should store AES
Kerberos keys.

Andrew Bartlett

commit ba58edd0bc2d77c6ed1b6a76f33787da9031db5b
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Jul 14 08:00:09 2009 +1000

Add a way to set an opaque integer onto a samdb

This will allow us to set some more flags into ldb during the provision.

commit d6c44a704e9a138dba8398f45e9af2601826f659
Author: Timur I. Bakeyev ti...@freebsd.org
Date:   Sun Jul 12 23:36:08 2009 +

Add ad-schema/*.txt and utils to the installmisc.sh

Install other useful scripts from the setup/ directory, not only
provisioning ones.

Also install setup/ad-schema/*.txt files to the SETUPDIR. These are
necessary for 'provision' to work properly.

---

Summary of changes:
 source4/auth/gensec/gensec_krb5.c  |   68 ++
 source4/dsdb/samdb/ldb_modules/password_hash.c |7 +-
 source4/dsdb/samdb/ldb_modules/rootdse.c   |  140 +++-
 .../heimdal/lib/gssapi/krb5/accept_sec_context.c   |5 +-
 source4/script/installmisc.sh  |   10 +-
 source4/scripting/python/pyglue.c  |   65 +
 source4/scripting/python/samba/__init__.py |5 +
 source4/scripting/python/samba/provision.py|   24 +++-
 source4/scripting/python/samba/samdb.py|8 +
 source4/setup/provision_basedn_modify.ldif |4 +-
 source4/setup/provision_configuration.ldif |2 +-
 source4/setup/provision_rootdse_add.ldif   |3 -
 source4/setup/provision_self_join.ldif |4 +-
 13 files changed, 293 insertions(+), 52 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/gensec_krb5.c 
b/source4/auth/gensec/gensec_krb5.c
index 09bdec5..f4ef36a 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -57,6 +57,7 @@ struct gensec_krb5_state {
krb5_keyblock *keyblock;
krb5_ticket *ticket;
bool gssapi;
+   krb5_flags ap_req_options;
 };
 
 static int gensec_krb5_destroy(struct gensec_krb5_state *gensec_krb5_state)
@@ -88,7 +89,7 @@ static int gensec_krb5_destroy(struct gensec_krb5_state 
*gensec_krb5_state)
return 0;
 }
 
-static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
+static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, 
bool gssapi)
 {
krb5_error_code ret;
struct gensec_krb5_state *gensec_krb5_state;
@@ -114,7 +115,7 @@ static NTSTATUS gensec_krb5_start(struct gensec_security