[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Jul 2 18:45:02 MDT 2012
The branch, master has been updated
via 4b47e1b VERSION: Move on to beta4!
via a656789 VERSION: Mark as the beta3 release
via d4bc370 WHATSNEW: Mention Exchange 2010 support
via d6bba7b WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures
via d31f55b s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
via d0460d9 s4-bind: Remove patches now incorporated into bind9
via 5de841f s4-dns: Remove dynamic DNS instructions for bind 9.7
via eba8799 auth: Remove .get_challenge (only used for security=server)
via ab80b99 auth/gensec: Remove unused gensec_security parameter
via 3c57fce selftest: Give Samba4 processes a little longer to clean up
via 603a9bc file_server: add [globals] to generated smb.conf
from 993e809 s3-libpidfile: fix check for running process.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4b47e1b30d8a6676f807cd1198f3b4e949b313ba
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 08:22:51 2012 +1000
VERSION: Move on to beta4!
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Jul 3 02:44:15 CEST 2012 on sn-devel-104
commit a6567893059dea9361b3b787fab13438536b8438
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 08:22:12 2012 +1000
VERSION: Mark as the beta3 release
commit d4bc3708d48e24db97e56337963b0ffa11639a41
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 08:54:57 2012 +1000
WHATSNEW: Mention Exchange 2010 support
commit d6bba7bf1a77244bc47eaeef67bb9680175ec0bc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 3 08:21:23 2012 +1000
WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures
commit d31f55b2974da99970de1c0d5df66d1007f97593
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 2 08:06:53 2012 +1000
s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG
This support is too painful to use.
Andrew Bartlett
commit d0460d96d62d879545818c7f0966b1026b27a007
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 2 07:24:21 2012 +1000
s4-bind: Remove patches now incorporated into bind9
These patches are in bind9 now, and we do not recomment using them any more
as the improved version in bind 9.8 is much less prone to failure.
Andrew Bartlett
commit 5de841f6f249ea742a8ed0ef5a795f77a364cc35
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 2 07:21:54 2012 +1000
s4-dns: Remove dynamic DNS instructions for bind 9.7
This version of BIND only ever caused pain when trying to do dynamic DNS.
If users are using this version, simply treat it as a static server.
Andrew Bartlett
commit eba87995145b0e14672c1f6993f7aa3422d62541
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 30 18:30:57 2012 +1000
auth: Remove .get_challenge (only used for security=server)
With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.
Now that security=server has been removed, we have no such module.
This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.
Andrew Bartlett
commit ab80b99815a51b07e9e89b423e847824ec71bd3c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 30 17:32:50 2012 +1000
auth/gensec: Remove unused gensec_security parameter
commit 3c57fcea959fcd94e2a62a362c6ed2e71ee96658
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 29 13:38:11 2012 +1000
selftest: Give Samba4 processes a little longer to clean up
This may help write out gcov data correctly.
Andrew Bartlett
commit 603a9bcd2ec3e471db3fb500cdf4ca365add896b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 17 12:56:21 2012 +1000
file_server: add [globals] to generated smb.conf
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 8 ++
auth/common_auth.h | 4 -
auth/gensec/spnego.c | 9 +--
auth/ntlmssp/ntlmssp_server.c | 7 --
...-the-question-section-in-update-responses.patch | 29 ------
...t-a-valgrind-uninitialised-memory-warning.patch | 34 -------
.../0003-don-t-compress-TSIG-names.patch | 58 ------------
...api-initialisation-fails-then-heck-for-th.patch | 94 --------------------
...sn-t-return-valid-GSSAPI-sequence-numbers.patch | 30 ------
examples/bind9-patches/README | 11 ---
file_server/file_server.c | 1 +
selftest/target/Samba4.pm | 2 +-
source3/auth/auth.c | 54 ++----------
source3/auth/auth_builtin.c | 55 ------------
source3/auth/auth_generic.c | 1 -
source3/auth/auth_ntlmssp.c | 12 ---
source3/include/auth.h | 11 ---
source3/utils/ntlm_auth.c | 13 ---
source4/auth/auth.h | 7 --
source4/auth/ntlm/auth.c | 30 ------
source4/auth/ntlm/auth_anonymous.c | 1 -
source4/auth/ntlm/auth_developer.c | 54 -----------
source4/auth/ntlm/auth_sam.c | 2 -
source4/auth/ntlm/auth_unix.c | 1 -
source4/auth/ntlm/auth_winbind.c | 2 -
source4/setup/named.conf | 2 +-
source4/setup/named.txt | 23 +-----
28 files changed, 22 insertions(+), 535 deletions(-)
delete mode 100644 examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch
delete mode 100644 examples/bind9-patches/0002-prevent-a-valgrind-uninitialised-memory-warning.patch
delete mode 100644 examples/bind9-patches/0003-don-t-compress-TSIG-names.patch
delete mode 100644 examples/bind9-patches/0004-If-tkey-gssapi-initialisation-fails-then-heck-for-th.patch
delete mode 100644 examples/bind9-patches/0005-windows-doesn-t-return-valid-GSSAPI-sequence-numbers.patch
delete mode 100644 examples/bind9-patches/README
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index d44c3a8..3331986 100644
--- a/VERSION
+++ b/VERSION
@@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE=
# e.g. SAMBA_VERSION_BETA_RELEASE=1 #
# -> "4.0.0beta1" #
########################################################
-SAMBA_VERSION_BETA_RELEASE=3
+SAMBA_VERSION_BETA_RELEASE=4
########################################################
# For 'pre' releases the version will be #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e1405cc..b41f3a3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -105,6 +105,9 @@ $ git log samba-4.0.0beta2..samba-4.0.0beta3
Some major user-visible changes include:
+The failure to start up due to a blocking smbd-fileserver.conf.pid has
+been resolved.
+
Samba now includes support for version 2.1 of the SMB protocol,
the SMB2 version of Windows 7 and 2008R2, including dynamic
reauthentication and support for multi-credit (large MTU).
@@ -119,6 +122,11 @@ of the SMB protocol (formerly known as SMB 2.2) that will be available
with Windows 8 and Windows Server 2012. Negotiation of SMB3 can be
activated by setting "max protocol" to "SMB3" in smb.conf.
+Thanks to upgrades to our AD DC code, particularly in schema handling,
+Samba can now correctly handle the installation of Microsoft Exchange
+2010. Other issues prevent run-time operation, but this is a major
+milestone in supporting one of the single mode demanding Active
+Directory applications.
KNOWN ISSUES
============
diff --git a/auth/common_auth.h b/auth/common_auth.h
index cf21543..a40f7c2 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -82,8 +82,6 @@ struct auth4_context {
/* Who set this up in the first place? */
const char *set_by;
- bool may_be_modified;
-
DATA_BLOB data;
} challenge;
@@ -113,8 +111,6 @@ struct auth4_context {
NTSTATUS (*get_ntlm_challenge)(struct auth4_context *auth_ctx, uint8_t chal[8]);
- bool (*challenge_may_be_modified)(struct auth4_context *auth_ctx);
-
NTSTATUS (*set_ntlm_challenge)(struct auth4_context *auth_ctx, const uint8_t chal[8], const char *set_by);
NTSTATUS (*generate_session_info)(struct auth4_context *auth_context,
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 6ce97d9..5923200 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -713,8 +713,7 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct gensec_security *gensec
* This is the case, where the client is the first one who sends data
*/
-static NTSTATUS gensec_spnego_server_negTokenTarg(struct gensec_security *gensec_security,
- struct spnego_state *spnego_state,
+static NTSTATUS gensec_spnego_server_negTokenTarg(struct spnego_state *spnego_state,
TALLOC_CTX *out_mem_ctx,
NTSTATUS nt_status,
const DATA_BLOB unwrapped_out,
@@ -812,8 +811,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
spnego.negTokenInit.mechToken,
&unwrapped_out);
- nt_status = gensec_spnego_server_negTokenTarg(gensec_security,
- spnego_state,
+ nt_status = gensec_spnego_server_negTokenTarg(spnego_state,
out_mem_ctx,
nt_status,
unwrapped_out,
@@ -974,8 +972,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
}
}
- nt_status = gensec_spnego_server_negTokenTarg(gensec_security,
- spnego_state,
+ nt_status = gensec_spnego_server_negTokenTarg(spnego_state,
out_mem_ctx,
nt_status,
unwrapped_out,
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index bb86c9c..d9bea1c 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -131,13 +131,6 @@ NTSTATUS gensec_ntlmssp_server_negotiate(struct gensec_security *gensec_security
return NT_STATUS_NOT_IMPLEMENTED;
}
- /* Check if we may set the challenge */
- if (auth_context->challenge_may_be_modified) {
- if (!auth_context->challenge_may_be_modified(auth_context)) {
- ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2;
- }
- }
-
/* The flags we send back are not just the negotiated flags,
* they are also 'what is in this packet'. Therfore, we
* operate on 'chal_flags' from here on
diff --git a/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch b/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch
deleted file mode 100644
index 3716dd4..0000000
--- a/examples/bind9-patches/0001-leave-the-question-section-in-update-responses.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 1d97835f07fd5142187629941422f87b33015414 Mon Sep 17 00:00:00 2001
-From: Andrew Tridgell <tridge at samba.org>
-Date: Wed, 17 Feb 2010 10:47:59 +1100
-Subject: [PATCH 1/5] leave the question section in update responses.
-
-This fixes TSIG-GSS updates from windows7 and w2k8r2, which require
-the question to be included in the initial refusal for the unsigned
-update.
----
- lib/dns/message.c | 3 ++-
- 1 files changed, 2 insertions(+), 1 deletions(-)
-
-diff --git a/lib/dns/message.c b/lib/dns/message.c
-index b541635..ae4965f 100644
---- a/lib/dns/message.c
-+++ b/lib/dns/message.c
-@@ -2474,7 +2474,8 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) {
- if (!msg->header_ok)
- return (DNS_R_FORMERR);
- if (msg->opcode != dns_opcode_query &&
-- msg->opcode != dns_opcode_notify)
-+ msg->opcode != dns_opcode_notify &&
-+ msg->opcode != dns_opcode_update)
- want_question_section = ISC_FALSE;
- if (want_question_section) {
- if (!msg->question_ok)
---
-1.6.3.3
-
diff --git a/examples/bind9-patches/0002-prevent-a-valgrind-uninitialised-memory-warning.patch b/examples/bind9-patches/0002-prevent-a-valgrind-uninitialised-memory-warning.patch
deleted file mode 100644
index 22f0ce4..0000000
--- a/examples/bind9-patches/0002-prevent-a-valgrind-uninitialised-memory-warning.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 31059dee4a706bb4f25f3dccaae7616451eabd8b Mon Sep 17 00:00:00 2001
-From: Andrew Tridgell <tridge at samba.org>
-Date: Wed, 17 Feb 2010 10:59:42 +1100
-Subject: [PATCH 2/5] prevent a valgrind uninitialised memory warning
-
-epoll uses a union, so to prevent passing uninitialised data in a
-syscall we need to zero it before use.
----
- lib/isc/unix/socket.c | 2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
-
-diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
-index d09fe51..4796ee4 100644
---- a/lib/isc/unix/socket.c
-+++ b/lib/isc/unix/socket.c
-@@ -652,6 +652,7 @@ watch_fd(isc_socketmgr_t *manager, int fd, int msg) {
- event.events = EPOLLIN;
- else
- event.events = EPOLLOUT;
-+ memset(&event.data, 0, sizeof(event.data));
- event.data.fd = fd;
- if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_ADD, fd, &event) == -1 &&
- errno != EEXIST) {
-@@ -719,6 +720,7 @@ unwatch_fd(isc_socketmgr_t *manager, int fd, int msg) {
- event.events = EPOLLIN;
- else
- event.events = EPOLLOUT;
-+ memset(&event.data, 0, sizeof(event.data));
- event.data.fd = fd;
- if (epoll_ctl(manager->epoll_fd, EPOLL_CTL_DEL, fd, &event) == -1 &&
- errno != ENOENT) {
---
-1.6.3.3
-
diff --git a/examples/bind9-patches/0003-don-t-compress-TSIG-names.patch b/examples/bind9-patches/0003-don-t-compress-TSIG-names.patch
deleted file mode 100644
index e92dce3..0000000
--- a/examples/bind9-patches/0003-don-t-compress-TSIG-names.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From ec22ed6c9797dbdcd820e352167bef8500ca00c6 Mon Sep 17 00:00:00 2001
-From: Andrew Tridgell <tridge at samba.org>
-Date: Wed, 17 Feb 2010 12:20:35 +1100
-Subject: [PATCH 3/5] don't compress TSIG names
-
-windows DNS servers will refuse TSIG-GSS requests with compressed
-names
----
- bin/nsupdate/nsupdate.c | 4 ++++
- lib/dns/message.c | 2 ++
- lib/dns/tsig.c | 3 +++
- 3 files changed, 9 insertions(+), 0 deletions(-)
-
-diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
-index 6cf4cf4..f7ce6db 100644
---- a/bin/nsupdate/nsupdate.c
-+++ b/bin/nsupdate/nsupdate.c
-@@ -1985,6 +1985,10 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master,
- fprintf(stderr, "Sending update to %s\n", addrbuf);
- }
-
-+ /* windows doesn't like the tsig name to be compressed */
-+ if (updatemsg->tsigname)
-+ updatemsg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
-+
- result = dns_request_createvia3(requestmgr, updatemsg, srcaddr,
- master, options, tsigkey, timeout,
- udp_timeout, udp_retries, global_task,
-diff --git a/lib/dns/message.c b/lib/dns/message.c
-index ae4965f..cb4528f 100644
---- a/lib/dns/message.c
-+++ b/lib/dns/message.c
-@@ -1531,6 +1531,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
- } else if (rdtype == dns_rdatatype_tsig && msg->tsig == NULL) {
- msg->tsig = rdataset;
- msg->tsigname = name;
-+ /* TSIG names should not be compressed */
-+ msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
- rdataset = NULL;
- free_rdataset = ISC_FALSE;
- free_name = ISC_FALSE;
-diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
-index 74a7af3..3223942 100644
---- a/lib/dns/tsig.c
-+++ b/lib/dns/tsig.c
-@@ -889,6 +889,9 @@ dns_tsig_sign(dns_message_t *msg) {
- msg->tsig = dataset;
- msg->tsigname = owner;
-
-+ /* windows does not like the tsig name being compressed */
-+ msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
-+
- return (ISC_R_SUCCESS);
-
- cleanup_rdatalist:
---
-1.6.3.3
-
diff --git a/examples/bind9-patches/0004-If-tkey-gssapi-initialisation-fails-then-heck-for-th.patch b/examples/bind9-patches/0004-If-tkey-gssapi-initialisation-fails-then-heck-for-th.patch
deleted file mode 100644
index 3130a05..0000000
--- a/examples/bind9-patches/0004-If-tkey-gssapi-initialisation-fails-then-heck-for-th.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From c73ceb48ffc518e171d1d40b82ae2b5f603fe038 Mon Sep 17 00:00:00 2001
-From: Andrew Tridgell <tridge at samba.org>
-Date: Wed, 17 Feb 2010 15:27:44 +1100
-Subject: [PATCH 4/5] If tkey-gssapi initialisation fails, then heck for the most common
- configuration errors so that the admin doesn't spend all day trying to
- work out why the config is broken.
-
----
- lib/dns/gssapictx.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
- 1 files changed, 48 insertions(+), 0 deletions(-)
-
-diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
-index 11eadb9..879393c 100644
---- a/lib/dns/gssapictx.c
-+++ b/lib/dns/gssapictx.c
-@@ -66,6 +66,7 @@
- * we include SPNEGO's OID.
- */
- #if defined(GSSAPI)
-+#include <krb5/krb5.h>
-
- static unsigned char krb5_mech_oid_bytes[] = {
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02
-@@ -191,6 +192,50 @@ log_cred(const gss_cred_id_t cred) {
- }
- #endif
-
-+#ifdef GSSAPI
-+/*
-+ * check for the most common configuration errors.
-+ *
-+ * The errors checked for are:
-+ * - tkey-gssapi-credential doesn't start with DNS/
-+ * - the default realm in /etc/krb5.conf and the
-+ * tkey-gssapi-credential bind config option don't match
-+ */
-+static void dst_gssapi_check_config(const char *gss_name)
-+{
-+ const char *p;
-+ krb5_context krb5_ctx;
-+ char *krb5_realm = NULL;
-+
-+ if (strncasecmp(gss_name, "DNS/", 4) != 0) {
-+ gss_log(ISC_LOG_ERROR, "tkey-gssapi-credential (%s) should start with 'DNS/'");
-+ return;
-+ }
-+
-+ if (krb5_init_context(&krb5_ctx) != 0) {
-+ gss_log(ISC_LOG_ERROR, "Unable to initialise krb5 context");
-+ return;
-+ }
-+ if (krb5_get_default_realm(krb5_ctx, &krb5_realm) != 0) {
-+ gss_log(ISC_LOG_ERROR, "Unable to get krb5 default realm");
-+ krb5_free_context(krb5_ctx);
-+ return;
-+ }
-+ if (!(p = strchr(gss_name, '/'))) {
-+ gss_log(ISC_LOG_ERROR, "badly formatted tkey-gssapi-credentials (%s)", gss_name);
-+ krb5_free_context(krb5_ctx);
-+ return;
-+ }
-+ if (strcasecmp(p+1, krb5_realm) != 0) {
-+ gss_log(ISC_LOG_ERROR,"default realm from krb5.conf (%s) does not match tkey-gssapi-credential (%s)",
-+ krb5_realm, gss_name);
-+ krb5_free_context(krb5_ctx);
-+ return;
-+ }
-+ krb5_free_context(krb5_ctx);
-+}
-+#endif
-+
- isc_result_t
- dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
- gss_cred_id_t *cred)
-@@ -223,6 +268,8 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
- gret = gss_import_name(&minor, &gnamebuf,
- GSS_C_NO_OID, &gname);
- if (gret != GSS_S_COMPLETE) {
-+ dst_gssapi_check_config((char *)array);
-+
- gss_log(3, "failed gss_import_name: %s",
- gss_error_tostring(gret, minor, buf,
- sizeof(buf)));
-@@ -254,6 +301,7 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate,
- initiate ? "initiate" : "accept",
- (char *)gnamebuf.value,
- gss_error_tostring(gret, minor, buf, sizeof(buf)));
-+ dst_gssapi_check_config((char *)array);
- return (ISC_R_FAILURE);
- }
-
---
-1.6.3.3
-
diff --git a/examples/bind9-patches/0005-windows-doesn-t-return-valid-GSSAPI-sequence-numbers.patch b/examples/bind9-patches/0005-windows-doesn-t-return-valid-GSSAPI-sequence-numbers.patch
deleted file mode 100644
index a44813d..0000000
--- a/examples/bind9-patches/0005-windows-doesn-t-return-valid-GSSAPI-sequence-numbers.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 0f6a49d9fb4a3b9f917ee9caed3a94e44db045a5 Mon Sep 17 00:00:00 2001
-From: Andrew Tridgell <tridge at samba.org>
-Date: Wed, 17 Feb 2010 15:28:51 +1100
-Subject: [PATCH 5/5] windows doesn't return valid GSSAPI sequence numbers on its
- TSIG-GSS DNS update replies
-
----
- lib/dns/gssapictx.c | 5 ++++-
- 1 files changed, 4 insertions(+), 1 deletions(-)
-
-diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c
-index 879393c..69b66c5 100644
---- a/lib/dns/gssapictx.c
-+++ b/lib/dns/gssapictx.c
-@@ -536,8 +536,11 @@ dst_gssapi_initctx(dns_name_t *name, isc_buffer_t *intoken,
- gintokenp = NULL;
- }
-
-+ /* note that we don't set GSS_C_SEQUENCE_FLAG as Windows DNS
-+ * servers don't like it
-+ */
- flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG |
-- GSS_C_SEQUENCE_FLAG | GSS_C_INTEG_FLAG;
-+ GSS_C_INTEG_FLAG;
-
- gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx,
- gname, GSS_SPNEGO_MECHANISM, flags,
---
-1.6.3.3
-
diff --git a/examples/bind9-patches/README b/examples/bind9-patches/README
deleted file mode 100644
index 7bc965e..0000000
--- a/examples/bind9-patches/README
+++ /dev/null
@@ -1,11 +0,0 @@
-NOTE! These patches are now incorporated in bind9 releases from
-9.7.2RC1 and onwards. You no longer need a patched version of bind9 to
-work with krb5 DNS updates and Samba4.
-
----------------------------------
-
-These patches fix the TSIG-GSS dynamic DNS updates in bind9 to allow
-dynamic updates to work with recent windows versions.
-
-The patches were developed against bind9 version 9.6.1, and were
-tested on Ubuntu Karmic.
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 46969f3..2b9e48a 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -48,6 +48,7 @@ static const char *generate_smb_conf(struct task_server *task)
return NULL;
}
+ fdprintf(fd, "[globals]\n");
fdprintf(fd, "# auto-generated config for fileserver\n");
fdprintf(fd, "passdb backend = samba4\n");
fdprintf(fd, "rpc_server:default = external\n");
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c15c298..f472bb5 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1393,7 +1393,7 @@ sub teardown_env($$)
my $childpid;
# This should give it time to write out the gcov data
- until ($count > 20) {
+ until ($count > 30) {
if (Samba::cleanup_child($pid, "samba") == -1) {
last;
}
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 6713193..c3797cf 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -81,9 +81,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
uint8_t chal[8])
{
- DATA_BLOB challenge = data_blob_null;
- const char *challenge_set_by = NULL;
- auth_methods *auth_method;
+ uchar tmp[8];
+
if (auth_context->challenge.length) {
DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n",
@@ -92,52 +91,11 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
return NT_STATUS_OK;
}
- auth_context->challenge_may_be_modified = False;
-
- for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) {
- if (auth_method->get_chal == NULL) {
- DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
- continue;
- }
-
- DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name));
- if (challenge_set_by != NULL) {
- DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authentication method %s has already specified a challenge. Challenge by %s ignored.\n",
- challenge_set_by, auth_method->name));
- continue;
- }
-
- challenge = auth_method->get_chal(auth_context, &auth_method->private_data,
- auth_context);
- if (!challenge.length) {
- DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n",
- auth_method->name));
- } else {
- DEBUG(5, ("auth_get_challenge: successfully got challenge from module %s\n", auth_method->name));
- auth_context->challenge = challenge;
- challenge_set_by = auth_method->name;
- auth_context->challenge_set_method = auth_method;
- }
- }
-
- if (!challenge_set_by) {
- uchar tmp[8];
-
- generate_random_buffer(tmp, sizeof(tmp));
- auth_context->challenge = data_blob_talloc(auth_context,
- tmp, sizeof(tmp));
-
- challenge_set_by = "random";
- auth_context->challenge_may_be_modified = True;
- }
-
- DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
- DEBUG(5, ("challenge is: \n"));
- dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
-
- SMB_ASSERT(auth_context->challenge.length == 8);
+ generate_random_buffer(tmp, sizeof(tmp));
+ auth_context->challenge = data_blob_talloc(auth_context,
+ tmp, sizeof(tmp));
- auth_context->challenge_set_by=challenge_set_by;
+ auth_context->challenge_set_by = "random";
--
Samba Shared Repository
More information about the samba-cvs
mailing list