[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Mon Nov 5 05:10:06 MST 2012
The branch, v4-0-test has been updated
via 6195cb6 docs-xml: fix use of <smbconfoption> tag (fix bug #9345)
via 6b94f5b s3-param: Move the options needed for running smbd in the AD DC to loadparm
via 4d7ea03 file_server: put set create mask and directory mask in fileserver.conf
via ab78d76 build(waf): fix the cluster(ctdb) build without system talloc installed
via fb99d62 build(waf): fix a tab indentation to spaces
via 5010165 build(waf): Fail "configure --with-cluster-support" if ctdb support is not available.
via e8ef7c6 s3-torture:test_ctdbconn: fix the build against older ctdb versions
via 22bf5ba s3:ctdb library: fix the build against older ctdb versions
via e1fc90d build(waf): check if we have ctdb_protocol.h in the cluster checks
via b83df67 build(autoconf): check if we have ctdb_protocol.h in the cluster checks
via 0f31f3c build(autoconf): fix check for ctdb_private.h (bug #9349)
via 6772b85 auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes
via 87d4237 libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing
via b61e8e9 s4-torture: Complete test for winbindd PAC parsing
via d2fb91f auth/kerberos: Adjust log level for failed PAC signature verification
via b547a8d winbind: Extend wbcAuthenticateUserEx to provide PAC
via 57907a6 dns_server: Try and use the dns-SERVER account if we were configured with it
via 64c10e7 s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175)
via 99817aa s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175)
via 07c279e libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)
from 0ad1019 s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 6195cb667b1c162436bfbf5d4f499bdc776f83b4
Author: Björn Baumbach <bb at sernet.de>
Date: Fri Nov 2 10:25:27 2012 +0100
docs-xml: fix use of <smbconfoption> tag (fix bug #9345)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Karolin Seeger <ks at samba.org>
Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Fri Nov 2 12:37:42 CET 2012 on sn-devel-104
(cherry picked from commit 3ecbe8c83a003825fc58f6dcb9e02a35aad2d86e)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Mon Nov 5 13:09:12 CET 2012 on sn-devel-104
commit 6b94f5b765d76ffd798631c31c4251ff8ceee96a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 1 11:26:16 2012 +1100
s3-param: Move the options needed for running smbd in the AD DC to loadparm
This avoids the whole fileserver.conf thing, and simply handles everything in C.
The main challenge is that if s3fs is enabled in a member server
configuration (unlikely) then these options will not be set, and it
overrides any other attempt to set these as globals. (The previous
approach essentially just changed defaults, because the include =
of smb.conf was after the values were set in fileserver.conf).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104
(cherry picked from commit 75c51d6561f6f39dd02fd942709039b871957f44)
The last 2 patches address bug #9355 - set mask values to 0777 and use
fileserver.conf.
commit 4d7ea03ec6a0e3b3db1a90b8e4dc2a26a459f06b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 1 11:24:00 2012 +1100
file_server: put set create mask and directory mask in fileserver.conf
This allows any ACL to be set from the client, without restriction
from the Samba side.
Based on advise from Jermey at https://lists.samba.org/archive/samba-technical/2012-October/088414.html
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit fc5caffbc139d63cab1ec105884863f73772586f)
commit ab78d76e3889ce3905dc4d4048dccd9742e5591f
Author: Michael Adam <obnox at samba.org>
Date: Tue Oct 30 14:43:42 2012 +0100
build(waf): fix the cluster(ctdb) build without system talloc installed
This is analogous to the earlier patch for tdb.
It temporarily adds the talloc include path to the
includes search list for the ctdb-header configure checks.
Patch 2/2 for fixing bug #9353.
Signed-off-by: Michael Adam <obnox at samba.org>
Tested-by: Björn Baumbach <bb at sernet.de>
commit fb99d62eb061f8f409ace56db603d4ad84c9c737
Author: Michael Adam <obnox at samba.org>
Date: Tue Oct 30 14:41:04 2012 +0100
build(waf): fix a tab indentation to spaces
Patch 1/2 for fixing bug #9353.
Signed-off-by: Michael Adam <obnox at samba.org>
commit 501016551eaa12367c99315470ba0f1d83f0e966
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Oct 30 16:04:10 2012 +0100
build(waf): Fail "configure --with-cluster-support" if ctdb support is not available.
Currently, configure only warns if cluster support is not found.
Fix for bug #9351
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d551b4ab4bb06dac7d90389febbc21c2afae8bca)
commit e8ef7c696e9202a8d079801fd9a5477c5fb14b3d
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Oct 30 16:45:30 2012 +0100
s3-torture:test_ctdbconn: fix the build against older ctdb versions
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Part 4/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 5f1b5404b8e642dd18b55e37793068216f668242)
commit 22bf5ba6cf6d83184eb76f27774dfd0de08e4627
Author: Björn Baumbach <bb at sernet.de>
Date: Wed Oct 17 16:54:33 2012 +0200
s3:ctdb library: fix the build against older ctdb versions
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Part 3/4 of fix bug #9348.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 541bde605e8a1158411436c4f7fdc314dfdbff23)
commit e1fc90d5d64bcac63b8d773c837304cf40525c3f
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Oct 30 13:59:41 2012 +0100
build(waf): check if we have ctdb_protocol.h in the cluster checks
Part 2/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit bf269d6b5a6783e2479ac455b8e085a5d8ad9e9e)
commit b83df677714ec54bddf1e8ecbb1b623746f0b9b1
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Oct 30 13:26:24 2012 +0100
build(autoconf): check if we have ctdb_protocol.h in the cluster checks
Part 1/4 of fix for bug #9348.
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit d113d8aea5411e5e0701891f44b95d6d916b1271)
commit 0f31f3c3fd455bbdb577f57c4d37db9509a56458
Author: Björn Baumbach <bb at sernet.de>
Date: Tue Oct 30 13:40:48 2012 +0100
build(autoconf): fix check for ctdb_private.h (bug #9349)
Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit e5cce4f47274a02b752e47e3d1f23d3f64f72123)
commit 6772b85b3fc1297fbe40e5dbc21f984238a86fa2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Sep 21 15:59:11 2012 -0700
auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104
The last 5 patches address bug #9347 - winbind: Extend wbcAuthenticateUserEx to
provide PAC.
commit 87d42376f9fc87f56f708108d9e0274a32b2a10a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 20 19:46:31 2012 -0700
libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Sep 21 06:37:15 CEST 2012 on sn-devel-104
(cherry picked from commit 914b02be5a3e7805110f517e39ed9f6fe760c2bc)
commit b61e8e908da976993534d8747ff57d8f05164ad9
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Sep 20 18:30:07 2012 -0700
s4-torture: Complete test for winbindd PAC parsing
Decode the PAC through the wbcAuthenticateUserEx call, also decode it
locally and compare the result.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d9747b15c4a737a1422d0156d92efed762bb672d)
commit d2fb91ff1551932cad5eeb5084f550ce14f0b8a7
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Mon Jul 30 11:03:54 2012 -0700
auth/kerberos: Adjust log level for failed PAC signature verification
With winbindd trying to verify the signature of an application provided
PAC, this message can be easily triggered. Adjust the debug level to
avoid filling up the logs.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 05befd2f734d3962619ebc0cc137bbe5cedfd81d)
commit b547a8dd3af0ab489ea2163ab986a7dde8b1d771
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Wed Jul 18 14:38:47 2012 -0700
winbind: Extend wbcAuthenticateUserEx to provide PAC
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1bc2f28b9420829645ed571daf2a17e6688b2103)
commit 57907a6e9b3eb8793ba9cd215574fcddff529f14
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Oct 16 15:08:30 2012 +1100
dns_server: Try and use the dns-SERVER account if we were configured with it
Fix bug #9317 - Cannot easily change to internal DNS server.
commit 64c10e7213f6aa9d497a1f255616b64346d0abd5
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 22 14:35:41 2012 +0200
s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175)
We should use the latest supported dialect.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewd-by: Michael Adam <obnox at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104
(cherry picked from commit 2a3eb641fe34fb95bf713f0e7184581847af1357)
commit 99817aa717c42dbc12970eee4574910602f93684
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 22 14:31:20 2012 +0200
s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 45105afffc5678082b23165ff74610d67e57a82a)
commit 07c279e1d0b156a0b8ca17a8c48293f50a438a92
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 22 14:18:20 2012 +0200
libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)
This should be a short term hack until the upper layers have implemented
re-authentication.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
(cherry picked from commit c5cd22b5bbce724dcd68fe94320382b3f772cabf)
-----------------------------------------------------------------------
Summary of changes:
auth/kerberos/kerberos_pac.c | 2 +-
auth/kerberos/pac_utils.h | 3 +
docs-xml/build/DTD/samba.entities | 13 ++-
file_server/file_server.c | 51 +--------
libcli/smb/smbXcli_base.c | 34 +++++
libcli/smb/smbXcli_base.h | 1 +
.../ABI/{wbclient-0.10.sigs => wbclient-0.11.sigs} | 0
nsswitch/libwbclient/wbc_pam.c | 16 +++-
nsswitch/libwbclient/wbclient.h | 45 ++++---
nsswitch/libwbclient/wscript | 2 +-
nsswitch/winbind_struct_protocol.h | 1 +
source3/configure.in | 4 +-
source3/lib/ctdb_conn.h | 5 +
source3/param/loadparm.c | 17 +++
source3/torture/test_ctdbconn.c | 6 +
source3/winbindd/winbindd_cm.c | 13 ++-
source3/winbindd/winbindd_pam.c | 128 +++++++++++++++++++-
source3/winbindd/winbindd_pam_auth_crap.c | 23 ++++
source3/winbindd/winbindd_proto.h | 8 ++
source3/wscript | 43 ++++++-
source4/dns_server/dns_server.c | 61 +++++++--
source4/torture/winbind/winbind.c | 92 +++++++++++++-
22 files changed, 454 insertions(+), 114 deletions(-)
copy nsswitch/libwbclient/ABI/{wbclient-0.10.sigs => wbclient-0.11.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index 80f31d8..81f7f21 100644
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -322,7 +322,7 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
context,
service_keyblock);
if (ret) {
- DEBUG(1, ("PAC Decode: Failed to verify the service "
+ DEBUG(5, ("PAC Decode: Failed to verify the service "
"signature: %s\n", error_message(ret)));
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index b9b6664..d09e7b6 100644
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -21,6 +21,8 @@
#ifndef _PAC_UTILS_H
#define _PAC_UTILS_H
+#ifdef HAVE_KRB5
+
#include "lib/krb5_wrap/krb5_samba.h"
#include "lib/krb5_wrap/gss_samba.h"
@@ -65,4 +67,5 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
char *gssapi_error_string(TALLOC_CTX *mem_ctx,
OM_uint32 maj_stat, OM_uint32 min_stat,
const gss_OID mech);
+#endif /* HAVE_KRB5 */
#endif /* _PAC_UTILS_H */
diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
index f5d8cd2..c7e46c2 100644
--- a/docs-xml/build/DTD/samba.entities
+++ b/docs-xml/build/DTD/samba.entities
@@ -180,7 +180,7 @@ use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</para>
<para>Note that specifying this parameter here will
-override the <smbconfoption><name>log level</name></smbconfoption> parameter
+override the <smbconfoption name="log level" /> parameter
in the &smb.conf; file.</para>
</listitem>
</varlistentry>'>
@@ -207,7 +207,7 @@ use only by developers and generate HUGE amounts of log
data, most of which is extremely cryptic.</para>
<para>Note that specifying this parameter here will
-override the <smbconfoption><name>log level</name></smbconfoption> parameter
+override the <smbconfoption name="log level" /> parameter
in the &smb.conf; file.</para>
</listitem>
</varlistentry>'>
@@ -297,11 +297,13 @@ being on a locally connected subnet.
<para>If this parameter is not set then the name resolve order
defined in the &smb.conf; file parameter
-(<smbconfoption><name>name resolve order</name></smbconfoption>) will be used.
+(<smbconfoption name="name resolve order" />) will be used.
</para>
<para>The default order is lmhosts, host, wins, bcast. Without
-this parameter or any entry in the <smbconfoption><name>name resolve order</name></smbconfoption> parameter of the &smb.conf; file, the name
+this parameter or any entry in the
+<smbconfoption name="name resolve order" /> parameter of
+the &smb.conf; file, the name
resolution methods will be attempted in this order. </para></listitem>
</varlistentry>'>
@@ -310,7 +312,8 @@ resolution methods will be attempted in this order. </para></listitem>
<term>-n|--netbiosname <primary NetBIOS name></term>
<listitem><para>This option allows you to override
the NetBIOS name that Samba uses for itself. This is identical
-to setting the <smbconfoption><name>netbios name</name></smbconfoption> parameter in the &smb.conf; file.
+to setting the <smbconfoption name="netbios name" /> parameter in
+the &smb.conf; file.
However, a command
line setting will take precedence over settings in
&smb.conf;.</para></listitem>
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 0777de5..430782c 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -30,49 +30,6 @@
#include "dynconfig.h"
/*
- generate a smbd config file for the file server
- */
-static const char *generate_smb_conf(struct task_server *task)
-{
- int fd;
- struct loadparm_context *lp_ctx = task->lp_ctx;
- const char *path = smbd_tmp_path(task, lp_ctx, "fileserver.conf");
-
- if (path == NULL) {
- return NULL;
- }
-
- fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644);
- if (fd == -1) {
- DEBUG(0,("Failed to create %s", path));
- return NULL;
- }
-
- fdprintf(fd, "[globals]\n");
- fdprintf(fd, "# auto-generated config for fileserver\n");
- fdprintf(fd, "server role check:inhibit=yes\n");
- fdprintf(fd, "rpc_server:default = external\n");
- fdprintf(fd, "rpc_server:svcctl = embedded\n");
- fdprintf(fd, "rpc_server:srvsvc = embedded\n");
- fdprintf(fd, "rpc_server:eventlog = embedded\n");
- fdprintf(fd, "rpc_server:ntsvcs = embedded\n");
- fdprintf(fd, "rpc_server:winreg = embedded\n");
- fdprintf(fd, "rpc_server:spoolss = embedded\n");
- fdprintf(fd, "rpc_daemon:spoolssd = embedded\n");
- fdprintf(fd, "rpc_server:tcpip = no\n");
-
- fdprintf(fd, "map hidden = no\n");
- fdprintf(fd, "map system = no\n");
- fdprintf(fd, "map readonly = no\n");
- fdprintf(fd, "store dos attributes = yes\n");
-
- fdprintf(fd, "include = %s\n", lpcfg_configfile(lp_ctx));
-
- close(fd);
- return path;
-}
-
-/*
called if smbd exits
*/
static void file_server_smbd_done(struct tevent_req *subreq)
@@ -98,23 +55,19 @@ static void file_server_smbd_done(struct tevent_req *subreq)
*/
static void s3fs_task_init(struct task_server *task)
{
- const char *fileserver_conf;
struct tevent_req *subreq;
const char *smbd_path;
const char *smbd_cmd[2] = { NULL, NULL };
task_server_set_title(task, "task[s3fs_parent]");
- /* create a smb.conf for smbd to use */
- fileserver_conf = generate_smb_conf(task);
-
smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR);
smbd_cmd[0] = smbd_path;
/* start it as a child process */
subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
smbd_cmd,
- "--configfile", fileserver_conf,
+ "--option=server role check:inhibit=yes",
"--foreground",
debug_get_output_is_stdout()?"--log-stdout":NULL,
NULL);
@@ -126,7 +79,7 @@ static void s3fs_task_init(struct task_server *task)
tevent_req_set_callback(subreq, file_server_smbd_done, task);
- DEBUG(1,("Started file server smbd with config %s\n", fileserver_conf));
+ DEBUG(5,("Started file server child smbd\n"));
}
/* called at smbd startup - register ourselves as a server service */
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 02d0227..c547515 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -157,6 +157,13 @@ struct smbXcli_session {
struct {
DATA_BLOB signing_key;
} smb2_channel;
+
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ bool disconnect_expired;
};
struct smbXcli_tcon {
@@ -1970,6 +1977,17 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
cmd = CVAL(inhdr, HDR_COM);
status = smb1cli_pull_raw_error(inhdr);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
+ (state->session != NULL) && state->session->disconnect_expired)
+ {
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ return status;
+ }
+
if (state->smb1.chained_requests == NULL) {
if (num_iov != 3) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
@@ -3442,6 +3460,17 @@ static NTSTATUS smb2cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
}
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED) &&
+ (session != NULL) && session->disconnect_expired)
+ {
+ /*
+ * this should be a short term hack
+ * until the upper layers have implemented
+ * re-authentication.
+ */
+ return status;
+ }
+
smbXcli_req_unset_pending(req);
/*
@@ -4483,6 +4512,11 @@ NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
return NT_STATUS_OK;
}
+void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session)
+{
+ session->disconnect_expired = true;
+}
+
uint16_t smb1cli_session_current_id(struct smbXcli_session *session)
{
return session->smb1.session_id;
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 5ef201e..9a6ccc6 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -253,6 +253,7 @@ struct smbXcli_session *smbXcli_session_create(TALLOC_CTX *mem_ctx,
NTSTATUS smbXcli_session_application_key(struct smbXcli_session *session,
TALLOC_CTX *mem_ctx,
DATA_BLOB *key);
+void smbXcli_session_set_disconnect_expired(struct smbXcli_session *session);
uint16_t smb1cli_session_current_id(struct smbXcli_session* session);
void smb1cli_session_set_id(struct smbXcli_session* session,
uint16_t session_id);
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.10.sigs b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs
similarity index 100%
copy from nsswitch/libwbclient/ABI/wbclient-0.10.sigs
copy to nsswitch/libwbclient/ABI/wbclient-0.11.sigs
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index f7fb9f2..f183cc6 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -364,7 +364,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
- if (!params->account_name) {
+ if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) {
wbc_status = WBC_ERR_INVALID_PARAM;
BAIL_ON_WBC_ERROR(wbc_status);
}
@@ -491,6 +491,20 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.nt_resp_len);
}
break;
+
+ case WBC_AUTH_USER_LEVEL_PAC:
+ cmd = WINBINDD_PAM_AUTH_CRAP;
+ request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT;
+ request.extra_data.data = malloc(params->password.pac.length);
+ if (request.extra_data.data == NULL) {
+ wbc_status = WBC_ERR_NO_MEMORY;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ memcpy(request.extra_data.data, params->password.pac.data,
+ params->password.pac.length);
+ request.extra_len = params->password.pac.length;
+ break;
+
default:
break;
}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index cb70cbd..a72d09e 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -70,9 +70,10 @@ const char *wbcErrorString(wbcErr error);
* 0.8: Added wbcSidsToUnixIds() and wbcLookupSids()
* 0.9: Added support for WBC_ID_TYPE_BOTH
* 0.10: Added wbcPingDc2()
+ * 0.11: Extended wbcAuthenticateUserEx to provide PAC parsing
**/
#define WBCLIENT_MAJOR_VERSION 0
-#define WBCLIENT_MINOR_VERSION 10
+#define WBCLIENT_MINOR_VERSION 11
#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
struct wbcLibraryDetails {
uint16_t major_version;
@@ -197,6 +198,25 @@ struct wbcDomainInfo {
#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
/**
+ * @brief Generic Blob
+ **/
+
+struct wbcBlob {
+ uint8_t *data;
+ size_t length;
+};
+
+/**
+ * @brief Named Blob
+ **/
+
+struct wbcNamedBlob {
+ const char *name;
+ uint32_t flags;
+ struct wbcBlob blob;
+};
+
+/**
* @brief Auth User Parameters
**/
@@ -212,7 +232,8 @@ struct wbcAuthUserParams {
enum wbcAuthUserLevel {
WBC_AUTH_USER_LEVEL_PLAIN = 1,
WBC_AUTH_USER_LEVEL_HASH = 2,
- WBC_AUTH_USER_LEVEL_RESPONSE = 3
+ WBC_AUTH_USER_LEVEL_RESPONSE = 3,
+ WBC_AUTH_USER_LEVEL_PAC = 4
} level;
union {
const char *plaintext;
@@ -227,29 +248,11 @@ struct wbcAuthUserParams {
uint32_t lm_length;
uint8_t *lm_data;
} response;
+ struct wbcBlob pac;
} password;
};
/**
- * @brief Generic Blob
- **/
-
-struct wbcBlob {
- uint8_t *data;
- size_t length;
-};
-
-/**
- * @brief Named Blob
- **/
-
-struct wbcNamedBlob {
- const char *name;
- uint32_t flags;
- struct wbcBlob blob;
-};
-
-/**
* @brief Logon User Parameters
**/
diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript
index f73af94..9c4da16 100644
--- a/nsswitch/libwbclient/wscript
+++ b/nsswitch/libwbclient/wscript
@@ -3,7 +3,7 @@
import Options, Logs
# Remember to also update wbclient.h
-VERSION="0.10"
+VERSION="0.11"
# It may be useful at some point to allow Samba to build against a
# system libwbclient, such as the one provided by Likewise. To to
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index e5ed8e1..c1704c8 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -218,6 +218,7 @@ typedef struct winbindd_gr {
#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
+#define WBFLAG_PAM_AUTH_PAC 0x00010000
/* generic request flags */
#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
diff --git a/source3/configure.in b/source3/configure.in
index 2c5fbb3..2dfc388 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -4969,7 +4969,7 @@ ctdb_broken="no"
SAVED_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS} $CTDB_CPPFLAGS"
-AC_CHECK_HEADERS(ctdb.h ctdb_private.h,,,[
+AC_CHECK_HEADERS(ctdb.h ctdb_private.h ctdb_protocol.h ,,,[
#include "confdefs.h"
#define NO_CONFIG_H
#include "replace.h"
@@ -4989,7 +4989,7 @@ then
fi
if test "x$have_cluster_support" = "xyes" -a \
- "x$ac_cv_header_ctdb_h" != "xyes"
+ "x$ac_cv_header_ctdb_private_h" != "xyes"
then
have_cluster_support=no
ctdb_broken="ctdb_private.h is required for cluster support"
diff --git a/source3/lib/ctdb_conn.h b/source3/lib/ctdb_conn.h
index 9229536..0d648c7 100644
--- a/source3/lib/ctdb_conn.h
+++ b/source3/lib/ctdb_conn.h
@@ -23,7 +23,12 @@
#ifdef CLUSTER_SUPPORT
#include <tdb.h>
+
+#ifdef HAVE_CTDB_PROTOCOL_H
#include <ctdb_protocol.h>
+#else
+#include <ctdb_private.h>
+#endif
#else /* CLUSTER_SUPPORT */
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 42bf11d..12cb8db 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4899,6 +4899,23 @@ static bool lp_load_ex(const char *pszFname,
}
}
lp_do_parameter(-1, "passdb backend", "samba_dsdb");
+
+ lp_do_parameter(-1, "rpc_server:default", "external");
+ lp_do_parameter(-1, "rpc_server:svcctl", "embedded");
+ lp_do_parameter(-1, "rpc_server:srvsvc", "embedded");
+ lp_do_parameter(-1, "rpc_server:eventlog", "embedded");
+ lp_do_parameter(-1, "rpc_server:ntsvcs", "embedded");
+ lp_do_parameter(-1, "rpc_server:winreg", "embedded");
+ lp_do_parameter(-1, "rpc_server:spoolss", "embedded");
+ lp_do_parameter(-1, "rpc_daemon:spoolssd", "embedded");
+ lp_do_parameter(-1, "rpc_server:tcpip", "no");
+
+ lp_do_parameter(-1, "map hidden", "no");
+ lp_do_parameter(-1, "map system", "no");
+ lp_do_parameter(-1, "map readonly", "no");
+ lp_do_parameter(-1, "store dos attributes", "yes");
+ lp_do_parameter(-1, "create mask", "0777");
+ lp_do_parameter(-1, "directory mask", "0777");
}
bAllowIncludeRegistry = true;
diff --git a/source3/torture/test_ctdbconn.c b/source3/torture/test_ctdbconn.c
index 539e224..d018352 100644
--- a/source3/torture/test_ctdbconn.c
+++ b/source3/torture/test_ctdbconn.c
@@ -25,7 +25,13 @@
#include "ctdb_conn.h"
#include "lib/util/tevent_unix.h"
#include "tdb.h"
+
+#ifdef HAVE_CTDB_PROTOCOL_H
#include "ctdb_protocol.h"
+#else
+#include "ctdb_private.h"
+#endif
+
#include "messages.h"
struct ctdb_conn_test_state {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0639be1..79b5839 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -832,7 +832,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
cli_set_timeout(*cli, 10000); /* 10 seconds */
result = smbXcli_negprot((*cli)->conn, (*cli)->timeout, PROTOCOL_CORE,
- PROTOCOL_SMB2_02);
+ PROTOCOL_LATEST);
if (!NT_STATUS_IS_OK(result)) {
DEBUG(1, ("cli_negprot failed: %s\n", nt_errstr(result)));
@@ -979,6 +979,17 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
session_setup_done:
+ /*
+ * This should be a short term hack until
+ * dynamic re-authentication is implemented.
+ *
+ * See Bug 9175 - winbindd doesn't recover from
+ * NT_STATUS_NETWORK_SESSION_EXPIRED
--
Samba Shared Repository
More information about the samba-cvs
mailing list