[SCM] Samba Shared Repository - branch v4-0-test updated

Karolin Seeger kseeger at samba.org
Fri Mar 1 10:22:04 MST 2013 

The branch, v4-0-test has been updated
       via  f77d5d6 Fix bug # 9666 - Broken filtering of link-local addresses.
       via  2035ab5 Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
       via  7a5d1b5 Make sure that domain joins work correctly when the DC disallows NTLM auth.
       via  0591310 s3:lib/afs fix the build
       via  7a3d84f s3:build fix the build with --fake-kaserver
      from  51e2615 s4-libcli: Check return value of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <ab at samba.org>

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -----------------------------------------------------------------
commit f77d5d6479c879c8770fbc9a6ca5656ef3e41019
Author: Timur Bakeyev <timur at FreeBSD.org>
Date:   Wed Feb 27 16:25:07 2013 -0800

    Fix bug # 9666 - Broken filtering of link-local addresses.
    
    This patch should address the problem with Link Local addresses
    on FreeBSD and Linux.
    
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-0-test): Fri Mar  1 18:21:19 CET 2013 on sn-devel-104

commit 2035ab587e44f4a3944a3fabe3196c30640b8e04
Author: Daniel Kobras <d.kobras at science-computing.de>
Date:   Fri Feb 22 16:24:26 2013 -0800

    Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
    
    s3: never try to map global SAM name
    
    Do not treat the global SAM name as a BOGUS domain, and exempt
    local users from mapping, instead. This change reinstates the
    exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
    to domain' is set.
    
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>

commit 7a5d1b5162d3a9264690146a9cfd7685cd872d17
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date:   Tue Feb 26 20:22:05 2013 -0800

    Make sure that domain joins work correctly when the DC disallows NTLM auth.
    
    Signed-Off-By: Richard Sharpe <realrichardsharpe at gmail.com>
    
    Fix bug #Bug 9689 - net ads join -k fails when AD is in Kerberos-only mode.

commit 05913109fa8f40abb2e3c08174cb6d3383bf8b11
Author: Christian Ambach <ambi at samba.org>
Date:   Mon Feb 18 16:55:30 2013 +0100

    s3:lib/afs fix the build
    
    Fix Bug 9644 - Compile of source3/lib/afs.c fails
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=9644
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit e7f66f37a62ad954e8b0a048905f0e6688b70849)

commit 7a3d84f7400864ae59b09b5e3e67ff24cb8ca8c2
Author: Christian Ambach <ambi at samba.org>
Date:   Mon Feb 18 17:34:25 2013 +0100

    s3:build fix the build with --fake-kaserver
    
    this fixes Bug 9643 - Build in source3 of bin/net fails when configure option
    --with-fake-kaserver is used
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=9643
    
    Signed-off-by: Christian Ambach <ambi at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Tue Feb 19 19:15:19 CET 2013 on sn-devel-104
    (cherry picked from commit 432dde0223d884b7de1a9d3c0655304efbcf1f88)

-----------------------------------------------------------------------

Summary of changes:
 lib/socket/interfaces.c      |   28 +++++++++++++++-------------
 source3/Makefile.in          |    2 +-
 source3/auth/auth_util.c     |    3 ++-
 source3/lib/afs.c            |    2 +-
 source3/libnet/libnet_join.c |   14 +++++++++++---
 source3/libnet/libnet_join.h |    3 ++-
 6 files changed, 32 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
index 74c6423..e62da3c 100644
--- a/lib/socket/interfaces.c
+++ b/lib/socket/interfaces.c
@@ -186,6 +186,21 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces)
 		memcpy(&ifaces[total].ip, ifptr->ifa_addr, copy_size);
 		memcpy(&ifaces[total].netmask, ifptr->ifa_netmask, copy_size);
 
+		/* calculate broadcast address */
+#if defined(HAVE_IPV6)
+		if (ifptr->ifa_addr->sa_family == AF_INET6) {
+			struct sockaddr_in6 *sin6 =
+				(struct sockaddr_in6 *)ifptr->ifa_addr;
+			struct in6_addr *in6 =
+				(struct in6_addr *)&sin6->sin6_addr;
+
+			if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) {
+				continue;
+			}
+			/* IPv6 does not have broadcast it uses multicast. */
+			memset(&ifaces[total].bcast, '\0', copy_size);
+		} else
+#endif
 		if (ifaces[total].flags & (IFF_BROADCAST|IFF_LOOPBACK)) {
 			make_bcast(&ifaces[total].bcast,
 				&ifaces[total].ip,
@@ -195,19 +210,6 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces)
 			memcpy(&ifaces[total].bcast,
 				ifptr->ifa_dstaddr,
 				copy_size);
-#if defined(HAVE_IPV6)
-		} else if (ifptr->ifa_addr->sa_family == AF_INET6) {
-			const struct sockaddr_in6 *sin6 =
-				(const struct sockaddr_in6 *)ifptr->ifa_addr;
-			const struct in6_addr *in6 =
-				(const struct in6_addr *)&sin6->sin6_addr;
-
-			if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) {
-				continue;
-			}
-			/* IPv6 does not have broadcast it uses multicast. */
-			memset(&ifaces[total].bcast, '\0', copy_size);
-#endif
 		} else {
 			continue;
 		}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 4424306..f6305c6 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1233,7 +1233,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
 NET_OBJ2 = utils/net_registry_util.o utils/net_help_common.o
 
 NET_OBJ = $(NET_OBJ1) \
-	  $(NET_OBJ2) \
+	  $(NET_OBJ2) @FAKE_KASERVER_OBJ@ \
 	  $(LIBADDNS_OBJ0) \
 	  $(READLINE_OBJ) \
 	  $(LIBGPO_OBJ) $(INIPARSER_OBJ) $(DISPLAY_SEC_OBJ) \
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index b75a390..d0b0b7d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -125,7 +125,8 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 	 * This also deals with the client passing in a "" domain */
 
 	if (!is_trusted_domain(domain) &&
-	    !strequal(domain, my_sam_name()))
+	    !strequal(domain, my_sam_name()) &&
+	    !strequal(domain, get_global_sam_name()))
 	{
 		if (lp_map_untrusted_to_domain())
 			domain = my_sam_name();
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 4b6e6ec..2d77526 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -237,7 +237,7 @@ bool afs_login(connection_struct *conn)
 	}
 
 	afs_username = talloc_sub_advanced(ctx,
-				lp_servicename(SNUM(conn)),
+				lp_servicename(ctx, SNUM(conn)),
 				conn->session_info->unix_info->unix_name,
 				conn->connectpath,
 				conn->session_info->unix_token->gid,
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3d0a6d3..2b4ab0b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1170,7 +1170,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
 NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 			const char *machine_name,
-			const char *dc_name)
+			const char *dc_name,
+			const bool use_kerberos)
 {
 	uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
 	struct cli_state *cli = NULL;
@@ -1179,6 +1180,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 	NTSTATUS status;
 	char *machine_password = NULL;
 	char *machine_account = NULL;
+	int flags = 0;
 
 	if (!dc_name) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -1199,6 +1201,10 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (use_kerberos) {
+		flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+	}
+
 	status = cli_full_connection(&cli, NULL,
 				     dc_name,
 				     NULL, 0,
@@ -1206,7 +1212,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 				     machine_account,
 				     NULL,
 				     machine_password,
-				     0,
+				     flags,
 				     SMB_SIGNING_DEFAULT);
 	free(machine_account);
 	free(machine_password);
@@ -1277,7 +1283,8 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
 
 	status = libnet_join_ok(r->out.netbios_domain_name,
 				r->in.machine_name,
-				r->in.dc_name);
+				r->in.dc_name,
+				r->in.use_kerberos);
 	if (!NT_STATUS_IS_OK(status)) {
 		libnet_join_set_error_string(mem_ctx, r,
 			"failed to verify domain membership after joining: %s",
@@ -2084,6 +2091,7 @@ static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx,
 	u->in.admin_account	= r->in.admin_account;
 	u->in.admin_password	= r->in.admin_password;
 	u->in.modify_config	= r->in.modify_config;
+	u->in.use_kerberos	= r->in.use_kerberos;
 	u->in.unjoin_flags	= WKSSVC_JOIN_FLAGS_JOIN_TYPE |
 				  WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
 
diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h
index dccf03b..58c33b2 100644
--- a/source3/libnet/libnet_join.h
+++ b/source3/libnet/libnet_join.h
@@ -25,7 +25,8 @@
 
 NTSTATUS libnet_join_ok(const char *netbios_domain_name,
 			const char *machine_name,
-			const char *dc_name);
+			const char *dc_name,
+			const bool use_kerberos);
 WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
 			   struct libnet_JoinCtx **r);
 WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list