[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Fri Mar 1 10:22:04 MST 2013
The branch, v4-0-test has been updated
via f77d5d6 Fix bug # 9666 - Broken filtering of link-local addresses.
via 2035ab5 Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
via 7a5d1b5 Make sure that domain joins work correctly when the DC disallows NTLM auth.
via 0591310 s3:lib/afs fix the build
via 7a3d84f s3:build fix the build with --fake-kaserver
from 51e2615 s4-libcli: Check return value of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <ab at samba.org>
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit f77d5d6479c879c8770fbc9a6ca5656ef3e41019
Author: Timur Bakeyev <timur at FreeBSD.org>
Date: Wed Feb 27 16:25:07 2013 -0800
Fix bug # 9666 - Broken filtering of link-local addresses.
This patch should address the problem with Link Local addresses
on FreeBSD and Linux.
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Fri Mar 1 18:21:19 CET 2013 on sn-devel-104
commit 2035ab587e44f4a3944a3fabe3196c30640b8e04
Author: Daniel Kobras <d.kobras at science-computing.de>
Date: Fri Feb 22 16:24:26 2013 -0800
Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain.
s3: never try to map global SAM name
Do not treat the global SAM name as a BOGUS domain, and exempt
local users from mapping, instead. This change reinstates the
exact mapping behaviour of Samba 3.2 if parameter 'map untrusted
to domain' is set.
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
commit 7a5d1b5162d3a9264690146a9cfd7685cd872d17
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Tue Feb 26 20:22:05 2013 -0800
Make sure that domain joins work correctly when the DC disallows NTLM auth.
Signed-Off-By: Richard Sharpe <realrichardsharpe at gmail.com>
Fix bug #Bug 9689 - net ads join -k fails when AD is in Kerberos-only mode.
commit 05913109fa8f40abb2e3c08174cb6d3383bf8b11
Author: Christian Ambach <ambi at samba.org>
Date: Mon Feb 18 16:55:30 2013 +0100
s3:lib/afs fix the build
Fix Bug 9644 - Compile of source3/lib/afs.c fails
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9644
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit e7f66f37a62ad954e8b0a048905f0e6688b70849)
commit 7a3d84f7400864ae59b09b5e3e67ff24cb8ca8c2
Author: Christian Ambach <ambi at samba.org>
Date: Mon Feb 18 17:34:25 2013 +0100
s3:build fix the build with --fake-kaserver
this fixes Bug 9643 - Build in source3 of bin/net fails when configure option
--with-fake-kaserver is used
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9643
Signed-off-by: Christian Ambach <ambi at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue Feb 19 19:15:19 CET 2013 on sn-devel-104
(cherry picked from commit 432dde0223d884b7de1a9d3c0655304efbcf1f88)
-----------------------------------------------------------------------
Summary of changes:
lib/socket/interfaces.c | 28 +++++++++++++++-------------
source3/Makefile.in | 2 +-
source3/auth/auth_util.c | 3 ++-
source3/lib/afs.c | 2 +-
source3/libnet/libnet_join.c | 14 +++++++++++---
source3/libnet/libnet_join.h | 3 ++-
6 files changed, 32 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c
index 74c6423..e62da3c 100644
--- a/lib/socket/interfaces.c
+++ b/lib/socket/interfaces.c
@@ -186,6 +186,21 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces)
memcpy(&ifaces[total].ip, ifptr->ifa_addr, copy_size);
memcpy(&ifaces[total].netmask, ifptr->ifa_netmask, copy_size);
+ /* calculate broadcast address */
+#if defined(HAVE_IPV6)
+ if (ifptr->ifa_addr->sa_family == AF_INET6) {
+ struct sockaddr_in6 *sin6 =
+ (struct sockaddr_in6 *)ifptr->ifa_addr;
+ struct in6_addr *in6 =
+ (struct in6_addr *)&sin6->sin6_addr;
+
+ if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) {
+ continue;
+ }
+ /* IPv6 does not have broadcast it uses multicast. */
+ memset(&ifaces[total].bcast, '\0', copy_size);
+ } else
+#endif
if (ifaces[total].flags & (IFF_BROADCAST|IFF_LOOPBACK)) {
make_bcast(&ifaces[total].bcast,
&ifaces[total].ip,
@@ -195,19 +210,6 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces)
memcpy(&ifaces[total].bcast,
ifptr->ifa_dstaddr,
copy_size);
-#if defined(HAVE_IPV6)
- } else if (ifptr->ifa_addr->sa_family == AF_INET6) {
- const struct sockaddr_in6 *sin6 =
- (const struct sockaddr_in6 *)ifptr->ifa_addr;
- const struct in6_addr *in6 =
- (const struct in6_addr *)&sin6->sin6_addr;
-
- if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) {
- continue;
- }
- /* IPv6 does not have broadcast it uses multicast. */
- memset(&ifaces[total].bcast, '\0', copy_size);
-#endif
} else {
continue;
}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 4424306..f6305c6 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1233,7 +1233,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
NET_OBJ2 = utils/net_registry_util.o utils/net_help_common.o
NET_OBJ = $(NET_OBJ1) \
- $(NET_OBJ2) \
+ $(NET_OBJ2) @FAKE_KASERVER_OBJ@ \
$(LIBADDNS_OBJ0) \
$(READLINE_OBJ) \
$(LIBGPO_OBJ) $(INIPARSER_OBJ) $(DISPLAY_SEC_OBJ) \
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index b75a390..d0b0b7d 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -125,7 +125,8 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
* This also deals with the client passing in a "" domain */
if (!is_trusted_domain(domain) &&
- !strequal(domain, my_sam_name()))
+ !strequal(domain, my_sam_name()) &&
+ !strequal(domain, get_global_sam_name()))
{
if (lp_map_untrusted_to_domain())
domain = my_sam_name();
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 4b6e6ec..2d77526 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -237,7 +237,7 @@ bool afs_login(connection_struct *conn)
}
afs_username = talloc_sub_advanced(ctx,
- lp_servicename(SNUM(conn)),
+ lp_servicename(ctx, SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3d0a6d3..2b4ab0b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1170,7 +1170,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
NTSTATUS libnet_join_ok(const char *netbios_domain_name,
const char *machine_name,
- const char *dc_name)
+ const char *dc_name,
+ const bool use_kerberos)
{
uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS;
struct cli_state *cli = NULL;
@@ -1179,6 +1180,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
NTSTATUS status;
char *machine_password = NULL;
char *machine_account = NULL;
+ int flags = 0;
if (!dc_name) {
return NT_STATUS_INVALID_PARAMETER;
@@ -1199,6 +1201,10 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
return NT_STATUS_NO_MEMORY;
}
+ if (use_kerberos) {
+ flags |= CLI_FULL_CONNECTION_USE_KERBEROS;
+ }
+
status = cli_full_connection(&cli, NULL,
dc_name,
NULL, 0,
@@ -1206,7 +1212,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name,
machine_account,
NULL,
machine_password,
- 0,
+ flags,
SMB_SIGNING_DEFAULT);
free(machine_account);
free(machine_password);
@@ -1277,7 +1283,8 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
status = libnet_join_ok(r->out.netbios_domain_name,
r->in.machine_name,
- r->in.dc_name);
+ r->in.dc_name,
+ r->in.use_kerberos);
if (!NT_STATUS_IS_OK(status)) {
libnet_join_set_error_string(mem_ctx, r,
"failed to verify domain membership after joining: %s",
@@ -2084,6 +2091,7 @@ static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx,
u->in.admin_account = r->in.admin_account;
u->in.admin_password = r->in.admin_password;
u->in.modify_config = r->in.modify_config;
+ u->in.use_kerberos = r->in.use_kerberos;
u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE |
WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h
index dccf03b..58c33b2 100644
--- a/source3/libnet/libnet_join.h
+++ b/source3/libnet/libnet_join.h
@@ -25,7 +25,8 @@
NTSTATUS libnet_join_ok(const char *netbios_domain_name,
const char *machine_name,
- const char *dc_name);
+ const char *dc_name,
+ const bool use_kerberos);
WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx,
struct libnet_JoinCtx **r);
WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx,
--
Samba Shared Repository
More information about the samba-cvs
mailing list