summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* waf: Improve log errors for MIT buildChristian Ambach2017-05-021-3/+3
| | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: FreeBSD needs sys/wait.h for WIFEXITEDVolker Lendecke2017-05-021-0/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue May 2 21:14:22 CEST 2017 on sn-devel-144
* smbd: Fix a 32-bit problemVolker Lendecke2017-05-021-2/+2
| | | | | | | | On 32-bit freebsd11, size_t is 32 bit. %zu does not cover 64 bits. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* systemd: fix detection of libsystemdAlexander Bokovoy2017-05-021-7/+8
| | | | | | | | | | | | | | | | | On Fedora 25 detection of libsystemd actually fails due to wrong assumptions in the configure test. conf.CHECK_LIB returns a list so 'not conf.CHECK_LIB(...)' is always False and we never get to check libsystemd. Instead, remember result of checking pkg-config for separate libsystemd-daemon and libsystemd-journal libraries. If they miss, attempt to use libsystemd library instead. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue May 2 13:05:43 CEST 2017 on sn-devel-144
* torture3: Make sure dbwrap_parse_record returns NOT_FOUND for invalid ↵Volker Lendecke2017-05-014-0/+71
| | | | | | | | | | watchers data Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon May 1 14:39:41 CEST 2017 on sn-devel-144
* dbwrap_watch: Protect against corrupt recordsVolker Lendecke2017-05-011-1/+4
| | | | | | | | | | | | | | | | If locking.tdb contains invalid records, "get_file_infos" called from directory enumeration crashes in Samba 4.4. The reason is that if "dbwrap_watched_parse" returns -1 due to record corruption, dbwrap_watched_parse_record returns NT_STATUS_OK without having called the parse function. Before 66cba9939b76f this led to "lck->data" to be uninitialized data, so smbd 4.4 would crash in this case. After 66cba9939b76f we implicitly initialize "state.lck" to NULL, so we don't have this particular problem anymore Apply the fix in master too, returning NT_STATUS_OK from parse_record without having called the parser could lead to bugs in other cases too. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Make sure that LOCAL-DBWRAP-WATCH1 is run in make testVolker Lendecke2017-05-011-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture3: In LOCAL-DBWRAP-WATCH1, open tdb with CLEAR_IF_FIRSTVolker Lendecke2017-05-011-1/+2
| | | | | | | | | Also ensure we delete the temp tdb file on success. Just make sure we start with fresh data Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* Revert "lib/util: make use of tfork in samba_runcmd_send()"Ralph Boehme2017-04-302-58/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 292e46ab12d8ec172c9d3b26330d8d6028a1d5a5. Processes run by tfork will have a parent pid of 1, they won't be childs of the caller anymore. When the source4 samba process uses samba_runcmd_send() to launch smbd and winbindd the resulting process hierarchy becomes: PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND 1 516 510 510 ? -1 S 111 0:02 avahi-daemon: running [samba-ad.local] 1 29209 29209 29209 ? -1 Ss 0 0:00 ./bin/samba 29209 29210 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29211 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29213 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29215 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29216 29209 29209 ? -1 R 0 0:00 \_ ./bin/samba 29209 29217 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29218 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29220 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29221 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29222 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29223 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29224 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 29209 29225 29209 29209 ? -1 S 0 0:00 \_ ./bin/samba 1 29214 29209 29209 ? -1 S 0 0:00 ./bin/samba 29214 29219 29219 29219 ? -1 Ss 0 0:00 \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground 29219 29236 29219 29219 ? -1 S 0 0:00 \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground 29219 29237 29219 29219 ? -1 S 0 0:00 \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground 29219 29238 29219 29219 ? -1 S 0 0:00 \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground 1 29228 29209 29209 ? -1 S 0 0:00 ./bin/samba 29228 29230 29230 29230 ? -1 Ss 0 0:00 \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground 29230 29239 29230 29230 ? -1 S 0 0:00 \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground They will still be in the same process group and session, but just not be a child or subchild. For childs of the source4 samba process this might be non desirable. killing all processes by sending a signal to the main samba process still works, because a pipe is used between the samba process and the smbd and winbindd childs. Both watch for EOF on the pipe. In the output above smbd and winbindd are in their own process group ans session because they call become_daemon(). See also the discussion in this mailthread: <https://lists.samba.org/archive/samba-technical/2017-April/120257.html> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Apr 30 17:21:05 CEST 2017 on sn-devel-144
* mit_samba: Fix principal lookup for cross domain referralAndreas Schneider2017-04-301-6/+70
| | | | | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sun Apr 30 03:29:35 CEST 2017 on sn-devel-144
* mit-samba: Remove obsolete mit_samba_update_pac_data()Andreas Schneider2017-04-292-79/+0
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()Andreas Schneider2017-04-291-23/+27
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Implement mit_samba_reget_pac()Andreas Schneider2017-04-292-0/+393
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MITAndreas Schneider2017-04-291-3/+10
| | | | | | | | | MIT Kerberos will insert an empty PAC_TYPE_LOGON_NAME during krb5_pac_sign(). Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* mit-samba: Remove unused mit_samba_get_pac_data()Andreas Schneider2017-04-292-39/+0
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Use mit_samba_get_pac() in ks_get_pac()Andreas Schneider2017-04-291-22/+8
| | | | | | | | This adds UPN_DNS_INFO to the PAC. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Implement mit_samba_get_pac()Andreas Schneider2017-04-292-0/+74
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Fix logging with the KDB driverAndreas Schneider2017-04-291-1/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Fix reauth tests with smaller clockskew grace timeAndreas Schneider2017-04-292-6/+6
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Move python build instructions to wscriptAndreas Schneider2017-04-292-36/+44
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* python: Add provisioning support for MIT KDC in samba-toolAndreas Schneider2017-04-294-7/+128
| | | | | | Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* python: Add py_is_heimdal_built() to pyglueAndreas Schneider2017-04-291-0/+11
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Add a variable to indicate that selftest is runningAndreas Schneider2017-04-291-0/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Create kerberos_implementation.py for provisioningAndreas Schneider2017-04-293-0/+49
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Skip s4u2proxy tests, no support yetAndreas Schneider2017-04-291-0/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add MIT Kerberos specific kpasswd blackbox testAndreas Schneider2017-04-292-0/+232
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Start the kpasswd service with MIT KDCAndreas Schneider2017-04-292-1/+225
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Search for MIT kadm-server libraryAndreas Schneider2017-04-291-0/+4
| | | | | | | | This is needed for plugin registration in the KDC. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Add MIT Kerberos specific kpasswd codeAndreas Schneider2017-04-292-2/+305
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Add AES and RC4 enctype checksAndreas Schneider2017-04-291-0/+175
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW testAndreas Schneider2017-04-292-2/+63
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Add TORTURE_KRB5_TEST_BREAK_PW testAndreas Schneider2017-04-291-8/+92
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST testAndreas Schneider2017-04-291-1/+83
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Add KDC test harness and first testAndreas Schneider2017-04-291-4/+343
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Only build KRB5 KDC tests when AD_DC build is enabledAndreas Schneider2017-04-291-17/+17
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add test with exported keytab from samba-toolAndreas Schneider2017-04-292-0/+128
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add a kinit trust test for MIT KDCAndreas Schneider2017-04-292-0/+142
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add test_kinit_mit.sh testAndreas Schneider2017-04-292-0/+314
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: Fix kinit of samba4.blackbox.locktestAndreas Schneider2017-04-291-1/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Fix usage printout of bogus blackbox testAndreas Schneider2017-04-291-1/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Fix test_chgdcpass blackbox test with MITAndreas Schneider2017-04-291-2/+14
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.Günther Deschner2017-04-291-2/+4
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Set clockskew grace time to 5 secondsAndreas Schneider2017-04-291-0/+4
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Setup configs for MIT KDCAndreas Schneider2017-04-292-0/+57
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Disable RODC tests with MIT KDCAndreas Schneider2017-04-292-1/+4
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Start MIT KDC if Kerberos is from MITAndreas Schneider2017-04-292-0/+9
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* waf: Do not disable the ntvfs fileserver when we have MIT DC buildAndreas Schneider2017-04-291-4/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Add 'mit kdc config' option to smb.confAndreas Schneider2017-04-292-0/+21
| | | | | | | | This points to the kdc config file created by Samba by default. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Register the MIT irpc PAC validation serviceAndreas Schneider2017-04-292-0/+13
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-kdc: Add MIT KRB5 based irpc service for PAC validationAndreas Schneider2017-04-293-0/+234
| | | | | | | | | | Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status