lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into lib/replace/system/gssapi.h
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.
Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
Simo Sorce [Sat, 21 Apr 2012 20:55:35 +0000 (16:55 -0400)]
Cracknames: use krb wrapper functions so it works with MIT
Also avoid a silly game with directly modifying the principal and
then calling krb5_principal_unparse_flags to get out a string.
If we already assume it is a 2 components name and know what outcome we are
going to get, just go ahead and talloc_asprintf the linearized string.
Make sure krb5_principal_get_num_comp is identified as present for Heimdal build
Common wrappers for MIT / Heimdal use krb5_principal_get_num_comp() to replace krb5_princ_size
but rely on krb5_principal_get_num_comp() identified by the build. As we know it exists in Heimdal,
define it for waf build.
With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify
configuration and checks for MIT/Heimdal Kerberos implementations.
1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5
2. Make sure they are called same way (--with-mit-krb5-checks)
3. If no configure checks identified MIT krb5 in system (or were disabled),
make sure Heimdal build is selected, embedded (default) or system-provided.
This makes logic of configuration unchanged for Heimdal builds but adds
less hacky way to use MIT krb5 builds. The latter does not work yet as we
need to untangle more subsystems from HDB/Heimdal-specific details but
lays out a foundation for that.
Jeremy Allison [Fri, 20 Apr 2012 22:53:55 +0000 (15:53 -0700)]
Add complete test program for Linux kernel aio inside configure.in (I discovered yesterday there are systems with only half the glibc changes needed to implement userspace kaio.
Andrew Bartlett [Mon, 23 Apr 2012 05:03:05 +0000 (15:03 +1000)]
build: Remove support for a system libsmbclient
With the new --private-libraries option, there is no longer the need
to have this support, which was aimed at avoiding the duplication
between two different libsmbclient binaries in a packaged
distribution. By using --private-libraries instead, we do not
introduce a dependency between Samba 4.0 packages and whatever other
packages are on the system.
Andrew Bartlett [Mon, 23 Apr 2012 03:47:46 +0000 (13:47 +1000)]
s4-libnet: Fix segfault shown by wbinfo --group-info=administrator
The issue was that after the LookupNames call indicated that this was
not a group, the call paths diverged, with both sucess and failure
paths running.
Michael Adam [Fri, 20 Apr 2012 08:56:58 +0000 (10:56 +0200)]
s3:memcache: remove the idmap-part from memcache
This was useful before the idmap cache was moved to gencache.
Nowadays it is available to smbd through gencache, so we
can remove the extra caching layer.
Volker Lendecke [Wed, 15 Feb 2012 15:38:43 +0000 (16:38 +0100)]
s3-g_lock: Use dbwrap_record_watch_send/recv
This simplifies the g_lock implementation. The new implementation tries to
acquire a lock. If that fails due to a lock conflict, wait for the g_lock
record to change. Upon change, just try again. The old logic had to cope with
pending records and an ugly hack into ctdb itself. As a bonus, we now get a
really clean async g_lock_lock_send/recv that can asynchronously wait for a
global lock. This would have been almost impossible to do without the
dbwrap_record_watch infrastructure.
Andrew Bartlett [Thu, 19 Apr 2012 05:34:48 +0000 (15:34 +1000)]
wafsamba: allow certain public libraries to be forced to be private
This will help installations where the Samba4 libraries must be used but
the main system is not using the system libs that would normally
be installed. This in particular impacts on libwbclient, which is a
core dep, but is different to that used by the rest of a Samba 3.x based
system.
Use eg: ./configure --private-libraries=wbclient
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 20 03:27:22 CEST 2012 on sn-devel-104
Simo Sorce [Thu, 19 Apr 2012 21:54:57 +0000 (17:54 -0400)]
Move kdc_get_policy helper in the lsa server where it belongs.
This was used in only 2 places, db-glue.c and the lsa server.
In db-glue.c it is awkward though, as it forces to use an unconvenient lsa
structure and conversions from time_t to nt_time only to have nt_times
converted back to time_t for actual use. This is silly.
Also the kdc-policy file was a single funciton library, that's just ridiculous.
The loadparm helper is all we need to keep the values consistent, and if we
ever end up doing something with group policies we will care about it when it's
the time. the code would have to change quite a lot anyway.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Apr 20 01:53:37 CEST 2012 on sn-devel-104
Simo Sorce [Thu, 19 Apr 2012 15:16:03 +0000 (11:16 -0400)]
loadparm: Add helper function to fetch default lifetime policies
This use long to fetch time_t quantities, because there are architectures were
time_t is a signed long but long != int, So long is the proper way to deal with
it.
For the notify cleanup process we have a notify context without a
messaging entry. We will never call notify_add/remove for this, but
the code should protect against this.
There is no need to call pdb_set_pass_must_change_time() because
nothing ever consults that value. It is always calculated from the
domain policy.
Also, this means we no longer store the value in LDAP. The value
would only ever be set when migrating from tdbsam or smbpasswd, not on
password changes, so would become incorrect over time.
samba_spnupdate: don't try to register DNS related SPN if we are not mastering the NC
For RW DC the impact is pretty small but for RODC the whole SPN set is
rejected by the target DC as RODC hasn't the right to register DNS SPN
if it is not mastering this NC.
projects / thirdparty / samba.git / log
