There is no way we can get a better error code out of this. The original
function called was krb5_get_init_creds_opt_get_error() which has been
deprecated in 2008.
Volker Lendecke [Tue, 21 Mar 2017 15:00:27 +0000 (16:00 +0100)]
idmap_rfc2307: Clarify the documentation a bit
"bind_path" is a variable name internally used inside Samba. If you
look at "man ldapsearch" from OpenLDAP for example, the more common
term for this parameter is "search base". Adapt the documentation
accordingly.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 21 14:25:54 CET 2017 on sn-devel-144
Martin Schwenke [Mon, 20 Mar 2017 03:49:34 +0000 (14:49 +1100)]
autobuild: Stop waf uninstall from removing test_tmpdir
Most of the autobuild tasks run "make distcheck", which does a
recursive "waf configure make install uninstall". "waf uninstall"
(via BuildContext.install() in Build.py) removes empty directories all
the way up the directory tree. This means that it removes
test_tmpdir, if it is empty, and any empty directories above it.
While this is arguably a waf bug, the simplest solution is to make
test_tmpdir non-empty so it don't get removed.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Mar 21 10:37:08 CET 2017 on sn-devel-144
Volker Lendecke [Sat, 18 Mar 2017 18:06:49 +0000 (19:06 +0100)]
idmap_autorid: Use idmap_config_int
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 20 23:28:38 CET 2017 on sn-devel-144
Martin Schwenke [Sat, 18 Mar 2017 09:38:32 +0000 (20:38 +1100)]
ctdb-tests: Catch cases where mktemp fails due to missing TMPDIR
TMPDIR sometimes goes missing during autobuild. When that happens the
error messages produced by CTDB tests are not very helpful. This
should make it clear.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Mar 20 08:53:02 CET 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Mar 18 19:47:40 CET 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 18 08:59:01 CET 2017 on sn-devel-144
Volker Lendecke [Fri, 27 Jan 2017 15:03:03 +0000 (16:03 +0100)]
tldap: Allow dropping messages in tldap_search()
For probing whether a connection is a live a rootdse search might be
interesting where we don't really care for the result, only success or
failure of the operation.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
During revoking readonly delegations, if one of the nodes disappears, then
there is no point re-trying revoking readonly delegation. The database
needs to be recovered before the revoke operation can succeed. So retry
only after a grace period.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 17 14:05:57 CET 2017 on sn-devel-144
Ralph Boehme [Thu, 16 Mar 2017 16:52:50 +0000 (17:52 +0100)]
winbindd: remove trailing spaces in get_cache()
Trailing spaces are annoyingly highlighted red in my emacs setup so I'd
like to get rid of them. :)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 17 00:20:17 CET 2017 on sn-devel-144
Volker Lendecke [Thu, 16 Mar 2017 08:31:10 +0000 (09:31 +0100)]
docs: Deprecate "map untrusted to domain"
The implementation of this parameter depends on Samba to enumerate
trusted domains. In an active directory environment, we don't know of
a good way to enumerate all domains that we have to accept as trusted,
in particular with multiple forests, one-way and external trusts. We
hope to replace this parameter in the future with something that matches
Windows behaviour better, after the deprecation phase of this parameter
is over and we can remove it.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 15 20:04:32 CET 2017 on sn-devel-144
Having a stale copy in Samba only confuses things.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 15 09:18:21 CET 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 05:26:17 CET 2017 on sn-devel-144
lib/crypto: implement samba.crypto Python module for RC4
Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.
When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.
Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.
Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
Volker Lendecke [Mon, 13 Mar 2017 18:09:27 +0000 (19:09 +0100)]
examples:clifuse: Add a stub for getattr
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 14 19:15:03 CET 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 13 19:45:31 CET 2017 on sn-devel-144
Garming Sam [Sun, 12 Mar 2017 23:18:00 +0000 (12:18 +1300)]
getncchanges: Remove O(n) loop in link parsing
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 13 08:57:24 CET 2017 on sn-devel-144
Garming Sam [Fri, 3 Mar 2017 03:21:12 +0000 (16:21 +1300)]
getncchanges: Implement functionality for msDS-RevealedUsers
This multi-valued DN+Binary linked attribute is present on the server object
for an RODC. A link to an object is added to it whenever secret
attributes from that object are replicated to an RODC to serve as an
audit trail.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Bob Campbell [Fri, 17 Feb 2017 02:51:36 +0000 (15:51 +1300)]
getncchanges: Do not filter secrets by PAS in EXOP_REPL_SECRET
This conforms with Windows' behaviour.
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 8 Mar 2017 04:12:32 +0000 (17:12 +1300)]
replmd: Include extra data on DN in search if it exists
This is important for multi-valued DN+Binary (or DN+String) attributes,
as otherwise they will be considered duplicates.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Garming Sam [Wed, 8 Mar 2017 04:12:27 +0000 (17:12 +1300)]
getncchanges: Let security of RWDC+ manually replicate secrets to RODCs
This correctly passes has_get_all_changes through to repl_secrets.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Bob Campbell [Wed, 15 Feb 2017 21:03:29 +0000 (10:03 +1300)]
drsblobs: Add decode for replPropertyMetaData1
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Bob Campbell [Mon, 13 Feb 2017 02:46:37 +0000 (15:46 +1300)]
python/tests: Add repl_rodc test
Currently, this tests the msDS-RevealedUsers feature, which we don't
support at the moment.
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 8 Mar 2017 04:13:40 +0000 (17:13 +1300)]
drsbase: use credentials if supplied
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 8 Mar 2017 04:17:27 +0000 (17:17 +1300)]
python/dsdb_dn: Add a generic get_bytes method on DNs
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 9 Mar 2017 03:10:16 +0000 (16:10 +1300)]
ldb_tdb: Add better comments for duplicate attr values
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 9 Mar 2017 02:56:12 +0000 (15:56 +1300)]
ldb_tdb: Do not check for duplicate values during a rename
This is not the time to be pretending to be dbcheck, and there are
exceptions to the single-value rules in Samba. This is needed for
the same reasons as the modify case.
(Note: this error was triggered with the demote of an RODC with links)
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 8 Mar 2017 04:12:21 +0000 (17:12 +1300)]
ldb_tdb: Do not care about duplicates if single value check disabled
This behaviour of ignoring duplicates with the flag
LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK is also used in the replace
case here.
When we add a forward DN+Binary link with a duplicate DN, this prevents
us from not being able to add the backlink because it appears to be a
duplicate here.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
projects / thirdparty / samba.git / log
