The branch, master has been updated
via 415bd62... s4:ntvfs Prepare for a possible future sharing of
notify.idl
via e11a67d... s4:winbindd Record the privilaged pipe dir
via b183a30... s4:credentials Add in tracking of the password last set
time
via 6324a0f... s4:provision Remove unused 'account_name' parameter
via 00b985d... s4:auth Make it clear to the callers the talloc lifetime.
from 285b628... Plumb in krb5 to the SMB2 sessionsetup code. First cut
of this code.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 415bd627642bb8f18f180daaf61c4a6ddb62ebbd
Author: Andrew Bartlett <[email protected]>
Date: Wed May 5 12:47:07 2010 +1000
s4:ntvfs Prepare for a possible future sharing of notify.idl
I would love for notify.idl to be shared between Samba4 and Samba3
some day, and this seems to be the point at which the structure is
initialised.
Andrew Bartlett
commit e11a67de7d2b67f9efe47c471a9b35a14ec8ad47
Author: Andrew Bartlett <[email protected]>
Date: Mon May 17 19:54:00 2010 +1000
s4:winbindd Record the privilaged pipe dir
This may help us return an accurate priv pipe dir later on.
Andrew Bartlett
commit b183a30b2b3983a7f827dc6fd44eb16ac64904ce
Author: Andrew Bartlett <[email protected]>
Date: Mon May 17 13:41:01 2010 +1000
s4:credentials Add in tracking of the password last set time
We perhaps need a more general API here, but for now extend the
credentials API to return the password last changed time that the
s3compat layer will need.
Andrew Bartlett
commit 6324a0f59f78dff6501627518824e708aa3dc257
Author: Andrew Bartlett <[email protected]>
Date: Mon May 17 11:52:24 2010 +1000
s4:provision Remove unused 'account_name' parameter
The python glue code didn't even de-reference this element in the
structure.
Andrew Bartlett
commit 00b985def82acfbc4e36121d5879c1ffae2c68a3
Author: Andrew Bartlett <[email protected]>
Date: Thu May 6 16:47:15 2010 +1000
s4:auth Make it clear to the callers the talloc lifetime.
In other times, we might have used talloc_reference here, but this
isn't used as much these days.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
source4/auth/auth_sam_reply.c | 2 ++
source4/auth/credentials/credentials.c | 19 +++++++++++++++++++
source4/auth/credentials/credentials.h | 4 ++++
source4/auth/credentials/credentials_files.c | 11 ++++++++++-
source4/libnet/libnet_join.c | 1 -
source4/libnet/libnet_vampire.c | 1 -
source4/ntvfs/posix/pvfs_notify.c | 4 ++++
source4/param/provision.h | 1 -
source4/winbind/wb_server.c | 7 +++++--
source4/winbind/wb_server.h | 2 ++
10 files changed, 46 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/auth_sam_reply.c b/source4/auth/auth_sam_reply.c
index 6cca5e6..0aa41ae 100644
--- a/source4/auth/auth_sam_reply.c
+++ b/source4/auth/auth_sam_reply.c
@@ -105,6 +105,8 @@ NTSTATUS auth_convert_server_info_sambaseinfo(TALLOC_CTX
*mem_ctx,
return NT_STATUS_OK;
}
+/* Note that the validity of the _sam3 structure is only as long as
+ * the server_info it was generated from */
NTSTATUS auth_convert_server_info_saminfo3(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info
*server_info,
struct netr_SamInfo3 **_sam3)
diff --git a/source4/auth/credentials/credentials.c
b/source4/auth/credentials/credentials.c
index 6f7630a..a129efe 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -752,6 +752,25 @@ _PUBLIC_ void
cli_credentials_set_secure_channel_type(struct cli_credentials *cr
* Return NETLOGON secure chanel type
*/
+_PUBLIC_ time_t cli_credentials_get_password_last_changed_time(struct
cli_credentials *cred)
+{
+ return cred->password_last_changed_time;
+}
+
+/**
+ * Set NETLOGON secure channel type
+ */
+
+_PUBLIC_ void cli_credentials_set_password_last_changed_time(struct
cli_credentials *cred,
+ time_t
last_changed_time)
+{
+ cred->password_last_changed_time = last_changed_time;
+}
+
+/**
+ * Return NETLOGON secure chanel type
+ */
+
_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct
cli_credentials *cred)
{
return cred->secure_channel_type;
diff --git a/source4/auth/credentials/credentials.h
b/source4/auth/credentials/credentials.h
index ab4ee2f..c4c7d3f 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -107,6 +107,7 @@ struct cli_credentials {
struct netlogon_creds_CredentialState *netlogon_creds;
enum netr_SchannelType secure_channel_type;
int kvno;
+ time_t password_last_changed_time;
struct smb_krb5_context *smb_krb5_context;
@@ -218,6 +219,8 @@ bool cli_credentials_set_realm(struct cli_credentials *cred,
enum credentials_obtained obtained);
void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
enum netr_SchannelType
secure_channel_type);
+void cli_credentials_set_password_last_changed_time(struct cli_credentials
*cred,
+ time_t
last_change_time);
void cli_credentials_set_netlogon_creds(struct cli_credentials *cred,
struct netlogon_creds_CredentialState
*netlogon_creds);
NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred,
@@ -239,6 +242,7 @@ const char *cli_credentials_get_unparsed_name(struct
cli_credentials *credential
bool cli_credentials_set_password_callback(struct cli_credentials *cred,
const char *(*password_cb) (struct
cli_credentials *));
enum netr_SchannelType cli_credentials_get_secure_channel_type(struct
cli_credentials *cred);
+time_t cli_credentials_get_password_last_changed_time(struct cli_credentials
*cred);
void cli_credentials_set_kvno(struct cli_credentials *cred,
int kvno);
bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
diff --git a/source4/auth/credentials/credentials_files.c
b/source4/auth/credentials/credentials_files.c
index 6ddee9e..2e88cf4 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -210,7 +210,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct
cli_credentials *cred,
enum netr_SchannelType sct;
const char *salt_principal;
const char *keytab;
-
+ const struct ldb_val *whenChanged;
+
/* ok, we are going to get it now, don't recurse back here */
cred->machine_account_pending = false;
@@ -314,6 +315,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct
cli_credentials *cred,
cli_credentials_set_kvno(cred, ldb_msg_find_attr_as_int(msg,
"msDS-KeyVersionNumber", 0));
+ whenChanged = ldb_msg_find_ldb_val(msg, "whenChanged");
+ if (whenChanged) {
+ time_t lct;
+ if (ldb_val_to_time(whenChanged, &lct) == LDB_SUCCESS) {
+ cli_credentials_set_password_last_changed_time(cred,
lct);
+ }
+ }
+
/* If there was an external keytab specified by reference in
* the LDB, then use this. Otherwise we will make one up
* (chewing CPU time) from the password */
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 748a791..289756c 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -944,7 +944,6 @@ static NTSTATUS libnet_Join_primary_domain(struct
libnet_context *ctx,
ZERO_STRUCTP(set_secrets);
set_secrets->domain_name = r2->out.domain_name;
set_secrets->realm = r2->out.realm;
- set_secrets->account_name = account_name;
set_secrets->netbios_name = netbios_name;
set_secrets->secure_channel_type = r->in.join_type;
set_secrets->machine_password = r2->out.join_password;
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index a5c8a8f..6d4481f 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -766,7 +766,6 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx,
TALLOC_CTX *mem_ctx,
ZERO_STRUCTP(set_secrets);
set_secrets->domain_name = join->out.domain_name;
set_secrets->realm = join->out.realm;
- set_secrets->account_name = account_name;
set_secrets->netbios_name = netbios_name;
set_secrets->secure_channel_type = SEC_CHAN_BDC;
set_secrets->machine_password = join->out.join_password;
diff --git a/source4/ntvfs/posix/pvfs_notify.c
b/source4/ntvfs/posix/pvfs_notify.c
index 778897d..6a857db 100644
--- a/source4/ntvfs/posix/pvfs_notify.c
+++ b/source4/ntvfs/posix/pvfs_notify.c
@@ -179,6 +179,10 @@ static NTSTATUS pvfs_notify_setup(struct pvfs_state *pvfs,
struct pvfs_file *f,
{
NTSTATUS status;
struct notify_entry e;
+
+ /* We may not fill in all the elements in this entry -
+ * structure may in future be shared with Samba3 */
+ ZERO_STRUCT(e);
/* We may not fill in all the elements in this entry -
* structure may in future be shared with Samba3 */
diff --git a/source4/param/provision.h b/source4/param/provision.h
index b8277c3..516a9de 100644
--- a/source4/param/provision.h
+++ b/source4/param/provision.h
@@ -48,7 +48,6 @@ struct provision_store_self_join_settings {
const char *domain_name;
const char *realm;
const char *netbios_name;
- const char *account_name;
enum netr_SchannelType secure_channel_type;
const char *machine_password;
int key_version_number;
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index 9e1a187..2e1af61 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -284,11 +284,14 @@ static void winbind_task_init(struct task_server *task)
return;
}
+ service->priv_pipe_dir =
lp_winbindd_privileged_socket_directory(task->lp_ctx);
+ service->pipe_dir = lp_winbindd_socket_directory(task->lp_ctx);
+
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
listen_socket->socket_path = talloc_asprintf(listen_socket,
"%s/%s",
-
lp_winbindd_socket_directory(task->lp_ctx),
+ service->pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
@@ -305,7 +308,7 @@ static void winbind_task_init(struct task_server *task)
if (!listen_socket) goto nomem;
listen_socket->socket_path
= talloc_asprintf(listen_socket, "%s/%s",
-
lp_winbindd_privileged_socket_directory(task->lp_ctx),
+ service->priv_pipe_dir,
WINBINDD_SOCKET_NAME);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h
index d408fbb..111aefc 100644
--- a/source4/winbind/wb_server.h
+++ b/source4/winbind/wb_server.h
@@ -31,6 +31,8 @@ struct wbsrv_service {
const struct dom_sid *primary_sid;
struct wbsrv_domain *domains;
struct idmap_context *idmap_ctx;
+ const char *priv_pipe_dir;
+ const char *pipe_dir;
};
struct wbsrv_samconn {
--
Samba Shared Repository
