The branch, v4-0-test has been updated via f77d5d6 Fix bug # 9666 - Broken filtering of link-local addresses. via 2035ab5 Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain. via 7a5d1b5 Make sure that domain joins work correctly when the DC disallows NTLM auth. via 0591310 s3:lib/afs fix the build via 7a3d84f s3:build fix the build with --fake-kaserver from 51e2615 s4-libcli: Check return value of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <a...@samba.org>
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit f77d5d6479c879c8770fbc9a6ca5656ef3e41019 Author: Timur Bakeyev <ti...@freebsd.org> Date: Wed Feb 27 16:25:07 2013 -0800 Fix bug # 9666 - Broken filtering of link-local addresses. This patch should address the problem with Link Local addresses on FreeBSD and Linux. Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Fri Mar 1 18:21:19 CET 2013 on sn-devel-104 commit 2035ab587e44f4a3944a3fabe3196c30640b8e04 Author: Daniel Kobras <d.kob...@science-computing.de> Date: Fri Feb 22 16:24:26 2013 -0800 Fix bug #9039 'map untrusted to domain' treats WORKSTATION as bogus domain. s3: never try to map global SAM name Do not treat the global SAM name as a BOGUS domain, and exempt local users from mapping, instead. This change reinstates the exact mapping behaviour of Samba 3.2 if parameter 'map untrusted to domain' is set. Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Michael Adam <ob...@samba.org> commit 7a5d1b5162d3a9264690146a9cfd7685cd872d17 Author: Richard Sharpe <realrichardsha...@gmail.com> Date: Tue Feb 26 20:22:05 2013 -0800 Make sure that domain joins work correctly when the DC disallows NTLM auth. Signed-Off-By: Richard Sharpe <realrichardsha...@gmail.com> Fix bug #Bug 9689 - net ads join -k fails when AD is in Kerberos-only mode. commit 05913109fa8f40abb2e3c08174cb6d3383bf8b11 Author: Christian Ambach <a...@samba.org> Date: Mon Feb 18 16:55:30 2013 +0100 s3:lib/afs fix the build Fix Bug 9644 - Compile of source3/lib/afs.c fails Bug: https://bugzilla.samba.org/show_bug.cgi?id=9644 Signed-off-by: Christian Ambach <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit e7f66f37a62ad954e8b0a048905f0e6688b70849) commit 7a3d84f7400864ae59b09b5e3e67ff24cb8ca8c2 Author: Christian Ambach <a...@samba.org> Date: Mon Feb 18 17:34:25 2013 +0100 s3:build fix the build with --fake-kaserver this fixes Bug 9643 - Build in source3 of bin/net fails when configure option --with-fake-kaserver is used Bug: https://bugzilla.samba.org/show_bug.cgi?id=9643 Signed-off-by: Christian Ambach <a...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Tue Feb 19 19:15:19 CET 2013 on sn-devel-104 (cherry picked from commit 432dde0223d884b7de1a9d3c0655304efbcf1f88) ----------------------------------------------------------------------- Summary of changes: lib/socket/interfaces.c | 28 +++++++++++++++------------- source3/Makefile.in | 2 +- source3/auth/auth_util.c | 3 ++- source3/lib/afs.c | 2 +- source3/libnet/libnet_join.c | 14 +++++++++++--- source3/libnet/libnet_join.h | 3 ++- 6 files changed, 32 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/socket/interfaces.c b/lib/socket/interfaces.c index 74c6423..e62da3c 100644 --- a/lib/socket/interfaces.c +++ b/lib/socket/interfaces.c @@ -186,6 +186,21 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces) memcpy(&ifaces[total].ip, ifptr->ifa_addr, copy_size); memcpy(&ifaces[total].netmask, ifptr->ifa_netmask, copy_size); + /* calculate broadcast address */ +#if defined(HAVE_IPV6) + if (ifptr->ifa_addr->sa_family == AF_INET6) { + struct sockaddr_in6 *sin6 = + (struct sockaddr_in6 *)ifptr->ifa_addr; + struct in6_addr *in6 = + (struct in6_addr *)&sin6->sin6_addr; + + if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) { + continue; + } + /* IPv6 does not have broadcast it uses multicast. */ + memset(&ifaces[total].bcast, '\0', copy_size); + } else +#endif if (ifaces[total].flags & (IFF_BROADCAST|IFF_LOOPBACK)) { make_bcast(&ifaces[total].bcast, &ifaces[total].ip, @@ -195,19 +210,6 @@ static int _get_interfaces(TALLOC_CTX *mem_ctx, struct iface_struct **pifaces) memcpy(&ifaces[total].bcast, ifptr->ifa_dstaddr, copy_size); -#if defined(HAVE_IPV6) - } else if (ifptr->ifa_addr->sa_family == AF_INET6) { - const struct sockaddr_in6 *sin6 = - (const struct sockaddr_in6 *)ifptr->ifa_addr; - const struct in6_addr *in6 = - (const struct in6_addr *)&sin6->sin6_addr; - - if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_V4COMPAT(in6)) { - continue; - } - /* IPv6 does not have broadcast it uses multicast. */ - memset(&ifaces[total].bcast, '\0', copy_size); -#endif } else { continue; } diff --git a/source3/Makefile.in b/source3/Makefile.in index 4424306..f6305c6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1233,7 +1233,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \ NET_OBJ2 = utils/net_registry_util.o utils/net_help_common.o NET_OBJ = $(NET_OBJ1) \ - $(NET_OBJ2) \ + $(NET_OBJ2) @FAKE_KASERVER_OBJ@ \ $(LIBADDNS_OBJ0) \ $(READLINE_OBJ) \ $(LIBGPO_OBJ) $(INIPARSER_OBJ) $(DISPLAY_SEC_OBJ) \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index b75a390..d0b0b7d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -125,7 +125,8 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info, * This also deals with the client passing in a "" domain */ if (!is_trusted_domain(domain) && - !strequal(domain, my_sam_name())) + !strequal(domain, my_sam_name()) && + !strequal(domain, get_global_sam_name())) { if (lp_map_untrusted_to_domain()) domain = my_sam_name(); diff --git a/source3/lib/afs.c b/source3/lib/afs.c index 4b6e6ec..2d77526 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -237,7 +237,7 @@ bool afs_login(connection_struct *conn) } afs_username = talloc_sub_advanced(ctx, - lp_servicename(SNUM(conn)), + lp_servicename(ctx, SNUM(conn)), conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3d0a6d3..2b4ab0b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1170,7 +1170,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, - const char *dc_name) + const char *dc_name, + const bool use_kerberos) { uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct cli_state *cli = NULL; @@ -1179,6 +1180,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, NTSTATUS status; char *machine_password = NULL; char *machine_account = NULL; + int flags = 0; if (!dc_name) { return NT_STATUS_INVALID_PARAMETER; @@ -1199,6 +1201,10 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, return NT_STATUS_NO_MEMORY; } + if (use_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + status = cli_full_connection(&cli, NULL, dc_name, NULL, 0, @@ -1206,7 +1212,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, machine_account, NULL, machine_password, - 0, + flags, SMB_SIGNING_DEFAULT); free(machine_account); free(machine_password); @@ -1277,7 +1283,8 @@ static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx, status = libnet_join_ok(r->out.netbios_domain_name, r->in.machine_name, - r->in.dc_name); + r->in.dc_name, + r->in.use_kerberos); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, "failed to verify domain membership after joining: %s", @@ -2084,6 +2091,7 @@ static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx, u->in.admin_account = r->in.admin_account; u->in.admin_password = r->in.admin_password; u->in.modify_config = r->in.modify_config; + u->in.use_kerberos = r->in.use_kerberos; u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index dccf03b..58c33b2 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -25,7 +25,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, - const char *dc_name); + const char *dc_name, + const bool use_kerberos); WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r); WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, -- Samba Shared Repository