Jeremy Allison [Fri, 14 Dec 2007 01:25:26 +0000 (17:25 -0800)]
We don't need to call endpwent if we never call getpwent.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 01:18:48 +0000 (17:18 -0800)]
Add a varient of Steve Langasek <vorlon@debian.org> patch
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 00:46:42 +0000 (16:46 -0800)]
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
Jeremy Allison [Fri, 14 Dec 2007 00:44:24 +0000 (16:44 -0800)]
Arg. The fix for CVE-2007-6015 hadn't been merged into 3.2.
Do so now....
Jeremy.
Michael Adam [Thu, 13 Dec 2007 13:38:05 +0000 (14:38 +0100)]
Fix typo in debug statement.
Michael
Alexander Bokovoy [Thu, 13 Dec 2007 11:23:04 +0000 (14:23 +0300)]
Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.
Alexander Bokovoy [Thu, 13 Dec 2007 09:57:24 +0000 (12:57 +0300)]
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
Alexander Bokovoy [Thu, 13 Dec 2007 09:55:32 +0000 (12:55 +0300)]
Fix pam_smbpass build
Michael Adam [Wed, 28 Nov 2007 01:15:37 +0000 (02:15 +0100)]
Add flags for correctly implementing lsa_lookup_name levels.
(Prepare fix for Bug #4801.)
Michael
Michael Adam [Tue, 11 Dec 2007 15:34:39 +0000 (16:34 +0100)]
Make cm_connect_sam() try harder to connect autheticated.
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
Michael Adam [Tue, 11 Dec 2007 15:32:38 +0000 (16:32 +0100)]
Refactor out assembling of trust creds (pw, account name, principal).
Michael
Michael Adam [Tue, 11 Dec 2007 14:39:36 +0000 (15:39 +0100)]
Streamline and fix logic of cm_prepare_connection().
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
Michael Adam [Tue, 11 Dec 2007 13:36:11 +0000 (14:36 +0100)]
Refactoring out get_schannel_session_key logic.
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
Michael Adam [Tue, 11 Dec 2007 13:12:49 +0000 (14:12 +0100)]
Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.
Michael
Michael Adam [Tue, 11 Dec 2007 13:07:32 +0000 (14:07 +0100)]
Rename get_trust_pw() to get_trust_pw_hash().
Michael
Michael Adam [Tue, 11 Dec 2007 12:59:54 +0000 (13:59 +0100)]
Export logic of get_trust_pw() to new function get_trust_pw_clear().
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 13:02:45 +0000 (14:02 +0100)]
Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 12:05:44 +0000 (13:05 +0100)]
Let get_trust_pw() determine the machine_account_name to use.
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
Michael Adam [Tue, 11 Dec 2007 11:47:28 +0000 (12:47 +0100)]
Streamline logic in cm_connect_netlogon()
by retrieving trust password only, when it will be used.
Michael
Michael Adam [Tue, 11 Dec 2007 07:52:20 +0000 (08:52 +0100)]
In cm_prepare_connection(), only get auth user creds if we need to.
Michael
Michael Adam [Mon, 10 Dec 2007 22:53:55 +0000 (23:53 +0100)]
Remove two unneeded functions.
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
Michael Adam [Wed, 12 Dec 2007 17:03:20 +0000 (18:03 +0100)]
Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
James Peach [Thu, 13 Dec 2007 06:12:10 +0000 (22:12 -0800)]
Fix typo.
James Peach [Sat, 13 Oct 2007 05:16:22 +0000 (22:16 -0700)]
Autoconf support for detecting DNS Service Discovery support.
Patch from Rishi Srivatsavai <rishisv@gmail.com>, with some
adaptations.
Jeremy Allison [Thu, 13 Dec 2007 03:12:18 +0000 (19:12 -0800)]
Missed one strcpy call.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 03:06:04 +0000 (19:06 -0800)]
Add a portable version of strlcpy and strlcat and convert
all strncpy/strcat calls to them.
Convert all sprintf calls to snprintf. Safety first !
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:45:13 +0000 (18:45 -0800)]
Fix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:38:52 +0000 (18:38 -0800)]
Developer doesn't cut it - need #define test for NSS_WRAPPER.
Hopefully this should fix the buildfarm.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:07:02 +0000 (18:07 -0800)]
Only add the non-root escape on !developer.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 01:56:28 +0000 (17:56 -0800)]
Fix the buildfarm until I figure out how to allow
smbpasswd -L for non-root on the buildfarm only.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 01:26:49 +0000 (17:26 -0800)]
Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>
Jeremy.
Günther Deschner [Wed, 12 Dec 2007 17:57:45 +0000 (18:57 +0100)]
Make heimdal and MIT happy when iterating through auth data.
Guenther
Guenther Deschner [Wed, 12 Dec 2007 12:38:28 +0000 (13:38 +0100)]
Vista SP1-rc1 appears to break against Samba-3.0.27a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jason,
Jason Haar wrote:
> Patched 3.0.28, compiled, installed and here's the log file.
>
> Hope it helps. BTW I don't think it matters, but this is on 32bit
> CentOS4.5 systems.
yes, it helps. Thanks for that.
Very interesting, there are two auth data structures where the first one
is a PAC and the second something unknown (yet).
Can you please try the attached fix ? It should make it work again.
Guenther
- --
Günther Deschner GPG-ID:
8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd
MPsZW4G31VOVu64SPjgnJiI=
=Co+H
-----END PGP SIGNATURE-----
Michael Adam [Wed, 12 Dec 2007 12:50:48 +0000 (13:50 +0100)]
Fix logic and prevent segfaults in secrets trustdom tdb pack code.
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
Michael Adam [Wed, 12 Dec 2007 12:37:46 +0000 (13:37 +0100)]
Fix secrets_store_trusted_domain_password() after pstring removal.
Jeremy, this small "&" sign has given me a headache... :-)
Michael
Jeremy Allison [Wed, 12 Dec 2007 17:42:58 +0000 (09:42 -0800)]
Allow cliconnect to loop through multiple ip addresses
for a server. We should have been doing this for a while,
but it's more critical with IPv6.
Original patch fixed up by James.
Jeremy.
Andreas Schneider [Fri, 23 Nov 2007 09:54:48 +0000 (10:54 +0100)]
Don't restart winbind if a corrupted tdb is found during initialization.
The tdb is validated before it gets initialized. Since then sighandlers changed
a restart isn't needed anymore.
Stefan Metzmacher [Wed, 12 Dec 2007 08:51:56 +0000 (09:51 +0100)]
winbindd: remove unused WINBINDD_DUMP_MAPS support
Also the design of this function was really bad,
instead do the dump into a file, the client should get
back the list of mappings.
metze
Stefan Metzmacher [Wed, 12 Dec 2007 08:02:23 +0000 (09:02 +0100)]
winbindd: remove unused WINBINDD_DUAL_NAME2*ID and WINBINDD_DUAL_*ID2NAME calls
WINBINDD_DUAL_UID2NAME
WINBINDD_DUAL_NAME2UID
WINBINDD_DUAL_GID2NAME
WINBINDD_DUAL_NAME2GID
metze
Günther Deschner [Tue, 11 Dec 2007 16:40:52 +0000 (17:40 +0100)]
Add lp_include_registry_globals().
Guenther
Günther Deschner [Tue, 11 Dec 2007 20:22:04 +0000 (21:22 +0100)]
Some cleanups for "net dom join".
Guenther
Günther Deschner [Tue, 11 Dec 2007 23:42:22 +0000 (00:42 +0100)]
Add split_domain_user() (not to mix with winbind variants).
Guenther
Günther Deschner [Tue, 11 Dec 2007 23:44:10 +0000 (00:44 +0100)]
Make decode_wkssvc_join_password_buffer() return WERRORs.
Guenther
Jeremy Allison [Tue, 11 Dec 2007 23:10:37 +0000 (15:10 -0800)]
Fix warning message about data type always true.
Jeremy.
Jeremy Allison [Tue, 11 Dec 2007 21:16:35 +0000 (13:16 -0800)]
Add patches for bug #4866 from jiri sasek - Sun Microsystems - Prague Czech Republic <Jiri.Sasek@Sun.COM>
- slightly modified - Jiri please check ! to allow Solaris to get passwords > 8 chars.
Jeremy.
Stefan Metzmacher [Tue, 11 Dec 2007 14:08:18 +0000 (15:08 +0100)]
winbindd: pass const char *logfile to winbindd_dump_maps_async()
metze
Volker Lendecke [Mon, 10 Dec 2007 20:36:28 +0000 (21:36 +0100)]
Convert the posix_pending_close_db to dbwrap_rbt
Volker Lendecke [Tue, 11 Dec 2007 10:14:30 +0000 (11:14 +0100)]
separate out create_file_unixpath()
Volker Lendecke [Tue, 11 Dec 2007 09:49:26 +0000 (10:49 +0100)]
Move more stuff out of the way
Volker Lendecke [Tue, 11 Dec 2007 09:36:59 +0000 (10:36 +0100)]
Move INTERNAL_OPEN_ONLY calculation out of the way
Günther Deschner [Tue, 11 Dec 2007 13:57:30 +0000 (14:57 +0100)]
When building nsswitch, make sure to also build smbcontrol.
Guenther
Günther Deschner [Tue, 11 Dec 2007 11:28:10 +0000 (12:28 +0100)]
Replace "unknown" with access_mask when calling samr_CreateUser2().
Guenther
Stefan Metzmacher [Fri, 7 Dec 2007 15:00:45 +0000 (16:00 +0100)]
winbindd: rename child table struct elements
Add struct_ prefix to struct based protocol specific
elemetens struct winbindd_child_dispatch_table.
metze
Stefan Metzmacher [Mon, 10 Dec 2007 18:19:54 +0000 (19:19 +0100)]
idmap: add a const to idmap_dump_maps()
metze
Kai Blin [Mon, 10 Dec 2007 21:30:24 +0000 (22:30 +0100)]
vlp: Build vlp (virtual line printer) against current git on make
everything.
Jeremy Allison [Mon, 10 Dec 2007 23:31:05 +0000 (15:31 -0800)]
Don't need an fstring here, we can talloc.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 23:06:31 +0000 (15:06 -0800)]
Ensure we have a non-null flags. Pointed out by Andreas Schneider <anschneider@suse.de>.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 22:21:28 +0000 (14:21 -0800)]
Fix errors from next_token conversion. Spotted by
Andreas Schneider <anschneider@suse.de>.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 21:43:12 +0000 (13:43 -0800)]
Fix bug leftover from pstring conversion noticed by ceez
on irc.
Jeremy.
Volker Lendecke [Sun, 9 Dec 2007 16:40:48 +0000 (17:40 +0100)]
Remove two completely unnecessary globals
Can someone look over this? To me it looks as if bufr was only made static to
save a malloc during an included smb.conf file. I think that's pretty much
pointless.
Jeremy Allison [Mon, 10 Dec 2007 20:11:45 +0000 (12:11 -0800)]
Fix return values for invalid printers. Found by kblin
spoolss test.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 19:37:20 +0000 (11:37 -0800)]
Forgot build options was generated... fix.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 19:30:37 +0000 (11:30 -0800)]
Remove the char[1024] strings from dynconfig. Replace
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
Volker Lendecke [Sat, 24 Nov 2007 20:42:46 +0000 (21:42 +0100)]
use dbwrap_rbt in loadparm.c
Volker Lendecke [Sat, 24 Nov 2007 18:56:41 +0000 (19:56 +0100)]
Convert ServiceHash to dbwrap
Volker Lendecke [Fri, 9 Nov 2007 22:43:24 +0000 (23:43 +0100)]
dbwrap_rbt
This is meant as a replacement for the internal tdb. To me it seems a bit silly
that for in-memory structures we do our own memory management. With this rbt
based approach we can make use of the system-supplied malloc.
Volker Lendecke [Mon, 10 Dec 2007 12:20:24 +0000 (13:20 +0100)]
Make the Linux rbtrees compile within Samba
Volker Lendecke [Mon, 10 Dec 2007 12:11:51 +0000 (13:11 +0100)]
Add rbtree.[ch] from the Linux kernel
These are copies taken from
94545baded0bfbabdc30a3a4cb48b3db479dd6ef from Linus' kernel tree
Volker Lendecke [Sat, 24 Nov 2007 19:21:19 +0000 (20:21 +0100)]
Add db_tdb_fetch
Volker Lendecke [Sat, 24 Nov 2007 18:56:16 +0000 (19:56 +0100)]
Add dbwrap bystring service routines
Volker Lendecke [Mon, 10 Dec 2007 10:47:17 +0000 (11:47 +0100)]
Correctly unbecome_root() on error
Volker Lendecke [Sun, 9 Dec 2007 18:03:49 +0000 (19:03 +0100)]
Simplify add_session_user
Volker Lendecke [Fri, 7 Dec 2007 09:45:33 +0000 (10:45 +0100)]
Increase debug level
Volker Lendecke [Wed, 5 Dec 2007 20:09:57 +0000 (21:09 +0100)]
Move stuff from data to text
Volker Lendecke [Wed, 5 Dec 2007 19:58:25 +0000 (20:58 +0100)]
int->bool
Volker Lendecke [Wed, 5 Dec 2007 19:53:22 +0000 (20:53 +0100)]
Tiny simplifications
locking.c:open_read_only was unused
don't export the silly boolean flag locking_init(bool read_only)
Volker Lendecke [Wed, 5 Dec 2007 19:41:24 +0000 (20:41 +0100)]
Remove a static
Volker Lendecke [Wed, 5 Dec 2007 19:30:53 +0000 (20:30 +0100)]
Remove two statics
Volker Lendecke [Wed, 5 Dec 2007 17:46:53 +0000 (18:46 +0100)]
remove a static
Jeremy Allison [Sun, 9 Dec 2007 22:59:07 +0000 (14:59 -0800)]
Many systems don't have sa_len as part of struct sockaddr.
Revert
5c347cb46d85d04bbba7c99dca7ff9628f977d84
"Choose a better default for sockaddr length.".
Jeremy.
James Peach [Sun, 9 Dec 2007 22:18:54 +0000 (14:18 -0800)]
Support fetching very long server lists with RAP_NetServerEnum3.
Use the RAP_NetServerEnum3 server list continuation API for retrieving
server lists that are too long to fit in a single reply.
Patch from George Colley <gcolley@apple.com>.
James Peach [Sun, 9 Dec 2007 22:02:23 +0000 (14:02 -0800)]
Choose a better default for sockaddr length.
James Peach [Sun, 9 Dec 2007 22:01:57 +0000 (14:01 -0800)]
Specifically ask for IP4 addresses if we don't have IP6 support.
James Peach [Sun, 9 Dec 2007 22:00:25 +0000 (14:00 -0800)]
Make sure NULL is defined to the IPv6 test doesn't spuriously fail.
James Peach [Sun, 9 Dec 2007 21:28:00 +0000 (13:28 -0800)]
Fix connect(2) callers to use correct sockaddr size.
Some systems (eg Mac OSX 10.5) require the length passed to match
the socket address family. This introduces sys_connect() that does
the right thing, and replaces all uses oc connect(2) with sys_connect().
Note that there are some LGPL callers that still call connect(2)
directly.
James Peach [Sun, 9 Dec 2007 21:22:19 +0000 (13:22 -0800)]
Move load_case_tables() to after logging is set up. This can log
errors.
Volker Lendecke [Sun, 9 Dec 2007 18:46:06 +0000 (19:46 +0100)]
Don't copy the rpc function pointers
This actually shows up in a valgrind massif run with 4.1% of allocated memory.
I don't see why we would have to make a copy here.
Metze?
Volker Lendecke [Sat, 8 Dec 2007 10:25:05 +0000 (11:25 +0100)]
C++ warning
Volker Lendecke [Sun, 9 Dec 2007 12:45:10 +0000 (13:45 +0100)]
Get rid of the msgbuf[1600]
Volker Lendecke [Sat, 8 Dec 2007 10:21:08 +0000 (11:21 +0100)]
Fix C++ warnings
Volker Lendecke [Sat, 8 Dec 2007 10:20:53 +0000 (11:20 +0100)]
Fix two incompatible pointer warnings
Jeremy, please check
Jeremy Allison [Sat, 8 Dec 2007 01:44:42 +0000 (17:44 -0800)]
Add define guards around FSTRING_LEN.
Jeremy.
Jeremy Allison [Sat, 8 Dec 2007 01:32:32 +0000 (17:32 -0800)]
Remove next_token - all uses must now be next_token_talloc.
No more temptations to use static length strings.
Jeremy.
Jeremy Allison [Fri, 7 Dec 2007 22:54:38 +0000 (14:54 -0800)]
A requiem for pstring.
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| The infamous pstring |
| |
| |
| 7 December |
| |
| 2007 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Jeremy
Jeremy Allison [Fri, 7 Dec 2007 22:43:31 +0000 (14:43 -0800)]
More null deref fixes.
Jeremy.
Jeremy Allison [Fri, 7 Dec 2007 22:37:00 +0000 (14:37 -0800)]
More null deref fixes.
Jeremy
Jeremy Allison [Fri, 7 Dec 2007 22:35:04 +0000 (14:35 -0800)]
Don't deref null pointers.
Jeremy.
Jeremy Allison [Fri, 7 Dec 2007 20:46:55 +0000 (12:46 -0800)]
After conversations with Jerry, remove smbctool until it's
maintained. Now I don't have to fix the pstrings in it :-).
Jeremy.
Jeremy Allison [Fri, 7 Dec 2007 20:43:10 +0000 (12:43 -0800)]
We don't need P_GSTRING or P_UGSTRING anymore.
Jeremy.
Jeremy Allison [Fri, 7 Dec 2007 20:26:32 +0000 (12:26 -0800)]
Don't build rpctorture anymore - not maintained. Just remove.
Remove all vestiges of pstring (except for smbctool as noted
in previous commit).
Jeremy