Volker Lendecke [Tue, 18 Dec 2007 08:41:03 +0000 (09:41 +0100)]
Add a in-memory cache
This is a more general API that caches data with a LRU scheme. See
include/cache.h. No comments yet, I'm still working on it. But Jeremy has given
me a hint in one of his checkins that he would like to make use of this now.
The idea is that we get rid of all our silly little caches and merge them all
into one cache that we can then very easily trim, for example even with a
smbcontrol message if someone decides memory is tight. The main user is the
stat cache, this patch also converts the getwd cache. More caches to come.
Michael Adam [Tue, 18 Dec 2007 06:58:22 +0000 (07:58 +0100)]
Fix a debug message: add missing space.
Michael
Rishi Srivatsavai [Tue, 18 Dec 2007 06:09:09 +0000 (22:09 -0800)]
Add smbclient support for basic mDNS browsing.
Patch from Rishi Srivatsavai (bugzilla #4150), with tallocification
and minor syle changes by me.
Jeremy Allison [Tue, 18 Dec 2007 02:32:27 +0000 (18:32 -0800)]
More static pstring elimination.
Jeremy.
Jeremy Allison [Tue, 18 Dec 2007 02:00:43 +0000 (18:00 -0800)]
More static fstring elimination.
Jeremy.
Jeremy Allison [Tue, 18 Dec 2007 01:27:29 +0000 (17:27 -0800)]
Remove more static fstrings (yes this little cache should be
in the rbtree....).
Jeremy.
Jeremy Allison [Tue, 18 Dec 2007 01:13:31 +0000 (17:13 -0800)]
Correctly define prototypes for accessor functions.
Jeremy.
Jeremy Allison [Tue, 18 Dec 2007 01:03:07 +0000 (17:03 -0800)]
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
Jeremy Allison [Tue, 18 Dec 2007 01:02:48 +0000 (17:02 -0800)]
More static fstring removal.
Jeremy.
Michael Adam [Tue, 18 Dec 2007 00:55:48 +0000 (01:55 +0100)]
Fix logic error in cm_connect_sam().
Don't fall back to schannel when trust creds could be obtained.
This is still not complete, but I am getting closer.
Michael
Michael Adam [Tue, 18 Dec 2007 00:30:52 +0000 (01:30 +0100)]
Prevent another segfault.
Michael
Jeremy Allison [Tue, 18 Dec 2007 00:20:44 +0000 (16:20 -0800)]
Use the %*s feature of snprintf to remove anothe static fstring.
Jeremy.
Gerald (Jerry) Carter [Mon, 17 Dec 2007 23:33:48 +0000 (17:33 -0600)]
Fix a segv in winbindd caused by trying to free an fstring.
Make a copy of the machine_password and machine_account strings
in all conditional paths so that SAFE_FREE() will always be valid.
Michael Adam [Mon, 17 Dec 2007 22:02:39 +0000 (23:02 +0100)]
Do not close netlogon pipe in get_schannel_session_key_common().
This removes one forgotten call of cli_rpc_pipe_close(netlogon_pipe).
Correction of
e77c4022cfbb868e608edcb06b676658b0e201ad.
Michael
Simo Sorce [Mon, 17 Dec 2007 20:26:16 +0000 (15:26 -0500)]
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-simo
Simo Sorce [Mon, 17 Dec 2007 20:21:38 +0000 (15:21 -0500)]
While 'data' is usually 0 terminated, nothing in the spec requires that. The correct way is to copy only 'length' bytes.
Simo.
Jeremy Allison [Mon, 17 Dec 2007 18:44:09 +0000 (10:44 -0800)]
Fix bug #5121 (unix passwd sync not working on a streams based
system).
Jeremy.
Simo Sorce [Mon, 17 Dec 2007 14:43:18 +0000 (09:43 -0500)]
Merge in J.Layton patch and resolve conflict.
Michael Adam [Mon, 17 Dec 2007 13:51:37 +0000 (14:51 +0100)]
Remove direct caller of secrets_fetch_trusted_domain_password().
This is a regession introduced by
f7efc0eca9426e63b751c07a90265a12bb39cf95.
This calls pdb_get_trusteddom_pw() instead, again.
Michael
Michael Adam [Mon, 17 Dec 2007 09:34:29 +0000 (10:34 +0100)]
Reformat: Remove trailing spaces.
Michael
Michael Adam [Mon, 17 Dec 2007 10:57:14 +0000 (11:57 +0100)]
Make usage message for net sam rights list a little more precise.
Michael
Michael Adam [Wed, 12 Dec 2007 17:03:20 +0000 (18:03 +0100)]
Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
This patch is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
Michael Adam [Mon, 17 Dec 2007 09:54:05 +0000 (10:54 +0100)]
Fix flags in caller of lookup_name() in create_builtin_administrators().
Michael
Michael Adam [Mon, 17 Dec 2007 10:55:05 +0000 (11:55 +0100)]
Fix flags in all callers of lookup_name() in net_sam.c.
Michael
Michael Adam [Mon, 17 Dec 2007 10:32:21 +0000 (11:32 +0100)]
Fix flags in call of lookup_name() in srv_samr_nt.c: can_create().
Use LOOKUP_NAME_LOCAL instead of LOOKUP_NAME_ISOLATED.
Michael
Michael Adam [Mon, 17 Dec 2007 09:55:37 +0000 (10:55 +0100)]
Fix flags in call of lookup_name() in pdb_default_create_alias().
Use new flag LOOKUP_NAME_LOCAL.
Michael
Michael Adam [Mon, 17 Dec 2007 10:28:56 +0000 (11:28 +0100)]
Add combined flag LOOKUP_NAME_LOCAL.
Presence of LOOKUP_NAME_ISOLATED as the only flag is not the sign
for doing local lookups only but the sign for allowing lookups
of unqualified names. The correct sign is absence of the flag
LOOKUP_NAME_REMOTE.
Michael
Volker Lendecke [Mon, 17 Dec 2007 06:18:30 +0000 (07:18 +0100)]
Remove t_doschar.c
Jeremy Allison [Mon, 17 Dec 2007 02:32:03 +0000 (18:32 -0800)]
Remove another static string and static passwd.
Jeremy.
Jeremy Allison [Mon, 17 Dec 2007 02:02:32 +0000 (18:02 -0800)]
Remove a static fstring.
Jeremy.
Volker Lendecke [Sat, 15 Dec 2007 23:25:49 +0000 (00:25 +0100)]
get rid of doschar_table[]
If I'm not completely blind, then check_dos_char is *only* used in the case
when we can't mmap() valid.dat. To me this looks as if we initialize the 65536
bits in doschar_table[] with check_dos_char_slowly, use it once to initialize
valid_table[] and *never* use them again. I think there's no point in keeping
these 8k of modified memory around for an unlikely case (no "valid.dat") and
even that only to use it exactly once.
Volker Lendecke [Sat, 15 Dec 2007 23:19:42 +0000 (00:19 +0100)]
Tiny fixes to init_valid_table()
Volker Lendecke [Sat, 15 Dec 2007 23:17:41 +0000 (00:17 +0100)]
Make init_doschar_table() static
It's only called directly before init_valid_table() anyway, so move it there.
Volker Lendecke [Sat, 15 Dec 2007 23:15:34 +0000 (00:15 +0100)]
Make check_dos_char static
It's only called in t_doschar, a pretty bogus test program that is not compiled
by default
Volker Lendecke [Sun, 16 Dec 2007 13:15:16 +0000 (14:15 +0100)]
make use of unmarshall_sec_desc
Volker Lendecke [Sun, 25 Nov 2007 17:26:52 +0000 (18:26 +0100)]
make use of [un]marshall_sec_desc, allow for fd==-1 in get/set_secdesc
Volker Lendecke [Thu, 13 Dec 2007 21:20:58 +0000 (22:20 +0100)]
Cut down memory usage of registry initialization
Volker Lendecke [Sat, 15 Dec 2007 23:03:56 +0000 (00:03 +0100)]
Remove a static fstring
Volker Lendecke [Sun, 16 Dec 2007 11:58:07 +0000 (12:58 +0100)]
Make smb_np_struct talloc'ed
Convert "name" from string to a talloc'ed char *
Volker Lendecke [Sun, 16 Dec 2007 11:57:06 +0000 (12:57 +0100)]
Remove unused code
Jeremy Allison [Sun, 16 Dec 2007 07:32:28 +0000 (23:32 -0800)]
Doh, fix typo in error exit.
Jeremy.
Jeremy Allison [Sun, 16 Dec 2007 07:22:25 +0000 (23:22 -0800)]
Added patch originally by Andreas Schneider <anschneider@suse.de>
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
Jeremy Allison [Sun, 16 Dec 2007 07:05:30 +0000 (23:05 -0800)]
Cope with valgrind > 3.2.x.
Jeremy.
Jeremy Allison [Sun, 16 Dec 2007 06:28:38 +0000 (22:28 -0800)]
More work on bug #5082, use LC_ALL as this takes
precedence.
Jeremy.
Volker Lendecke [Sat, 15 Dec 2007 21:47:30 +0000 (22:47 +0100)]
s/sid_to_string/sid_to_fstring/
least surprise for callers
Volker Lendecke [Sat, 15 Dec 2007 21:33:52 +0000 (22:33 +0100)]
Use dom_sid_string for sid_string_talloc
Remove some code duplication, but introduce one more dependency on librpc/ndr.
Easily turned around so that librpc/ndr depends on lib/util_sid if necessary
Volker Lendecke [Sat, 15 Dec 2007 21:08:09 +0000 (22:08 +0100)]
sid_string_static is no more :-)
We now have four ways to do sid_to_string:
sid_to_string: Convert it into an existing fstring, when you have one
sid_string_talloc: The obvious thing
sid_string_tos: For the lazy, use only with care
sid_string_dbg: The one to use in DEBUG statements
Volker Lendecke [Sat, 15 Dec 2007 21:00:39 +0000 (22:00 +0100)]
Replace sid_string_static with sid_to_string
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
Volker Lendecke [Sat, 15 Dec 2007 20:58:28 +0000 (21:58 +0100)]
Use sid_to_string directly
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src))
Volker Lendecke [Sat, 15 Dec 2007 20:53:26 +0000 (21:53 +0100)]
Replace sid_string_static with sid_string_tos
In utils/ I was a bit lazy...
Volker Lendecke [Sat, 15 Dec 2007 20:49:15 +0000 (21:49 +0100)]
Use sid_string_talloc where we have a tmp talloc ctx
Volker Lendecke [Sat, 15 Dec 2007 20:11:36 +0000 (21:11 +0100)]
Replace sid_string_static by sid_string_dbg in DEBUGs
Volker Lendecke [Sat, 15 Dec 2007 20:06:20 +0000 (21:06 +0100)]
Add sid_string_dbg
This makes use of the just added debug_ctx and will kill many
sid_string_static() calls
Volker Lendecke [Sat, 15 Dec 2007 20:05:11 +0000 (21:05 +0100)]
Add debug_ctx according to an idea by Tridge
Sorry, Jeremy, I think for debug messages this is just the right way to do it.
Volker Lendecke [Sat, 15 Dec 2007 20:10:58 +0000 (21:10 +0100)]
Use sid_string_talloc where we have a tmp talloc ctx
Volker Lendecke [Sat, 15 Dec 2007 18:00:42 +0000 (19:00 +0100)]
add sid_string_talloc
Volker Lendecke [Sat, 15 Dec 2007 10:38:28 +0000 (11:38 +0100)]
Fix a segfault
sid_to_string still expects a fstring
Jeremy Allison [Sat, 15 Dec 2007 01:02:50 +0000 (17:02 -0800)]
Fix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debian.org>.
Recent versions of Linux-PAM support localization of user prompts,
so Samba must use the C locale when invoking PAM (directly or via
/usr/bin/passwd) to ensure that password chat values match the prompts in a
locale-invariant fashion.
Jeremy.
Stefan Metzmacher [Fri, 14 Dec 2007 18:39:49 +0000 (19:39 +0100)]
selftest: reenable wbinfo tests and pass --configfile instead of -s
metze
Stefan Metzmacher [Fri, 14 Dec 2007 18:38:23 +0000 (19:38 +0100)]
wbinfo: use POPT_COMMON_CONFIGFILE
We can't use POPT_COMMON_SAMBA as the -s option is
already used by -s, --sid-to-name=SID.
Also load the config file after processing the cmdline options
metze
Stefan Metzmacher [Fri, 14 Dec 2007 18:36:14 +0000 (19:36 +0100)]
add POPT_COMMON_CONFIGFILE which only provides --configfile (not -s)
metze
Stefan Metzmacher [Fri, 14 Dec 2007 17:02:05 +0000 (18:02 +0100)]
selftest: disable wbinfo tests
wbinfo needs to take --config-file to work...
metze
Stefan Metzmacher [Fri, 14 Dec 2007 15:54:01 +0000 (16:54 +0100)]
selftest: add a bunch of wbinfo based tests for winbindd
metze
Stefan Metzmacher [Fri, 14 Dec 2007 15:14:32 +0000 (16:14 +0100)]
selftest: move workgroup name into WORKGROUP envvar
metze
Karolin Seeger [Fri, 14 Dec 2007 11:02:49 +0000 (12:02 +0100)]
Revert smbclient changes.
Patch broke option -p.
Sorry for breaking the build!
Karolin
Karolin Seeger [Fri, 14 Dec 2007 09:52:31 +0000 (10:52 +0100)]
Make smbclient to display error message and usage in the case of invalid options.
Stefan Metzmacher [Thu, 13 Dec 2007 11:27:57 +0000 (12:27 +0100)]
winbindd: move domain child specific stuff into its own file
metze
Stefan Metzmacher [Fri, 14 Dec 2007 06:47:07 +0000 (07:47 +0100)]
Revert "Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit
dd320c0924ce393a89b1cab020fd5cffc5b80380.
Stefan Metzmacher [Fri, 14 Dec 2007 07:21:59 +0000 (08:21 +0100)]
debug: fix crash bug when DEBUG() is used before setup_logging()
this was introduced by the pstring removal
(
1ea3ac80146b83c2522b69e7747c823366a2b47d)
metze
James Peach [Fri, 14 Dec 2007 06:12:21 +0000 (22:12 -0800)]
Move dns_sd.h include to fix the build.
James Peach [Fri, 14 Dec 2007 04:56:53 +0000 (20:56 -0800)]
Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-test
Rishi Srivatsavai [Fri, 14 Dec 2007 04:56:29 +0000 (20:56 -0800)]
Register the smb service with mDNS if mSDN is supported.
If mDNS is supported, attempt to register the first port we are
listening on for the _smb._tcp service. This provides more reliable
service discovery than NetBIOS browsing.
Jeremy Allison [Fri, 14 Dec 2007 01:25:26 +0000 (17:25 -0800)]
We don't need to call endpwent if we never call getpwent.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 01:18:48 +0000 (17:18 -0800)]
Add a varient of Steve Langasek <vorlon@debian.org> patch
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 00:46:42 +0000 (16:46 -0800)]
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
Jeremy Allison [Fri, 14 Dec 2007 00:44:24 +0000 (16:44 -0800)]
Arg. The fix for CVE-2007-6015 hadn't been merged into 3.2.
Do so now....
Jeremy.
Michael Adam [Thu, 13 Dec 2007 13:38:05 +0000 (14:38 +0100)]
Fix typo in debug statement.
Michael
Alexander Bokovoy [Thu, 13 Dec 2007 11:23:04 +0000 (14:23 +0300)]
Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.
Alexander Bokovoy [Thu, 13 Dec 2007 09:57:24 +0000 (12:57 +0300)]
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
Alexander Bokovoy [Thu, 13 Dec 2007 09:55:32 +0000 (12:55 +0300)]
Fix pam_smbpass build
Michael Adam [Wed, 28 Nov 2007 01:15:37 +0000 (02:15 +0100)]
Add flags for correctly implementing lsa_lookup_name levels.
(Prepare fix for Bug #4801.)
Michael
Michael Adam [Tue, 11 Dec 2007 15:34:39 +0000 (16:34 +0100)]
Make cm_connect_sam() try harder to connect autheticated.
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
Michael Adam [Tue, 11 Dec 2007 15:32:38 +0000 (16:32 +0100)]
Refactor out assembling of trust creds (pw, account name, principal).
Michael
Michael Adam [Tue, 11 Dec 2007 14:39:36 +0000 (15:39 +0100)]
Streamline and fix logic of cm_prepare_connection().
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
Michael Adam [Tue, 11 Dec 2007 13:36:11 +0000 (14:36 +0100)]
Refactoring out get_schannel_session_key logic.
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
Michael Adam [Tue, 11 Dec 2007 13:12:49 +0000 (14:12 +0100)]
Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.
Michael
Michael Adam [Tue, 11 Dec 2007 13:07:32 +0000 (14:07 +0100)]
Rename get_trust_pw() to get_trust_pw_hash().
Michael
Michael Adam [Tue, 11 Dec 2007 12:59:54 +0000 (13:59 +0100)]
Export logic of get_trust_pw() to new function get_trust_pw_clear().
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 13:02:45 +0000 (14:02 +0100)]
Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 12:05:44 +0000 (13:05 +0100)]
Let get_trust_pw() determine the machine_account_name to use.
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
Michael Adam [Tue, 11 Dec 2007 11:47:28 +0000 (12:47 +0100)]
Streamline logic in cm_connect_netlogon()
by retrieving trust password only, when it will be used.
Michael
Michael Adam [Tue, 11 Dec 2007 07:52:20 +0000 (08:52 +0100)]
In cm_prepare_connection(), only get auth user creds if we need to.
Michael
Michael Adam [Mon, 10 Dec 2007 22:53:55 +0000 (23:53 +0100)]
Remove two unneeded functions.
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
Michael Adam [Wed, 12 Dec 2007 17:03:20 +0000 (18:03 +0100)]
Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
James Peach [Thu, 13 Dec 2007 06:12:10 +0000 (22:12 -0800)]
Fix typo.
James Peach [Sat, 13 Oct 2007 05:16:22 +0000 (22:16 -0700)]
Autoconf support for detecting DNS Service Discovery support.
Patch from Rishi Srivatsavai <rishisv@gmail.com>, with some
adaptations.
Jeremy Allison [Thu, 13 Dec 2007 03:12:18 +0000 (19:12 -0800)]
Missed one strcpy call.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 03:06:04 +0000 (19:06 -0800)]
Add a portable version of strlcpy and strlcat and convert
all strncpy/strcat calls to them.
Convert all sprintf calls to snprintf. Safety first !
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:45:13 +0000 (18:45 -0800)]
Fix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:38:52 +0000 (18:38 -0800)]
Developer doesn't cut it - need #define test for NSS_WRAPPER.
Hopefully this should fix the buildfarm.
Jeremy.