Volker Lendecke [Sat, 15 Dec 2007 21:33:52 +0000 (22:33 +0100)]
Use dom_sid_string for sid_string_talloc
Remove some code duplication, but introduce one more dependency on librpc/ndr.
Easily turned around so that librpc/ndr depends on lib/util_sid if necessary
Volker Lendecke [Sat, 15 Dec 2007 21:08:09 +0000 (22:08 +0100)]
sid_string_static is no more :-)
We now have four ways to do sid_to_string:
sid_to_string: Convert it into an existing fstring, when you have one
sid_string_talloc: The obvious thing
sid_string_tos: For the lazy, use only with care
sid_string_dbg: The one to use in DEBUG statements
Volker Lendecke [Sat, 15 Dec 2007 21:00:39 +0000 (22:00 +0100)]
Replace sid_string_static with sid_to_string
This adds 28 fstrings on the stack, but I think an fstring on the stack is
still far better than a static one.
Volker Lendecke [Sat, 15 Dec 2007 20:58:28 +0000 (21:58 +0100)]
Use sid_to_string directly
It seems a bit pointless to do a fstrcpy(dst, sid_string_static(src))
Volker Lendecke [Sat, 15 Dec 2007 20:53:26 +0000 (21:53 +0100)]
Replace sid_string_static with sid_string_tos
In utils/ I was a bit lazy...
Volker Lendecke [Sat, 15 Dec 2007 20:49:15 +0000 (21:49 +0100)]
Use sid_string_talloc where we have a tmp talloc ctx
Volker Lendecke [Sat, 15 Dec 2007 20:11:36 +0000 (21:11 +0100)]
Replace sid_string_static by sid_string_dbg in DEBUGs
Volker Lendecke [Sat, 15 Dec 2007 20:06:20 +0000 (21:06 +0100)]
Add sid_string_dbg
This makes use of the just added debug_ctx and will kill many
sid_string_static() calls
Volker Lendecke [Sat, 15 Dec 2007 20:05:11 +0000 (21:05 +0100)]
Add debug_ctx according to an idea by Tridge
Sorry, Jeremy, I think for debug messages this is just the right way to do it.
Volker Lendecke [Sat, 15 Dec 2007 20:10:58 +0000 (21:10 +0100)]
Use sid_string_talloc where we have a tmp talloc ctx
Volker Lendecke [Sat, 15 Dec 2007 18:00:42 +0000 (19:00 +0100)]
add sid_string_talloc
Volker Lendecke [Sat, 15 Dec 2007 10:38:28 +0000 (11:38 +0100)]
Fix a segfault
sid_to_string still expects a fstring
Jeremy Allison [Sat, 15 Dec 2007 01:02:50 +0000 (17:02 -0800)]
Fix for bug #5082 from Mathias Gug <mathiaz@ubuntu.com>, Steve Langasek <vorlon@debian.org>.
Recent versions of Linux-PAM support localization of user prompts,
so Samba must use the C locale when invoking PAM (directly or via
/usr/bin/passwd) to ensure that password chat values match the prompts in a
locale-invariant fashion.
Jeremy.
Stefan Metzmacher [Fri, 14 Dec 2007 18:39:49 +0000 (19:39 +0100)]
selftest: reenable wbinfo tests and pass --configfile instead of -s
metze
Stefan Metzmacher [Fri, 14 Dec 2007 18:38:23 +0000 (19:38 +0100)]
wbinfo: use POPT_COMMON_CONFIGFILE
We can't use POPT_COMMON_SAMBA as the -s option is
already used by -s, --sid-to-name=SID.
Also load the config file after processing the cmdline options
metze
Stefan Metzmacher [Fri, 14 Dec 2007 18:36:14 +0000 (19:36 +0100)]
add POPT_COMMON_CONFIGFILE which only provides --configfile (not -s)
metze
Stefan Metzmacher [Fri, 14 Dec 2007 17:02:05 +0000 (18:02 +0100)]
selftest: disable wbinfo tests
wbinfo needs to take --config-file to work...
metze
Stefan Metzmacher [Fri, 14 Dec 2007 15:54:01 +0000 (16:54 +0100)]
selftest: add a bunch of wbinfo based tests for winbindd
metze
Stefan Metzmacher [Fri, 14 Dec 2007 15:14:32 +0000 (16:14 +0100)]
selftest: move workgroup name into WORKGROUP envvar
metze
Karolin Seeger [Fri, 14 Dec 2007 11:02:49 +0000 (12:02 +0100)]
Revert smbclient changes.
Patch broke option -p.
Sorry for breaking the build!
Karolin
Karolin Seeger [Fri, 14 Dec 2007 09:52:31 +0000 (10:52 +0100)]
Make smbclient to display error message and usage in the case of invalid options.
Stefan Metzmacher [Thu, 13 Dec 2007 11:27:57 +0000 (12:27 +0100)]
winbindd: move domain child specific stuff into its own file
metze
Stefan Metzmacher [Fri, 14 Dec 2007 06:47:07 +0000 (07:47 +0100)]
Revert "Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames."
As it breaks all tests which try to join a new machine account.
So more testing is needed...
metze
This reverts commit
dd320c0924ce393a89b1cab020fd5cffc5b80380.
Stefan Metzmacher [Fri, 14 Dec 2007 07:21:59 +0000 (08:21 +0100)]
debug: fix crash bug when DEBUG() is used before setup_logging()
this was introduced by the pstring removal
(
1ea3ac80146b83c2522b69e7747c823366a2b47d)
metze
James Peach [Fri, 14 Dec 2007 06:12:21 +0000 (22:12 -0800)]
Move dns_sd.h include to fix the build.
James Peach [Fri, 14 Dec 2007 04:56:53 +0000 (20:56 -0800)]
Merge branch 'v3-2-test' of git://git.samba.org/samba into v3-2-test
Rishi Srivatsavai [Fri, 14 Dec 2007 04:56:29 +0000 (20:56 -0800)]
Register the smb service with mDNS if mSDN is supported.
If mDNS is supported, attempt to register the first port we are
listening on for the _smb._tcp service. This provides more reliable
service discovery than NetBIOS browsing.
Jeremy Allison [Fri, 14 Dec 2007 01:25:26 +0000 (17:25 -0800)]
We don't need to call endpwent if we never call getpwent.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 01:18:48 +0000 (17:18 -0800)]
Add a varient of Steve Langasek <vorlon@debian.org> patch
for bug #4780. Cause user mounts to inherit uid= and gid= from the
calling user when called as non-root, except when overridden on the
commandline.
Jeremy.
Jeremy Allison [Fri, 14 Dec 2007 00:46:42 +0000 (16:46 -0800)]
Merge branch 'v3-2-test' of ssh://jra@git.samba.org/data/git/samba into v3-2-test
Jeremy Allison [Fri, 14 Dec 2007 00:44:24 +0000 (16:44 -0800)]
Arg. The fix for CVE-2007-6015 hadn't been merged into 3.2.
Do so now....
Jeremy.
Michael Adam [Thu, 13 Dec 2007 13:38:05 +0000 (14:38 +0100)]
Fix typo in debug statement.
Michael
Alexander Bokovoy [Thu, 13 Dec 2007 11:23:04 +0000 (14:23 +0300)]
Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.
Alexander Bokovoy [Thu, 13 Dec 2007 09:57:24 +0000 (12:57 +0300)]
Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
Alexander Bokovoy [Thu, 13 Dec 2007 09:55:32 +0000 (12:55 +0300)]
Fix pam_smbpass build
Michael Adam [Wed, 28 Nov 2007 01:15:37 +0000 (02:15 +0100)]
Add flags for correctly implementing lsa_lookup_name levels.
(Prepare fix for Bug #4801.)
Michael
Michael Adam [Tue, 11 Dec 2007 15:34:39 +0000 (16:34 +0100)]
Make cm_connect_sam() try harder to connect autheticated.
Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.
This is the first attempt to fix interdomain trusts.
(get password policy and stuff)
Michael
Michael Adam [Tue, 11 Dec 2007 15:32:38 +0000 (16:32 +0100)]
Refactor out assembling of trust creds (pw, account name, principal).
Michael
Michael Adam [Tue, 11 Dec 2007 14:39:36 +0000 (15:39 +0100)]
Streamline and fix logic of cm_prepare_connection().
Do not attempt to do a session setup when in a trusted domain
situation (this gives STATUS_NOLOGON_TRUSTED_DOMAIN_ACCOUNT).
Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.
Michael
Michael Adam [Tue, 11 Dec 2007 13:36:11 +0000 (14:36 +0100)]
Refactoring out get_schannel_session_key logic.
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
Michael Adam [Tue, 11 Dec 2007 13:12:49 +0000 (14:12 +0100)]
Pass NULL instead of unneeded &sid: pdb_get_trusteddom_pw() checks.
Michael
Michael Adam [Tue, 11 Dec 2007 13:07:32 +0000 (14:07 +0100)]
Rename get_trust_pw() to get_trust_pw_hash().
Michael
Michael Adam [Tue, 11 Dec 2007 12:59:54 +0000 (13:59 +0100)]
Export logic of get_trust_pw() to new function get_trust_pw_clear().
get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 13:02:45 +0000 (14:02 +0100)]
Refactor the lagacy part of secrets_fetch_trust_account_password() out
into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.
Michael
Michael Adam [Tue, 11 Dec 2007 12:05:44 +0000 (13:05 +0100)]
Let get_trust_pw() determine the machine_account_name to use.
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
Michael Adam [Tue, 11 Dec 2007 11:47:28 +0000 (12:47 +0100)]
Streamline logic in cm_connect_netlogon()
by retrieving trust password only, when it will be used.
Michael
Michael Adam [Tue, 11 Dec 2007 07:52:20 +0000 (08:52 +0100)]
In cm_prepare_connection(), only get auth user creds if we need to.
Michael
Michael Adam [Mon, 10 Dec 2007 22:53:55 +0000 (23:53 +0100)]
Remove two unneeded functions.
secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.
Michael
Michael Adam [Wed, 12 Dec 2007 17:03:20 +0000 (18:03 +0100)]
Fix for bug #4801: Correctly implement lsa lookup levels for lookupnames.
This is a first patch aimed at fixing bug #4801.
It is still incomplete in that winbindd does not walk
the the trusted domains to lookup unqualified names here.
Apart from that this fix should be pretty much complete.
Michael
James Peach [Thu, 13 Dec 2007 06:12:10 +0000 (22:12 -0800)]
Fix typo.
James Peach [Sat, 13 Oct 2007 05:16:22 +0000 (22:16 -0700)]
Autoconf support for detecting DNS Service Discovery support.
Patch from Rishi Srivatsavai <rishisv@gmail.com>, with some
adaptations.
Jeremy Allison [Thu, 13 Dec 2007 03:12:18 +0000 (19:12 -0800)]
Missed one strcpy call.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 03:06:04 +0000 (19:06 -0800)]
Add a portable version of strlcpy and strlcat and convert
all strncpy/strcat calls to them.
Convert all sprintf calls to snprintf. Safety first !
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:45:13 +0000 (18:45 -0800)]
Fix bug #4784. Patch from Steve Langasek <vorlon@debian.org>.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:38:52 +0000 (18:38 -0800)]
Developer doesn't cut it - need #define test for NSS_WRAPPER.
Hopefully this should fix the buildfarm.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 02:07:02 +0000 (18:07 -0800)]
Only add the non-root escape on !developer.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 01:56:28 +0000 (17:56 -0800)]
Fix the buildfarm until I figure out how to allow
smbpasswd -L for non-root on the buildfarm only.
Jeremy.
Jeremy Allison [Thu, 13 Dec 2007 01:26:49 +0000 (17:26 -0800)]
Fix bug #3727 with patch from Steve Langasek <vorlon@debian.org>
Jeremy.
Günther Deschner [Wed, 12 Dec 2007 17:57:45 +0000 (18:57 +0100)]
Make heimdal and MIT happy when iterating through auth data.
Guenther
Guenther Deschner [Wed, 12 Dec 2007 12:38:28 +0000 (13:38 +0100)]
Vista SP1-rc1 appears to break against Samba-3.0.27a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jason,
Jason Haar wrote:
> Patched 3.0.28, compiled, installed and here's the log file.
>
> Hope it helps. BTW I don't think it matters, but this is on 32bit
> CentOS4.5 systems.
yes, it helps. Thanks for that.
Very interesting, there are two auth data structures where the first one
is a PAC and the second something unknown (yet).
Can you please try the attached fix ? It should make it work again.
Guenther
- --
Günther Deschner GPG-ID:
8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd
MPsZW4G31VOVu64SPjgnJiI=
=Co+H
-----END PGP SIGNATURE-----
Michael Adam [Wed, 12 Dec 2007 12:50:48 +0000 (13:50 +0100)]
Fix logic and prevent segfaults in secrets trustdom tdb pack code.
New size calculation logic in tdb_trusted_dom_pass_pack()
and tdb_sid_pack() used accumulated sizes as successive offsets
to buffer pointer.
Michael
Michael Adam [Wed, 12 Dec 2007 12:37:46 +0000 (13:37 +0100)]
Fix secrets_store_trusted_domain_password() after pstring removal.
Jeremy, this small "&" sign has given me a headache... :-)
Michael
Jeremy Allison [Wed, 12 Dec 2007 17:42:58 +0000 (09:42 -0800)]
Allow cliconnect to loop through multiple ip addresses
for a server. We should have been doing this for a while,
but it's more critical with IPv6.
Original patch fixed up by James.
Jeremy.
Andreas Schneider [Fri, 23 Nov 2007 09:54:48 +0000 (10:54 +0100)]
Don't restart winbind if a corrupted tdb is found during initialization.
The tdb is validated before it gets initialized. Since then sighandlers changed
a restart isn't needed anymore.
Stefan Metzmacher [Wed, 12 Dec 2007 08:51:56 +0000 (09:51 +0100)]
winbindd: remove unused WINBINDD_DUMP_MAPS support
Also the design of this function was really bad,
instead do the dump into a file, the client should get
back the list of mappings.
metze
Stefan Metzmacher [Wed, 12 Dec 2007 08:02:23 +0000 (09:02 +0100)]
winbindd: remove unused WINBINDD_DUAL_NAME2*ID and WINBINDD_DUAL_*ID2NAME calls
WINBINDD_DUAL_UID2NAME
WINBINDD_DUAL_NAME2UID
WINBINDD_DUAL_GID2NAME
WINBINDD_DUAL_NAME2GID
metze
Günther Deschner [Tue, 11 Dec 2007 16:40:52 +0000 (17:40 +0100)]
Add lp_include_registry_globals().
Guenther
Günther Deschner [Tue, 11 Dec 2007 20:22:04 +0000 (21:22 +0100)]
Some cleanups for "net dom join".
Guenther
Günther Deschner [Tue, 11 Dec 2007 23:42:22 +0000 (00:42 +0100)]
Add split_domain_user() (not to mix with winbind variants).
Guenther
Günther Deschner [Tue, 11 Dec 2007 23:44:10 +0000 (00:44 +0100)]
Make decode_wkssvc_join_password_buffer() return WERRORs.
Guenther
Jeremy Allison [Tue, 11 Dec 2007 23:10:37 +0000 (15:10 -0800)]
Fix warning message about data type always true.
Jeremy.
Jeremy Allison [Tue, 11 Dec 2007 21:16:35 +0000 (13:16 -0800)]
Add patches for bug #4866 from jiri sasek - Sun Microsystems - Prague Czech Republic <Jiri.Sasek@Sun.COM>
- slightly modified - Jiri please check ! to allow Solaris to get passwords > 8 chars.
Jeremy.
Stefan Metzmacher [Tue, 11 Dec 2007 14:08:18 +0000 (15:08 +0100)]
winbindd: pass const char *logfile to winbindd_dump_maps_async()
metze
Volker Lendecke [Mon, 10 Dec 2007 20:36:28 +0000 (21:36 +0100)]
Convert the posix_pending_close_db to dbwrap_rbt
Volker Lendecke [Tue, 11 Dec 2007 10:14:30 +0000 (11:14 +0100)]
separate out create_file_unixpath()
Volker Lendecke [Tue, 11 Dec 2007 09:49:26 +0000 (10:49 +0100)]
Move more stuff out of the way
Volker Lendecke [Tue, 11 Dec 2007 09:36:59 +0000 (10:36 +0100)]
Move INTERNAL_OPEN_ONLY calculation out of the way
Günther Deschner [Tue, 11 Dec 2007 13:57:30 +0000 (14:57 +0100)]
When building nsswitch, make sure to also build smbcontrol.
Guenther
Günther Deschner [Tue, 11 Dec 2007 11:28:10 +0000 (12:28 +0100)]
Replace "unknown" with access_mask when calling samr_CreateUser2().
Guenther
Stefan Metzmacher [Fri, 7 Dec 2007 15:00:45 +0000 (16:00 +0100)]
winbindd: rename child table struct elements
Add struct_ prefix to struct based protocol specific
elemetens struct winbindd_child_dispatch_table.
metze
Stefan Metzmacher [Mon, 10 Dec 2007 18:19:54 +0000 (19:19 +0100)]
idmap: add a const to idmap_dump_maps()
metze
Kai Blin [Mon, 10 Dec 2007 21:30:24 +0000 (22:30 +0100)]
vlp: Build vlp (virtual line printer) against current git on make
everything.
Jeremy Allison [Mon, 10 Dec 2007 23:31:05 +0000 (15:31 -0800)]
Don't need an fstring here, we can talloc.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 23:06:31 +0000 (15:06 -0800)]
Ensure we have a non-null flags. Pointed out by Andreas Schneider <anschneider@suse.de>.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 22:21:28 +0000 (14:21 -0800)]
Fix errors from next_token conversion. Spotted by
Andreas Schneider <anschneider@suse.de>.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 21:43:12 +0000 (13:43 -0800)]
Fix bug leftover from pstring conversion noticed by ceez
on irc.
Jeremy.
Volker Lendecke [Sun, 9 Dec 2007 16:40:48 +0000 (17:40 +0100)]
Remove two completely unnecessary globals
Can someone look over this? To me it looks as if bufr was only made static to
save a malloc during an included smb.conf file. I think that's pretty much
pointless.
Jeremy Allison [Mon, 10 Dec 2007 20:11:45 +0000 (12:11 -0800)]
Fix return values for invalid printers. Found by kblin
spoolss test.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 19:37:20 +0000 (11:37 -0800)]
Forgot build options was generated... fix.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2007 19:30:37 +0000 (11:30 -0800)]
Remove the char[1024] strings from dynconfig. Replace
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
Volker Lendecke [Sat, 24 Nov 2007 20:42:46 +0000 (21:42 +0100)]
use dbwrap_rbt in loadparm.c
Volker Lendecke [Sat, 24 Nov 2007 18:56:41 +0000 (19:56 +0100)]
Convert ServiceHash to dbwrap
Volker Lendecke [Fri, 9 Nov 2007 22:43:24 +0000 (23:43 +0100)]
dbwrap_rbt
This is meant as a replacement for the internal tdb. To me it seems a bit silly
that for in-memory structures we do our own memory management. With this rbt
based approach we can make use of the system-supplied malloc.
Volker Lendecke [Mon, 10 Dec 2007 12:20:24 +0000 (13:20 +0100)]
Make the Linux rbtrees compile within Samba
Volker Lendecke [Mon, 10 Dec 2007 12:11:51 +0000 (13:11 +0100)]
Add rbtree.[ch] from the Linux kernel
These are copies taken from
94545baded0bfbabdc30a3a4cb48b3db479dd6ef from Linus' kernel tree
Volker Lendecke [Sat, 24 Nov 2007 19:21:19 +0000 (20:21 +0100)]
Add db_tdb_fetch
Volker Lendecke [Sat, 24 Nov 2007 18:56:16 +0000 (19:56 +0100)]
Add dbwrap bystring service routines
Volker Lendecke [Mon, 10 Dec 2007 10:47:17 +0000 (11:47 +0100)]
Correctly unbecome_root() on error
Volker Lendecke [Sun, 9 Dec 2007 18:03:49 +0000 (19:03 +0100)]
Simplify add_session_user
Volker Lendecke [Fri, 7 Dec 2007 09:45:33 +0000 (10:45 +0100)]
Increase debug level