Jeremy Allison [Thu, 31 Aug 2006 01:27:51 +0000 (01:27 +0000)]
r17944: Handle locking madness.
Jeremy.
Jeremy Allison [Thu, 31 Aug 2006 01:20:21 +0000 (01:20 +0000)]
r17943: The horror, the horror. Add KDC site support by
writing out a custom krb5.conf file containing
the KDC I need. This may suck.... Needs some
testing :-).
Jeremy.
Jeremy Allison [Thu, 31 Aug 2006 00:07:24 +0000 (00:07 +0000)]
r17942: Jerry is right - when no site support is enabled
the client sitename is "Default-First-Site-Name".
Treat this as a blank site (no site configured).
Jeremy.
Jeremy Allison [Wed, 30 Aug 2006 23:56:40 +0000 (23:56 +0000)]
r17941: Fix print out of client site name.
Jeremy.
Jeremy Allison [Wed, 30 Aug 2006 18:48:49 +0000 (18:48 +0000)]
r17937: Move the saf_ cache into the tcp ad connection code.
Cause winbindd to set site support before doing the
generic AD server lookup.
Jeremy.
Gerald Carter [Wed, 30 Aug 2006 16:58:29 +0000 (16:58 +0000)]
r17934: allow srcdir != builddir for 'make test'
Jeremy Allison [Wed, 30 Aug 2006 16:02:08 +0000 (16:02 +0000)]
r17933: Don't print a NULL sitename.
Jeremy.
Jeremy Allison [Wed, 30 Aug 2006 05:52:31 +0000 (05:52 +0000)]
r17929: Ok, I think I finally figured out where to put
the code to redo the CLDAP query to restrict DC
DNS lookups to the sitename. Jerry, please check
to stop me going insane :-).
Jeremy.
Jeremy Allison [Wed, 30 Aug 2006 04:40:03 +0000 (04:40 +0000)]
r17928: Implement the basic store for CLDAP sitename
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
Volker Lendecke [Tue, 29 Aug 2006 19:14:25 +0000 (19:14 +0000)]
r17924: Get rid of warnings now that talloc is merged.
Destructors now take a pointer to the "real" destroyed object as an argument.
Volker
Stefan Metzmacher [Tue, 29 Aug 2006 17:17:02 +0000 (17:17 +0000)]
r17923: turn on null_tracking with the first talloc_init() call,
(this needs to be moved to a samba3 specific place)
I commit this because I habe no time to test smbcontrol .... pool-usage
and don't want to break it. I'll try to find a better fix tomorrow.
metze
Stefan Metzmacher [Tue, 29 Aug 2006 16:54:12 +0000 (16:54 +0000)]
r17922: sync samba3's talloc with samba4's and move the samba3 specific stuff to tallocmsg.c
metze
Jeremy Allison [Tue, 29 Aug 2006 16:52:59 +0000 (16:52 +0000)]
r17921: Comment is obsolte. This is now implemented in winbindd.
Jeremy.
Gerald Carter [Tue, 29 Aug 2006 15:43:15 +0000 (15:43 +0000)]
r17910: remove incorrect comment (code has already been fixed)
Gerald Carter [Tue, 29 Aug 2006 15:42:09 +0000 (15:42 +0000)]
r17909: ensure we do not call map_username() twice on Krb5 session setups
Volker Lendecke [Tue, 29 Aug 2006 09:49:10 +0000 (09:49 +0000)]
r17906: Port the snprintf bugfix from 4. I wonder why we never hit this....
Jeremy Allison [Tue, 29 Aug 2006 01:25:57 +0000 (01:25 +0000)]
r17903: Fix null deref caught by Stanford checker. Don't
call ntlmssp_end on a null pointer ! (Doh !).
Jeremy.
Jeremy Allison [Tue, 29 Aug 2006 01:11:02 +0000 (01:11 +0000)]
r17902: Fix possible null deref caught by Stanford checker.
Jeremy.
Jeremy Allison [Tue, 29 Aug 2006 01:04:25 +0000 (01:04 +0000)]
r17901: Stanford checker fix. cookie here can't be null or we'd
deref null. Make interface explicit.
Jeremy.
Jeremy Allison [Tue, 29 Aug 2006 00:56:08 +0000 (00:56 +0000)]
r17900: Fix from Michael Adam <ma@sernet.de> - make internal_resolve_name
do what it's supposed to.
Jeremy.
Jeremy Allison [Tue, 29 Aug 2006 00:53:28 +0000 (00:53 +0000)]
r17899: Fix Stanford checker bug - possible null deref.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 23:01:30 +0000 (23:01 +0000)]
r17897: Store the uid in the memory creds. Don't request the
krb5 refresh creds when doing cached NTLM auth, request
the memory creds instead.
Jeremy.
Volker Lendecke [Mon, 28 Aug 2006 18:25:55 +0000 (18:25 +0000)]
r17896: Reformatting. I did not want to do it anymore, but these ones looked just
silly :-)
Volker
Volker Lendecke [Mon, 28 Aug 2006 09:19:30 +0000 (09:19 +0000)]
r17881: Another microstep towards better error reporting: Make get_sorted_dc_list
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
Volker Lendecke [Mon, 28 Aug 2006 07:56:15 +0000 (07:56 +0000)]
r17880: On host "tridge" in the build farm the tests fail because smbd hangs in in
'connecting to cups server on localhost'. There is no cups on that host, but
the TCP connection hangs in SYN_SENT. Probably some firewall rule.
Work around that.
Volker
Jeremy Allison [Mon, 28 Aug 2006 05:41:32 +0000 (05:41 +0000)]
r17879: Make it explicit that we can never pass NULL for buflen or stringlen.
Stanford Checker fix.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 05:35:27 +0000 (05:35 +0000)]
r17878: Fix possible null deref found by Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 05:27:30 +0000 (05:27 +0000)]
r17877: Make it explicit to the checker that we can never pass
in NULL as ctr to a void returning fn.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 05:22:10 +0000 (05:22 +0000)]
r17875: Fix (rather theoretical, but still...) null deref found by
Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 05:10:56 +0000 (05:10 +0000)]
r17874: Fix possible null deref found by Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 04:55:05 +0000 (04:55 +0000)]
r17873: Fix possible null deref found by Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 04:52:36 +0000 (04:52 +0000)]
r17872: Fix possible null deref found by the Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 03:15:06 +0000 (03:15 +0000)]
r17869: More sensible fix for Stanford Checker null deref.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 02:29:36 +0000 (02:29 +0000)]
r17867: Fix null deref in error code path. Found by the
Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 02:27:49 +0000 (02:27 +0000)]
r17866: Fix possible null deref - found by Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 02:24:15 +0000 (02:24 +0000)]
r17865: Fix what the Stanford checker reported as a possible
deref. I think this is a false positive, but it's
an easy extra check to add here.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 02:13:50 +0000 (02:13 +0000)]
r17864: Fix possible null deref if client doesn't give us
an answer record. Found by the Stanford checker.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 01:56:17 +0000 (01:56 +0000)]
r17863: Fix unneeded NULL check on pointer parameters causing the
Stanford checker to flag null deref.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 01:48:04 +0000 (01:48 +0000)]
r17862: Fix possible NULL deref (like rev 17861) found by the
Stanford group.
Jeremy.
Jeremy Allison [Mon, 28 Aug 2006 01:44:40 +0000 (01:44 +0000)]
r17861: Fix inconsistency found in checking for NULL in DLIST_REMOVE
macro. Don't check for NULL if we would have already derefed.
Jeremy.
Volker Lendecke [Sun, 27 Aug 2006 17:36:17 +0000 (17:36 +0000)]
r17855: Fix the build on systems without LDAP
Volker Lendecke [Sun, 27 Aug 2006 17:24:31 +0000 (17:24 +0000)]
r17854: Steal the LDAP in NTSTATUS trick from Samba4
Thanks to Michael Adam <ma@sernet.de>
Volker
Volker Lendecke [Sun, 27 Aug 2006 16:50:10 +0000 (16:50 +0000)]
r17853: Fix an uninitialized variable (m_time2). Jeremy, please check.
Thanks,
Volker
Volker Lendecke [Sun, 27 Aug 2006 16:24:03 +0000 (16:24 +0000)]
r17852: Remove a pointless NULL assignment
Volker Lendecke [Sun, 27 Aug 2006 16:14:31 +0000 (16:14 +0000)]
r17851: Fix a warning & attempt to fix the Tru64 build
Volker Lendecke [Sun, 27 Aug 2006 14:55:46 +0000 (14:55 +0000)]
r17850: Another dummy checkin for the build farm to retry
Volker Lendecke [Sat, 26 Aug 2006 22:59:58 +0000 (22:59 +0000)]
r17847: Dummy commit
Volker Lendecke [Sat, 26 Aug 2006 20:56:49 +0000 (20:56 +0000)]
r17845: Remove a Solaris warning
Jeremy Allison [Sat, 26 Aug 2006 02:53:45 +0000 (02:53 +0000)]
r17837: Split out the storing of memory cached credentials
from the krb5 ticket renewal code. This allows cached
credentials to be stored for single sign-on via ntlm_auth
for machines in a domain still using NTLM. Also (hopefully)
fixes the reference counting problem with pam_logon/logoff
so multiple logons/logoffs won't lose cached credentials.
This compiles, but I'm intending to test it over the weekend
so don't complain too much :-). I also want it in the tree
so Coverity can scan it for errors. Guenther, check this over
please - I ran through the architecture with Jerry and he's
ok with it, but this is modifying your code a lot.
Jeremy.
Volker Lendecke [Fri, 25 Aug 2006 19:13:37 +0000 (19:13 +0000)]
r17836: Don't create zombies in the children, thanks to Jeremy!
Volker
Volker Lendecke [Fri, 25 Aug 2006 18:24:43 +0000 (18:24 +0000)]
r17835: Fix Coverity bugs 306, 309, 310.
Jeremy, you might want to look at the trans2 one.
Volker
Jeremy Allison [Fri, 25 Aug 2006 16:25:09 +0000 (16:25 +0000)]
r17834: Another bug found by Volker's tests in the build farm !
Correctly map large nt timevals to TIME_T_MAX.
Jeremy.
Volker Lendecke [Fri, 25 Aug 2006 15:08:05 +0000 (15:08 +0000)]
r17833: Next step to fix the build farm.
Jerry, why don't you include "includes.h"?
Thanks,
Volker
Volker Lendecke [Fri, 25 Aug 2006 14:52:30 +0000 (14:52 +0000)]
r17832: Fix bug 4050
Volker Lendecke [Fri, 25 Aug 2006 14:25:06 +0000 (14:25 +0000)]
r17831: Attempt to fix the build farm: 0x7fffffffffffffff needs special casing too I
think. This broke 'make test' because the newly created user was set to be
kicked off Mi, 22 Jan 1975 23:55:33 CET (unix time
159663333) with the
setuserinfo21 call.
I'm not 100% sure that 0x7ff... means max time as I do it here, I vaguely
remember it to mean "don't touch".
Does anybody know that for sure?
Jeremy, please check this.
Thanks,
Volker
Jelmer Vernooij [Fri, 25 Aug 2006 03:17:47 +0000 (03:17 +0000)]
r17819: Add some more ignores.
Jeremy Allison [Thu, 24 Aug 2006 23:39:37 +0000 (23:39 +0000)]
r17818: Fixup uint64 time calc. NT time is a 64 bit number,
not high value seconds, low value 100ns units.
Jeremy.
Jelmer Vernooij [Thu, 24 Aug 2006 23:21:43 +0000 (23:21 +0000)]
r17817: Disable compilation of LIBNDR (it uses uint64_t).
Jelmer Vernooij [Thu, 24 Aug 2006 22:10:59 +0000 (22:10 +0000)]
r17816: Merge my cupsprot branch. It is now possible to (optionally) specify :port in
the "cups server" smb.conf parameter.
Gerald Carter [Thu, 24 Aug 2006 22:10:42 +0000 (22:10 +0000)]
r17815: Revert Volker's change in 16014. I really do not believe
the this should be necessary. If there is still a bug,
I believe that setting thr group RID from the passdb is
masking it. Not fixing it. It is very likely that
the change was necessary before but is no longer
with the recent changes. But I'm not taking the chance
of merging it to 3.0.23c. :-)
Jelmer Vernooij [Thu, 24 Aug 2006 22:08:02 +0000 (22:08 +0000)]
r17814: Add .bzrignore file
Gerald Carter [Thu, 24 Aug 2006 22:05:53 +0000 (22:05 +0000)]
r17813: Remove another instance of manually setting the group SID.
The would have been primaryly used when adding a user to
an smbpasswd file, but could have been introduce to other
backends by using pdbedit -i -e.
The symptom was
[2006/08/09 13:07:43, 0] rpc_parse/parse_samr.c:init_sam_user_info21A(6276)
init_sam_user_info_21A: User nobody has Primary Group SID S-1-22-2-99,
which conflicts with the domain sid S-1-5-21-
1825997848-
4107600307-
1754506280.
Failing operation.
Jeremy Allison [Thu, 24 Aug 2006 21:37:10 +0000 (21:37 +0000)]
r17812: Fix bad unsigned comparisons with TIME_T_MIN/TIME_T_MAX.
Jeremy.
Jelmer Vernooij [Thu, 24 Aug 2006 20:52:43 +0000 (20:52 +0000)]
r17810: Use datarootdir variable generated by newer autoconf versions. (fixes warning)
Jeremy Allison [Thu, 24 Aug 2006 20:51:57 +0000 (20:51 +0000)]
r17809: Add in 64-bit integer time calculations (taken from
Samba4) for machines that have 64-bit integers. Leave
the (double) code for machines that don't. Needs
testing.... :-).
Jeremy.
Volker Lendecke [Thu, 24 Aug 2006 20:42:31 +0000 (20:42 +0000)]
r17807: Fix a file descriptor leak pointed out by John Malmberg. Thanks!
Volker
Jelmer Vernooij [Thu, 24 Aug 2006 20:27:42 +0000 (20:27 +0000)]
r17806: Make NTTIME a UINT64_S rather than a separate structure consisting of
two uint32s.
Volker Lendecke [Thu, 24 Aug 2006 20:17:59 +0000 (20:17 +0000)]
r17805: Sorry Jerry, I could not stand the warnings... :-)
Volker Lendecke [Thu, 24 Aug 2006 19:56:20 +0000 (19:56 +0000)]
r17804: Fix a enum/int mixup found by the IRIX compiler.
Volker
Gerald Carter [Thu, 24 Aug 2006 18:48:44 +0000 (18:48 +0000)]
r17803: finally get the new libaddns code to build on Solaris 9
Gerald Carter [Thu, 24 Aug 2006 18:09:05 +0000 (18:09 +0000)]
r17802: trying to fix more build farm hosts
Gerald Carter [Thu, 24 Aug 2006 16:56:36 +0000 (16:56 +0000)]
r17801: bad merge ? No sure how the second half of the LIBNDR_OBJ value got cut...
Jeremy Allison [Thu, 24 Aug 2006 16:44:00 +0000 (16:44 +0000)]
r17800: Start using struct timespec internally for file times
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
Gerald Carter [Thu, 24 Aug 2006 16:33:50 +0000 (16:33 +0000)]
r17799: Start fixing the building carnage. Only include calls to
uuid lib fucntions when WITH_DNS_UPDATES is defined.
Gerald Carter [Thu, 24 Aug 2006 15:43:32 +0000 (15:43 +0000)]
r17798: Beginnings of a standalone libaddns library released under
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
Gerald Carter [Thu, 24 Aug 2006 12:49:18 +0000 (12:49 +0000)]
r17797: Just say "ok" when trying to rename a local group to its same name.
Gerald Carter [Thu, 24 Aug 2006 12:13:57 +0000 (12:13 +0000)]
r17795: Finally track down the "ads_connect: Interrupted system call"
error. Fix our DNS SRV lookup code to deal with multi-homed hosts.
We were noly remembering one IP address per host from the Additional
records section in the SRV response which could have been an unreachable
address.
Jeremy Allison [Thu, 24 Aug 2006 01:34:33 +0000 (01:34 +0000)]
r17767: Argggg. Broke the build. Need to fix callers of put_long_date()
and interpret_long_date() first. Reverting...
Jeremy.
Jeremy Allison [Thu, 24 Aug 2006 01:31:00 +0000 (01:31 +0000)]
r17766: Getting ready to properly expose 100ns times on
the wire. Move the internals of nt_time functions
to use struct timespecs.
Jeremy.
Jeremy Allison [Wed, 23 Aug 2006 22:33:50 +0000 (22:33 +0000)]
r17761: Handle times consistently across all client utils.
Fixes bugs reported in libsmbclient.
Jeremy.
Gerald Carter [Wed, 23 Aug 2006 21:04:47 +0000 (21:04 +0000)]
r17760: The DNS SRV lookup already sorts by priority and weight so don't
use the generic IP list sort in get_sorted_dc_list().
Gerald Carter [Wed, 23 Aug 2006 02:45:45 +0000 (02:45 +0000)]
r17736: Apply the Unix group patch when creating the token for a
username map.
Gerald Carter [Tue, 22 Aug 2006 22:53:08 +0000 (22:53 +0000)]
r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from AD DC
* Merge patches from SLES10 to make sure we talk to the correct
winbindd process when performing pam_auth (and pull the password policy info).
Gerald Carter [Tue, 22 Aug 2006 16:01:24 +0000 (16:01 +0000)]
r17710: Thanks to Thomas Bork for testing and continued feedback on this.
Comments from the patch:
/* Add the "Unix Group" SID for each gid to catch mapped groups
and their Unix equivalent. This is to solve the backwards
compatibility problem of 'valid users = +ntadmin' where
ntadmin has been paired with "Domain Admins" in the group
mapping table. Otherwise smb.conf would need to be changed
to 'valid user = "Domain Admins"'. --jerry */
Gerald Carter [Tue, 22 Aug 2006 15:18:13 +0000 (15:18 +0000)]
r17709: Fix cut-n-paste error with the name of gid_to_unix_group_sid().
Günther Deschner [Tue, 22 Aug 2006 00:36:31 +0000 (00:36 +0000)]
r17677: There is no need for a 2nd krb5_to_nt_status function, is there?
Michael Adam/Volker, please check.
Guenther
Jeremy Allison [Mon, 21 Aug 2006 23:30:39 +0000 (23:30 +0000)]
r17676: Fix printing bug found by kukks. Don't copy a return
value into an auto on the stack that gets removed when
we return from the frame :-).
Jeremy.
Gerald Carter [Mon, 21 Aug 2006 21:53:02 +0000 (21:53 +0000)]
r17673: volker's patch for re-adding Getpwnam() lookups to smbpasswd backend (I hate username level)
Gerald Carter [Mon, 21 Aug 2006 21:25:17 +0000 (21:25 +0000)]
r17672: remove duplicate description on NT_STATUS_INVALID_PARAMETER (from Michael Adam <ma@sernet.de>)
Gerald Carter [Mon, 21 Aug 2006 20:04:01 +0000 (20:04 +0000)]
r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
Jeremy Allison [Mon, 21 Aug 2006 20:03:32 +0000 (20:03 +0000)]
r17668: Fix the miscalculations in pushing announces. Fixes
problems Kukks reported.
Jeremy.
Jeremy Allison [Mon, 21 Aug 2006 17:58:41 +0000 (17:58 +0000)]
r17667: Merge snprintf fixes from tridge (Samba4).
Jeremy.
----------
several replacement snprintf() fixes.
1) when running the testsuite, actually test against the system
sprintf(), not against ourselves (doh!)
2) fix the buffer termination to terminate buf2 as well
3) fix handling of %llu, and add a simple test
This fixes a bug with password expiry on solaris
----------
Jeremy Allison [Sun, 20 Aug 2006 20:05:49 +0000 (20:05 +0000)]
r17630: Looks like getpeerid() is a system function on
FreeBSD. Change to sys_getpeerid(). Thanks to
vl for pointing this out.
Jeremy.
Volker Lendecke [Sun, 20 Aug 2006 17:55:06 +0000 (17:55 +0000)]
r17626: Some C++ Warnings
Volker Lendecke [Sun, 20 Aug 2006 17:46:20 +0000 (17:46 +0000)]
r17625: Fix the build
Volker Lendecke [Sun, 20 Aug 2006 17:30:27 +0000 (17:30 +0000)]
r17623: Revert accidential commit
Volker Lendecke [Sun, 20 Aug 2006 17:29:00 +0000 (17:29 +0000)]
r17622: Add a framework for a printing backend designed to support the build farm. If
we want to walk more printing code in the build farm I think doing that with a
customized printing backend is much easier than with a set of shell scripts.
Jerry, comments?
Volker
Volker Lendecke [Sun, 20 Aug 2006 17:08:37 +0000 (17:08 +0000)]
r17620: Fix two C++ Warnings and a memleak
Jeremy Allison [Sun, 20 Aug 2006 03:56:27 +0000 (03:56 +0000)]
r17618: Not using a cache version number (yet). We really should...
Jeremy
Jeremy Allison [Sun, 20 Aug 2006 03:53:42 +0000 (03:53 +0000)]
r17617: Take Andrew Bartletts excellent advice and don't store
the nt hash directly in the winbindd cache, store a
salted version (MD5 of salt + nt_hash). This is what
we do in the LDAP password history code. We store
this salted cache entry under the same name as an old
entry (CRED/<sid>) but detect it on read by checking
if there are 17 bytes of data after the first stored
hash (1 byte len, 16 bytes hash). GD PLEASE CHECK.
Jeremy.