Jeremy Allison [Wed, 21 Mar 2007 01:04:56 +0000 (01:04 +0000)]
r21900: Token exchange now seems to work, now why does the
client encrypt fail ?
Jeremy.
Jeremy Allison [Wed, 21 Mar 2007 00:56:40 +0000 (00:56 +0000)]
r21899: At least we're getting to stage 2 of the blob
exchange. Still not working but closer.
Jeremy.
Jeremy Allison [Wed, 21 Mar 2007 00:44:15 +0000 (00:44 +0000)]
r21898: Added test command, fixed first valgrind bugs.
Now to investigate why it doesn't work :-).
Jeremy.
Jeremy Allison [Wed, 21 Mar 2007 00:25:08 +0000 (00:25 +0000)]
r21897: Add in a basic raw NTLM encrypt request. Now
for testing.
Jeremy.
Jeremy Allison [Tue, 20 Mar 2007 22:01:02 +0000 (22:01 +0000)]
r21894: Some refactoring of server side encryption context. Support
"raw" NTLM auth (no spnego).
Jeremy.
Rafal Szczesniak [Tue, 20 Mar 2007 21:21:04 +0000 (21:21 +0000)]
r21893: Update comments so they actually reflect reality...
rafal
Volker Lendecke [Tue, 20 Mar 2007 20:47:17 +0000 (20:47 +0000)]
r21892: Mini-Patch from Michael
Jeremy Allison [Tue, 20 Mar 2007 18:11:48 +0000 (18:11 +0000)]
r21891: Finish server-side NTLM-SPNEGO negotiation support.
Now for the client part, and testing.
Jeremy.
Gerald Carter [Tue, 20 Mar 2007 15:29:33 +0000 (15:29 +0000)]
r21888: Add the osname and osver options to 'net ads join' as discussed
on the samba-technical ml.
I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.
Günther Deschner [Tue, 20 Mar 2007 12:44:40 +0000 (12:44 +0000)]
r21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with the
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches.
Make sure that only root can do this.
Jerry, Jeremy, please check.
Guenther
Alexander Bokovoy [Tue, 20 Mar 2007 08:17:27 +0000 (08:17 +0000)]
r21885: Chown logic should be activated only if nfs4:chown=yes
Gerald Carter [Tue, 20 Mar 2007 02:43:20 +0000 (02:43 +0000)]
r21884: * Blacklist BUILTIN and MACHINE domains from the
idmap domains as these should only be handled by the
winbindd_passdb.c backend
* Allow the alloc init to fail for backwards compatible
configurations like
idmap backend = ad
idmap uid = 1000-100000
....
* Remove the deprecated flags from idmap backend, et. al.
These are mutually exclusive with the new configuration
options (idmap domains). Logging annoying messages
about deprecated parameters is confusing. So we'll try
this apprpach for now.
Jeremy Allison [Tue, 20 Mar 2007 02:20:16 +0000 (02:20 +0000)]
r21883: Try and fix the build by removing the prototypes for
functions that take a gss context handle in includes.h
Jeremy.
Jeremy Allison [Tue, 20 Mar 2007 01:17:47 +0000 (01:17 +0000)]
r21882: The server part of the code has to use an AUTH_NTLMSSP struct,
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.
James Peach [Tue, 20 Mar 2007 00:13:42 +0000 (00:13 +0000)]
r21881: Make sure we are very specific when testing whether a backand can handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.
Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
Jeremy Allison [Mon, 19 Mar 2007 22:45:35 +0000 (22:45 +0000)]
r21880: Make client and server calls into encryption code symetrical,
depending on encryption context pointer.
Jeremy.
Volker Lendecke [Mon, 19 Mar 2007 21:52:27 +0000 (21:52 +0000)]
r21879: Move process_blocking_lock_queue to a timed event.
The idea is that we have blocking.c:brl_timeout as a timed
event that is present whenever we do have a blocking lock
pending. It fires brl_timeout_fn() which calls
process_blocking_lock_queue().
Whenever we make changes to blocking_lock_queue, we trigger
a recalc_brl_timeout() which sets a new brl_timout event if
necessary. This makes the call to
blocking_locks_timeout_ms() in setup_select_timeout()
unnecessary, this is implicitly done in
event_add_to_select_args() from the timed events.
Volker
Volker Lendecke [Mon, 19 Mar 2007 21:04:56 +0000 (21:04 +0000)]
r21878: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
Jeremy Allison [Mon, 19 Mar 2007 21:03:30 +0000 (21:03 +0000)]
r21877: Missed one line.
Jeremy.
Jeremy Allison [Mon, 19 Mar 2007 20:39:58 +0000 (20:39 +0000)]
r21876: Start adding in the seal implementation - prototype code
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.
Gerald Carter [Mon, 19 Mar 2007 17:45:13 +0000 (17:45 +0000)]
r21875: BUG 3275: Patch from Andy Polyakov <appro@fy.chalmers.se>
Relax check for i386 header checks in the PE header of printer
driver files. Thus allowing uploading of x64 print drivers
from 64bit Windows clients.
Jeremy Allison [Mon, 19 Mar 2007 17:02:15 +0000 (17:02 +0000)]
r21874: Fix missing notify function. Thanks to Thomas Bork <tombork@web.de>
for pointing this out !
Jeremy.
Volker Lendecke [Mon, 19 Mar 2007 12:54:39 +0000 (12:54 +0000)]
r21873: This is winbindd_pam.c, not pam_winbind.c :-)
Volker Lendecke [Mon, 19 Mar 2007 12:51:13 +0000 (12:51 +0000)]
r21872: Fix a debug message
Volker Lendecke [Sun, 18 Mar 2007 13:19:40 +0000 (13:19 +0000)]
r21871: Move deadtime processing into an idle event. While there, simplify
conn_idle_all() a bit.
Volker
Volker Lendecke [Sun, 18 Mar 2007 11:24:10 +0000 (11:24 +0000)]
r21870: Move sending auth_server keepalives out of the main loop into an idle event.
Volker
Volker Lendecke [Sun, 18 Mar 2007 10:57:46 +0000 (10:57 +0000)]
r21869: Move sending keepalives out of the main processing loop into idle event.
On the way, make lp_keepalive() a proper parameter.
Volker
Volker Lendecke [Sun, 18 Mar 2007 10:13:35 +0000 (10:13 +0000)]
r21868: Remove check_log_size from the central smbd processing loop. This can be done
with a become_root/unbecome_root in debug.c.
Volker Lendecke [Sun, 18 Mar 2007 10:09:16 +0000 (10:09 +0000)]
r21867: Simplify calling convention of timeout_processing. lp_deadtime is only
referenced in conn_idle_all().
Volker Lendecke [Sun, 18 Mar 2007 09:54:18 +0000 (09:54 +0000)]
r21866: Remove unused "lock spin count" parameter
Jeremy Allison [Sat, 17 Mar 2007 00:32:54 +0000 (00:32 +0000)]
r21865: Add in the stubs for SMB transport encryption. Will flesh
these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.
Jeremy Allison [Sat, 17 Mar 2007 00:15:18 +0000 (00:15 +0000)]
r21864: Reformatting.
Jeremy.
Jeremy Allison [Fri, 16 Mar 2007 22:40:51 +0000 (22:40 +0000)]
r21863: Fix debug messages with incorrect function name.
Jeremy.
Gerald Carter [Fri, 16 Mar 2007 21:52:21 +0000 (21:52 +0000)]
r21862: add the cups comment and location lookup to get_a_printer_2_default() as well
Gerald Carter [Fri, 16 Mar 2007 21:46:58 +0000 (21:46 +0000)]
r21861: Pull the comment and location from CUPS if we don't have one
when fetching a printer from ntprinters.tdb.
Slightly modified from original version submitted on
samba-technical ml by Andy Polyakov <appro@fy.chalmers.se>
Gerald Carter [Fri, 16 Mar 2007 17:54:10 +0000 (17:54 +0000)]
r21860: Fixes for "winbind normalize names" functionality:
* Fix getgroups() call called using a normalized name
* Fix some more name mappings that could cause for example
a user to be unable to unlock the screen as the username
would not match in the PAM authenticate call.
Günther Deschner [Fri, 16 Mar 2007 16:21:38 +0000 (16:21 +0000)]
r21858: Fix typo.
Guenther
Günther Deschner [Fri, 16 Mar 2007 16:20:47 +0000 (16:20 +0000)]
r21857: Stop pretending to be Vista in the %a macro towards Samba clients.
Guenther
Günther Deschner [Fri, 16 Mar 2007 15:48:07 +0000 (15:48 +0000)]
r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which doesn't
make sense as long as it doesn't work as an lp_unload().
Guenther
Günther Deschner [Fri, 16 Mar 2007 14:13:46 +0000 (14:13 +0000)]
r21854: Add gfree_interfaces() to gfree_all().
Guenther
Volker Lendecke [Fri, 16 Mar 2007 13:09:09 +0000 (13:09 +0000)]
r21853: Fix a valgrind error
Volker Lendecke [Thu, 15 Mar 2007 22:48:30 +0000 (22:48 +0000)]
r21851: Obvious typos...
Jeremy Allison [Thu, 15 Mar 2007 22:11:13 +0000 (22:11 +0000)]
r21850: After Jerry explained to me the HORRIBLE way in which
the MIT gss libraries *SUCK*, move the frees to the end
of the function so MIT doesn't segfault.....
Add a comment so that another engineer knows why I did
this.
Jeremy.
Gerald Carter [Thu, 15 Mar 2007 22:09:03 +0000 (22:09 +0000)]
r21848: add a comment about gss_import_name() and when to free the krb5 principal data
Jeremy Allison [Thu, 15 Mar 2007 21:53:53 +0000 (21:53 +0000)]
r21847: Fix memory leaks in error paths (and in main code path in one case...)
in sasl bind. Wonder why coverity didn't find these ?
Jeremy.
Jeremy Allison [Thu, 15 Mar 2007 20:45:27 +0000 (20:45 +0000)]
r21846: Try and fix the Darwin build which seems to have a strange krb5.
Jeremy.
Jeremy Allison [Thu, 15 Mar 2007 19:18:18 +0000 (19:18 +0000)]
r21845: Refactor the sessionsetupX code a little to allow us
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
Steve French [Wed, 14 Mar 2007 22:15:21 +0000 (22:15 +0000)]
r21840: mount.cifs compile on old libc missing bind mount #define
Thanks to Thomas Jarosch for pointing this out.
Volker Lendecke [Tue, 13 Mar 2007 20:53:38 +0000 (20:53 +0000)]
r21831: Back out r21823 for a while, this is going into a bzr tree first.
Volker
Herb Lewis [Tue, 13 Mar 2007 17:39:06 +0000 (17:39 +0000)]
r21825: add debug prefix timestamp to allow "short timestamps" to be
added to debug messages
Volker Lendecke [Tue, 13 Mar 2007 16:13:24 +0000 (16:13 +0000)]
r21823: Let secrets_store_machine_password() also store the account name. Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.
Volker
Günther Deschner [Tue, 13 Mar 2007 16:04:17 +0000 (16:04 +0000)]
r21822: Adding experimental krb5 lib locator plugin.
This is a starting point and may get changed. Basically we need follow the
exact same path to detect (K)DCs like other Samba tools/winbind do. In
particular with regard to the server affinity cache and the site-awarness for
DNS SRV lookups.
To compile just call "make bin/smb_krb5_locator.so", copy to
/usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT)
and you should immediately be able to kinit to your AD domain without having
your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all.
Tested with todays Heimdal HEAD and MIT krb5 1.5.
Guenther
Volker Lendecke [Tue, 13 Mar 2007 14:05:38 +0000 (14:05 +0000)]
r21819: Wrap all steps in secrets_store_machine_password into one single
transaction. Succeed all or store nothing.
Volker
Volker Lendecke [Tue, 13 Mar 2007 12:45:20 +0000 (12:45 +0000)]
r21818: Remove some unused code
Andrew Tridgell [Tue, 13 Mar 2007 04:42:49 +0000 (04:42 +0000)]
r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure
Andrew Tridgell [Tue, 13 Mar 2007 04:37:09 +0000 (04:37 +0000)]
r21813: fixed an integer overflow error in the ndr push code.
Jerry, you might like to consider this for 3.0.25
Lars Müller [Mon, 12 Mar 2007 20:57:49 +0000 (20:57 +0000)]
r21804: Create a reference after proto_exits was called once. Else we link the
binaries again with each make. Thx Volker to point my chesty at this.
Jeremy Allison [Mon, 12 Mar 2007 20:10:12 +0000 (20:10 +0000)]
r21803: Missed part of patch to make self-referrals work.
Jeremy.
Volker Lendecke [Mon, 12 Mar 2007 18:19:48 +0000 (18:19 +0000)]
r21801: Fix Coverity ID # 342
Jeremy Allison [Mon, 12 Mar 2007 17:55:24 +0000 (17:55 +0000)]
r21800: Check-in the DFS rewrite. I am still testing this but it
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
Jeremy Allison [Mon, 12 Mar 2007 05:54:14 +0000 (05:54 +0000)]
r21792: Fix crash bug triggered by Excel reported by Jerry.
Bad cut-n-paste on rewrite of timestamps.
Jeremy.
Volker Lendecke [Sun, 11 Mar 2007 18:32:26 +0000 (18:32 +0000)]
r21785: Avoid an unnecessary gettimeofday() call
Volker
Volker Lendecke [Sun, 11 Mar 2007 16:49:16 +0000 (16:49 +0000)]
r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes winbind
who did not run the idle events to drop ldap connections.
Volker
Jeremy Allison [Sun, 11 Mar 2007 02:33:17 +0000 (02:33 +0000)]
r21783: Add in the "create info" field to the reply
from POSIX_OPEN and POSIX_MKDIR as specified
by Stevef in the wikki (extra 4 byte field).
Also fix horrible bug in James's code (James
you should review this for your Apple patch
tree) where he failed to allocate the correct
return memory size when returning a INFO2
struct. Added #define for the size of the
INFO2 struct and made sure we allocate the
correct size for return.
Jeremy.
Volker Lendecke [Sat, 10 Mar 2007 18:04:47 +0000 (18:04 +0000)]
r21782: Fix a memleak
Herb Lewis [Fri, 9 Mar 2007 19:48:50 +0000 (19:48 +0000)]
r21780: let smbcontrol use POPT_COMMON_SAMBA options to allow setting debug
level. Fix calculation of argc after options are stripped. I couldn't
find a popt function that returned this.
James Peach [Fri, 9 Mar 2007 19:28:35 +0000 (19:28 +0000)]
r21779: I missd a call to krb5_get_init_creds_opt_alloc in r21778.
James Peach [Fri, 9 Mar 2007 18:51:48 +0000 (18:51 +0000)]
r21778: Wrap calls to krb5_get_init_creds_opt_free to handle the different
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
Jeremy Allison [Fri, 9 Mar 2007 18:33:16 +0000 (18:33 +0000)]
r21777: As Stevef requested and the Apple guys agreed, make
mode_t in posix_open/posix_mkdir -> 8 bytes to match
the SET_UNIX_INFO_BASIC call. Steve is updating the
Wikki.
Jeremy.
Simo Sorce [Fri, 9 Mar 2007 16:55:56 +0000 (16:55 +0000)]
r21776: fix bugs #4438 #4440
Herb Lewis [Fri, 9 Mar 2007 15:34:12 +0000 (15:34 +0000)]
r21775: make messages more understandable - don't leave part dangling after newline
Günther Deschner [Fri, 9 Mar 2007 11:34:24 +0000 (11:34 +0000)]
r21774: Fix the build with Fedora Core 6.
tridge/vl: please check.
Guenther
Jeremy Allison [Fri, 9 Mar 2007 02:40:49 +0000 (02:40 +0000)]
r21770: For old DOS style searches we must remember if
the initial search had a wildcard in order to
correctly return no error on end of search.
Found by Samba4 torture tester.
Jeremy.
Jeremy Allison [Fri, 9 Mar 2007 02:16:03 +0000 (02:16 +0000)]
r21769: Attempt to fix bug #4384 in old search code.
We were accessing a pathname that hadn't gone
through unix_convert ! That's a big no-no...
Jeremy.
Jeremy Allison [Thu, 8 Mar 2007 23:54:57 +0000 (23:54 +0000)]
r21768: Fix the client dfs code such that smbclient can
process deep dfs links (ie. links that go to non root
parts of a share). Make the directory handling conanonical
in POSIX and Windows pathname processing.
dfs should not be fully working in client tools. Please
bug me if not.
Jeremy.
James Peach [Thu, 8 Mar 2007 21:30:15 +0000 (21:30 +0000)]
r21767: Revert all the bits I accidentally committed in r21766.
James Peach [Thu, 8 Mar 2007 20:54:13 +0000 (20:54 +0000)]
r21766: Fix compiler warning.
James Peach [Thu, 8 Mar 2007 18:45:44 +0000 (18:45 +0000)]
r21765: Fix the build for HP-UX.
Jeremy Allison [Thu, 8 Mar 2007 18:43:39 +0000 (18:43 +0000)]
r21764: Fix warning in debug comment.
Jeremy.
James Peach [Thu, 8 Mar 2007 18:05:55 +0000 (18:05 +0000)]
r21763: Add support for the UNIX_INFO2 infolevel.
James Peach [Thu, 8 Mar 2007 17:06:16 +0000 (17:06 +0000)]
r21762: Fix the build by enabling shared modules and adding the config.*
files. Add norify_watch and chflags operations. Fix a bunch of
warnings.
Jeremy Allison [Thu, 8 Mar 2007 03:00:42 +0000 (03:00 +0000)]
r21759: Fix the same bug in a more elegant way, strrchr_m
is an expensive call....
Jeremy.
Jeremy Allison [Thu, 8 Mar 2007 02:51:41 +0000 (02:51 +0000)]
r21758: Fix a very specific dfs bug when passing in POSIX
pathnames. When we're working out how much we've
consumed we need to backtrack by either a '/' or '\\'
component, as both are valid separators.
Jeremy.
James Peach [Thu, 8 Mar 2007 01:40:49 +0000 (01:40 +0000)]
r21757: Add SMB_VFS_CHFLAGS operation.
Jeremy Allison [Wed, 7 Mar 2007 23:58:40 +0000 (23:58 +0000)]
r21756: An invarient the dfs code depended on for POSIX paths
is no longer true, so fix it.
Jeremy.
Jeremy Allison [Wed, 7 Mar 2007 22:29:21 +0000 (22:29 +0000)]
r21755: Memory leak fixes from Zack Kirsch <zack.kirsch@isilon.com>.
Jeremy.
Jeremy Allison [Wed, 7 Mar 2007 22:12:58 +0000 (22:12 +0000)]
r21754: Volker is completely correct. There's no need for
the RESOLVE_DFSPATH macros and their varients
any more. Fix reporting profile bug with all
error returns.
Jeremy.
Volker Lendecke [Wed, 7 Mar 2007 21:13:51 +0000 (21:13 +0000)]
r21753: Enable building ndrdump with the builtin popt. Jelmer, please check!
Jeremy Allison [Wed, 7 Mar 2007 19:45:22 +0000 (19:45 +0000)]
r21750: Sync up with SAMBA_3_0_25. Only client changes are in libsmbclient
right now.
Jeremy.
Volker Lendecke [Wed, 7 Mar 2007 14:25:07 +0000 (14:25 +0000)]
r21748: More cosmetic alignment. One change to call_nt_transact_create(): We were
asking open_file_ntcreate for a batch oplock if the client asked us to do so,
even if it did not ask for an oplock in the first place. Did not test it, but
I think this is bogus anyway.
Volker
Volker Lendecke [Wed, 7 Mar 2007 13:57:32 +0000 (13:57 +0000)]
r21747: Cosmetic checkin to bring ntcreate and nttranscreate closer together
James Peach [Wed, 7 Mar 2007 05:09:37 +0000 (05:09 +0000)]
r21738: Remove unused file.
Jeremy Allison [Wed, 7 Mar 2007 02:27:54 +0000 (02:27 +0000)]
r21734: Fix bug #4369. Patch from David Leonard <dleonard@vintela.com>.
Jeremy.
Jeremy Allison [Wed, 7 Mar 2007 01:28:19 +0000 (01:28 +0000)]
r21731: Fix long-standing bug in our chain processing code.
Should fix a bug with WinPE. Probably a candidate
for the Vista patchset.
Jeremy.
Jeremy Allison [Tue, 6 Mar 2007 22:14:09 +0000 (22:14 +0000)]
r21726: Fix stupid cut-n-paste typo. Thanks to volker for
being on the ball..... :-).
Jeremy.
Jeremy Allison [Tue, 6 Mar 2007 22:01:03 +0000 (22:01 +0000)]
r21725: Fix for memalign used without test guards. Was
breaking the build on *BSD's. Tested by Herb.
Jeremy.
Jeremy Allison [Tue, 6 Mar 2007 21:59:51 +0000 (21:59 +0000)]
r21724: Optimization pointed out by Volker. If we don't
have any outstanding locks or blocking locks then
we don't need to read the lock db. on close.
Jeremy.
Volker Lendecke [Tue, 6 Mar 2007 10:40:18 +0000 (10:40 +0000)]
r21723: Make use of the per-hashchain "freelists"
Volker Lendecke [Tue, 6 Mar 2007 10:11:15 +0000 (10:11 +0000)]
r21722: Add the dead record functionality presented on samba-technical@samba.org. If
you do a tdb_set_max_dead(tdb, n), then for this tdb a delete operation will
only mark a record as dead and re-use it if a new record is created. The
parameter n allows for at most n dead records per hash chain. If this number
is exceeded, all dead records are put on the central freelist.
Volker
James Peach [Tue, 6 Mar 2007 00:54:05 +0000 (00:54 +0000)]
r21717: Support the SMB_QUERY_POSIX_WHOAMI info level on QueryFsInfo.