ira/wip.git
14 years agor21962: Make pdbedit use the configfile specified by -s
Volker Lendecke [Sat, 24 Mar 2007 21:29:53 +0000 (21:29 +0000)]
r21962: Make pdbedit use the configfile specified by -s

14 years agor21961: Repair bug introduced by rev. 21960.
Jeremy Allison [Sat, 24 Mar 2007 18:22:20 +0000 (18:22 +0000)]
r21961: Repair bug introduced by rev. 21960.
We need to do the initial strtok to set up the internal state.
Jeremy.

14 years agor21960: Fix bugs 4463,4464,4465,4466. Thanks Jason :-)
Volker Lendecke [Sat, 24 Mar 2007 18:14:46 +0000 (18:14 +0000)]
r21960: Fix bugs 4463,4464,4465,4466. Thanks Jason :-)

14 years agor21959: Merge a comment fix from Michael Adam -- more to come :-)
Volker Lendecke [Sat, 24 Mar 2007 18:01:39 +0000 (18:01 +0000)]
r21959: Merge a comment fix from Michael Adam -- more to come :-)

14 years agor21958: Fix Coverity ID 343 (dead code)
Volker Lendecke [Sat, 24 Mar 2007 10:32:34 +0000 (10:32 +0000)]
r21958: Fix Coverity ID 343 (dead code)

14 years agor21957: minor formatting fix
Herb Lewis [Fri, 23 Mar 2007 23:10:46 +0000 (23:10 +0000)]
r21957: minor formatting fix

14 years agor21956: Fix bug reported by don.mccall@hp.com for platforms
Jeremy Allison [Fri, 23 Mar 2007 22:23:09 +0000 (22:23 +0000)]
r21956: Fix bug reported by don.mccall@hp.com for platforms
without utimes() call (only utime()).
Jeremy.

14 years agor21954: Someone misused a '!' instead of a '~' for a binary NOT
Jeremy Allison [Fri, 23 Mar 2007 22:11:26 +0000 (22:11 +0000)]
r21954: Someone misused a '!' instead of a '~' for a binary NOT
command. Jerry, Simo, please check.
Jeremy.

14 years agor21953: One format fix, clarify a condition that the IBM
Jeremy Allison [Fri, 23 Mar 2007 21:50:44 +0000 (21:50 +0000)]
r21953: One format fix, clarify a condition that the IBM
checker was worried about.
Jeremy.

14 years agor21952: Fix critical (!) error found by IBM checker.
Jeremy Allison [Fri, 23 Mar 2007 21:11:08 +0000 (21:11 +0000)]
r21952: Fix critical (!) error found by IBM checker.
Missing break statements meant that no info
levels would ever be returned correctly from
POSIX open/mkdir.
Jeremy.

14 years agor21950: After discussion with the Apple and Linux client maintainers,
James Peach [Fri, 23 Mar 2007 19:31:11 +0000 (19:31 +0000)]
r21950: After discussion with the Apple and Linux client maintainers,
changing the FindFirst response for the UNIX_INFO2 level to include
a length field before the name. The name is not required to be null
terminated. The length field does not count any null.

Also add call to chflags(2) in the default VFS module so that this
will work be default on BSD-derived platform. Add UNIX-INFO2 test
to the build farm to get some non-BSD coverage.

Jeremy and Jerry, please review for inclusion in 3.0.25.

14 years agor21948: Fix valgrind error in build farm samba3 smbtorture. We were
Jeremy Allison [Fri, 23 Mar 2007 19:12:08 +0000 (19:12 +0000)]
r21948: Fix valgrind error in build farm samba3 smbtorture. We were
using an uninitialized buffer for read/write tests.
Jeremy.

14 years agor21947: Fix the equivalent of memcpy(x, x, 16). Found
Jeremy Allison [Fri, 23 Mar 2007 17:00:00 +0000 (17:00 +0000)]
r21947: Fix the equivalent of memcpy(x, x, 16). Found
by valgrind on the build farm.
Jeremy.

14 years agor21944: move acl header checks to the correct place only
Stefan Metzmacher [Fri, 23 Mar 2007 10:30:51 +0000 (10:30 +0000)]
r21944: move acl header checks to the correct place only

jeremy: please merge this to 3.0.25:-)

metze

14 years agor21942: Hoist by our own petard :-). Older smbclient binaries
Jeremy Allison [Thu, 22 Mar 2007 22:15:35 +0000 (22:15 +0000)]
r21942: Hoist by our own petard :-). Older smbclient binaries
were not able to connect to the rewritten dfs code as
they set the dfs flag bit but then send local paths.

Now that our dfs code is a *lot* more robust in
detecting this sort of braindamage we can just
call into it directly on getting a DFS flag
and let the parser sort it out without having
to check it's actually connecting to a dfs
enabled share (I'm proud of this code :-).

Jeremy.

14 years agor21941: Attempt to fix bug 4460
Volker Lendecke [Thu, 22 Mar 2007 22:00:48 +0000 (22:00 +0000)]
r21941: Attempt to fix bug 4460

14 years agor21940: Sorry Volker, I have to revert your revert in r21935.
Gerald Carter [Thu, 22 Mar 2007 21:41:36 +0000 (21:41 +0000)]
r21940: Sorry Volker,  I have to revert your revert in r21935.
We can talk about this later if you still feel that strongly
but I need to fix the build for now.

14 years agor21939: Fix missing initialization that
Jeremy Allison [Thu, 22 Mar 2007 19:41:17 +0000 (19:41 +0000)]
r21939: Fix missing initialization that
broke the build farm. Thanks to
Metze for the heads up.
Jeremy.

14 years agor21935: Revert obviously not sufficiently tested code -- sorry for the pain. I am...
Volker Lendecke [Thu, 22 Mar 2007 18:36:09 +0000 (18:36 +0000)]
r21935: Revert obviously not sufficiently tested code -- sorry for the pain. I am afraid I was basically off the net for the day

14 years agor21934: fix the build sorry
Stefan Metzmacher [Thu, 22 Mar 2007 18:16:36 +0000 (18:16 +0000)]
r21934: fix the build sorry

metze

14 years agor21933: Change the write_sock() call in pam_winbind_request()
Gerald Carter [Thu, 22 Mar 2007 18:09:21 +0000 (18:09 +0000)]
r21933: Change the write_sock() call in pam_winbind_request()
to not request a privileged pipe operation for everything
as this cannot be done from a process running under the
context of a user (e.g. screensaver).

Thanks to Danilo Almeida <dalmeida@centeris.com> for the help
in pointing out the change to write_sock().

14 years agor21932: fix compiler warning.
Stefan Metzmacher [Thu, 22 Mar 2007 17:37:01 +0000 (17:37 +0000)]
r21932: fix compiler warning.

maybe also for 3.0.25

metze

14 years agor21931: include acl/libacl.h is present
Stefan Metzmacher [Thu, 22 Mar 2007 17:35:34 +0000 (17:35 +0000)]
r21931: include acl/libacl.h is present

I'm not sure if this should go into 3.0.25... it fixes a compiler warning about
a missing acl_get_perm() prototype

metze

14 years agor21927: Removed unused variable.
Jeremy Allison [Thu, 22 Mar 2007 02:25:16 +0000 (02:25 +0000)]
r21927: Removed unused variable.
Jeremy.

14 years agor21926: Fix missing enum specifier pointed out by Don McCall @ HP.
Jeremy Allison [Thu, 22 Mar 2007 02:24:12 +0000 (02:24 +0000)]
r21926: Fix missing enum specifier pointed out by Don McCall @ HP.
Thanks Don !
Jeremy.

14 years agor21925: Start to code up the gss acquire creds calls.
Jeremy Allison [Thu, 22 Mar 2007 01:14:55 +0000 (01:14 +0000)]
r21925: Start to code up the gss acquire creds calls.
Jeremy.

14 years agor21923: Add in the gss decrypt.
Jeremy Allison [Thu, 22 Mar 2007 00:08:22 +0000 (00:08 +0000)]
r21923: Add in the gss decrypt.
Jeremy.

14 years agor21922: Fixed the build by rather horrid means. I really need
Jeremy Allison [Wed, 21 Mar 2007 23:49:57 +0000 (23:49 +0000)]
r21922: Fixed the build by rather horrid means. I really need
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.

14 years agor21919: now that the local passdb abd BUILTIN have been blacklisted and they always
Simo Sorce [Wed, 21 Mar 2007 21:10:59 +0000 (21:10 +0000)]
r21919: now that the local passdb abd BUILTIN have been blacklisted and they always
point to the passdb module, remove this comment and move the explanation in
the dimap_ad man page.

Simo.

14 years agor21918: Reverting this change as it is now causing aborts() in
Gerald Carter [Wed, 21 Mar 2007 21:08:15 +0000 (21:08 +0000)]
r21918: Reverting this change as it is now causing aborts() in
find_builtin_domain().    This all needs more testing
before anyone starts changing these lookup routines again.

14 years agor21917: Start to do the gss versions of sign+seal.
Jeremy Allison [Wed, 21 Mar 2007 19:15:14 +0000 (19:15 +0000)]
r21917: Start to do the gss versions of sign+seal.
Jeremy.

14 years agor21916: Fix couple of "return" calls on void functions.
Jeremy Allison [Wed, 21 Mar 2007 18:33:13 +0000 (18:33 +0000)]
r21916: Fix couple of "return" calls on void functions.
Ensure we ignore reqests to free keepalive buffers
as we only copied these.
Jeremy.

14 years agor21913: fix one bug in build 717: correctly check the return from sid_peek_check_rid...
Gerald Carter [Wed, 21 Mar 2007 17:43:49 +0000 (17:43 +0000)]
r21913: fix one bug in build 717: correctly check the return from sid_peek_check_rid() when trying to find a matching domain

14 years agor21912: There's no point checksumming the packet length
Jeremy Allison [Wed, 21 Mar 2007 17:13:35 +0000 (17:13 +0000)]
r21912: There's no point checksumming the packet length
this already has to be right. This makes the
signed+sealed area the same as it will be with
gss calls. Now to go implement them.
Jeremy.

14 years agor21908: update with the 3.0.25 packaging
Gerald Carter [Wed, 21 Mar 2007 15:55:45 +0000 (15:55 +0000)]
r21908: update with the 3.0.25 packaging

14 years agor21905: Rename
Gerald Carter [Wed, 21 Mar 2007 15:21:28 +0000 (15:21 +0000)]
r21905: Rename
  idmap expire time  -> idmap cache time
  idmap negative time -> idmap negative cache time

14 years agor21904: Fix HP build -- thanks, Don
Volker Lendecke [Wed, 21 Mar 2007 14:13:42 +0000 (14:13 +0000)]
r21904: Fix HP build -- thanks, Don

14 years agor21903: Get the length calculations right (I always forget
Jeremy Allison [Wed, 21 Mar 2007 02:02:09 +0000 (02:02 +0000)]
r21903: Get the length calculations right (I always forget
the 4 byte length isn't included in the length :-).
We now have working NTLMSSP transport encryption
with sign+seal. W00t!
Jeremy.

14 years agor21902: Don't free the thing you're trying to set in the cli state.
Jeremy Allison [Wed, 21 Mar 2007 01:32:01 +0000 (01:32 +0000)]
r21902: Don't free the thing you're trying to set in the cli state.
Jeremy.

14 years agor21901: Don't use fstrcat when you mean fstrcpy. Doh !
Jeremy Allison [Wed, 21 Mar 2007 01:21:16 +0000 (01:21 +0000)]
r21901: Don't use fstrcat when you mean fstrcpy. Doh !
Jeremy.

14 years agor21900: Token exchange now seems to work, now why does the
Jeremy Allison [Wed, 21 Mar 2007 01:04:56 +0000 (01:04 +0000)]
r21900: Token exchange now seems to work, now why does the
client encrypt fail ?
Jeremy.

14 years agor21899: At least we're getting to stage 2 of the blob
Jeremy Allison [Wed, 21 Mar 2007 00:56:40 +0000 (00:56 +0000)]
r21899: At least we're getting to stage 2 of the blob
exchange. Still not working but closer.
Jeremy.

14 years agor21898: Added test command, fixed first valgrind bugs.
Jeremy Allison [Wed, 21 Mar 2007 00:44:15 +0000 (00:44 +0000)]
r21898: Added test command, fixed first valgrind bugs.
Now to investigate why it doesn't work :-).
Jeremy.

14 years agor21897: Add in a basic raw NTLM encrypt request. Now
Jeremy Allison [Wed, 21 Mar 2007 00:25:08 +0000 (00:25 +0000)]
r21897: Add in a basic raw NTLM encrypt request. Now
for testing.
Jeremy.

14 years agor21894: Some refactoring of server side encryption context. Support
Jeremy Allison [Tue, 20 Mar 2007 22:01:02 +0000 (22:01 +0000)]
r21894: Some refactoring of server side encryption context. Support
"raw" NTLM auth (no spnego).
Jeremy.

14 years agor21893: Update comments so they actually reflect reality...
Rafal Szczesniak [Tue, 20 Mar 2007 21:21:04 +0000 (21:21 +0000)]
r21893: Update comments so they actually reflect reality...

rafal

14 years agor21892: Mini-Patch from Michael
Volker Lendecke [Tue, 20 Mar 2007 20:47:17 +0000 (20:47 +0000)]
r21892: Mini-Patch from Michael

14 years agor21891: Finish server-side NTLM-SPNEGO negotiation support.
Jeremy Allison [Tue, 20 Mar 2007 18:11:48 +0000 (18:11 +0000)]
r21891: Finish server-side NTLM-SPNEGO negotiation support.
Now for the client part, and testing.
Jeremy.

14 years agor21888: Add the osname and osver options to 'net ads join' as discussed
Gerald Carter [Tue, 20 Mar 2007 15:29:33 +0000 (15:29 +0000)]
r21888: Add the osname and osver options to 'net ads join' as discussed
on the samba-technical ml.

I'll add a 'net ads set attribute=value' utility later
rather than the original 'net ads setmachineupn' patch that
was also posted to the tech ml.

14 years agor21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with the
Günther Deschner [Tue, 20 Mar 2007 12:44:40 +0000 (12:44 +0000)]
r21887: Fix annoying bug where in a pam_close_session (or a pam_setcred with the
PAM_DELETE_CREDS flag set) any user could delete krb5 credential caches.
Make sure that only root can do this.

Jerry, Jeremy, please check.

Guenther

14 years agor21885: Chown logic should be activated only if nfs4:chown=yes
Alexander Bokovoy [Tue, 20 Mar 2007 08:17:27 +0000 (08:17 +0000)]
r21885: Chown logic should be activated only if nfs4:chown=yes

14 years agor21884: * Blacklist BUILTIN and MACHINE domains from the
Gerald Carter [Tue, 20 Mar 2007 02:43:20 +0000 (02:43 +0000)]
r21884: * Blacklist BUILTIN and MACHINE domains from the
  idmap domains as these should only be handled by the
  winbindd_passdb.c backend

* Allow the alloc init to fail for backwards compatible
  configurations like

     idmap backend = ad
     idmap uid = 1000-100000
....

* Remove the deprecated flags from idmap backend, et. al.
  These are mutually exclusive with the new configuration
  options (idmap domains).  Logging annoying messages
  about deprecated parameters is confusing.  So we'll try
  this apprpach for now.

14 years agor21883: Try and fix the build by removing the prototypes for
Jeremy Allison [Tue, 20 Mar 2007 02:20:16 +0000 (02:20 +0000)]
r21883: Try and fix the build by removing the prototypes for
functions that take a gss context handle in includes.h
Jeremy.

14 years agor21882: The server part of the code has to use an AUTH_NTLMSSP struct,
Jeremy Allison [Tue, 20 Mar 2007 01:17:47 +0000 (01:17 +0000)]
r21882: The server part of the code has to use an AUTH_NTLMSSP struct,
not just an NTLMSSP - grr. This complicates the re-use of
common client and server code but I think I've got it right.
Not turned on of valgrinded yet, but you can see it start
to take shape !
Jeremy.

14 years agor21881: Make sure we are very specific when testing whether a backand can handle a
James Peach [Tue, 20 Mar 2007 00:13:42 +0000 (00:13 +0000)]
r21881: Make sure we are very specific when testing whether a backand can handle a
particular SID. Make sure that the passdb backend will accept the same set
range of local SIDs that the idmap system sends it.

Simo, Jerry - this is a 3_0_25 candidate. Can you please review?

14 years agor21880: Make client and server calls into encryption code symetrical,
Jeremy Allison [Mon, 19 Mar 2007 22:45:35 +0000 (22:45 +0000)]
r21880: Make client and server calls into encryption code symetrical,
depending on encryption context pointer.
Jeremy.

14 years agor21879: Move process_blocking_lock_queue to a timed event.
Volker Lendecke [Mon, 19 Mar 2007 21:52:27 +0000 (21:52 +0000)]
r21879: Move process_blocking_lock_queue to a timed event.

The idea is that we have blocking.c:brl_timeout as a timed
event that is present whenever we do have a blocking lock
pending. It fires brl_timeout_fn() which calls
process_blocking_lock_queue().

Whenever we make changes to blocking_lock_queue, we trigger
a recalc_brl_timeout() which sets a new brl_timout event if
necessary. This makes the call to
blocking_locks_timeout_ms() in setup_select_timeout()
unnecessary, this is implicitly done in
event_add_to_select_args() from the timed events.

Volker

14 years agor21878: Fix a bug with smbd serving a windows terminal server: If winbind decides...
Volker Lendecke [Mon, 19 Mar 2007 21:04:56 +0000 (21:04 +0000)]
r21878: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.

This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.

Volker

14 years agor21877: Missed one line.
Jeremy Allison [Mon, 19 Mar 2007 21:03:30 +0000 (21:03 +0000)]
r21877: Missed one line.
Jeremy.

14 years agor21876: Start adding in the seal implementation - prototype code
Jeremy Allison [Mon, 19 Mar 2007 20:39:58 +0000 (20:39 +0000)]
r21876: Start adding in the seal implementation - prototype code
for the server side enc. (doesn't break anything).
I'll keep updating this until I've got NTLM seal working
on both client and server, then add in the gss level
seal.
Jeremy.

14 years agor21875: BUG 3275: Patch from Andy Polyakov <appro@fy.chalmers.se>
Gerald Carter [Mon, 19 Mar 2007 17:45:13 +0000 (17:45 +0000)]
r21875: BUG 3275: Patch from Andy Polyakov <appro@fy.chalmers.se>
Relax check for i386 header checks in the PE header of printer
driver files.  Thus allowing uploading of x64 print drivers
from 64bit Windows clients.

14 years agor21874: Fix missing notify function. Thanks to Thomas Bork <tombork@web.de>
Jeremy Allison [Mon, 19 Mar 2007 17:02:15 +0000 (17:02 +0000)]
r21874: Fix missing notify function. Thanks to Thomas Bork <tombork@web.de>
for pointing this out !
Jeremy.

14 years agor21873: This is winbindd_pam.c, not pam_winbind.c :-)
Volker Lendecke [Mon, 19 Mar 2007 12:54:39 +0000 (12:54 +0000)]
r21873: This is winbindd_pam.c, not pam_winbind.c :-)

14 years agor21872: Fix a debug message
Volker Lendecke [Mon, 19 Mar 2007 12:51:13 +0000 (12:51 +0000)]
r21872: Fix a debug message

14 years agor21871: Move deadtime processing into an idle event. While there, simplify
Volker Lendecke [Sun, 18 Mar 2007 13:19:40 +0000 (13:19 +0000)]
r21871: Move deadtime processing into an idle event. While there, simplify
conn_idle_all() a bit.

Volker

14 years agor21870: Move sending auth_server keepalives out of the main loop into an idle event.
Volker Lendecke [Sun, 18 Mar 2007 11:24:10 +0000 (11:24 +0000)]
r21870: Move sending auth_server keepalives out of the main loop into an idle event.

Volker

14 years agor21869: Move sending keepalives out of the main processing loop into idle event.
Volker Lendecke [Sun, 18 Mar 2007 10:57:46 +0000 (10:57 +0000)]
r21869: Move sending keepalives out of the main processing loop into idle event.

On the way, make lp_keepalive() a proper parameter.

Volker

14 years agor21868: Remove check_log_size from the central smbd processing loop. This can be...
Volker Lendecke [Sun, 18 Mar 2007 10:13:35 +0000 (10:13 +0000)]
r21868: Remove check_log_size from the central smbd processing loop. This can be done
with a become_root/unbecome_root in debug.c.

14 years agor21867: Simplify calling convention of timeout_processing. lp_deadtime is only
Volker Lendecke [Sun, 18 Mar 2007 10:09:16 +0000 (10:09 +0000)]
r21867: Simplify calling convention of timeout_processing. lp_deadtime is only
referenced in conn_idle_all().

14 years agor21866: Remove unused "lock spin count" parameter
Volker Lendecke [Sun, 18 Mar 2007 09:54:18 +0000 (09:54 +0000)]
r21866: Remove unused "lock spin count" parameter

14 years agor21865: Add in the stubs for SMB transport encryption. Will flesh
Jeremy Allison [Sat, 17 Mar 2007 00:32:54 +0000 (00:32 +0000)]
r21865: Add in the stubs for SMB transport encryption. Will flesh
these out as I implement. Don't add to SAMBA_3_0_25, this
is experimental code.
NFSv4 you're now officially on notice... :-).
Jeremy.

14 years agor21864: Reformatting.
Jeremy Allison [Sat, 17 Mar 2007 00:15:18 +0000 (00:15 +0000)]
r21864: Reformatting.
Jeremy.

14 years agor21863: Fix debug messages with incorrect function name.
Jeremy Allison [Fri, 16 Mar 2007 22:40:51 +0000 (22:40 +0000)]
r21863: Fix debug messages with incorrect function name.
Jeremy.

14 years agor21862: add the cups comment and location lookup to get_a_printer_2_default() as...
Gerald Carter [Fri, 16 Mar 2007 21:52:21 +0000 (21:52 +0000)]
r21862: add the cups comment and location lookup to get_a_printer_2_default() as well

14 years agor21861: Pull the comment and location from CUPS if we don't have one
Gerald Carter [Fri, 16 Mar 2007 21:46:58 +0000 (21:46 +0000)]
r21861: Pull the comment and location from CUPS if we don't have one
when fetching a printer from ntprinters.tdb.

Slightly modified from original version submitted on
samba-technical ml by Andy Polyakov <appro@fy.chalmers.se>

14 years agor21860: Fixes for "winbind normalize names" functionality:
Gerald Carter [Fri, 16 Mar 2007 17:54:10 +0000 (17:54 +0000)]
r21860: Fixes for "winbind normalize names" functionality:

* Fix getgroups() call called using a normalized name
* Fix some more name mappings that could cause for example
  a user to be unable to unlock the screen as the username
  would not match in the PAM authenticate call.

14 years agor21858: Fix typo.
Günther Deschner [Fri, 16 Mar 2007 16:21:38 +0000 (16:21 +0000)]
r21858: Fix typo.

Guenther

14 years agor21857: Stop pretending to be Vista in the %a macro towards Samba clients.
Günther Deschner [Fri, 16 Mar 2007 16:20:47 +0000 (16:20 +0000)]
r21857: Stop pretending to be Vista in the %a macro towards Samba clients.

Guenther

14 years agor21855: Fix a memleak in the krb5 locator and comment out gfree_all() which doesn't
Günther Deschner [Fri, 16 Mar 2007 15:48:07 +0000 (15:48 +0000)]
r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which doesn't
make sense as long as it doesn't work as an lp_unload().

Guenther

14 years agor21854: Add gfree_interfaces() to gfree_all().
Günther Deschner [Fri, 16 Mar 2007 14:13:46 +0000 (14:13 +0000)]
r21854: Add gfree_interfaces() to gfree_all().

Guenther

14 years agor21853: Fix a valgrind error
Volker Lendecke [Fri, 16 Mar 2007 13:09:09 +0000 (13:09 +0000)]
r21853: Fix a valgrind error

14 years agor21851: Obvious typos...
Volker Lendecke [Thu, 15 Mar 2007 22:48:30 +0000 (22:48 +0000)]
r21851: Obvious typos...

14 years agor21850: After Jerry explained to me the HORRIBLE way in which
Jeremy Allison [Thu, 15 Mar 2007 22:11:13 +0000 (22:11 +0000)]
r21850: After Jerry explained to me the HORRIBLE way in which
the MIT gss libraries *SUCK*, move the frees to the end
of the function so MIT doesn't segfault.....
Add a comment so that another engineer knows why I did
this.
Jeremy.

14 years agor21848: add a comment about gss_import_name() and when to free the krb5 principal...
Gerald Carter [Thu, 15 Mar 2007 22:09:03 +0000 (22:09 +0000)]
r21848: add a comment about gss_import_name() and when to free the krb5 principal data

14 years agor21847: Fix memory leaks in error paths (and in main code path in one case...)
Jeremy Allison [Thu, 15 Mar 2007 21:53:53 +0000 (21:53 +0000)]
r21847: Fix memory leaks in error paths (and in main code path in one case...)
in sasl bind. Wonder why coverity didn't find these ?
Jeremy.

14 years agor21846: Try and fix the Darwin build which seems to have a strange krb5.
Jeremy Allison [Thu, 15 Mar 2007 20:45:27 +0000 (20:45 +0000)]
r21846: Try and fix the Darwin build which seems to have a strange krb5.
Jeremy.

14 years agor21845: Refactor the sessionsetupX code a little to allow us
Jeremy Allison [Thu, 15 Mar 2007 19:18:18 +0000 (19:18 +0000)]
r21845: Refactor the sessionsetupX code a little to allow us
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.

14 years agor21840: mount.cifs compile on old libc missing bind mount #define
Steve French [Wed, 14 Mar 2007 22:15:21 +0000 (22:15 +0000)]
r21840: mount.cifs compile on old libc missing bind mount #define

Thanks to Thomas Jarosch for pointing this out.

14 years agor21831: Back out r21823 for a while, this is going into a bzr tree first.
Volker Lendecke [Tue, 13 Mar 2007 20:53:38 +0000 (20:53 +0000)]
r21831: Back out r21823 for a while, this is going into a bzr tree first.

Volker

14 years agor21825: add debug prefix timestamp to allow "short timestamps" to be
Herb Lewis [Tue, 13 Mar 2007 17:39:06 +0000 (17:39 +0000)]
r21825: add debug prefix timestamp to allow "short timestamps" to be
added to debug messages

14 years agor21823: Let secrets_store_machine_password() also store the account name. Not used
Volker Lendecke [Tue, 13 Mar 2007 16:13:24 +0000 (16:13 +0000)]
r21823: Let secrets_store_machine_password() also store the account name. Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.

Volker

14 years agor21822: Adding experimental krb5 lib locator plugin.
Günther Deschner [Tue, 13 Mar 2007 16:04:17 +0000 (16:04 +0000)]
r21822: Adding experimental krb5 lib locator plugin.

This is a starting point and may get changed. Basically we need follow the
exact same path to detect (K)DCs like other Samba tools/winbind do. In
particular with regard to the server affinity cache and the site-awarness for
DNS SRV lookups.

To compile just call "make bin/smb_krb5_locator.so", copy to
/usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT)
and you should immediately be able to kinit to your AD domain without having
your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all.

Tested with todays Heimdal HEAD and MIT krb5 1.5.

Guenther

14 years agor21819: Wrap all steps in secrets_store_machine_password into one single
Volker Lendecke [Tue, 13 Mar 2007 14:05:38 +0000 (14:05 +0000)]
r21819: Wrap all steps in secrets_store_machine_password into one single
transaction. Succeed all or store nothing.

Volker

14 years agor21818: Remove some unused code
Volker Lendecke [Tue, 13 Mar 2007 12:45:20 +0000 (12:45 +0000)]
r21818: Remove some unused code

14 years agor21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure
Andrew Tridgell [Tue, 13 Mar 2007 04:42:49 +0000 (04:42 +0000)]
r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure

14 years agor21813: fixed an integer overflow error in the ndr push code.
Andrew Tridgell [Tue, 13 Mar 2007 04:37:09 +0000 (04:37 +0000)]
r21813: fixed an integer overflow error in the ndr push code.

Jerry, you might like to consider this for 3.0.25

14 years agor21804: Create a reference after proto_exits was called once. Else we link the
Lars Müller [Mon, 12 Mar 2007 20:57:49 +0000 (20:57 +0000)]
r21804: Create a reference after proto_exits was called once.  Else we link the
binaries again with each make.  Thx Volker to point my chesty at this.

14 years agor21803: Missed part of patch to make self-referrals work.
Jeremy Allison [Mon, 12 Mar 2007 20:10:12 +0000 (20:10 +0000)]
r21803: Missed part of patch to make self-referrals work.
Jeremy.

14 years agor21801: Fix Coverity ID # 342
Volker Lendecke [Mon, 12 Mar 2007 18:19:48 +0000 (18:19 +0000)]
r21801: Fix Coverity ID # 342

14 years agor21800: Check-in the DFS rewrite. I am still testing this but it
Jeremy Allison [Mon, 12 Mar 2007 17:55:24 +0000 (17:55 +0000)]
r21800: Check-in the DFS rewrite. I am still testing this but it
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.