Günther Deschner [Wed, 27 Aug 2008 11:54:49 +0000 (13:54 +0200)]
net: now that "net rpc user" uses netapi calls exclusivly, net rpc shell needs
to use netapi as well.
Guenther
Günther Deschner [Wed, 27 Aug 2008 11:47:04 +0000 (13:47 +0200)]
net: use netapi for "net rpc user info" to enumerate user group membership.
Guenther
Günther Deschner [Wed, 27 Aug 2008 11:37:56 +0000 (13:37 +0200)]
netapi: implement NetUserGetGroups_r.
Guenther
Günther Deschner [Wed, 27 Aug 2008 11:14:24 +0000 (13:14 +0200)]
netapi: add NetUserGetGroups example code.
Guenther
Günther Deschner [Wed, 27 Aug 2008 11:13:57 +0000 (13:13 +0200)]
netapi: add NetUserGetGroups to public headers.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:55:57 +0000 (11:55 +0200)]
netapi: fix NetUserSetInfo return code for currently unsupported levels.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:49:55 +0000 (11:49 +0200)]
netapi: add skeleton for NetUserGetGroups.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:48:06 +0000 (11:48 +0200)]
re-run make idl.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:47:39 +0000 (11:47 +0200)]
netapi: add NetUserGetGroups to IDL.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:19:49 +0000 (11:19 +0200)]
net: use netapi function to set user password.
Guenther
Günther Deschner [Wed, 27 Aug 2008 09:14:15 +0000 (11:14 +0200)]
net: use netapi function to list users.
Guenther
Günther Deschner [Wed, 27 Aug 2008 00:18:30 +0000 (02:18 +0200)]
netapi: support level 1014 in NetUserSetInfo.
Guenther
Günther Deschner [Wed, 27 Aug 2008 00:11:54 +0000 (02:11 +0200)]
netapi: support level 1024 in NetUserSetInfo.
Guenther
Günther Deschner [Wed, 27 Aug 2008 00:02:30 +0000 (02:02 +0200)]
netapi: support level 1051 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:53:10 +0000 (01:53 +0200)]
netapi: support level 1053 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:47:33 +0000 (01:47 +0200)]
netapi: support level 1052 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:44:40 +0000 (01:44 +0200)]
re-run make idl.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:43:52 +0000 (01:43 +0200)]
netapi: add usriX_profile/usriX_home_dir_drive/usriX_primary_group_id to USER_INFO_X in IDL.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:40:46 +0000 (01:40 +0200)]
netapi: support level 1006 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:36:49 +0000 (01:36 +0200)]
netapi: support level 1012 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:36:06 +0000 (01:36 +0200)]
netapi: fix acct_flags handling in convert_USER_INFO_X_to_samr_user_info21.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:15:21 +0000 (01:15 +0200)]
netapi: support level 1009 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 23:04:21 +0000 (01:04 +0200)]
netapi: support level 1011 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:57:07 +0000 (00:57 +0200)]
netapi: fix convert_USER_INFO_X_to_samr_user_info21.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:33:49 +0000 (00:33 +0200)]
netapi: support level 1003 in NetUserSetInfo.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:33:16 +0000 (00:33 +0200)]
netapi: process level 1003 in construct_USER_INFO_X as well.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:32:08 +0000 (00:32 +0200)]
netapi: make set_user_info_USER_INFO_X a separate function.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:31:20 +0000 (00:31 +0200)]
netapi: add more infolevels to NetUserSetInfo example.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:30:51 +0000 (00:30 +0200)]
netapi: add ENCRYPTED_PWLEN to public header.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:30:22 +0000 (00:30 +0200)]
re-run make idl.
Guenther
Günther Deschner [Tue, 26 Aug 2008 22:30:04 +0000 (00:30 +0200)]
netapi: fix ENCRYPTED_PWLEN in IDL.
Guenther
Günther Deschner [Tue, 26 Aug 2008 19:12:23 +0000 (21:12 +0200)]
netapi: add all USER_INFO structs to public header.
Guenther
Günther Deschner [Tue, 26 Aug 2008 19:10:19 +0000 (21:10 +0200)]
net: use netapi for rpc_user_rename.
Guenther
Günther Deschner [Fri, 29 Aug 2008 09:38:02 +0000 (11:38 +0200)]
kerberos: fix HAVE_KRB5 related build issue.
Guenther
Günther Deschner [Fri, 22 Aug 2008 12:58:01 +0000 (14:58 +0200)]
kerberos: use KRB5_KT_KEY macro where appropriate.
Guenther
Günther Deschner [Fri, 22 Aug 2008 12:52:10 +0000 (14:52 +0200)]
kerberos: add KRB5_KT_KEY abstraction macro.
Guenther
Günther Deschner [Fri, 22 Aug 2008 14:08:00 +0000 (16:08 +0200)]
kerberos: move the KRB5_KEY* macros to header file.
Guenther
Jeremy Allison [Thu, 28 Aug 2008 23:06:23 +0000 (16:06 -0700)]
Clarify usage of "force create mode".
Jeremy.
Volker Lendecke [Thu, 28 Aug 2008 13:44:14 +0000 (15:44 +0200)]
Remove cli_request_get()
req->private_data==NULL at this point is definitely a bug.
Volker Lendecke [Wed, 27 Aug 2008 17:30:57 +0000 (19:30 +0200)]
Add async smbecho client support
Volker Lendecke [Wed, 27 Aug 2008 17:26:40 +0000 (19:26 +0200)]
Add cli_request->recv_helper
Necessary for requests with multiple replies
Volker Lendecke [Mon, 25 Aug 2008 13:59:36 +0000 (15:59 +0200)]
Activate code to enable chained requests
Add the CHAIN1 torture test
Volker Lendecke [Mon, 25 Aug 2008 13:56:26 +0000 (15:56 +0200)]
This adds the code to allow chained requests in libsmb/
This is not compiled yet, but it makes the patches much easier to read if it is
add in bulk.
Volker Lendecke [Mon, 25 Aug 2008 12:40:15 +0000 (14:40 +0200)]
Move "struct cli_request" from client.h to async_smb.h
Also add some comments
Volker Lendecke [Mon, 25 Aug 2008 11:33:41 +0000 (13:33 +0200)]
Add cli_pull_reply
Along the lines of cli_request_send this abstracts away the smb-level buffer
handling when parsing replies we got from the server.
Volker Lendecke [Sun, 24 Aug 2008 12:17:43 +0000 (14:17 +0200)]
Remove cli->event_ctx, pass it explicitly
Storing the event_context as permanent state in struct cli_state creates more
complex code than necessary IMO.
Volker Lendecke [Sat, 2 Aug 2008 16:44:39 +0000 (18:44 +0200)]
Add async open&x
Volker Lendecke [Fri, 1 Aug 2008 21:18:15 +0000 (23:18 +0200)]
Add async cli_close
Volker Lendecke [Fri, 1 Aug 2008 21:14:51 +0000 (23:14 +0200)]
Refactoring: Add the routine cli_request_send()
cli_request_send() is supposed to bundle all generic SMB-header handling. This
makes cli_request_new static to async_smb.c.
Günther Deschner [Thu, 28 Aug 2008 10:29:24 +0000 (12:29 +0200)]
winbindd: fix invalid sid copy (hit when enumerating sibling domains).
Guenther
Jeremy Allison [Thu, 28 Aug 2008 00:29:10 +0000 (17:29 -0700)]
Fix the wcache_invalidate_samlogon calls.
Jeremy.
Ephi Dror [Thu, 28 Aug 2008 00:28:34 +0000 (17:28 -0700)]
Correct the netsamlogon_clear_cached_user function.
Jeremy Allison [Wed, 27 Aug 2008 22:06:14 +0000 (15:06 -0700)]
Add st_birthtime and friends for accurate create times on systems that support it (*BSD and MacOSX).
Should have done this ages ago, sorry.
Jeremy.
Steve French [Wed, 27 Aug 2008 22:00:00 +0000 (17:00 -0500)]
mount.cifs: unclear error message with "credentials"
Thanks to Christophe Curis for the suggestion
Jeremy Allison [Wed, 27 Aug 2008 18:28:18 +0000 (11:28 -0700)]
Be explicit about setting perms for the ldb. Helps others who may use this api.
Jeremy.
Karolin Seeger [Wed, 27 Aug 2008 11:23:20 +0000 (13:23 +0200)]
ldb: Fix permissions of new ldg files.
This one fixes together with
2eaf4ed62 bug #5715 and CVE-2008-3789.
Thanks to Steve Langasek <vorlon@debian.org> for reporting!
Karolin
(cherry picked from commit
b666d0a4b597218f5f5020bf36d80d84dcbf7259)
Andrew Tridgell [Wed, 27 Aug 2008 08:45:43 +0000 (10:45 +0200)]
ldb: Fix permissions of group_mapping.ldb.
This one fixes bug #5715 and CVE-2008-3789.
(cherry picked from commit
a94f44c49f668fcf12f4566777a668043326bf97)
Jeremy Allison [Wed, 27 Aug 2008 01:05:34 +0000 (18:05 -0700)]
Fix bug spotted by Simo - don't use legacy if expired entry.
Jeremy.
Jeremy Allison [Tue, 26 Aug 2008 23:14:25 +0000 (16:14 -0700)]
Don't ask winbindd if we got a -ve cache entry.
Jeremy.
Jeremy Allison [Tue, 26 Aug 2008 22:51:56 +0000 (15:51 -0700)]
Fix the build :-(. Ask winbindd if we find a negative cache entry (or should
we just call the legacy function ?).
Jeremy.
Jeremy Allison [Tue, 26 Aug 2008 21:52:11 +0000 (14:52 -0700)]
Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid mappings.
Jeremy.
Volker Lendecke [Fri, 15 Aug 2008 16:24:09 +0000 (18:24 +0200)]
Increase the default positive idmap cache time to a week
Volker Lendecke [Fri, 15 Aug 2008 17:08:27 +0000 (19:08 +0200)]
Move idmap_cache.c from winbindd/ to lib/
Michael Adam [Tue, 26 Aug 2008 14:09:50 +0000 (16:09 +0200)]
run make idl after idl change "Handle arbitrary new PAC types"
Michael
Andrew Tridgell [Sun, 24 Aug 2008 04:00:58 +0000 (14:00 +1000)]
Handle arbitrary new PAC types
When MS introduces a new PAC type, we should just ignore it, not
generate a parse error. New PAC info structures are supposed to be
backwards compatible with old ones
Andrew Tridgell [Tue, 26 Aug 2008 04:06:42 +0000 (14:06 +1000)]
EINVAL is also a valid error return, meaning "this filesystem
cannot do sendfile for this file"
Andrew Tridgell [Sun, 24 Aug 2008 03:58:05 +0000 (13:58 +1000)]
become root for AIO operations
We need to become root for AIO read and write to allow the AIO thread
to send a completion signal to the parent process when the IO
completes
Andrew Tridgell [Sun, 24 Aug 2008 03:56:59 +0000 (13:56 +1000)]
Avoid a race condition in glibc between AIO and setresuid().
See this test: http://samba.org/~tridge/junkcode/aio_uid.c
The problem is that setresuid() tries to be clever about threads, and
tries to change the euid of any threads that are running. If a AIO read
or write completes while this is going on then the signal from the thread
where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo()
The simplest fix is to try to use setreuid() instead of setresuid(),
as setreuid() doesn't try to be clever. Unfortunately this also means
we must use become_root()/unbecome_root() in the aio code.
Andrew Tridgell [Sun, 24 Aug 2008 03:53:19 +0000 (13:53 +1000)]
fixed an errno handling bug that could lead to an infinite loop
Andrew Tridgell [Sat, 23 Aug 2008 01:36:27 +0000 (11:36 +1000)]
fixed tsmsm_sendfile(). The logic was totally broken.
Günther Deschner [Tue, 26 Aug 2008 11:47:43 +0000 (13:47 +0200)]
build: make sure to create CODEPAGEDIR and MODULESDIR.
Guenther
David Leonard [Mon, 25 Aug 2008 22:17:53 +0000 (15:17 -0700)]
Fix bug 4516, no IPv6 on Solaris 2.6.
Günther Deschner [Mon, 25 Aug 2008 11:03:15 +0000 (13:03 +0200)]
winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well.
Guenther
Günther Deschner [Mon, 25 Aug 2008 11:15:41 +0000 (13:15 +0200)]
winbindd: move set_auth_errors to util functions.
Guenther
Günther Deschner [Mon, 25 Aug 2008 09:37:57 +0000 (11:37 +0200)]
winbindd: only create machine pwd change event when in primary domain child.
Guenther
Günther Deschner [Mon, 25 Aug 2008 09:36:56 +0000 (11:36 +0200)]
auth: Fix build warning.
Guenther
Volker Lendecke [Sun, 24 Aug 2008 10:46:26 +0000 (12:46 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Sun, 24 Aug 2008 10:43:36 +0000 (12:43 +0200)]
Fix some C++ warnings
Volker Lendecke [Sat, 23 Aug 2008 13:40:43 +0000 (15:40 +0200)]
Revert "Protect against short read&x replies"
This reverts commit
4ed73cbbbeff4b554cc8d28252b756241396b3a1.
... how did this end up here??
Volker
Volker Lendecke [Wed, 13 Aug 2008 17:57:19 +0000 (19:57 +0200)]
Protect against short read&x replies
Volker Lendecke [Tue, 19 Aug 2008 08:14:59 +0000 (10:14 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Sat, 23 Aug 2008 11:12:36 +0000 (13:12 +0200)]
Use talloc_stackframe() in machine_password_change_handler
Volker Lendecke [Sat, 23 Aug 2008 11:12:05 +0000 (13:12 +0200)]
Fix a memleak in calculate_next_machine_pwd_change
Günther Deschner [Wed, 20 Aug 2008 23:20:22 +0000 (01:20 +0200)]
winbindd: add event based machine password change.
Guenther
Jeremy Allison [Fri, 22 Aug 2008 20:49:46 +0000 (13:49 -0700)]
Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
Gerald (Jerry) Carter [Fri, 22 Aug 2008 19:54:50 +0000 (14:54 -0500)]
idmap_gid_to_sid: Fix a cut-a-npaste error.
The call was looking up a uid and not gid in the cache.
Gerald (Jerry) Carter [Fri, 22 Aug 2008 15:17:04 +0000 (10:17 -0500)]
winbindd: Fix crash in cm_connect_sam()
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
Jeff Layton [Fri, 22 Aug 2008 17:29:16 +0000 (13:29 -0400)]
cifs.upcall: bump SPNEGO msg version number and don't reject old versions
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Karolin Seeger [Fri, 22 Aug 2008 15:23:36 +0000 (17:23 +0200)]
manpages: Add documentation for new 'net rpc vampire' subcommands.
Karolin
Karolin Seeger [Fri, 22 Aug 2008 14:47:19 +0000 (16:47 +0200)]
net: Add missing colon to unify usage messages.
Karolin
Karolin Seeger [Fri, 22 Aug 2008 09:04:49 +0000 (11:04 +0200)]
manpages: Add manpage for "init logon delayed hosts".
Karolin
Karolin Seeger [Fri, 22 Aug 2008 09:04:16 +0000 (11:04 +0200)]
manpages: Add manpage for "init logon delay".
Karolin
Karolin Seeger [Fri, 22 Aug 2008 08:05:42 +0000 (10:05 +0200)]
loadparm: idmap backend is not depracated any longer.
Karolin
Jeff Layton [Fri, 22 Aug 2008 01:21:48 +0000 (21:21 -0400)]
cifs.upcall: fix build warning
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Mon, 18 Aug 2008 17:49:59 +0000 (13:49 -0400)]
cifs.upcall: enable building by default on linux
When building on linux, default to building cifs.upcall. Throw a
warning if ADS support is disabled or keyutils isn't installed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Mon, 18 Aug 2008 17:49:59 +0000 (13:49 -0400)]
cifs.upcall: move default install location to EPREFIX/sbin
cifs.upcall links to libraries that live under /usr, so installing it
in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
(i.e. /usr/sbin).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 20 Aug 2008 01:29:41 +0000 (21:29 -0400)]
cifs.upcall: handle MSKRB5 OID properly
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
Jeff Layton [Sat, 16 Aug 2008 10:09:29 +0000 (06:09 -0400)]
mount.cifs: don't prompt for password on krb5 mounts
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Thu, 21 Aug 2008 22:27:22 +0000 (15:27 -0700)]
Fix broken net rpc join message when DC can't be found. Ensure we pass in a domain name.
Jeremy.
Günther Deschner [Thu, 21 Aug 2008 22:20:46 +0000 (00:20 +0200)]
rpc_server: make it a little more obvious what flags we send to a client.
Guenther