Andrew Tridgell [Tue, 26 Aug 2008 04:06:42 +0000 (14:06 +1000)]
EINVAL is also a valid error return, meaning "this filesystem
cannot do sendfile for this file"
Andrew Tridgell [Sun, 24 Aug 2008 03:58:05 +0000 (13:58 +1000)]
become root for AIO operations
We need to become root for AIO read and write to allow the AIO thread
to send a completion signal to the parent process when the IO
completes
Andrew Tridgell [Sun, 24 Aug 2008 03:56:59 +0000 (13:56 +1000)]
Avoid a race condition in glibc between AIO and setresuid().
See this test: http://samba.org/~tridge/junkcode/aio_uid.c
The problem is that setresuid() tries to be clever about threads, and
tries to change the euid of any threads that are running. If a AIO read
or write completes while this is going on then the signal from the thread
where the IO completed is lost, as it gets -1/EPERM from rt_sigqueueinfo()
The simplest fix is to try to use setreuid() instead of setresuid(),
as setreuid() doesn't try to be clever. Unfortunately this also means
we must use become_root()/unbecome_root() in the aio code.
Andrew Tridgell [Sun, 24 Aug 2008 03:53:19 +0000 (13:53 +1000)]
fixed an errno handling bug that could lead to an infinite loop
Andrew Tridgell [Sat, 23 Aug 2008 01:36:27 +0000 (11:36 +1000)]
fixed tsmsm_sendfile(). The logic was totally broken.
Günther Deschner [Tue, 26 Aug 2008 11:47:43 +0000 (13:47 +0200)]
build: make sure to create CODEPAGEDIR and MODULESDIR.
Guenther
David Leonard [Mon, 25 Aug 2008 22:17:53 +0000 (15:17 -0700)]
Fix bug 4516, no IPv6 on Solaris 2.6.
Günther Deschner [Mon, 25 Aug 2008 11:03:15 +0000 (13:03 +0200)]
winbindd: use set_auth_errors() in winbindd_dual_check_machine_acct as well.
Guenther
Günther Deschner [Mon, 25 Aug 2008 11:15:41 +0000 (13:15 +0200)]
winbindd: move set_auth_errors to util functions.
Guenther
Günther Deschner [Mon, 25 Aug 2008 09:37:57 +0000 (11:37 +0200)]
winbindd: only create machine pwd change event when in primary domain child.
Guenther
Günther Deschner [Mon, 25 Aug 2008 09:36:56 +0000 (11:36 +0200)]
auth: Fix build warning.
Guenther
Volker Lendecke [Sun, 24 Aug 2008 10:46:26 +0000 (12:46 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Sun, 24 Aug 2008 10:43:36 +0000 (12:43 +0200)]
Fix some C++ warnings
Volker Lendecke [Sat, 23 Aug 2008 13:40:43 +0000 (15:40 +0200)]
Revert "Protect against short read&x replies"
This reverts commit
4ed73cbbbeff4b554cc8d28252b756241396b3a1.
... how did this end up here??
Volker
Volker Lendecke [Wed, 13 Aug 2008 17:57:19 +0000 (19:57 +0200)]
Protect against short read&x replies
Volker Lendecke [Tue, 19 Aug 2008 08:14:59 +0000 (10:14 +0200)]
Fix some nonempty blank lines
Volker Lendecke [Sat, 23 Aug 2008 11:12:36 +0000 (13:12 +0200)]
Use talloc_stackframe() in machine_password_change_handler
Volker Lendecke [Sat, 23 Aug 2008 11:12:05 +0000 (13:12 +0200)]
Fix a memleak in calculate_next_machine_pwd_change
Günther Deschner [Wed, 20 Aug 2008 23:20:22 +0000 (01:20 +0200)]
winbindd: add event based machine password change.
Guenther
Jeremy Allison [Fri, 22 Aug 2008 20:49:46 +0000 (13:49 -0700)]
Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
Gerald (Jerry) Carter [Fri, 22 Aug 2008 19:54:50 +0000 (14:54 -0500)]
idmap_gid_to_sid: Fix a cut-a-npaste error.
The call was looking up a uid and not gid in the cache.
Gerald (Jerry) Carter [Fri, 22 Aug 2008 15:17:04 +0000 (10:17 -0500)]
winbindd: Fix crash in cm_connect_sam()
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
Jeff Layton [Fri, 22 Aug 2008 17:29:16 +0000 (13:29 -0400)]
cifs.upcall: bump SPNEGO msg version number and don't reject old versions
When we added the ability for the kernel to send sec=mskrb5 to the
upcall, we subtly broke old cifs.upcall versions that don't understand
it. Bump the spnego message version to 2 to make this clear. Also,
change cifs.upcall to not reject requests with a version that's lower
than the current one, and to send the reply with the same version that
the request sent. The idea is to try and keep cifs.upcall backward
compatible with old kernels.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Karolin Seeger [Fri, 22 Aug 2008 15:23:36 +0000 (17:23 +0200)]
manpages: Add documentation for new 'net rpc vampire' subcommands.
Karolin
Karolin Seeger [Fri, 22 Aug 2008 14:47:19 +0000 (16:47 +0200)]
net: Add missing colon to unify usage messages.
Karolin
Karolin Seeger [Fri, 22 Aug 2008 09:04:49 +0000 (11:04 +0200)]
manpages: Add manpage for "init logon delayed hosts".
Karolin
Karolin Seeger [Fri, 22 Aug 2008 09:04:16 +0000 (11:04 +0200)]
manpages: Add manpage for "init logon delay".
Karolin
Karolin Seeger [Fri, 22 Aug 2008 08:05:42 +0000 (10:05 +0200)]
loadparm: idmap backend is not depracated any longer.
Karolin
Jeff Layton [Fri, 22 Aug 2008 01:21:48 +0000 (21:21 -0400)]
cifs.upcall: fix build warning
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Mon, 18 Aug 2008 17:49:59 +0000 (13:49 -0400)]
cifs.upcall: enable building by default on linux
When building on linux, default to building cifs.upcall. Throw a
warning if ADS support is disabled or keyutils isn't installed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Mon, 18 Aug 2008 17:49:59 +0000 (13:49 -0400)]
cifs.upcall: move default install location to EPREFIX/sbin
cifs.upcall links to libraries that live under /usr, so installing it
in /sbin doesn't seem appropriate. Move it to EPREFIX/sbin instead
(i.e. /usr/sbin).
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeff Layton [Wed, 20 Aug 2008 01:29:41 +0000 (21:29 -0400)]
cifs.upcall: handle MSKRB5 OID properly
When the kernel sends the upcall a sec=mskrb5 parameter, that means
the the MSKRB5 OID is preferred by the server. This patch fixes the
upcall to use that OID in place of the "normal" krb5 OID when it
gets a sec=mskrb5 parameter.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Acked-by: Steve French <smfrench@gmail.com>
Jeff Layton [Sat, 16 Aug 2008 10:09:29 +0000 (06:09 -0400)]
mount.cifs: don't prompt for password on krb5 mounts
krb5 mounts require that the user already have a valid krb5 ticket.
Since we can't currently use the password entered, don't prompt for it.
Also, switch to using strncmp instead of strcmp here.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Jeremy Allison [Thu, 21 Aug 2008 22:27:22 +0000 (15:27 -0700)]
Fix broken net rpc join message when DC can't be found. Ensure we pass in a domain name.
Jeremy.
Günther Deschner [Thu, 21 Aug 2008 22:20:46 +0000 (00:20 +0200)]
rpc_server: make it a little more obvious what flags we send to a client.
Guenther
Günther Deschner [Thu, 21 Aug 2008 13:05:35 +0000 (15:05 +0200)]
Fix Bug #5710 and make machine account password changing work again.
When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use
NetrServerPasswordSet2 to change the machine password.
Tested with NT4, W2k, W2k3 and W2k8.
Guenther
Jeremy Allison [Thu, 21 Aug 2008 17:25:02 +0000 (10:25 -0700)]
Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid <Douglas_E_Wegscheid@whirlpool.com>.
Jeremy.
Günther Deschner [Thu, 21 Aug 2008 13:02:03 +0000 (15:02 +0200)]
re-run make idl.
Guenther
Günther Deschner [Thu, 21 Aug 2008 13:01:36 +0000 (15:01 +0200)]
IDL: fix IDL for netr_ServerPasswordSet2().
Guenther
Michael Adam [Thu, 21 Aug 2008 08:57:36 +0000 (10:57 +0200)]
gitignore: add examples/libsmbclient/Makefile.internal - a generated file
Michael
Michael Adam [Thu, 21 Aug 2008 08:50:49 +0000 (10:50 +0200)]
build: add [clean_]libsmbclient_examples targets to top level Makefile
Michael
Michael Adam [Thu, 21 Aug 2008 08:49:57 +0000 (10:49 +0200)]
libsmbclient examples: source/bin to the library search path for smbwrapper build
Michael
Michael Adam [Thu, 21 Aug 2008 08:48:44 +0000 (10:48 +0200)]
libsmbclient examples: add Makefile.internal.in for building from a samba source
Without needing to install libsmbclient to /usr/local/samba first.
Michael
Michael Adam [Thu, 21 Aug 2008 08:41:11 +0000 (10:41 +0200)]
libsmbclient examples: fix prototype for readlink
Michael
Jeremy Allison [Wed, 20 Aug 2008 23:24:22 +0000 (16:24 -0700)]
Here is a re-working of the winbindd
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
Michael Adam [Wed, 20 Aug 2008 20:31:53 +0000 (22:31 +0200)]
gitignore: add examples/libsmbclient/tree
Michael
Michael Adam [Wed, 20 Aug 2008 20:31:07 +0000 (22:31 +0200)]
gitignore: add lib/netapi/tests/Makefile
Michael
Michael Adam [Wed, 20 Aug 2008 20:34:26 +0000 (22:34 +0200)]
gitignore: add libsmbsharemodes.syms - this is now generated
Michael
Michael Adam [Wed, 20 Aug 2008 13:09:27 +0000 (15:09 +0200)]
build: auto-generate symbols for libsmbsharemodes.
Michael
Michael Adam [Wed, 20 Aug 2008 20:33:17 +0000 (22:33 +0200)]
gitignore: add libsmbclient.syms - this is now generated
Michael
Michael Adam [Wed, 20 Aug 2008 13:06:02 +0000 (15:06 +0200)]
build: autogenerate symbols for libsmbclient.so
Michael
Michael Adam [Wed, 20 Aug 2008 12:56:18 +0000 (14:56 +0200)]
build: fix bug #5590 by not linking in the static libs but the objects.
Michael
Michael Adam [Wed, 20 Aug 2008 12:55:24 +0000 (14:55 +0200)]
build: fall down to the same place when using an internal lib statically.
Michael
Michael Adam [Wed, 20 Aug 2008 12:47:26 +0000 (14:47 +0200)]
build: remove duplicated and hardcoded definition of LIBSMBSHAREMODES
Michael
Michael Adam [Wed, 20 Aug 2008 11:22:13 +0000 (13:22 +0200)]
build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency.
Michael
Günther Deschner [Wed, 20 Aug 2008 16:40:58 +0000 (18:40 +0200)]
fix build warning.
Guenther
Günther Deschner [Wed, 20 Aug 2008 19:17:35 +0000 (21:17 +0200)]
libads: remove unused vars.
Guenther
Günther Deschner [Wed, 20 Aug 2008 18:24:45 +0000 (20:24 +0200)]
fix another build warning.
Guenther
Gerald (Jerry) Carter [Wed, 20 Aug 2008 18:00:40 +0000 (13:00 -0500)]
nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT
According to the GNU libc nss guide, we should always set
errno to ENOENT when returning NSS_UNAVAIL.
http://www.gnu.org/software/libtool/manual/libc/NSS-Modules-Interface.html#NSS-Modules-Interface
At least the MQ Series message queing service that runs
on WebSphere will fail if you return any other errno in this case.
Stefan Metzmacher [Tue, 19 Aug 2008 14:34:50 +0000 (16:34 +0200)]
smbd: fix the handling of create_options to pass RAW-OPEN
Some of the bits generate INVALID_PARAMETER and some bits
are ignored when they come from a client, that's why we need
to use bits from the ignored range for our internal usage.
metze
Steven Danneman [Tue, 19 Aug 2008 18:05:07 +0000 (11:05 -0700)]
Updated Doxyfile conf to doxygen version 1.5.3
* Removed deprecated configuration parameters
* Silenced all warnings due to lack of doxygen comments
* Reordered config parameters to match doxygen's canonical ordering
Jeremy Allison [Wed, 20 Aug 2008 00:30:30 +0000 (17:30 -0700)]
Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address
reported by Ted Percival <ted@midg3t.net>.
Jeremy.
Günther Deschner [Tue, 19 Aug 2008 16:03:13 +0000 (18:03 +0200)]
winbindd: consistently use false/true.
Guenther
Günther Deschner [Tue, 19 Aug 2008 16:31:35 +0000 (18:31 +0200)]
winbindd: use set_auth_errors (avoid code duplication).
Guenther
Günther Deschner [Tue, 19 Aug 2008 16:31:10 +0000 (18:31 +0200)]
winbindd: fill_in_password_policy (to avoid redundant code).
Guenther
Günther Deschner [Tue, 19 Aug 2008 14:19:54 +0000 (16:19 +0200)]
pam_winbind: some doxygen fixes.
Guenther
Günther Deschner [Tue, 19 Aug 2008 13:09:12 +0000 (15:09 +0200)]
wbinfo: use wbinfo_prompt_pass() everywhere.
Guenther
Günther Deschner [Tue, 19 Aug 2008 13:32:37 +0000 (15:32 +0200)]
wbinfo: add wbinfo_prompt_pass.
Guenther
Günther Deschner [Thu, 14 Aug 2008 18:56:47 +0000 (20:56 +0200)]
pam_winbind: use pam error string function to display result.
Guenther
Günther Deschner [Thu, 14 Aug 2008 15:40:26 +0000 (17:40 +0200)]
pam_winbind: add _pam_error_code_str().
Guenther
Günther Deschner [Thu, 14 Aug 2008 11:07:51 +0000 (13:07 +0200)]
pam_winbind: use integer constants.
Guenther
Günther Deschner [Mon, 18 Aug 2008 23:18:24 +0000 (01:18 +0200)]
winbindd: kill some trailing/leading whitespace.
Guenther
Michael Adam [Tue, 19 Aug 2008 11:29:24 +0000 (13:29 +0200)]
build: fix linking cifs.upcall when nscd_flush_cache() is found.
Michael
Jeremy Allison [Mon, 18 Aug 2008 23:18:34 +0000 (16:18 -0700)]
Make the change to smbcontrol for "all" to mean broadcast,
and "smbd" to mean the main smb daemon. Update docs to match.
Jeremy.
Igor Mammedov [Mon, 18 Aug 2008 16:55:11 +0000 (09:55 -0700)]
Fix length error in wrapping spnego blob
Jeremy Allison [Sun, 17 Aug 2008 02:23:38 +0000 (19:23 -0700)]
Fix bug 5696. The problem was when smbd
was asking for a winbindd name to SID lookup of
"Unix Group\name" where "name" was also a valid username,
the winbindd passdb lookup of that name was losing the
domain string info before calling lookup name (ie. lookup_name()
was being called with just the string "name", not the
full string "Unix Group\name").
The passdb backend of winbindd has to cope with
not only names from it's own global SAM domain,
but it does lookups for BUILTIN and "Unix User"
and "Unix Group" also, so making it guess by
losing the domain string is "A Bad Idea" (tm) :-).
Note that as winbind globally calls winbind_off()
at startup, it's safe for winbind to call sys_getgrnam()
to do the "Unix Group" lookup from inside lookup_name().
Jeremy.
Volker Lendecke [Sat, 16 Aug 2008 09:12:35 +0000 (11:12 +0200)]
Attempt to fix Coverity ID 596
Jeremy, please check & push if it's ok.
Volker Lendecke [Sat, 16 Aug 2008 09:17:09 +0000 (11:17 +0200)]
Attempt to fix Coverity ID 595
is_ipaddress already dereferences "name", so the NULL check is pointless after
calling it.
Herb Lewis [Fri, 15 Aug 2008 22:28:23 +0000 (15:28 -0700)]
I think the problem with these functions is that lookup_usergroups
should never include the user SID.
The comment for the function in winbindd/winbindd_ads.c says
/* Lookup groups a user is a member of. */
The following patch makes the wbinfo calls return the correct data
before and after a login.
wbinfo --user-domgroups and --user-sids
Michael Adam [Fri, 15 Aug 2008 13:55:17 +0000 (15:55 +0200)]
configure: use libdir=${prefix}/lib and modules=${libdir}/samba as default with-fhs.
This is what one actually wants:
Shared/static libs in /usr/lib, shared modules and so on in /usr/lib/samba.
Michael
Michael Adam [Fri, 15 Aug 2008 12:38:41 +0000 (14:38 +0200)]
configure: use ${libdir} instead of \${LIBDIR}.
Now after removing --with-libdir, the value of ${libdir} won't change
anymore at that stage, so there is no need to have the variable expansion
deferred to "make".
Michael
Michael Adam [Fri, 15 Aug 2008 12:35:46 +0000 (14:35 +0200)]
configure: remove the --with-libdir parameter.
This is redundant: use the autoconf-provided --libdir instead.
This will also make the new distinction between libdir and modulesdir
more visible.
Michael
Michael Adam [Thu, 14 Aug 2008 22:45:57 +0000 (00:45 +0200)]
popt: add support for setting MODULESDIR via popt_common_dynconfig.
Michael
Michael Adam [Thu, 14 Aug 2008 22:50:56 +0000 (00:50 +0200)]
svcctl: use MODULESDIR instead of LIBDIR for the svcctl script directory.
Michael
Michael Adam [Thu, 14 Aug 2008 22:49:19 +0000 (00:49 +0200)]
libgpo: use MODULESDIR instead of LIBDIR for the group policy extensions.
Michael
Michael Adam [Thu, 14 Aug 2008 22:47:30 +0000 (00:47 +0200)]
Use module_path() instead of lib_path() for loading shared modules.
Michael
Michael Adam [Thu, 14 Aug 2008 22:44:14 +0000 (00:44 +0200)]
Add modules_path() to construct paths to files in MODULESDIR.
Michael
Michael Adam [Thu, 14 Aug 2008 22:46:46 +0000 (00:46 +0200)]
buildoptions: output MODULESDIR.
Michael
Michael Adam [Thu, 14 Aug 2008 22:43:31 +0000 (00:43 +0200)]
dynconfig: add support for MODULESDIR.
Michael
Michael Adam [Thu, 14 Aug 2008 22:36:49 +0000 (00:36 +0200)]
configure: Add --with-modulesdir to accompany --with-libdir.
This starts the seplitting of libdir in to libdir and modulesdir.
Our shared libs should go into libdir, the internal shared modules,
codepages, and other stuff that was originally in libdir, should
go into modulesdir.
The idea behind this is, that in a typical installation,
the shared (and static) libraries (as libtalloc, libsmbclient,
libwbclient and others) should be put into /usr/lib, while
the e.g. the vfs modules should reside in /usr/lib/samba.
This is meant to ease the work of packagers and reduce
the needs for manual interaction and workarounds.
Michael
Michael Adam [Thu, 14 Aug 2008 22:58:47 +0000 (00:58 +0200)]
dynconfig: remove commented-out old stuff from dynconfig.c and dynconfig.h
Michael
Michael Adam [Thu, 14 Aug 2008 21:44:06 +0000 (23:44 +0200)]
dynconfig: remove unused prototypes.
set_dyn_STATEDIR, is_default_dyn_STATEDIR,
set_dyn_CACHEDIR, is_default_dyn_CACHEDIR
are neither used nor implemented.
Michael
Michael Adam [Thu, 14 Aug 2008 21:14:42 +0000 (23:14 +0200)]
proto.h: remove prototypes from dynconfig.c
These are also in dynconfig.h and were originally added
by "make proto" by accident.
Michael
Michael Adam [Thu, 14 Aug 2008 21:18:28 +0000 (23:18 +0200)]
Makefile: print codepagedir in "make showlayout".
Michael
Michael Adam [Fri, 15 Aug 2008 21:17:48 +0000 (23:17 +0200)]
build: fix a typo in the installlibtalloc rule.
The symlink liballoc.so -> libtalloc.so.1 would have been
created unconditionally, independent of the existence of
libtalloc.so.1.
Michael
Jeremy Allison [Fri, 15 Aug 2008 04:52:11 +0000 (21:52 -0700)]
Fix show-stopper for 3.2. Smbd depends on group SID
position zero being the primary group sid. Authenicating
via winbindd call returned a non-sorted sid list. This
fixes is for both a winbindd call and a pac list from
an info3 struct. Without this we mess up the
primary group associated with created files. Found by
Herb.
Jeremy.
Jeremy Allison [Thu, 14 Aug 2008 21:36:02 +0000 (14:36 -0700)]
Make it clear that this is a temporary context byusing a talloc stackframe instead.
Jeremy
Jeremy Allison [Thu, 14 Aug 2008 17:58:50 +0000 (10:58 -0700)]
Fix bug #5692 - Core dump in full_audit.so.
There were some function mismatches in the various GET_NT_ACL modules (some places the fsp parameter has not been removed).
Jeremy.
Michael Adam [Thu, 14 Aug 2008 15:46:28 +0000 (17:46 +0200)]
Revert "Add a gpfs_prefetch module"
This reverts commit
fc9b30bed2d774dca6660b497cb50f982b23b885.
Sorry, this got pushed by accident:
"This can not go upstream yet because it uses the non-GPL libgpfs."
Michael
Karolin Seeger [Wed, 13 Aug 2008 19:27:55 +0000 (21:27 +0200)]
smbspool: Fix printing on port 139.
This one was introduced with
8eff35bc.
Thanks to Noèl Köthe for tracking that down!
Karolin