Jeremy Allison [Wed, 16 May 2007 22:52:17 +0000 (22:52 +0000)]
r22956: Fix security=server (bug #4622). Volker's patch
(slightly truncated by me). Will be in 3.0.25a.
Jeremy.
James Peach [Wed, 16 May 2007 22:34:58 +0000 (22:34 +0000)]
r22955: Disable dependency tracking by default.
Volker Lendecke [Wed, 16 May 2007 20:56:39 +0000 (20:56 +0000)]
r22954: More messaging_register
Volker Lendecke [Wed, 16 May 2007 20:02:32 +0000 (20:02 +0000)]
r22953: Well, this apparently has never been tested. But *this* code never saw a
release yet .... ;-))
Jeremy Allison [Wed, 16 May 2007 17:17:25 +0000 (17:17 +0000)]
r22950: Fix the issue Volker reported here :
"Attempt to fix some build farm failures: On port 139 the first
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure."
The irritating thing is that I already had it correct in
SAMBA_3_0_26 and forgot to merge the change across.
len == 0 is a valid return - I messed that up when
converting client_receive_smb() to return a length
rather than a BOOL.
Doh !
Jeremy.
Volker Lendecke [Wed, 16 May 2007 14:45:09 +0000 (14:45 +0000)]
r22943: More message_register -> messaging_register
Volker Lendecke [Wed, 16 May 2007 14:24:06 +0000 (14:24 +0000)]
r22942: Some message_register -> messaging_register conversions
Volker Lendecke [Wed, 16 May 2007 13:02:53 +0000 (13:02 +0000)]
r22934: Change smbcontrol to use messaging_register instead of message_register
Michael Adam [Wed, 16 May 2007 11:57:37 +0000 (11:57 +0000)]
r22932: Use the same symbol in sizeof and cast for talloc.
Michael Adam [Wed, 16 May 2007 11:15:16 +0000 (11:15 +0000)]
r22931: Fix logic in detection of the need to replace dlopen and friends.
Originally, dlfcn.o was only added to LIBREPLACEOBJ if dlopen
was found in libdl but header dlfcn.h was not appropriate.
Michael
Volker Lendecke [Wed, 16 May 2007 10:59:04 +0000 (10:59 +0000)]
r22930: Next attempt to get the build farm in line.
Jeremy, please check this and merge if appropriate.
Volker Lendecke [Wed, 16 May 2007 09:53:41 +0000 (09:53 +0000)]
r22929: Attempt to fix some build farm failures: On port 139 the first
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure.
Jeremy, please fix this properly, I'm not merging this to 3_0_26 so that
you can filter it when you merge.
Volker
Günther Deschner [Wed, 16 May 2007 09:42:29 +0000 (09:42 +0000)]
r22928: Use better success error code.
Guenther
Jeremy Allison [Wed, 16 May 2007 01:49:33 +0000 (01:49 +0000)]
r22926: Don't use <=0, use < 0 to allow keepalives to propagate up.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:36:23 +0000 (01:36 +0000)]
r22925: Sync read_and_X with 3.0.26 code (use setup_readX_header()).
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:34:22 +0000 (01:34 +0000)]
r22924: Fix the build by correctly processing readX
errors in the direct read case.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:13:25 +0000 (01:13 +0000)]
r22923: Fix runaway smbd now receive_smb_raw() returns a ssize_t not a BOOL.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 00:21:12 +0000 (00:21 +0000)]
r22922: Move "normal_read:" label out of ifdef guard. Fix the build.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 00:07:38 +0000 (00:07 +0000)]
r22920: Add in the UNIX capability for 24-bit readX, as discussed
with the Apple guys and Linux kernel guys. Still looking
at how to do writeX as there's no recvfile().
Jeremy.
Michael Adam [Tue, 15 May 2007 23:05:34 +0000 (23:05 +0000)]
r22919: Fix build on Tru64.
Michael Adam [Tue, 15 May 2007 21:41:02 +0000 (21:41 +0000)]
r22918: Attempt to fix the build of the tru64acl module.
Where the heck did that smb_acl_permset_t come from?
I can't remember...
Michael
Derrell Lipman [Tue, 15 May 2007 19:10:29 +0000 (19:10 +0000)]
r22914: - Fixes bug 4599. A missing <code>if</code> statement forced subseqeuent
attempts to set attributes to fail.
- I also noticed that missing attributes were setting an invalid return string
by getxattr(), e.g. if there was not group, the return string had "GROUP:;"
instead of excluding the GROUP attribute entirely as it should. The big
problem with the way it was, is that the string could not then be passed to
setxattr() and parsed.
Volker Lendecke [Tue, 15 May 2007 15:49:55 +0000 (15:49 +0000)]
r22911: Pass a messaging_context to message_send_all
Volker Lendecke [Tue, 15 May 2007 15:41:37 +0000 (15:41 +0000)]
r22910: Make message_send_pid static to messages.c
Volker Lendecke [Tue, 15 May 2007 15:14:32 +0000 (15:14 +0000)]
r22908: All callers of message_init now also call messaging_init. Unify those.
Volker Lendecke [Tue, 15 May 2007 14:58:01 +0000 (14:58 +0000)]
r22907: Fix the build with --enable-profiling-data
Volker Lendecke [Tue, 15 May 2007 14:39:18 +0000 (14:39 +0000)]
r22906: Some more message_send_pid
Volker Lendecke [Tue, 15 May 2007 13:56:00 +0000 (13:56 +0000)]
r22905: cli_send_mailslot had a message_send_pid inside
Günther Deschner [Tue, 15 May 2007 13:47:25 +0000 (13:47 +0000)]
r22904: Fix indent.
Guenther
Günther Deschner [Tue, 15 May 2007 13:46:26 +0000 (13:46 +0000)]
r22903: Now that we have the on-disc trustdomaincache with type flags we can better
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.
Guenther
Volker Lendecke [Tue, 15 May 2007 13:44:11 +0000 (13:44 +0000)]
r22902: Add an event_context and a messaging_context to nmbd. Not used yet.
Günther Deschner [Tue, 15 May 2007 13:42:53 +0000 (13:42 +0000)]
r22901: When an AD account has UF_DONT_REQUIRE_PREAUTH set we need to fallback to ntlm
in the kerberized PAM_AUTH.
Guenther
Volker Lendecke [Tue, 15 May 2007 12:18:17 +0000 (12:18 +0000)]
r22900: Convert profile/ to messaging_send_pid/messaging_register
Volker Lendecke [Tue, 15 May 2007 10:50:44 +0000 (10:50 +0000)]
r22895: Convert some more calls from message_send_buf to messaging_send_buf
Michael Adam [Tue, 15 May 2007 10:47:40 +0000 (10:47 +0000)]
r22893: Use ldap_rename_s instead of deprecated ldap_rename2_s.
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.
Thanks to Björn Jacke <bj@sernet.de>.
James Peach [Tue, 15 May 2007 05:25:10 +0000 (05:25 +0000)]
r22879: Tidy the build rules for targets that need the installation paths.
James Peach [Tue, 15 May 2007 04:28:20 +0000 (04:28 +0000)]
r22878: Warn in $PATH contains /usr/ucb. Bugzilla #4295.
Jeremy Allison [Mon, 14 May 2007 23:55:11 +0000 (23:55 +0000)]
r22872: Add vfs_zfsacl module from Jiri Sasek <Jiri.Sasek@Sun.COM>.
Jeremy.
Lars Müller [Mon, 14 May 2007 21:58:23 +0000 (21:58 +0000)]
r22870: Don't create shared objects of nss and tdb modules.
Lars Müller [Mon, 14 May 2007 21:22:14 +0000 (21:22 +0000)]
r22869: Add bin/{ldap,nss,tdb}.@SHLIBEXT@ rules.
Not tested for SAMBA_3_0 as I didn't get autogen.sh or autoreconf to
build a configure.
Volker Lendecke [Mon, 14 May 2007 20:31:28 +0000 (20:31 +0000)]
r22868: Replace some message_send_pid calls with messaging_send_pid calls. More
tomorrow.
Alexander Bokovoy [Mon, 14 May 2007 19:26:22 +0000 (19:26 +0000)]
r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
Michael Adam [Mon, 14 May 2007 14:53:45 +0000 (14:53 +0000)]
r22855: fix the build
(#if inside DEBUG macro not allowed...)
Michael
Gerald Carter [Mon, 14 May 2007 14:23:51 +0000 (14:23 +0000)]
r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
Derrell Lipman [Mon, 14 May 2007 14:19:30 +0000 (14:19 +0000)]
r22850: - Fixes bug 4601. smbc_getxattr() would not, in one case, properly return the
required size of a buffer needed to contain the extended attributes.
Michael Adam [Mon, 14 May 2007 13:36:14 +0000 (13:36 +0000)]
r22848: Fix brace alignment.
Michael Adam [Mon, 14 May 2007 13:31:42 +0000 (13:31 +0000)]
r22847: The new validate_panic function calls exit (instead of setting
a global error flag an returning), so cleanups and returns
subsequent to calls of smb_panic_fn have become unnecessary.
Volker Lendecke [Mon, 14 May 2007 13:01:28 +0000 (13:01 +0000)]
r22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.
Michael Adam [Mon, 14 May 2007 12:57:24 +0000 (12:57 +0000)]
r22845: Modified and extended the winbindd cache validation code:
* Replaced signal catching/longjmp magic by a fork:
Let the child do the actual validation of the entries.
Exit code and signals are intercepted by waitpid.
* Fix logic so that also encounter of an unknown key in the
tdb leads to an error.
* Extended status of validation is kept in a (as yet simple)
stuct and communicated over a pipe from child to parent.
* Added two validation_ functions for two new keys.
The call of winbindd_validate_cache is still commented out
in the winbindd main loop. But I am currently testing it
and so far it seems to work fine.
The next step in my plan is to generalize the validation
mechanism to a tdb_open_log_validate function in lib/util_tdb.c.
There ist nothing very special about the cache tdb here,
and this might be useful elsewhere...
Michael
Volker Lendecke [Mon, 14 May 2007 12:16:20 +0000 (12:16 +0000)]
r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
Lars Müller [Mon, 14 May 2007 09:50:39 +0000 (09:50 +0000)]
r22841: Add comment to endif statement.
Alexander Bokovoy [Mon, 14 May 2007 09:47:58 +0000 (09:47 +0000)]
r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
Lars Müller [Mon, 14 May 2007 09:44:26 +0000 (09:44 +0000)]
r22839: Fix endif comment.
James Peach [Sun, 13 May 2007 20:51:39 +0000 (20:51 +0000)]
r22828: Fix typo. Bugzilla #4589.
James Peach [Sun, 13 May 2007 15:45:50 +0000 (15:45 +0000)]
r22826: Fix the gettimeofday test that I broke in rev 22821.
James Peach [Sun, 13 May 2007 04:38:44 +0000 (04:38 +0000)]
r22821: Replace unnecessary AC_TRY_RUN with AC_TRY_LINK. Fixes bug #2287.
James Peach [Sun, 13 May 2007 04:08:26 +0000 (04:08 +0000)]
r22820: Move FAM libraries from smbd to vfs_fam_notify. Should fix bugzilla #4426.
Volker Lendecke [Sat, 12 May 2007 19:53:47 +0000 (19:53 +0000)]
r22819: Fix Bug 4613. We just dumped the must change & friends. With the
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"
Jeremy Allison [Sat, 12 May 2007 01:08:09 +0000 (01:08 +0000)]
r22812: Fix bug #3024 (and also the group varient). Patch from
Johann Hanne <jhml@gmx.net> and also Kaya Bekiro?lu <kaya.bekiroglu@isilon.com>
Jeremy.
Lars Müller [Fri, 11 May 2007 20:42:51 +0000 (20:42 +0000)]
r22805: Inform in examples/pdb about the location of the external support for
the SQL backends.
Günther Deschner [Fri, 11 May 2007 15:28:07 +0000 (15:28 +0000)]
r22803: Add some more flesh to the GPO security filtering (still very basic).
Guenther
Günther Deschner [Fri, 11 May 2007 15:08:05 +0000 (15:08 +0000)]
r22802: Add dummy gpo_apply_security_filtering() call.
Guenther
Günther Deschner [Fri, 11 May 2007 13:37:51 +0000 (13:37 +0000)]
r22801: Pass down the token to add_gplink_to_gpo_list().
Guenther
Günther Deschner [Fri, 11 May 2007 13:33:37 +0000 (13:33 +0000)]
r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute.
Guenther
Günther Deschner [Fri, 11 May 2007 13:19:49 +0000 (13:19 +0000)]
r22799: Fix the build.
Guenther
Günther Deschner [Fri, 11 May 2007 12:59:16 +0000 (12:59 +0000)]
r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT
ACEs).
Guenther
Günther Deschner [Fri, 11 May 2007 12:52:48 +0000 (12:52 +0000)]
r22797: We are only interested in the DACL of the security descriptor, so search with
the SD_FLAGS control.
Guenther
Günther Deschner [Fri, 11 May 2007 12:41:11 +0000 (12:41 +0000)]
r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of
adding GPO security filtering for libgpo).
Guenther
Günther Deschner [Fri, 11 May 2007 11:54:41 +0000 (11:54 +0000)]
r22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor the silent
argument when parsing pam configuration file options.
Guenther
Volker Lendecke [Fri, 11 May 2007 08:59:01 +0000 (08:59 +0000)]
r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
sam unmapunixgroup"
Volker Lendecke [Fri, 11 May 2007 08:46:54 +0000 (08:46 +0000)]
r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
Andrew Tridgell [Fri, 11 May 2007 07:22:10 +0000 (07:22 +0000)]
r22784: fixed change notify for delete on close
Steve French [Thu, 10 May 2007 19:16:36 +0000 (19:16 +0000)]
r22779: Patch for not prompting for password on cifs mounts when "sec=none"
specified
Michael Adam [Thu, 10 May 2007 13:31:15 +0000 (13:31 +0000)]
r22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.
This adds vfs_posixacl to the list of static modules and
makes use of HAVE_ACL_GET_PERM_NP.
This is just a quick fix. FreeBSD acl support is still
hardcoded in configure.in, but actually this could be
detected in a unified test for freebsd, linux, *,
as suggested in the bugreport. This has still to be
checked and elaborated.
Michael
Volker Lendecke [Thu, 10 May 2007 10:42:13 +0000 (10:42 +0000)]
r22775: For the cluster code I've developed a wrapper around tdb to put different
database backends in place dynamically.
The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h. You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().
I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)
This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.
If nobody loudly screams NO, then I will import the code that uses this soon.
Volker
Derrell Lipman [Thu, 10 May 2007 02:48:22 +0000 (02:48 +0000)]
r22773: - Clean up the the rest of the cruft from my earlier work on the readahead()
missing declaration problem.
Derrell Lipman [Thu, 10 May 2007 01:27:18 +0000 (01:27 +0000)]
r22772: - Still working on the fact that readahead() is not declared (on at least one
OS) but is available for linking. Instead of running configure tests with
-Werror-implicit-function-declaration in developer mode (which may lead to
different library functions being used in developer mode than when not in
developer mode), add tests for whether readahead is declared. If not,
provide a replacement declaration in lib/replace.
Simo Sorce [Wed, 9 May 2007 21:38:41 +0000 (21:38 +0000)]
r22771: One liner fix for idmap_ldap
Fixes the strange behavior we were seeing about idmap_ldap creating
a new connection for each query.
Jerry we need this in for 3.0.25
Volker Lendecke [Wed, 9 May 2007 11:40:48 +0000 (11:40 +0000)]
r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.
Volker Lendecke [Wed, 9 May 2007 11:39:55 +0000 (11:39 +0000)]
r22766: Merge from 3_0:
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
Jeremy Allison [Wed, 9 May 2007 00:52:46 +0000 (00:52 +0000)]
r22765: Fix from Alison Winters <alisonw@sgi.com> for missing return
in sendfilereadbraw.
Jeremy.
Volker Lendecke [Tue, 8 May 2007 13:44:36 +0000 (13:44 +0000)]
r22761: This introduces lib/conn_tdb.c with two main functions: connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
Stefan Metzmacher [Tue, 8 May 2007 11:12:11 +0000 (11:12 +0000)]
r22759: sync lib/talloc with samba4
metze
Volker Lendecke [Mon, 7 May 2007 20:53:10 +0000 (20:53 +0000)]
r22755: Second half of r22754. As it stands now, string_replace expects a
pstring. Give it one, although I hate putting it in :-)
Thanks to Tom Bork! :-)
Jeremy Allison [Mon, 7 May 2007 19:27:46 +0000 (19:27 +0000)]
r22754: When processing a string, ensure we don't write one past
the terminating NULL if we've already processed the null
in iconv. Jerry, once I get confirmation from Thomas Bork
this needs to be in 3.0.25 final. Tests fine with valgrind
here.
Jeremy.
Volker Lendecke [Mon, 7 May 2007 15:31:12 +0000 (15:31 +0000)]
r22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
server_id' instead of a 'uint32 pid'
Volker Lendecke [Mon, 7 May 2007 15:07:49 +0000 (15:07 +0000)]
r22747: Fix some C++ warnings
Volker Lendecke [Mon, 7 May 2007 13:56:57 +0000 (13:56 +0000)]
r22745: Add local groups to the --required-membership-sid test. This needs
merging to 3_0_26 once Michael's net conf changes have been merged. It
depends on token_utils.c.
Volker Lendecke [Mon, 7 May 2007 13:39:25 +0000 (13:39 +0000)]
r22744: Fix a valgrind error. parse_domain_username does not necessarily fill in
the domain.
Volker Lendecke [Mon, 7 May 2007 12:15:11 +0000 (12:15 +0000)]
r22740: Move debug_*_user_token to token_utils.c
Michael Adam [Mon, 7 May 2007 11:25:00 +0000 (11:25 +0000)]
r22739: Make prototypes in include/util_tdb.h of some functions from
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)
Volker Lendecke [Mon, 7 May 2007 11:04:38 +0000 (11:04 +0000)]
r22738: Fix a debug message.
Günther, please check this!
Thanks,
Volker
Günther Deschner [Mon, 7 May 2007 10:14:32 +0000 (10:14 +0000)]
r22737: Fix crash bug (info3 is now talloced).
Guenther
Volker Lendecke [Mon, 7 May 2007 09:35:35 +0000 (09:35 +0000)]
r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
Derrell Lipman [Mon, 7 May 2007 03:07:39 +0000 (03:07 +0000)]
r22732: - Testing of libsmbclient against Vista revealed what is likely a bug in
Vista. Vista provides a plethora of kludges to simulate older versions of
Windows. The kludges are in the form of shortcuts (or more likely symbolic
links, but I don't know enough about Vista to determine that definitively)
and in most cases, attempts to access them get back an "access denied"
error. On one particular folder, however, "<share>/Users/All Users", it
returns an unknown (to ethereal and the Samba3 code) NT status code:
0x8000002d. Although this code does not have a high byte of 0xc0 indicating
that it is an error, it appears to be an alternate form of "access denied".
Without this patch, libsmbclient times out on an attempt to enumerate that
folder rather than returning an error to the caller. This patch corrects
that problem.
Derrell Lipman [Mon, 7 May 2007 03:02:24 +0000 (03:02 +0000)]
r22731: - Fix bug #4594.
configure.in determines if -Werror-implicit-function-declaration is
available, and if so it enables that flag if --enable-developer is
specified. Since the configure tests themselves did not use that flag, it
was possible for a configure test to succeed, followed by a failed
compilation due to a facility being available but not having a proper
declaration in a header file. (This bit me with readahead().) This patch
ensures that if implicit function declarations will kill the build, the
feature being tested is deselected so the build will succeed.
The autoconf manual suggests using return instead of exit in configure
tests because the declaration for exit is often missing. We require this
now, since we error if prototypes are missing. See section 5.5.1 of
http://www.gnu.org/software/autoconf/manual/autoconf.html. This patch makes
these changes, because in fact, an external declaration for exit is missing
here (and likely elsewhere).
I've verified that the features selected (here) with the original
configure.in and the new one are the same except for, in my case,
readahead. I've also confirmed that the generated Makefile is identical.
These changes are not being applied to the 3.0.26 branch because it does not
exhibit the initial problem this patch is supposed to solve since it doesn't
attempt to use -Werror-implicit-function-declaration.
Gerald Carter [Sun, 6 May 2007 22:22:47 +0000 (22:22 +0000)]
r22730: Fix password changes via pam_winbindd when using "winbind normalize names"
and the username has been munged. Make sure to munge it back before
performing the change_password() request.
Gerald Carter [Sun, 6 May 2007 22:18:44 +0000 (22:18 +0000)]
r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.)
Gerald Carter [Sun, 6 May 2007 21:45:53 +0000 (21:45 +0000)]
r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
Gerald Carter [Sun, 6 May 2007 21:40:28 +0000 (21:40 +0000)]
r22727: remove outdated comment about templatre shell and homedir