Jeremy Allison [Fri, 21 Sep 2007 10:32:57 +0000 (10:32 +0000)]
r25277: Belt-and-braces approach to Volker's fix for RPC-SAMBA3-GETUSERNAME.
If we promise dest is null terminated, ensure we do it even on
fast path exits.
Jeremy.
Stefan Metzmacher [Fri, 21 Sep 2007 10:25:33 +0000 (10:25 +0000)]
r25275: w2k3 (as PDC emulator) returns WERR_NO_SUCH_DOMAIN to netlogon_getanydcname()
when called for it's own domain. So we should use netlogon_getdcname() which
returns WERR_OK:-)
gd: feel free to usage rpccli_netlogon_dsr_getdcname(), but please make sure
the new WINBIND-STRUCT-GETDCNAME test is still passing.
metze
Volker Lendecke [Fri, 21 Sep 2007 10:23:35 +0000 (10:23 +0000)]
r25274: Attempt to fix RPC-SAMBA3-GETUSERNAME
Jeremy Allison [Fri, 21 Sep 2007 09:58:36 +0000 (09:58 +0000)]
r25273: unistrX_to_ascii calls pull_ucs2 - ensure it's never
called with -1 (these calls were wrong anyway, target
was an fstring, not a pstring). Found by Michael Adam <ma@sernet.de>,
now to check all other uses.
Michael - this version uses sizeof(target) not sizeof(fstring).
This way is more future proof.
Jeremy.
Michael Adam [Fri, 21 Sep 2007 09:52:28 +0000 (09:52 +0000)]
r25272: Fix a bunch of callers of pull_ucs2 that passed -1 for dest_len.
Michael
Stefan Metzmacher [Fri, 21 Sep 2007 09:35:53 +0000 (09:35 +0000)]
r25270: for internal domains we should not ask a remote DC.
metze
Stefan Metzmacher [Thu, 20 Sep 2007 18:37:34 +0000 (18:37 +0000)]
r25260: add trusted domains always to the end of the list.
Now BUILTIN is always the first domain followed
by the domain of our own SAM DB and the primary
domain (in member server mode).
metze
Michael Adam [Thu, 20 Sep 2007 12:42:15 +0000 (12:42 +0000)]
r25258: Fix a panic message and remove superfluous return after the call to smb_panic().
Michael
Günther Deschner [Thu, 20 Sep 2007 11:02:27 +0000 (11:02 +0000)]
r25257: When dumping eventlist, display full timestring.
Guenther
Michael Adam [Thu, 20 Sep 2007 09:15:26 +0000 (09:15 +0000)]
r25254: Add my C - Michael
Stefan Metzmacher [Thu, 20 Sep 2007 09:12:18 +0000 (09:12 +0000)]
r25252: move macro defines to the end of replace.h
and move the include location sys/param.h
before we redefine missing macros
metze
Stefan Metzmacher [Thu, 20 Sep 2007 06:52:30 +0000 (06:52 +0000)]
r25248: According to the build-farm all this defines are not needed
for HPUX large file support.
But it would be nice if someone could verify that.
metze
Michael Adam [Wed, 19 Sep 2007 22:11:09 +0000 (22:11 +0000)]
r25247: Rename the rpccli_lsa_lookup_sids_all() function to rpccli_lsa_lookup_sids()
and remove the old rpccli_lsa_lookup_sids() function. The old function would
fail due to server limits when requesting to resolve too many sids at once
(20480 for W2k3). The new version passes the list of sids in hunks to the
server. It has up to now been used (and tested) in the winbindd_ads
lookup_groupmem() function, and I think the time has come to replace the actual
function with this correct version.
Michael
Stefan Metzmacher [Wed, 19 Sep 2007 20:03:43 +0000 (20:03 +0000)]
r25245: rerun 'make idl'
metze
Stefan Metzmacher [Wed, 19 Sep 2007 19:45:51 +0000 (19:45 +0000)]
r25244: see what the build-farm says when we only use large file support
detection from libreplace...
It would be good if someone could test that on HPUX...
metze
Stefan Metzmacher [Wed, 19 Sep 2007 19:05:54 +0000 (19:05 +0000)]
r25241: remove sequence_number out of WINBINDD_DOMAIN_INFO call
as this is always answered by the winbindd parent and will
most times return old sequence number values.
metze
Stefan Metzmacher [Wed, 19 Sep 2007 19:01:20 +0000 (19:01 +0000)]
r25239: fix cut-n-paste bug in code with LIBUNWIND support
metze
Jeremy Allison [Wed, 19 Sep 2007 17:52:06 +0000 (17:52 +0000)]
r25238: Make the error returns from the string functions
always consistent. Return -1 on error, and ensure
we check for this. In cases where the dest is already
specified and we've been asked to terminate with a
null, ensure we always do so even on error.
Jeremy.
Stefan Metzmacher [Wed, 19 Sep 2007 17:19:57 +0000 (17:19 +0000)]
r25236: make it possible to alter WINBINDD_SOCKET_DIR via
"winbindd:socket dir=/path/to/dir" for usage in make test
metze
Stefan Metzmacher [Wed, 19 Sep 2007 14:57:20 +0000 (14:57 +0000)]
r25232: sync lib/replace with SAMBA_4_0
metze
Stefan Metzmacher [Wed, 19 Sep 2007 14:44:16 +0000 (14:44 +0000)]
r25230: sync lib/talloc with SAMBA_4_0
metze
Stefan Metzmacher [Wed, 19 Sep 2007 14:33:32 +0000 (14:33 +0000)]
r25227: Patch from "Steven Danneman" <steven.danneman@isilon.com>:
-
We ran across a bug joining our Samba server to a Win2K domain with LDAP
signing turned on. Upon investigation I discovered that there is a bug
in Win2K server which returns a duplicated responseToken in the LDAP
bindResponse packet. This blob is placed in the optional mechListMIC
field which is unsupported in both Win2K and Win2K3. You can see RFC
2478 for the proper packet construction. I've worked with metze on this
to confirm all these finding.
This patch properly parses then discards the mechListMIC field if it
exists in the packet, so we don't produce a malformed packet error,
causing LDAP signed joins to fail. Also attached is a sniff of the
domain join, exposing Win2Ks bad behavior (packet 21).
-
(I've just changed the scope of the DATA_BLOB mechList)
metze
Michael Adam [Wed, 19 Sep 2007 12:45:35 +0000 (12:45 +0000)]
r25226: Get rid of more red bars...
Michael Adam [Wed, 19 Sep 2007 12:05:47 +0000 (12:05 +0000)]
r25225: Add a debug message.
Michael
Michael Adam [Wed, 19 Sep 2007 12:03:02 +0000 (12:03 +0000)]
r25224: Fix a potential segfault in lsa_lookupsids client code due to
uninitialized data.
Michael
Michael Adam [Wed, 19 Sep 2007 11:01:44 +0000 (11:01 +0000)]
r25223: Fix behaviour of rpccli_lsa_lookupsids_all() when
rpccli_lsa_lookupsids_noalloc() returns an error for one hunk
of SIDs: free all allocated arrays and return the error code
returned by the hunk lookup.
Michael
Jeremy Allison [Wed, 19 Sep 2007 09:40:40 +0000 (09:40 +0000)]
r25222: Fix last assumptions that (size_t)-1 can be used
as a special dest_len of sizeof(pstring).
Jeremy.
Michael Adam [Mon, 17 Sep 2007 21:04:10 +0000 (21:04 +0000)]
r25201: Fight those red bars...
Michael Adam [Mon, 17 Sep 2007 20:01:47 +0000 (20:01 +0000)]
r25200: Fix a debug message.
Jeremy Allison [Mon, 17 Sep 2007 19:43:06 +0000 (19:43 +0000)]
r25199: Remove pstring from strdup_upper - make it the
same as talloc_strdup_upper.
Jeremy.
Michael Adam [Mon, 17 Sep 2007 15:34:22 +0000 (15:34 +0000)]
r25198: Change net_rpc_join_ok() to return NTSTATUS for better
error propagation.
Michael
Michael Adam [Mon, 17 Sep 2007 15:11:20 +0000 (15:11 +0000)]
r25197: Change net_make_ipc_connection() and net_make_ipc_connection_ex() to
return NTSTATUS to allow for better error propagation.
Michael
Jeremy Allison [Mon, 17 Sep 2007 10:50:59 +0000 (10:50 +0000)]
r25195: Fix issue with calling pull_uc2_*alloc with
str_len == 0. We should just return 0 in this
case.
Jeremy.
Volker Lendecke [Sat, 15 Sep 2007 20:24:35 +0000 (20:24 +0000)]
r25184: Fix some C++ warnings and an uninitialized variable
Stefan Metzmacher [Sat, 15 Sep 2007 19:14:49 +0000 (19:14 +0000)]
r25179: fix libunwind detection on x86 based hosts
we need -lunwind-x86 not -lunwind-i686
metze
Stefan Metzmacher [Sat, 15 Sep 2007 18:55:04 +0000 (18:55 +0000)]
r25177: if configured using --enable-socket-wrapper
allow overwritting the location of the WINBINDD_SOCKET_DIR
via an environment variable
metze
Jeremy Allison [Fri, 14 Sep 2007 22:27:27 +0000 (22:27 +0000)]
r25173: Use the append_buffer version in a loop.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 22:16:21 +0000 (22:16 +0000)]
r25172: Remove commented out code we will never enable.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 22:14:39 +0000 (22:14 +0000)]
r25171: More pstring removal.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 22:03:41 +0000 (22:03 +0000)]
r25170: Remove pstring limits from ms_fnmatch and module load.
Jeremy.
Volker Lendecke [Fri, 14 Sep 2007 18:31:33 +0000 (18:31 +0000)]
r25169: Fix bug 4028
Jeremy Allison [Fri, 14 Sep 2007 18:24:31 +0000 (18:24 +0000)]
r25167: Fix breakage from mangling rewrite. Use the
new name if unmangling succeeded, not if it
failed. Jerry - please re-test, this should
fix your bug.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 17:42:10 +0000 (17:42 +0000)]
r25165: Use talloc_asprintf_append_buffer with an unmodified
string.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 17:40:58 +0000 (17:40 +0000)]
r25164: Add talloc_asprintf_append_buffer() and the docs for it.
Jeremy.
Jeremy Allison [Fri, 14 Sep 2007 16:50:54 +0000 (16:50 +0000)]
r25163: Fix wrong ctx passed to talloc_asprintf_append().
Found by Metze's code review (thanks Metze !).
Jeremy.
Michael Adam [Fri, 14 Sep 2007 16:12:38 +0000 (16:12 +0000)]
r25162: Refactor further: add mapping functions between
REGISTRY_VALUE and struct registry_value formats for
registry values. Lacking better naming, I called them
regval_hilvl_to_lolvl and regval_lolvl_to_hilvl for a
start. The might be useful elsewhere, so might be put
into another place later on.
Michael
James Peach [Fri, 14 Sep 2007 15:08:07 +0000 (15:08 +0000)]
r25161: Don't panic if setgroups fails in non-root mode.
Michael Adam [Fri, 14 Sep 2007 14:20:46 +0000 (14:20 +0000)]
r25160: Refactor out and slightly clean up canonicalization of the registry value
from smbconf_store_values().
Michael
Gerald Carter [Fri, 14 Sep 2007 12:06:34 +0000 (12:06 +0000)]
r25156: Update coding guiding wrt to primitive data types
Stefan Metzmacher [Fri, 14 Sep 2007 12:03:58 +0000 (12:03 +0000)]
r25154: move winbindd code into winbindd/
metze
Stefan Metzmacher [Fri, 14 Sep 2007 11:56:10 +0000 (11:56 +0000)]
r25152: fix headers used in wbinfo.c
metze
Stefan Metzmacher [Fri, 14 Sep 2007 11:07:02 +0000 (11:07 +0000)]
r25150: don't recursivly call call dump_core()
as currently seen in 'make test' localy and in the farm
metze
Günther Deschner [Fri, 14 Sep 2007 08:21:20 +0000 (08:21 +0000)]
r25148: Adapt to coding conventions.
Guenther
Stefan Metzmacher [Fri, 14 Sep 2007 08:06:03 +0000 (08:06 +0000)]
r25146: rename winbindd_nss.h => winbind_struct_protocol.h
as this header has nothing todo with winbindd nor nss
and it contains the definitions for the struct based
protocol
metze
Stefan Metzmacher [Fri, 14 Sep 2007 07:07:59 +0000 (07:07 +0000)]
r25143: rename public functions from winbind_client.h
init_request => winbindd_init_request
free_response => winbindd_free_response
read_reply => winbindd_read_reply
write_sock => winbind_write_sock
read_sock => winbind_read_sock
close_sock => winbind_close_sock(void)
metze
James Peach [Fri, 14 Sep 2007 04:17:17 +0000 (04:17 +0000)]
r25142: Panic if setting the group list fails while switching security
contexts. Patch from Tim Prouty <tim.prouty@isilon.com>.
Jeremy Allison [Fri, 14 Sep 2007 01:07:57 +0000 (01:07 +0000)]
r25141: More pstring removal.
Jeremy.
Michael Adam [Thu, 13 Sep 2007 22:41:04 +0000 (22:41 +0000)]
r25140: Less red bars to hurt my eyes...
Michael Adam [Thu, 13 Sep 2007 22:36:10 +0000 (22:36 +0000)]
r25139: Avoid code duplication: let regval_ctr_copyvalue() call regval_ctr_addvalue().
This also corrects regval_ctr_copyvalue() in that it cannot create (invalid)
regval containers with dupliacte entries...
Michael
Jeremy Allison [Thu, 13 Sep 2007 22:08:59 +0000 (22:08 +0000)]
r25138: More pstring elimination. Add a TALLOC_CTX parameter
to unix_convert().
Jeremy.
Jeremy Allison [Thu, 13 Sep 2007 17:25:57 +0000 (17:25 +0000)]
r25136: When tallocing a string to uppercase remember the terminating
'\0' in size calculations.
Jeremy.
Günther Deschner [Thu, 13 Sep 2007 16:48:46 +0000 (16:48 +0000)]
r25135: Remove one END_PROFILE(SMBntcreateX) from call_nt_transact_create() which
appears to be a leftover. Should fix the build with profiling enabled.
Jeremy, please check.
Guenther
Günther Deschner [Thu, 13 Sep 2007 16:11:46 +0000 (16:11 +0000)]
r25134: Fix Bug #4968 and make dns updates work with heimdal as well (again,
gss_import_name() needs to follow the same logic as in the LDAP sasl wrapping
(see -r25133).
Tested with MIT 1.2.7, 1.3.6, 1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0,
1.0.1.
Guenther
Günther Deschner [Thu, 13 Sep 2007 15:59:46 +0000 (15:59 +0000)]
r25133: Fix sasl wrapping (for ldap sign&seal).
The gss_import_name() broke as we switched from the internal MIT OID
"gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from
passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE*
bug") to pass the string principal directly.
Jerry, Jeremy, neither I could figure out the need of passing in a
krb5_principal at all nor could I reproduce the crash you were seeing.
I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6,
1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1.
Guenther
Stefan Metzmacher [Thu, 13 Sep 2007 14:14:02 +0000 (14:14 +0000)]
r25130: make use only of base types which are provided by libreplace
in winbind client and nss/pam stuff
metze
Stefan Metzmacher [Thu, 13 Sep 2007 12:54:53 +0000 (12:54 +0000)]
r25128: _XOPEN_SOURCE_EXTENDED and socklen_t are always provided by libreplace
metze
Simo Sorce [Thu, 13 Sep 2007 12:51:00 +0000 (12:51 +0000)]
r25127: Add ol-schema-migrate.pl to the repo.
This script is useful for migrating OpenLDAP schema files to FDS/RHDS
lidf schema files.
License kindly updated to GPLv3+ at our request.
Simo.
Stefan Metzmacher [Thu, 13 Sep 2007 12:25:28 +0000 (12:25 +0000)]
r25125: create prototypes for 'bool ' functions
metze
Jeremy Allison [Thu, 13 Sep 2007 01:10:01 +0000 (01:10 +0000)]
r25121: Remove pstring limits from much of our string handling function.
Still a few left (mainly the substitute ones).
Jeremy.
Jeremy Allison [Thu, 13 Sep 2007 00:31:02 +0000 (00:31 +0000)]
r25120: One more warning.
Jeremy.
Jeremy Allison [Thu, 13 Sep 2007 00:29:25 +0000 (00:29 +0000)]
r25119: Fix a couple of warnings.
Jeremy.
Jeremy Allison [Wed, 12 Sep 2007 23:50:21 +0000 (23:50 +0000)]
r25118: More pstring elimination.
Jeremy.
Jeremy Allison [Wed, 12 Sep 2007 21:48:20 +0000 (21:48 +0000)]
r25117: The mega-patch Jerry was waiting for. Remove all pstrings from
the main server code paths. We should now be able to cope with
paths up to PATH_MAX length now.
Final job will be to add the TALLOC_CTX * parameter to
unix_convert to make it explicit (for Volker).
Jeremy.
Jeremy Allison [Wed, 12 Sep 2007 21:41:36 +0000 (21:41 +0000)]
r25116: Fix talloc_asprintf_append to do the right thing with
truncated strings.
Jeremy.
Jeremy Allison [Tue, 11 Sep 2007 23:57:59 +0000 (23:57 +0000)]
r25111: Move to talloced pathnames on most code paths.
There are now ony 17 pstrings left in reply.c,
and these will be easy to remove (and I'll be
doing that shortly). Had to fix an interesting
bug in pull_ucs2_base_talloc() when a source
string is not null terminated :-).
Jeremy.
Günther Deschner [Tue, 11 Sep 2007 23:35:17 +0000 (23:35 +0000)]
r25109: Remove obsolete argument from ads_guess_service_principal().
Guenther
Günther Deschner [Tue, 11 Sep 2007 23:21:50 +0000 (23:21 +0000)]
r25108: Make ifdef labyrinth in sasl code a bit more readable.
Guenther
Simo Sorce [Tue, 11 Sep 2007 23:04:14 +0000 (23:04 +0000)]
r25107: Fix const warning caused by the way I reformatted this
Jeremy Allison [Tue, 11 Sep 2007 21:52:44 +0000 (21:52 +0000)]
r25104: Fix extra lines added by mistake.
Jeremy.
Jeremy Allison [Tue, 11 Sep 2007 19:27:34 +0000 (19:27 +0000)]
r25103: Ensure we don't return unwritten memory (valgrind caught).
Jeremy.
Jeremy Allison [Tue, 11 Sep 2007 18:31:29 +0000 (18:31 +0000)]
r25102: Rewrite msdfs code to use talloced filenames. Passes make test
and make valgrindtest. Final step will be to change srvstr_get_path()
to return talloced memory in the major codepaths.
Jeremy.
Gerald Carter [Tue, 11 Sep 2007 18:08:07 +0000 (18:08 +0000)]
r25099: Commit fix for CVE-2007-4138 from 3.0.26 release.
Michael Adam [Tue, 11 Sep 2007 16:50:32 +0000 (16:50 +0000)]
r25092: Add support for storing trusted domain passwords in LDAP for
passdb backend = ldapsam.
Along with reproducing the functionality of the secrets.tdb
code, I have prepared the handling of the previous trust password
(in case we are contacting a dc which does not yet know of a recent
password change). This information has still to be propagated
to the outside, but this requires a change of the api and also
a change of the secrets.tdb code.
Michael
Michael Adam [Tue, 11 Sep 2007 16:38:31 +0000 (16:38 +0000)]
r25091: Start adding support for storing trusted domain passwords in LDAP
(for passdb backen = ldapsam). At a first step, add the hooks,
calling the secrets_ functions.
Michael
Michael Adam [Tue, 11 Sep 2007 16:30:38 +0000 (16:30 +0000)]
r25090: Fix a syntax error just introduced into the LDAP schema.
Michael
Michael Adam [Tue, 11 Sep 2007 16:25:47 +0000 (16:25 +0000)]
r25088: Change the objectclass sambaTrustedDomainPassword to
have the current and possibly the previous trust password
stored as clear text passwords. (Previous use of NTPassword
was a mistake - this is a hash value.)
Michael
Michael Adam [Tue, 11 Sep 2007 16:18:14 +0000 (16:18 +0000)]
r25087: Reformatting: Get rid of an abundance of leading tabs...
Michael Adam [Tue, 11 Sep 2007 16:15:36 +0000 (16:15 +0000)]
r25086: Fix interdomain trusts (this povides the fix expected in r22709):
Fix winbindd on a Samba DC talking to a trusted domain DC by
making it use the trusted domain password...
Michael
I hope this does not brake any other setup.
Günther Deschner [Tue, 11 Sep 2007 14:56:43 +0000 (14:56 +0000)]
r25080: Once we decrypted the packet but have timing problems (closkew, tkt not yet or
no longer valid) there is no point to bother the keytab routines.
Guenther
Stefan Metzmacher [Tue, 11 Sep 2007 10:21:34 +0000 (10:21 +0000)]
r25074: as all requests in the winbindd child are sync, we can use talloc_tos()
metze
Günther Deschner [Mon, 10 Sep 2007 23:12:27 +0000 (23:12 +0000)]
r25068: Older samba3 DCs will return DCERPC_FAULT_OP_RNG_ERROR for every opcode on the
LSARPC_DS pipe, continue with no_lsarpc_ds mode here as well to get
domain->initialized set to True. This avoids permanent scanning of Samba3 DCs
in winbindd. Thanks Michael, for pointing this out.
Guenther
Simo Sorce [Mon, 10 Sep 2007 19:19:59 +0000 (19:19 +0000)]
r25064: We use BOOL/True/False not bool/true/false
Simo Sorce [Mon, 10 Sep 2007 19:14:22 +0000 (19:14 +0000)]
r25063: Fix segfault in smbldp_set_creds when we want to use anonymous, the
code was not passing in the "anon" flag correctly and was passing
NULL pointers.
Simo Sorce [Mon, 10 Sep 2007 19:04:57 +0000 (19:04 +0000)]
r25062: Reformat, remove trailing spaces and fit lines into 80 columns
Volker Lendecke [Mon, 10 Sep 2007 17:49:51 +0000 (17:49 +0000)]
r25061: Pro-actively shut up Coverity :-)
Simo Sorce [Mon, 10 Sep 2007 16:56:51 +0000 (16:56 +0000)]
r25060: Fix formatting, remove trailing spaces and cut lines longer than 80 chars
Simo Sorce [Mon, 10 Sep 2007 16:21:55 +0000 (16:21 +0000)]
r25059: Apply to 3.2 as well
Simo Sorce [Mon, 10 Sep 2007 15:14:39 +0000 (15:14 +0000)]
r25057: Add a schema file ready to be used in Fedora/RedHat Directory Server
Volker Lendecke [Mon, 10 Sep 2007 10:56:07 +0000 (10:56 +0000)]
r25055: Add file_id_string_tos
This removes file_id_string_static and file_id_string_static2
Andrew Bartlett [Mon, 10 Sep 2007 02:14:18 +0000 (02:14 +0000)]
r25049: Set new, more secure defaults for Samba 3.2.
Andrew Bartlett