Michael Adam [Tue, 22 May 2007 15:13:32 +0000 (15:13 +0000)]
r23078: Don't handle return code NT_STATUS_NONE_MAPPED from lookup sids
as an error. (This is purely cosmetic here, issuing a success
message at the end.)
Volker Lendecke [Tue, 22 May 2007 14:31:26 +0000 (14:31 +0000)]
r23077: Minor cleanup
Gerald Carter [Tue, 22 May 2007 13:55:31 +0000 (13:55 +0000)]
r23075: more duplicate code blocks from bad merge
Gerald Carter [Tue, 22 May 2007 13:43:34 +0000 (13:43 +0000)]
r23074: Remove duplicate code blocks from bad merge
Michael Adam [Tue, 22 May 2007 13:40:01 +0000 (13:40 +0000)]
r23073: In the internal rpccli_lsa_lookup_sids_noalloc(), use a temporary
talloc context for use with the actual rpc query and response.
So the the parent context does not get flooded by the posslibly
large amount of response data (when looking up a lot of sids).
Note: It not possible, to simply use the names and domains arrays
as talloc contexts for the talloc_strdup calls, because from
rpccli_lsa_lookup_sids_all, this is called with names + offset
and domains + offset where names and domains are talloced
arraye for the complete response.
Michael Adam [Tue, 22 May 2007 12:49:41 +0000 (12:49 +0000)]
r23072: In winbindd_ads.c:lookup_groupmem, replace the bottleneck
dn_lookup loop by a rpccli_lsa_lookupsids_all (see r23070)
call. This replaces one ldap search per member sid by one
rpc call per 1000 sids. This greatly speeds up groupmem
lookups for groups with lots of users.
Since the loop in lookup_groupmem was the only use of dn_lookup,
the function is removed.
Michael
Michael Adam [Tue, 22 May 2007 11:30:35 +0000 (11:30 +0000)]
r23070: The lsa rpc lookup sids call has a maximum number of SIDS to be
looked up at one time. This limit is at 20480 for w2k3.
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get
nothing back. Since typically rpccli_lsa_lookup_sids is given
one SID (or a small number of SIDS), this did not do harm
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.
I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.
If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.
Michael
Volker Lendecke [Tue, 22 May 2007 10:05:56 +0000 (10:05 +0000)]
r23068: Fix some uninitialized variables in the solarisacl module
Volker Lendecke [Mon, 21 May 2007 22:17:13 +0000 (22:17 +0000)]
r23055: Rewrite messages.c to use auto-generated marshalling in the tdb. I'm
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Volker
Gerald Carter [Mon, 21 May 2007 21:33:51 +0000 (21:33 +0000)]
r23054: Move the check for the lookup_domain of S-1-22-{1,2} before the
check for IS_DC. Otherwise we will for example fail to lookup a
sid of S-1-22-1-780 because it has no valid struct winbindd_domain*
in the list. Thanks to Simo for the catch.
Simo Sorce [Mon, 21 May 2007 20:51:15 +0000 (20:51 +0000)]
r23051: sid_to_[ug]id fixes for smbd
Gerald Carter [Mon, 21 May 2007 20:36:22 +0000 (20:36 +0000)]
r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed. For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.
For 3.0.26, we need to allow winbindd to handle all types of SIDs.
Gerald Carter [Mon, 21 May 2007 19:12:14 +0000 (19:12 +0000)]
r23046: Few missing merges from cleaning out the Centeris winbindd tree.
Nothing of major interest. Will fix a few problems with one way trusts.
Jim McDonough [Mon, 21 May 2007 16:01:22 +0000 (16:01 +0000)]
r23041: Remainder of fix for 4630: fix special case of unix_to_nt_time() for
TIME_T_MAX, and also display of it in http_timestring()
Michael Adam [Mon, 21 May 2007 15:58:27 +0000 (15:58 +0000)]
r23040: Activate the winbindd cache validation code in the
winbindd main function.
I have tested and somewhat extended the code, and it seems
to do a good job. I have possibly not caught all error
conditions though.
Michael
Stefan Metzmacher [Mon, 21 May 2007 13:40:27 +0000 (13:40 +0000)]
r23039: merge from SAMBA_3_0_26:
use a helper function to construct the TDB_DATA key
as strlen_m() is totally wrong here anyway
metze
Volker Lendecke [Sun, 20 May 2007 20:28:45 +0000 (20:28 +0000)]
r23025: Some logic simplifications
Volker Lendecke [Sun, 20 May 2007 20:11:23 +0000 (20:11 +0000)]
r23024: Ok, neither the duplicates_allowed nor the timeout argument to
message_send_pid is used anymore. Two users of duplicates_allowed: winbind and
the printer notify system.
I don't thing this really changes semantics: duplicates_allowed is hell racy
anyway, we can't guarantee that we don't send the same message in sequence
twice, and I think the only thing we can harm with the print notify is
performance.
For winbind I talked to Günther, and he did not seem too worried.
Volker
Volker Lendecke [Sun, 20 May 2007 19:43:49 +0000 (19:43 +0000)]
r23023: Get rid of the only caller of message_send_pid_with_timeout(). This replaces
the timeouts on the individual message send calls with an overall timeout on
all the calls.
The timeout in message_send_pid_with_timeout() did not make much sense IMO
anyway, because the tdb_fetch() for the messages_pending_for_pid was blocking
in a readlock anyway, we "just" did the timeout for the write lock.
This new code goes through the full wait for the write lock once and then
breaks out of sending the notifies instead of running into the timeout per
target.
Jerry, please check this!
Thanks,
Volker
Volker Lendecke [Sun, 20 May 2007 17:00:18 +0000 (17:00 +0000)]
r23022: Reformatting
Jeremy Allison [Sat, 19 May 2007 22:29:59 +0000 (22:29 +0000)]
r23016: Remove extra & - thanks to Volker for spotting this.
Jeremy.
Volker Lendecke [Sat, 19 May 2007 21:53:28 +0000 (21:53 +0000)]
r23015: Make message_(de)register static to messages.c
Jeremy Allison [Sat, 19 May 2007 20:57:12 +0000 (20:57 +0000)]
r23014: For all branches, ensure that if we're blocked on a POSIX
lock we know nothing about that we retry the lock every
10 seconds instead of waiting for the standard select
timeout. This is how we used to (and are supposed to)
work.
Jeremy.
James Peach [Sat, 19 May 2007 04:59:00 +0000 (04:59 +0000)]
r23010: Make the output of "smbcontrol --help" match that of "smbcontrol help".
Bug #3181.
James Peach [Sat, 19 May 2007 04:23:04 +0000 (04:23 +0000)]
r23009: Both contains a strchr_m(server,'/') few lines after replacing all / with \.
This patch removes this dead code.
Patch from Pascal Terjan <pterjan@mandriva.com> for bug #2313.
Jeremy Allison [Sat, 19 May 2007 01:27:34 +0000 (01:27 +0000)]
r23007: Ensure we don't allow large read over the possible
packet size.
Jeremy.
Jeremy Allison [Fri, 18 May 2007 23:56:34 +0000 (23:56 +0000)]
r23006: Arg. Fix stupid typo in 64-bit path.
Jeremy.
Jeremy Allison [Fri, 18 May 2007 23:38:56 +0000 (23:38 +0000)]
r23005: If we're running on a system where time_t is 8 bytes
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
Derrell Lipman [Fri, 18 May 2007 13:42:48 +0000 (13:42 +0000)]
r23001: - Fix but #4634. Type of the size parameter to getpeername was wrong.
Stefan Metzmacher [Fri, 18 May 2007 09:50:56 +0000 (09:50 +0000)]
r22998: merge from SAMBA_4_0:
only if the output of which has a leading '/' the output is useful...
metze
Volker Lendecke [Fri, 18 May 2007 08:35:01 +0000 (08:35 +0000)]
r22994: Fix HP/UX compiler flags by Don McCall. Lets see how the other HP/UX
boxes like this. Thanks, Don!
Steve French [Thu, 17 May 2007 22:40:48 +0000 (22:40 +0000)]
r22982: Do not prompt for password on sec=none for mount.cifs (and allow guest
option to pass to kernel code so it can know when to retry)
Steve French [Thu, 17 May 2007 22:28:28 +0000 (22:28 +0000)]
r22979: Revert previous checkin (which had some debug junk) and fix misc frees that
valgrind noticed
Gerald Carter [Thu, 17 May 2007 22:27:42 +0000 (22:27 +0000)]
r22978: Don't use current_user to prep the security ctx in change_to_user
since any SID/uid/gid translation calls will reset the struct when
popping the security ctx. This should fix the standalone server
configuration issues reported by David Rankin (thanks for the logs).
Gerald Carter [Thu, 17 May 2007 19:56:54 +0000 (19:56 +0000)]
r22977: Trim noise by removing redundant WARNING log message that
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
Simo Sorce [Thu, 17 May 2007 19:26:08 +0000 (19:26 +0000)]
r22976: whoops typo
Gerald Carter [Thu, 17 May 2007 19:16:27 +0000 (19:16 +0000)]
r22975: BUG 4616: Don't return a dns or forest name when replying to the
DsDGetPrimaryRoleInfo() and configured for security = domain.
Simo Sorce [Thu, 17 May 2007 18:20:16 +0000 (18:20 +0000)]
r22974: enable relro with PIE if available, this gives extra protection to the ELF segment
Alexander Bokovoy [Thu, 17 May 2007 13:56:19 +0000 (13:56 +0000)]
r22973: Apparently, 3.0.25 broke smb4k badly ;-)
smb4k uses 'net rap server domain' to list servers in domain.
Previously we just ignored all arguments in net_rap_server() but now we don't
as 'net rap server name' has added an explicit check on arguments.
Allow 'net rap server domain' to aid smb4k. Any other arguments will cause help message.
Jeremy Allison [Wed, 16 May 2007 22:52:17 +0000 (22:52 +0000)]
r22956: Fix security=server (bug #4622). Volker's patch
(slightly truncated by me). Will be in 3.0.25a.
Jeremy.
James Peach [Wed, 16 May 2007 22:34:58 +0000 (22:34 +0000)]
r22955: Disable dependency tracking by default.
Volker Lendecke [Wed, 16 May 2007 20:56:39 +0000 (20:56 +0000)]
r22954: More messaging_register
Volker Lendecke [Wed, 16 May 2007 20:02:32 +0000 (20:02 +0000)]
r22953: Well, this apparently has never been tested. But *this* code never saw a
release yet .... ;-))
Jeremy Allison [Wed, 16 May 2007 17:17:25 +0000 (17:17 +0000)]
r22950: Fix the issue Volker reported here :
"Attempt to fix some build farm failures: On port 139 the first
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure."
The irritating thing is that I already had it correct in
SAMBA_3_0_26 and forgot to merge the change across.
len == 0 is a valid return - I messed that up when
converting client_receive_smb() to return a length
rather than a BOOL.
Doh !
Jeremy.
Volker Lendecke [Wed, 16 May 2007 14:45:09 +0000 (14:45 +0000)]
r22943: More message_register -> messaging_register
Volker Lendecke [Wed, 16 May 2007 14:24:06 +0000 (14:24 +0000)]
r22942: Some message_register -> messaging_register conversions
Volker Lendecke [Wed, 16 May 2007 13:02:53 +0000 (13:02 +0000)]
r22934: Change smbcontrol to use messaging_register instead of message_register
Michael Adam [Wed, 16 May 2007 11:57:37 +0000 (11:57 +0000)]
r22932: Use the same symbol in sizeof and cast for talloc.
Michael Adam [Wed, 16 May 2007 11:15:16 +0000 (11:15 +0000)]
r22931: Fix logic in detection of the need to replace dlopen and friends.
Originally, dlfcn.o was only added to LIBREPLACEOBJ if dlopen
was found in libdl but header dlfcn.h was not appropriate.
Michael
Volker Lendecke [Wed, 16 May 2007 10:59:04 +0000 (10:59 +0000)]
r22930: Next attempt to get the build farm in line.
Jeremy, please check this and merge if appropriate.
Volker Lendecke [Wed, 16 May 2007 09:53:41 +0000 (09:53 +0000)]
r22929: Attempt to fix some build farm failures: On port 139 the first
successful packet gives len==0 from the server, so the = in
if (len <= 0) {
in line 136 of clientgen.c throws a failure.
Jeremy, please fix this properly, I'm not merging this to 3_0_26 so that
you can filter it when you merge.
Volker
Günther Deschner [Wed, 16 May 2007 09:42:29 +0000 (09:42 +0000)]
r22928: Use better success error code.
Guenther
Jeremy Allison [Wed, 16 May 2007 01:49:33 +0000 (01:49 +0000)]
r22926: Don't use <=0, use < 0 to allow keepalives to propagate up.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:36:23 +0000 (01:36 +0000)]
r22925: Sync read_and_X with 3.0.26 code (use setup_readX_header()).
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:34:22 +0000 (01:34 +0000)]
r22924: Fix the build by correctly processing readX
errors in the direct read case.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 01:13:25 +0000 (01:13 +0000)]
r22923: Fix runaway smbd now receive_smb_raw() returns a ssize_t not a BOOL.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 00:21:12 +0000 (00:21 +0000)]
r22922: Move "normal_read:" label out of ifdef guard. Fix the build.
Jeremy.
Jeremy Allison [Wed, 16 May 2007 00:07:38 +0000 (00:07 +0000)]
r22920: Add in the UNIX capability for 24-bit readX, as discussed
with the Apple guys and Linux kernel guys. Still looking
at how to do writeX as there's no recvfile().
Jeremy.
Michael Adam [Tue, 15 May 2007 23:05:34 +0000 (23:05 +0000)]
r22919: Fix build on Tru64.
Michael Adam [Tue, 15 May 2007 21:41:02 +0000 (21:41 +0000)]
r22918: Attempt to fix the build of the tru64acl module.
Where the heck did that smb_acl_permset_t come from?
I can't remember...
Michael
Derrell Lipman [Tue, 15 May 2007 19:10:29 +0000 (19:10 +0000)]
r22914: - Fixes bug 4599. A missing <code>if</code> statement forced subseqeuent
attempts to set attributes to fail.
- I also noticed that missing attributes were setting an invalid return string
by getxattr(), e.g. if there was not group, the return string had "GROUP:;"
instead of excluding the GROUP attribute entirely as it should. The big
problem with the way it was, is that the string could not then be passed to
setxattr() and parsed.
Volker Lendecke [Tue, 15 May 2007 15:49:55 +0000 (15:49 +0000)]
r22911: Pass a messaging_context to message_send_all
Volker Lendecke [Tue, 15 May 2007 15:41:37 +0000 (15:41 +0000)]
r22910: Make message_send_pid static to messages.c
Volker Lendecke [Tue, 15 May 2007 15:14:32 +0000 (15:14 +0000)]
r22908: All callers of message_init now also call messaging_init. Unify those.
Volker Lendecke [Tue, 15 May 2007 14:58:01 +0000 (14:58 +0000)]
r22907: Fix the build with --enable-profiling-data
Volker Lendecke [Tue, 15 May 2007 14:39:18 +0000 (14:39 +0000)]
r22906: Some more message_send_pid
Volker Lendecke [Tue, 15 May 2007 13:56:00 +0000 (13:56 +0000)]
r22905: cli_send_mailslot had a message_send_pid inside
Günther Deschner [Tue, 15 May 2007 13:47:25 +0000 (13:47 +0000)]
r22904: Fix indent.
Guenther
Günther Deschner [Tue, 15 May 2007 13:46:26 +0000 (13:46 +0000)]
r22903: Now that we have the on-disc trustdomaincache with type flags we can better
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.
Guenther
Volker Lendecke [Tue, 15 May 2007 13:44:11 +0000 (13:44 +0000)]
r22902: Add an event_context and a messaging_context to nmbd. Not used yet.
Günther Deschner [Tue, 15 May 2007 13:42:53 +0000 (13:42 +0000)]
r22901: When an AD account has UF_DONT_REQUIRE_PREAUTH set we need to fallback to ntlm
in the kerberized PAM_AUTH.
Guenther
Volker Lendecke [Tue, 15 May 2007 12:18:17 +0000 (12:18 +0000)]
r22900: Convert profile/ to messaging_send_pid/messaging_register
Volker Lendecke [Tue, 15 May 2007 10:50:44 +0000 (10:50 +0000)]
r22895: Convert some more calls from message_send_buf to messaging_send_buf
Michael Adam [Tue, 15 May 2007 10:47:40 +0000 (10:47 +0000)]
r22893: Use ldap_rename_s instead of deprecated ldap_rename2_s.
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.
Thanks to Björn Jacke <bj@sernet.de>.
James Peach [Tue, 15 May 2007 05:25:10 +0000 (05:25 +0000)]
r22879: Tidy the build rules for targets that need the installation paths.
James Peach [Tue, 15 May 2007 04:28:20 +0000 (04:28 +0000)]
r22878: Warn in $PATH contains /usr/ucb. Bugzilla #4295.
Jeremy Allison [Mon, 14 May 2007 23:55:11 +0000 (23:55 +0000)]
r22872: Add vfs_zfsacl module from Jiri Sasek <Jiri.Sasek@Sun.COM>.
Jeremy.
Lars Müller [Mon, 14 May 2007 21:58:23 +0000 (21:58 +0000)]
r22870: Don't create shared objects of nss and tdb modules.
Lars Müller [Mon, 14 May 2007 21:22:14 +0000 (21:22 +0000)]
r22869: Add bin/{ldap,nss,tdb}.@SHLIBEXT@ rules.
Not tested for SAMBA_3_0 as I didn't get autogen.sh or autoreconf to
build a configure.
Volker Lendecke [Mon, 14 May 2007 20:31:28 +0000 (20:31 +0000)]
r22868: Replace some message_send_pid calls with messaging_send_pid calls. More
tomorrow.
Alexander Bokovoy [Mon, 14 May 2007 19:26:22 +0000 (19:26 +0000)]
r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
Michael Adam [Mon, 14 May 2007 14:53:45 +0000 (14:53 +0000)]
r22855: fix the build
(#if inside DEBUG macro not allowed...)
Michael
Gerald Carter [Mon, 14 May 2007 14:23:51 +0000 (14:23 +0000)]
r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
Derrell Lipman [Mon, 14 May 2007 14:19:30 +0000 (14:19 +0000)]
r22850: - Fixes bug 4601. smbc_getxattr() would not, in one case, properly return the
required size of a buffer needed to contain the extended attributes.
Michael Adam [Mon, 14 May 2007 13:36:14 +0000 (13:36 +0000)]
r22848: Fix brace alignment.
Michael Adam [Mon, 14 May 2007 13:31:42 +0000 (13:31 +0000)]
r22847: The new validate_panic function calls exit (instead of setting
a global error flag an returning), so cleanups and returns
subsequent to calls of smb_panic_fn have become unnecessary.
Volker Lendecke [Mon, 14 May 2007 13:01:28 +0000 (13:01 +0000)]
r22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.
Michael Adam [Mon, 14 May 2007 12:57:24 +0000 (12:57 +0000)]
r22845: Modified and extended the winbindd cache validation code:
* Replaced signal catching/longjmp magic by a fork:
Let the child do the actual validation of the entries.
Exit code and signals are intercepted by waitpid.
* Fix logic so that also encounter of an unknown key in the
tdb leads to an error.
* Extended status of validation is kept in a (as yet simple)
stuct and communicated over a pipe from child to parent.
* Added two validation_ functions for two new keys.
The call of winbindd_validate_cache is still commented out
in the winbindd main loop. But I am currently testing it
and so far it seems to work fine.
The next step in my plan is to generalize the validation
mechanism to a tdb_open_log_validate function in lib/util_tdb.c.
There ist nothing very special about the cache tdb here,
and this might be useful elsewhere...
Michael
Volker Lendecke [Mon, 14 May 2007 12:16:20 +0000 (12:16 +0000)]
r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
Lars Müller [Mon, 14 May 2007 09:50:39 +0000 (09:50 +0000)]
r22841: Add comment to endif statement.
Alexander Bokovoy [Mon, 14 May 2007 09:47:58 +0000 (09:47 +0000)]
r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
Lars Müller [Mon, 14 May 2007 09:44:26 +0000 (09:44 +0000)]
r22839: Fix endif comment.
James Peach [Sun, 13 May 2007 20:51:39 +0000 (20:51 +0000)]
r22828: Fix typo. Bugzilla #4589.
James Peach [Sun, 13 May 2007 15:45:50 +0000 (15:45 +0000)]
r22826: Fix the gettimeofday test that I broke in rev 22821.
James Peach [Sun, 13 May 2007 04:38:44 +0000 (04:38 +0000)]
r22821: Replace unnecessary AC_TRY_RUN with AC_TRY_LINK. Fixes bug #2287.
James Peach [Sun, 13 May 2007 04:08:26 +0000 (04:08 +0000)]
r22820: Move FAM libraries from smbd to vfs_fam_notify. Should fix bugzilla #4426.
Volker Lendecke [Sat, 12 May 2007 19:53:47 +0000 (19:53 +0000)]
r22819: Fix Bug 4613. We just dumped the must change & friends. With the
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"
Jeremy Allison [Sat, 12 May 2007 01:08:09 +0000 (01:08 +0000)]
r22812: Fix bug #3024 (and also the group varient). Patch from
Johann Hanne <jhml@gmx.net> and also Kaya Bekiro?lu <kaya.bekiroglu@isilon.com>
Jeremy.
Lars Müller [Fri, 11 May 2007 20:42:51 +0000 (20:42 +0000)]
r22805: Inform in examples/pdb about the location of the external support for
the SQL backends.
Günther Deschner [Fri, 11 May 2007 15:28:07 +0000 (15:28 +0000)]
r22803: Add some more flesh to the GPO security filtering (still very basic).
Guenther