sfrench/samba-autobuild/.git
14 years agor22855: fix the build
Michael Adam [Mon, 14 May 2007 14:53:45 +0000 (14:53 +0000)]
r22855: fix the build
(#if inside DEBUG macro not allowed...)

Michael

14 years agor22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
Gerald Carter [Mon, 14 May 2007 14:23:51 +0000 (14:23 +0000)]
r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches

14 years agor22850: - Fixes bug 4601. smbc_getxattr() would not, in one case, properly return the
Derrell Lipman [Mon, 14 May 2007 14:19:30 +0000 (14:19 +0000)]
r22850: - Fixes bug 4601.  smbc_getxattr() would not, in one case, properly return the
  required size of a buffer needed to contain the extended attributes.

14 years agor22848: Fix brace alignment.
Michael Adam [Mon, 14 May 2007 13:36:14 +0000 (13:36 +0000)]
r22848: Fix brace alignment.

14 years agor22847: The new validate_panic function calls exit (instead of setting
Michael Adam [Mon, 14 May 2007 13:31:42 +0000 (13:31 +0000)]
r22847: The new validate_panic function calls exit (instead of setting
a global error flag an returning), so cleanups and returns
subsequent to calls of smb_panic_fn have become unnecessary.

14 years agor22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
Volker Lendecke [Mon, 14 May 2007 13:01:28 +0000 (13:01 +0000)]
r22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.

14 years agor22845: Modified and extended the winbindd cache validation code:
Michael Adam [Mon, 14 May 2007 12:57:24 +0000 (12:57 +0000)]
r22845: Modified and extended the winbindd cache validation code:

* Replaced signal catching/longjmp magic by a fork:
  Let the child do the actual validation of the entries.
  Exit code and signals are intercepted by waitpid.
* Fix logic so that also encounter of an unknown key in the
  tdb leads to an error.
* Extended status of validation is kept in a (as yet simple)
  stuct and communicated over a pipe from child to parent.
* Added two validation_ functions for two new keys.

The call of winbindd_validate_cache is still commented out
in the winbindd main loop. But I am currently testing it
and so far it seems to work fine.

The next step in my plan is to generalize the validation
mechanism to a tdb_open_log_validate function in lib/util_tdb.c.
There ist nothing very special about the cache tdb here,
and this might be useful elsewhere...

Michael

14 years agor22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
Volker Lendecke [Mon, 14 May 2007 12:16:20 +0000 (12:16 +0000)]
r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.

14 years agor22841: Add comment to endif statement.
Lars Müller [Mon, 14 May 2007 09:50:39 +0000 (09:50 +0000)]
r22841: Add comment to endif statement.

14 years agor22840: Add -pie support to Python's setup.py. This should fix build of python libs...
Alexander Bokovoy [Mon, 14 May 2007 09:47:58 +0000 (09:47 +0000)]
r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.

14 years agor22839: Fix endif comment.
Lars Müller [Mon, 14 May 2007 09:44:26 +0000 (09:44 +0000)]
r22839: Fix endif comment.

14 years agor22828: Fix typo. Bugzilla #4589.
James Peach [Sun, 13 May 2007 20:51:39 +0000 (20:51 +0000)]
r22828: Fix typo. Bugzilla #4589.

14 years agor22826: Fix the gettimeofday test that I broke in rev 22821.
James Peach [Sun, 13 May 2007 15:45:50 +0000 (15:45 +0000)]
r22826: Fix the gettimeofday test that I broke in rev 22821.

14 years agor22821: Replace unnecessary AC_TRY_RUN with AC_TRY_LINK. Fixes bug #2287.
James Peach [Sun, 13 May 2007 04:38:44 +0000 (04:38 +0000)]
r22821: Replace unnecessary AC_TRY_RUN with AC_TRY_LINK. Fixes bug #2287.

14 years agor22820: Move FAM libraries from smbd to vfs_fam_notify. Should fix bugzilla #4426.
James Peach [Sun, 13 May 2007 04:08:26 +0000 (04:08 +0000)]
r22820: Move FAM libraries from smbd to vfs_fam_notify. Should fix bugzilla #4426.

14 years agor22819: Fix Bug 4613. We just dumped the must change & friends. With the
Volker Lendecke [Sat, 12 May 2007 19:53:47 +0000 (19:53 +0000)]
r22819: Fix Bug 4613. We just dumped the must change & friends. With the
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"

14 years agor22812: Fix bug #3024 (and also the group varient). Patch from
Jeremy Allison [Sat, 12 May 2007 01:08:09 +0000 (01:08 +0000)]
r22812: Fix bug #3024 (and also the group varient). Patch from
Johann Hanne <jhml@gmx.net> and also Kaya Bekiro?lu <kaya.bekiroglu@isilon.com>
Jeremy.

14 years agor22805: Inform in examples/pdb about the location of the external support for
Lars Müller [Fri, 11 May 2007 20:42:51 +0000 (20:42 +0000)]
r22805: Inform in examples/pdb about the location of the external support for
the SQL backends.

14 years agor22803: Add some more flesh to the GPO security filtering (still very basic).
Günther Deschner [Fri, 11 May 2007 15:28:07 +0000 (15:28 +0000)]
r22803: Add some more flesh to the GPO security filtering (still very basic).

Guenther

14 years agor22802: Add dummy gpo_apply_security_filtering() call.
Günther Deschner [Fri, 11 May 2007 15:08:05 +0000 (15:08 +0000)]
r22802: Add dummy gpo_apply_security_filtering() call.

Guenther

14 years agor22801: Pass down the token to add_gplink_to_gpo_list().
Günther Deschner [Fri, 11 May 2007 13:37:51 +0000 (13:37 +0000)]
r22801: Pass down the token to add_gplink_to_gpo_list().

Guenther

14 years agor22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup...
Günther Deschner [Fri, 11 May 2007 13:33:37 +0000 (13:33 +0000)]
r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute.

Guenther

14 years agor22799: Fix the build.
Günther Deschner [Fri, 11 May 2007 13:19:49 +0000 (13:19 +0000)]
r22799: Fix the build.

Guenther

14 years agor22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT
Günther Deschner [Fri, 11 May 2007 12:59:16 +0000 (12:59 +0000)]
r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT
ACEs).

Guenther

14 years agor22797: We are only interested in the DACL of the security descriptor, so search...
Günther Deschner [Fri, 11 May 2007 12:52:48 +0000 (12:52 +0000)]
r22797: We are only interested in the DACL of the security descriptor, so search with
the SD_FLAGS control.

Guenther

14 years agor22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of
Günther Deschner [Fri, 11 May 2007 12:41:11 +0000 (12:41 +0000)]
r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of
adding GPO security filtering for libgpo).

Guenther

14 years agor22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor the silent
Günther Deschner [Fri, 11 May 2007 11:54:41 +0000 (11:54 +0000)]
r22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor the silent
argument when parsing pam configuration file options.

Guenther

14 years agor22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
Volker Lendecke [Fri, 11 May 2007 08:59:01 +0000 (08:59 +0000)]
r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
sam unmapunixgroup"

14 years agor22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
Volker Lendecke [Fri, 11 May 2007 08:46:54 +0000 (08:46 +0000)]
r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS

Thanks :-)

14 years agor22784: fixed change notify for delete on close
Andrew Tridgell [Fri, 11 May 2007 07:22:10 +0000 (07:22 +0000)]
r22784: fixed change notify for delete on close

14 years agor22779: Patch for not prompting for password on cifs mounts when "sec=none"
Steve French [Thu, 10 May 2007 19:16:36 +0000 (19:16 +0000)]
r22779: Patch for not prompting for password on cifs mounts when "sec=none"
specified

14 years agor22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.
Michael Adam [Thu, 10 May 2007 13:31:15 +0000 (13:31 +0000)]
r22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.

This adds vfs_posixacl to the list of static modules and
makes use of HAVE_ACL_GET_PERM_NP.

This is just a quick fix. FreeBSD acl support is still
hardcoded in configure.in, but actually this could be
detected in a unified test for freebsd, linux, *,
as suggested in the bugreport. This has still to be
checked and elaborated.

Michael

14 years agor22775: For the cluster code I've developed a wrapper around tdb to put different
Volker Lendecke [Thu, 10 May 2007 10:42:13 +0000 (10:42 +0000)]
r22775: For the cluster code I've developed a wrapper around tdb to put different
database backends in place dynamically.

The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h.  You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().

I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)

This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.

If nobody loudly screams NO, then I will import the code that uses this soon.

Volker

14 years agor22773: - Clean up the the rest of the cruft from my earlier work on the readahead()
Derrell Lipman [Thu, 10 May 2007 02:48:22 +0000 (02:48 +0000)]
r22773: - Clean up the the rest of the cruft from my earlier work on the readahead()
  missing declaration problem.

14 years agor22772: - Still working on the fact that readahead() is not declared (on at least one
Derrell Lipman [Thu, 10 May 2007 01:27:18 +0000 (01:27 +0000)]
r22772: - Still working on the fact that readahead() is not declared (on at least one
  OS) but is available for linking.  Instead of running configure tests with
  -Werror-implicit-function-declaration in developer mode (which may lead to
  different library functions being used in developer mode than when not in
  developer mode), add tests for whether readahead is declared.  If not,
  provide a replacement declaration in lib/replace.

14 years agor22771: One liner fix for idmap_ldap
Simo Sorce [Wed, 9 May 2007 21:38:41 +0000 (21:38 +0000)]
r22771: One liner fix for idmap_ldap
Fixes the strange behavior we were seeing about idmap_ldap creating
a new connection for each query.

Jerry we need this in for 3.0.25

14 years agor22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.
Volker Lendecke [Wed, 9 May 2007 11:40:48 +0000 (11:40 +0000)]
r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.

14 years agor22766: Merge from 3_0:
Volker Lendecke [Wed, 9 May 2007 11:39:55 +0000 (11:39 +0000)]
r22766: Merge from 3_0:

r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines

Add a "deletelocalgroup" subcommand to net sam.

Thanks to Karolin Seeger <ks@sernet.de>.

14 years agor22765: Fix from Alison Winters <alisonw@sgi.com> for missing return
Jeremy Allison [Wed, 9 May 2007 00:52:46 +0000 (00:52 +0000)]
r22765: Fix from Alison Winters <alisonw@sgi.com> for missing return
in sendfilereadbraw.
Jeremy.

14 years agor22761: This introduces lib/conn_tdb.c with two main functions: connections_traverse
Volker Lendecke [Tue, 8 May 2007 13:44:36 +0000 (13:44 +0000)]
r22761: This introduces lib/conn_tdb.c with two main functions: connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.

Volker

14 years agor22759: sync lib/talloc with samba4
Stefan Metzmacher [Tue, 8 May 2007 11:12:11 +0000 (11:12 +0000)]
r22759: sync lib/talloc with samba4

metze

14 years agor22755: Second half of r22754. As it stands now, string_replace expects a
Volker Lendecke [Mon, 7 May 2007 20:53:10 +0000 (20:53 +0000)]
r22755: Second half of r22754. As it stands now, string_replace expects a
pstring. Give it one, although I hate putting it in :-)

Thanks to Tom Bork! :-)

14 years agor22754: When processing a string, ensure we don't write one past
Jeremy Allison [Mon, 7 May 2007 19:27:46 +0000 (19:27 +0000)]
r22754: When processing a string, ensure we don't write one past
the terminating NULL if we've already processed the null
in iconv. Jerry, once I get confirmation from Thomas Bork
this needs to be in 3.0.25 final. Tests fine with valgrind
here.
Jeremy.

14 years agor22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
Volker Lendecke [Mon, 7 May 2007 15:31:12 +0000 (15:31 +0000)]
r22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
server_id' instead of a 'uint32 pid'

14 years agor22747: Fix some C++ warnings
Volker Lendecke [Mon, 7 May 2007 15:07:49 +0000 (15:07 +0000)]
r22747: Fix some C++ warnings

14 years agor22745: Add local groups to the --required-membership-sid test. This needs
Volker Lendecke [Mon, 7 May 2007 13:56:57 +0000 (13:56 +0000)]
r22745: Add local groups to the --required-membership-sid test. This needs
merging to 3_0_26 once Michael's net conf changes have been merged. It
depends on token_utils.c.

14 years agor22744: Fix a valgrind error. parse_domain_username does not necessarily fill in
Volker Lendecke [Mon, 7 May 2007 13:39:25 +0000 (13:39 +0000)]
r22744: Fix a valgrind error. parse_domain_username does not necessarily fill in
the domain.

14 years agor22740: Move debug_*_user_token to token_utils.c
Volker Lendecke [Mon, 7 May 2007 12:15:11 +0000 (12:15 +0000)]
r22740: Move debug_*_user_token to token_utils.c

14 years agor22739: Make prototypes in include/util_tdb.h of some functions from
Michael Adam [Mon, 7 May 2007 11:25:00 +0000 (11:25 +0000)]
r22739: Make prototypes in include/util_tdb.h of some functions from
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)

14 years agor22738: Fix a debug message.
Volker Lendecke [Mon, 7 May 2007 11:04:38 +0000 (11:04 +0000)]
r22738: Fix a debug message.

Günther, please check this!

Thanks,

Volker

14 years agor22737: Fix crash bug (info3 is now talloced).
Günther Deschner [Mon, 7 May 2007 10:14:32 +0000 (10:14 +0000)]
r22737: Fix crash bug (info3 is now talloced).

Guenther

14 years agor22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.
Volker Lendecke [Mon, 7 May 2007 09:35:35 +0000 (09:35 +0000)]
r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.

This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))

Volker

14 years agor22732: - Testing of libsmbclient against Vista revealed what is likely a bug in
Derrell Lipman [Mon, 7 May 2007 03:07:39 +0000 (03:07 +0000)]
r22732: - Testing of libsmbclient against Vista revealed what is likely a bug in
  Vista.  Vista provides a plethora of kludges to simulate older versions of
  Windows.  The kludges are in the form of shortcuts (or more likely symbolic
  links, but I don't know enough about Vista to determine that definitively)
  and in most cases, attempts to access them get back an "access denied"
  error.  On one particular folder, however, "<share>/Users/All Users", it
  returns an unknown (to ethereal and the Samba3 code) NT status code:
  0x8000002d.  Although this code does not have a high byte of 0xc0 indicating
  that it is an error, it appears to be an alternate form of "access denied".

  Without this patch, libsmbclient times out on an attempt to enumerate that
  folder rather than returning an error to the caller.  This patch corrects
  that problem.

14 years agor22731: - Fix bug #4594.
Derrell Lipman [Mon, 7 May 2007 03:02:24 +0000 (03:02 +0000)]
r22731: - Fix bug #4594.

  configure.in determines if -Werror-implicit-function-declaration is
  available, and if so it enables that flag if --enable-developer is
  specified.  Since the configure tests themselves did not use that flag, it
  was possible for a configure test to succeed, followed by a failed
  compilation due to a facility being available but not having a proper
  declaration in a header file.  (This bit me with readahead().)  This patch
  ensures that if implicit function declarations will kill the build, the
  feature being tested is deselected so the build will succeed.

  The autoconf manual suggests using return instead of exit in configure
  tests because the declaration for exit is often missing.  We require this
  now, since we error if prototypes are missing.  See section 5.5.1 of
  http://www.gnu.org/software/autoconf/manual/autoconf.html.  This patch makes
  these changes, because in fact, an external declaration for exit is missing
  here (and likely elsewhere).

  I've verified that the features selected (here) with the original
  configure.in and the new one are the same except for, in my case,
  readahead.  I've also confirmed that the generated Makefile is identical.

  These changes are not being applied to the 3.0.26 branch because it does not
  exhibit the initial problem this patch is supposed to solve since it doesn't
  attempt to use -Werror-implicit-function-declaration.

14 years agor22730: Fix password changes via pam_winbindd when using "winbind normalize names"
Gerald Carter [Sun, 6 May 2007 22:22:47 +0000 (22:22 +0000)]
r22730: Fix password changes via pam_winbindd when using "winbind normalize names"
and the username has been munged.  Make sure to munge it back before
performing the change_password() request.

14 years agor22729: add help text for osver and osname options to 'net ads join' (patch from...
Gerald Carter [Sun, 6 May 2007 22:18:44 +0000 (22:18 +0000)]
r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.)

14 years agor22728: Patch from Danilo Almeida <dalmeida@centeris.com>:
Gerald Carter [Sun, 6 May 2007 21:45:53 +0000 (21:45 +0000)]
r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:

When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.

14 years agor22727: remove outdated comment about templatre shell and homedir
Gerald Carter [Sun, 6 May 2007 21:40:28 +0000 (21:40 +0000)]
r22727: remove outdated comment about templatre shell and homedir

14 years agor22726: When performing an offline logon for a user in a trusted domain,
Gerald Carter [Sun, 6 May 2007 21:36:20 +0000 (21:36 +0000)]
r22726: When performing an offline logon for a user in a trusted domain,
take care not to expire the name2sid cache entry just because
that child does not know that the primary domain is offline.

14 years agor22725: * Don't try to update the sequence_number when offline
Gerald Carter [Sun, 6 May 2007 21:34:24 +0000 (21:34 +0000)]
r22725: * Don't try to update the sequence_number when offline
* Log the NTSTATUS when saving name/sid cache entry
* Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c
  to inform the wcache manager that the group list should not be cached
  (needed for one-way trusts).

14 years agor22724: Call an nss_info backend's init() function if the
Gerald Carter [Sun, 6 May 2007 21:31:19 +0000 (21:31 +0000)]
r22724: Call an nss_info backend's init() function if the
previous call was unsuccessful.  needed for offline
logons.

14 years agor22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.
Gerald Carter [Sun, 6 May 2007 21:26:01 +0000 (21:26 +0000)]
r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain
is offline.

14 years agor22719: Missed change for one-way trust support. Ignore password policy
Gerald Carter [Sun, 6 May 2007 21:23:40 +0000 (21:23 +0000)]
r22719: Missed change for one-way trust support.  Ignore password policy
settings from one trusted domain with no incoming trust path.

Guenther, I think this is ok as we only need the pw policy
to give feedback on upcoming expiration times.

14 years agor22717: Add Everyone and AuthenticatedUsers to the user's token
Gerald Carter [Sun, 6 May 2007 21:17:02 +0000 (21:17 +0000)]
r22717: Add Everyone and AuthenticatedUsers to the user's token
for use by the require-membership-of pam_winbind option.

14 years agor22716: Clarify comment in winbindd_domain structure
Gerald Carter [Sun, 6 May 2007 21:15:45 +0000 (21:15 +0000)]
r22716: Clarify comment in winbindd_domain structure

14 years agor22715: When our primary domain does on or offline, make sure to send a msg
Gerald Carter [Sun, 6 May 2007 21:10:30 +0000 (21:10 +0000)]
r22715: When our primary domain does on or offline, make sure to send a msg
to the idmap child.

Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.

14 years agor22714: Prevent DNS lookup storms when the DNS servers are unreachable.
Gerald Carter [Sun, 6 May 2007 21:06:55 +0000 (21:06 +0000)]
r22714: Prevent DNS lookup storms when the DNS servers are unreachable.
Helps when transitioning from offline to online mode.

Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).

14 years agor22713: Offline logon fixes for idmap manager:
Gerald Carter [Sun, 6 May 2007 21:04:30 +0000 (21:04 +0000)]
r22713: Offline logon fixes for idmap manager:

(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
    can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
    as the backend routines will not be called until we go
    online anyways.  This prevents idmap_init() from failing
    when a backend's init() function fails becuase of lack of
    network connectivity

14 years agor22712: Inform the user when logging in via pam_winbind
Gerald Carter [Sun, 6 May 2007 20:33:33 +0000 (20:33 +0000)]
r22712: Inform the user when logging in via pam_winbind
and the krb5 tkt cache could not be created due to clock skew.

14 years agor22711: Fix a compile warnign in query_user(). Ensure that user_rid
Gerald Carter [Sun, 6 May 2007 20:32:36 +0000 (20:32 +0000)]
r22711: Fix a compile warnign in query_user().  Ensure that user_rid
is initialized.

14 years agor22710: Support one-way trusts.
Gerald Carter [Sun, 6 May 2007 20:16:12 +0000 (20:16 +0000)]
r22710: Support one-way trusts.

* Rely on the fact that name2sid will work for any name
  in a trusted domain will work against our primary domain
  (even in the absense of an incoming trust path)

* Only logons will reliably work and the idmap backend
  is responsible for being able to manage id's without contacting
  the trusted domain

* "getent passwd" and "getent group" for trusted users and groups
  will work but we cannot get the group membership of a user in any
  fashion without the user first logging on (via NTLM or krb5)
  and the netsamlogon_cache being updated.

14 years agor22709: we can only use tschannel when commectcing to our primary (might need some...
Gerald Carter [Sun, 6 May 2007 19:48:13 +0000 (19:48 +0000)]
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)

14 years agor22708: disable saving the trusted domain list as we want to the parent daemon to...
Gerald Carter [Sun, 6 May 2007 19:46:03 +0000 (19:46 +0000)]
r22708: disable saving the trusted domain list as we want to the parent daemon to manage the complete trusted domain cache

14 years agor22707: missed merge from local tree: pass the correct state to the domain when calli...
Gerald Carter [Sun, 6 May 2007 19:42:25 +0000 (19:42 +0000)]
r22707: missed merge from local tree: pass the correct state to the domain when calling the async lookupsid() routine

14 years agor22706: missed one reference to domain->native_mode in the previous commit
Gerald Carter [Sun, 6 May 2007 19:39:41 +0000 (19:39 +0000)]
r22706: missed one reference to domain->native_mode in the previous commit

14 years agor22705: Implement new set_dc_type_and_flags() called based on the
Gerald Carter [Sun, 6 May 2007 19:37:13 +0000 (19:37 +0000)]
r22705: Implement new set_dc_type_and_flags() called based on the
information return from our DC in the DsEnumerateDomainTrusts()
call.   If the fails, we callback ot the older
connect-to-the-remote-domain method.

Note that this means we can only reliably expect the native_mode
flag to be set for our own domain as this information in not
available outside our primary domain from the trusted information.
This is ok as we only really need the flag when trying to
determine to enumerate domain local groups via RPC.

Use the AD flag rather than the native_mode flag when using
ldap to obtain the seq_num for a domain.

14 years agor22704: Implement three step method for enumerating domain trusts.
Gerald Carter [Sun, 6 May 2007 19:17:30 +0000 (19:17 +0000)]
r22704: Implement three step method for enumerating domain trusts.

(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.

This will give us a complete trust topology including
domains via transitive Krb5 trusts.  We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.

"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.

14 years agor22703: Convert winbindd_getgrgid() and winbindd_getgetpwnam()
Gerald Carter [Sun, 6 May 2007 19:04:31 +0000 (19:04 +0000)]
r22703: Convert winbindd_getgrgid() and winbindd_getgetpwnam()
to use the same code path after we resolve the name/gid to
a SID.  Use the async lookupname/lookupsid interface.

14 years agor22702: Convert both lookup name and lookup sid to follow the
Gerald Carter [Sun, 6 May 2007 19:01:54 +0000 (19:01 +0000)]
r22702: Convert both lookup name and lookup sid to follow the
same heuristic.  First try our DC and then try a DC in the
root of our forest.  Use a temporary state since
winbindd_lookupXXX_async() is called from various winbindd
API entry points.

Note this will break the compile.  That will be fixed in the
next commit.

14 years agor22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping
Gerald Carter [Sun, 6 May 2007 18:56:43 +0000 (18:56 +0000)]
r22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping

14 years agor22700: Add a simple wcache TRUSTDOM api for maintaing a complete
Gerald Carter [Sun, 6 May 2007 18:39:31 +0000 (18:39 +0000)]
r22700: Add a simple wcache TRUSTDOM api for maintaing a complete
list of trusted domains without requiring each winbindd process
to aquire this on its own.  This is needed for various idmap
plugins and for dealing with different trust topoligies.

list_trusted_domain() patches coming next.

14 years agor22695: Dummy checkin (reformatting) to make the AIX hosts retry.
Volker Lendecke [Sun, 6 May 2007 13:46:30 +0000 (13:46 +0000)]
r22695: Dummy checkin (reformatting) to make the AIX hosts retry.

14 years agor22693: Always compile before checkin.... I've now installed dmapi on my laptop :-)
Volker Lendecke [Sun, 6 May 2007 08:22:59 +0000 (08:22 +0000)]
r22693: Always compile before checkin.... I've now installed dmapi on my laptop :-)

14 years agor22692: Fix compilation of explicit --without-winbind.
Volker Lendecke [Sat, 5 May 2007 22:47:07 +0000 (22:47 +0000)]
r22692: Fix compilation of explicit --without-winbind.

Thanks to Tom Bork for reporting this!

Volker

14 years agor22691: Fix a 64-bit warning and a const const discard warning
Volker Lendecke [Sat, 5 May 2007 21:13:40 +0000 (21:13 +0000)]
r22691: Fix a 64-bit warning and a const const discard warning

14 years agor22688: Change lock_data in struct byte_range_lock from void * to struct lock_struct *
Volker Lendecke [Sat, 5 May 2007 20:43:06 +0000 (20:43 +0000)]
r22688: Change lock_data in struct byte_range_lock from void * to struct lock_struct *

14 years agor22677: One line fix to make net idmap restore work again
Simo Sorce [Fri, 4 May 2007 22:41:35 +0000 (22:41 +0000)]
r22677: One line fix to make net idmap restore work again

Jerry, please add this for 3.0.25 final

14 years agor22676: Fix zero alloc with create_rpc_blob().
Jeremy Allison [Fri, 4 May 2007 22:15:33 +0000 (22:15 +0000)]
r22676: Fix zero alloc with create_rpc_blob().
Jeremy.

14 years agor22675: Simo's patch for 0 size allocation. Still need
Jeremy Allison [Fri, 4 May 2007 22:01:26 +0000 (22:01 +0000)]
r22675: Simo's patch for 0 size allocation. Still need
to examine parse_misc.c fix.
Jeremy.

14 years agor22673: Fix for Jerry's reversion. We still need to check size
Jeremy Allison [Fri, 4 May 2007 19:14:51 +0000 (19:14 +0000)]
r22673: Fix for Jerry's reversion. We still need to check size
before talloc.
Jeremy.

14 years agor22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make
Günther Deschner [Fri, 4 May 2007 10:21:39 +0000 (10:21 +0000)]
r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make
winbindd's kerberized pam_auth use that.

Guenther

14 years agor22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS
Günther Deschner [Fri, 4 May 2007 09:55:40 +0000 (09:55 +0000)]
r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS
codes directly out of the krb5_error edata.

Guenther

14 years agor22663: Restructure kerberos_kinit_password_ext() error path.
Günther Deschner [Fri, 4 May 2007 09:46:17 +0000 (09:46 +0000)]
r22663: Restructure kerberos_kinit_password_ext() error path.

Guenther

14 years agor22659: merge from SAMBA_4_0:
Stefan Metzmacher [Fri, 4 May 2007 06:59:26 +0000 (06:59 +0000)]
r22659: merge from SAMBA_4_0:

- add AC_GNU_SOURCE macro for systems which don't have it
  (sles8)
- fix compiler warning on some systems

metze

14 years agor22655: Call correct free-macros in netsamlogon_cache_get() error paths. Forgot those
Günther Deschner [Thu, 3 May 2007 20:12:00 +0000 (20:12 +0000)]
r22655: Call correct free-macros in netsamlogon_cache_get() error paths. Forgot those
in the previous commit.

Guenther

14 years agor22654: And this is now Samba 3.0.27pre1-SVN
Gerald Carter [Thu, 3 May 2007 17:05:25 +0000 (17:05 +0000)]
r22654: And this is now Samba 3.0.27pre1-SVN

14 years agor22648: Fix comment to match the code.
James Peach [Thu, 3 May 2007 16:14:22 +0000 (16:14 +0000)]
r22648: Fix comment to match the code.

14 years agor22647: Avoid leaking a full info3 structure on each winbindd cached login by making
Günther Deschner [Thu, 3 May 2007 12:29:32 +0000 (12:29 +0000)]
r22647: Avoid leaking a full info3 structure on each winbindd cached login by making
netsamlogon_cache_get() return a talloc'ed structure.

Guenther

14 years agor22646: segfault fix in idmap_ldap.c from 3_0_25
Simo Sorce [Thu, 3 May 2007 12:28:25 +0000 (12:28 +0000)]
r22646: segfault fix in idmap_ldap.c from 3_0_25

14 years agor22644: Fix memleak.
Günther Deschner [Thu, 3 May 2007 11:49:32 +0000 (11:49 +0000)]
r22644: Fix memleak.

Guenther