tprouty/samba.git
12 years agor14683: Get rid of hardcoded output file. With no arg, print to stdout,
Jim McDonough [Thu, 23 Mar 2006 18:35:15 +0000 (18:35 +0000)]
r14683: Get rid of hardcoded output file.  With no arg, print to stdout,
otherwise append to output file specified.
(This used to be commit b4ec93f5a26442d30ba2b8c91d03f3190975efd0)

12 years agor14682: Small cleanup in ads_verify_ticket.
Günther Deschner [Thu, 23 Mar 2006 17:32:21 +0000 (17:32 +0000)]
r14682: Small cleanup in ads_verify_ticket.

Guenther
(This used to be commit 90df68634b508b0a58f0a15ab62e9cead85765b6)

12 years agor14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a
Jim McDonough [Thu, 23 Mar 2006 16:39:37 +0000 (16:39 +0000)]
r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files.  Is there a
different directory the temp files should be in, or is /tmp ok?

Still have to get rid of the output file hardcoding, but that is to
come, because I need to cleanup stdout.
(This used to be commit 0d4bd93a5ca4025bbdeb507f4a2d6217cfb39c79)

12 years agor14678: - we need to use 127.0.0.2/8 as interface for the server
Stefan Metzmacher [Thu, 23 Mar 2006 14:55:38 +0000 (14:55 +0000)]
r14678: - we need to use 127.0.0.2/8 as interface for the server
  as nmbd skip interfaces with address 127.0.0.1
- add samba3 smbclient -L tests
- add samba3 smbtorture tests

metze
(This used to be commit 835f8f4339f41619ec890e38569b745c5ef5d44e)

12 years agor14676: add make valgrindtest and remove old 'make check' and old 'make test'
Stefan Metzmacher [Thu, 23 Mar 2006 14:53:10 +0000 (14:53 +0000)]
r14676: add make valgrindtest and remove old 'make check' and old 'make test'

metze
(This used to be commit 789694d12e53ccd327c4a3e4755ef5004503cb4e)

12 years agor14675: Protect against null sids and rids in the cached credentials functions.
Günther Deschner [Thu, 23 Mar 2006 13:22:54 +0000 (13:22 +0000)]
r14675: Protect against null sids and rids in the cached credentials functions.

Guenther
(This used to be commit e162253a32119a31dd652b00f942d4c1a16fab83)

12 years agor14674: Further cleanup for cached logins, only dump hashes with DEBUG_PASSWORD.
Günther Deschner [Thu, 23 Mar 2006 12:50:25 +0000 (12:50 +0000)]
r14674: Further cleanup for cached logins, only dump hashes with DEBUG_PASSWORD.

Guenther
(This used to be commit 24afdda2ae7626b8c0b378d158ede391924d1274)

12 years agor14669: Remove duplicate source caused by running patch(1) once too often.
James Peach [Thu, 23 Mar 2006 00:12:37 +0000 (00:12 +0000)]
r14669: Remove duplicate source caused by running patch(1) once too often.
(This used to be commit 0ebbfc867c71002eaf921f4f4d8aa7d7b78973a7)

12 years agor14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-based
James Peach [Wed, 22 Mar 2006 23:49:09 +0000 (23:49 +0000)]
r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-based
HSM is interested in. Tested on both IRIX and SLES9.
(This used to be commit 514a767c57f8194547e5b708ad2573ab9a0719c6)

12 years agor14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500
Derrell Lipman [Wed, 22 Mar 2006 22:05:19 +0000 (22:05 +0000)]
r14664:  r13868@cabra:  derrell | 2006-03-22 17:04:30 -0500
 Implement enhancement request 3505.  Two additional features are added here.
 There is now a method of saving an opaque user data handle in the smbc_
 context, and there is now a way to request that the context be passed to the
 authentication function.  See examples/libsmbclient/testbrowse.c for an example
 of using these features.
(This used to be commit 203b4911c16bd7e10198a6f0e63960f2813025ef)

12 years agor14659: Fix installpammodules for shells where a
Lars Müller [Wed, 22 Mar 2006 20:16:50 +0000 (20:16 +0000)]
r14659: Fix installpammodules for shells where a

   for module in ; do ... ; done

leads to an error (true64, solaris 8).

We now use {,UN}INSTALL_PAM_MODULES to get replaced by configure.
Therfore we don't run into the {,un}installpammodules rule if no PAM
module is requested.

Thanks to Björn Jacke for pointing to this issue.
(This used to be commit 07a70f8f861235ba4037aacb9cc835b6d18f51c3)

12 years agor14646: Adding samr querygroup infolevels 2 & 5.
Günther Deschner [Wed, 22 Mar 2006 15:00:42 +0000 (15:00 +0000)]
r14646: Adding samr querygroup infolevels 2 & 5.

Guenther
(This used to be commit 6c4fe819c69f281915ad0f4c3bde4dfb194aa33a)

12 years agor14645: No idea how this happened, fixing the build.
Günther Deschner [Wed, 22 Mar 2006 14:58:54 +0000 (14:58 +0000)]
r14645: No idea how this happened, fixing the build.

Guenther
(This used to be commit d45b9abb0ec7d943e9fb374d64385d6c540fffe2)

12 years agor14643: Merge dcerpc_errstr from Samba 4.
Günther Deschner [Wed, 22 Mar 2006 14:41:07 +0000 (14:41 +0000)]
r14643: Merge dcerpc_errstr from Samba 4.

Might need to rework prs_dcerpc_status().

Guenther
(This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)

12 years agor14634: Many bug fixes thanks to train rides and overnight stays in airports
Gerald Carter [Wed, 22 Mar 2006 08:04:13 +0000 (08:04 +0000)]
r14634: Many bug fixes thanks to train rides and overnight stays in airports

* Finally fix parsing idmap uid/gid ranges not to break with spaces
  surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
  _samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
  and Users BUILTIN groups automatically from smbd (and not just check the
  winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
  grant is not already assigned in our own SAM (retries up to 250 times).
  This fixes passdb with existing SIDs assigned to users from the RID algorithm
  but not monotonically allocating the RIDs from passdb.
(This used to be commit db1162241f79c2af8afb7d8c26e8ed1c4a4b476f)

12 years agor14632: add basic 'make test' using samba4's smbtorture
Stefan Metzmacher [Tue, 21 Mar 2006 22:16:44 +0000 (22:16 +0000)]
r14632: add basic 'make test' using samba4's smbtorture

I'll try to add some tests using samba3's smbtorture and smbclient
later.

can someone check if this would be save to run on the build-farm
without leaking child processes...

metze
(This used to be commit 899fd6808ebd04d039caf7199c60d34a4987b43a)

12 years agor14631: Add {,un}installpammodules rule and add it to the install rule.
Lars Müller [Tue, 21 Mar 2006 21:54:53 +0000 (21:54 +0000)]
r14631: Add {,un}installpammodules rule and add it to the install rule.

Nothing happens if PAM_MODULES is empty which is our default.

The default destination dir is "${LIBDIR}/security".  It's possible to
overwrite the default with --with-pammodulesdir while calling configure.
(This used to be commit 7163c6860549378fa63907048c4eb34fe81835cc)

12 years agor14628: sync timelimit.c with the version from the build-farm repository
Stefan Metzmacher [Tue, 21 Mar 2006 21:25:29 +0000 (21:25 +0000)]
r14628: sync timelimit.c with the version from the build-farm repository

metze
(This used to be commit 1b6a64378553008127a85131fa4139842de4128b)

12 years agor14627: Adapt the linkage text from pam_smbpass to pam_winbind.
Lars Müller [Tue, 21 Mar 2006 19:50:28 +0000 (19:50 +0000)]
r14627: Adapt the linkage text from pam_smbpass to pam_winbind.
(This used to be commit 160626195bf44b94109ddb7a15da703344d8163f)

12 years agor14626: Only set libdir and mandir to the defaults if we haven't used --libdir
Lars Müller [Tue, 21 Mar 2006 16:18:34 +0000 (16:18 +0000)]
r14626: Only set libdir and mandir to the defaults if we haven't used --libdir
or --mandir to set them already.  Till now we overwrrote a setting made
with --libdir or --mandir.
(This used to be commit 94980a15be5eae2820c340d3d33b6c9df7053b24)

12 years agor14624: - add timelimit.c
Stefan Metzmacher [Tue, 21 Mar 2006 15:33:14 +0000 (15:33 +0000)]
r14624: - add timelimit.c
- add configure tests --with-selftest-prefix=/tmp/samba-test
  this is needed because the path name of unix socket can only be 108 chars long
- add configure test --with-smbtorture4-path=/home/foo/prefix/samba4/bin/smbtorture
  this will be used to run samba4's smbtorture inside samba3's make test later

metze
(This used to be commit d9df1853b947c70f747ea30a353162f2985ef250)

12 years agor14618: add --no-process-group to all server programms
Stefan Metzmacher [Tue, 21 Mar 2006 13:16:50 +0000 (13:16 +0000)]
r14618: add --no-process-group to all server programms
to make the following possible:

timelimit 20000 bin/nmbd -F -S --no-process-group
timelimit 20000 bin/smbd -F -S --no-process-group

this is needed to 'make test' working without losing child processes

metze
(This used to be commit c3a9f30e2a12cc852c9fa3a7d161f5c6ee0694ce)

12 years agor14617: Fix typo in comment.
Lars Müller [Tue, 21 Mar 2006 12:32:12 +0000 (12:32 +0000)]
r14617: Fix typo in comment.
(This used to be commit df6d69e78fb0f604a7bfc34fc9ac8f391252520d)

12 years agor14611: Fix init_creds_opts issue jerry discovered when using MIT krb5 1.3:
Günther Deschner [Tue, 21 Mar 2006 11:14:29 +0000 (11:14 +0000)]
r14611: Fix init_creds_opts issue jerry discovered when using MIT krb5 1.3:

We were using a far too short renewable_time in the request; newer MIT
releases take care interally that the renewable time is never shorter
then the default ticket lifetime.

Guenther
(This used to be commit bde4a4018e26bc9aab4b928ec9811c05b21574f3)

12 years agor14602: Fix another logic bug in new oplock handling. Just
Jeremy Allison [Tue, 21 Mar 2006 06:53:49 +0000 (06:53 +0000)]
r14602: Fix another logic bug in new oplock handling. Just
because lck->num_share_modes != 0 doesn't mean that
there *are* other valid share modes. They may be
all marked "UNUSED" or be deferred open entries.
In that case don't downgrade the granted oplock to
level2 needlessly - a client can have an exclusive
oplock in this case. The original code handled this
correctly in the lck->num_share_modes == 0 case but
not in the case where there were no valid share modes
but lck->num_share_modes != 0. I'll clean up my
Samba4 torture tester for this and commit it tomorrow.
Jeremy.
(This used to be commit 306061c93d9181262298516fefd83444f5a65ce5)

12 years agor14600: Refactor capability interface from being IRIX-specific to using only
James Peach [Tue, 21 Mar 2006 02:56:49 +0000 (02:56 +0000)]
r14600: Refactor capability interface from being IRIX-specific to using only
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
(This used to be commit 763f4c01488a96aec000c18bca313da37ed1df1b)

12 years agor14597: Merge DCERPC_FAULT constants from Samba 4.
Günther Deschner [Tue, 21 Mar 2006 00:04:05 +0000 (00:04 +0000)]
r14597: Merge DCERPC_FAULT constants from Samba 4.

Guenther
(This used to be commit 3f195f8248c88ec8bf8ceb195575ce6bb49d7fc4)

12 years agor14596: Fix a logic bug with multiple oplock contention.
Jeremy Allison [Mon, 20 Mar 2006 23:40:43 +0000 (23:40 +0000)]
r14596: Fix a logic bug with multiple oplock contention.
The sad thing is the core of this bug fix is just
removing a paranoia "exit_server" call, as the
rest of the logic was already correct :-).

Lots of comments to explain the logic added.

I will look at adding tests to exercise this,
might be possible.

Jeremy.
(This used to be commit c2488db727e1a00f112be7b169de9e6208e311f3)

12 years agor14585: Tighten argument list of kerberos_kinit_password again,
Günther Deschner [Mon, 20 Mar 2006 19:05:44 +0000 (19:05 +0000)]
r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options.

Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)

12 years agor14584: Really follow with roosbindir by defaulr the setting we use for sbindir.
Lars Müller [Mon, 20 Mar 2006 16:40:42 +0000 (16:40 +0000)]
r14584: Really follow with roosbindir by defaulr the setting we use for sbindir.
(This used to be commit 1829d22720612b0e61cec7e66d7cba46c04160b9)

12 years agor14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid
Gerald Carter [Mon, 20 Mar 2006 12:14:07 +0000 (12:14 +0000)]
r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid
(This used to be commit 3137fe5068e4b0c1724b92f49ca8e1d254324801)

12 years agor14579: Add REJECT_REASON_OTHER in the rpcclient chgpasswd3.
Günther Deschner [Mon, 20 Mar 2006 11:32:08 +0000 (11:32 +0000)]
r14579: Add REJECT_REASON_OTHER in the rpcclient chgpasswd3.

Guenther
(This used to be commit 9de3e9e6b26bebc580b771f9020fc7934e44d51c)

12 years agor14578: fix incorrect comment in fill_sam_account(). This function is called from...
Gerald Carter [Mon, 20 Mar 2006 10:55:48 +0000 (10:55 +0000)]
r14578: fix incorrect comment in fill_sam_account().  This function is called from multiple places now (krb5, winbindd auth and domain_client_validate()
(This used to be commit ddad66ec58d09f89105ceb822b7bea534dafd9e6)

12 years agor14577: BUG Fixes:
Gerald Carter [Mon, 20 Mar 2006 10:18:23 +0000 (10:18 +0000)]
r14577: BUG Fixes:

* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910fbb96eb810102e986b3c337d54c463)

12 years agor14576: Skip remaining keytab entries when we have a clear indication that
Günther Deschner [Mon, 20 Mar 2006 10:05:51 +0000 (10:05 +0000)]
r14576: Skip remaining keytab entries when we have a clear indication that
krb5_rd_req could decrypt the ticket but that ticket is just not valid
at the moment (either not yet valid or already expired). (This also
prevents an MIT kerberos related crash)

Guenther
(This used to be commit 8a0c1933d3f354a8aff67482b8c7d0d1083e0c8f)

12 years agor14574: Allow use of sendfile as long as the write cache has not been enabled
James Peach [Sun, 19 Mar 2006 23:32:50 +0000 (23:32 +0000)]
r14574: Allow use of sendfile as long as the write cache has not been enabled
on the particular file we are performing I/O on, irrespective of whether
the write cache is globally enabled
(This used to be commit 0809e2cb1dfff1cd0e8631b23b415cb2d8a67312)

12 years agor14559: Oplocks have changed, process_smb can be static again
Volker Lendecke [Sun, 19 Mar 2006 11:11:37 +0000 (11:11 +0000)]
r14559: Oplocks have changed, process_smb can be static again
(This used to be commit 19e9bc03f81d8d000b683cf5c5f478ba25ddeb0d)

12 years agor14530: removing unused 'winbind max idle children' parameter
Gerald Carter [Fri, 17 Mar 2006 20:35:44 +0000 (20:35 +0000)]
r14530: removing unused 'winbind max idle children' parameter
(This used to be commit 0e789b7e43388b0e7155708981b4ab52ec6d3961)

12 years agor14522: sync socket_wrapper code with samba4
Stefan Metzmacher [Fri, 17 Mar 2006 16:30:00 +0000 (16:30 +0000)]
r14522: sync socket_wrapper code with samba4

metze
(This used to be commit 7cf4ad8899d2109ff30d3168fd5028f8548ec34f)

12 years agor14515: fix soname breakage caused by mad merge from trunk (missed replacing a AC...
Gerald Carter [Fri, 17 Mar 2006 14:44:15 +0000 (14:44 +0000)]
r14515: fix soname breakage caused by mad merge from trunk (missed replacing a AC variable)
(This used to be commit 7d92cff7a3327cc9da5a4723bd62e68e0402acb8)

12 years agor14514: Fixing last commit. Thanks Volker.
Günther Deschner [Fri, 17 Mar 2006 14:31:05 +0000 (14:31 +0000)]
r14514: Fixing last commit. Thanks Volker.

Guenther
(This used to be commit 345d2ab5d399a99f271148cf308271cb7fc2c0ca)

12 years agor14513: Fix winbindd_chauthtok: only fallback when the chgpasswd3 call is not
Günther Deschner [Fri, 17 Mar 2006 14:18:05 +0000 (14:18 +0000)]
r14513: Fix winbindd_chauthtok: only fallback when the chgpasswd3 call is not
supported.

Is there a better way to check for the 0x1c010002 status code?

Guenther
(This used to be commit c7268dc9ac304e1b6dac80762087a57484906103)

12 years agor14512: Guenther, This code breaks winbind with MIT krb1.3.
Gerald Carter [Fri, 17 Mar 2006 13:57:00 +0000 (13:57 +0000)]
r14512: Guenther, This code breaks winbind with MIT krb1.3.
I'm disabling it for now until we have en effective
means of dealing with the ticket request flags for users
and computers.
(This used to be commit 635f0c9c01c2e389ca916e9004e9ea064bf69cbb)

12 years agor14509: Attempt to fix the build on "sun1"
Volker Lendecke [Fri, 17 Mar 2006 11:53:33 +0000 (11:53 +0000)]
r14509: Attempt to fix the build on "sun1"
(This used to be commit 6704859950eb93d86906d4916cf6842d9a970d2f)

12 years agor14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAME
Günther Deschner [Fri, 17 Mar 2006 10:43:33 +0000 (10:43 +0000)]
r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAME
environment.

Guenther
(This used to be commit 1f1402e45db8d80a7c19208fae934e1b0f3da134)

12 years agor14507: Re-disable accidentially re-enabled paranoia check. This should make
Günther Deschner [Fri, 17 Mar 2006 10:36:07 +0000 (10:36 +0000)]
r14507: Re-disable accidentially re-enabled paranoia check. This should make
offline logons work again with NT4 and older Samba3 DCs.

Guenther
(This used to be commit 0892077fcec913ef76b017b5bfe058d20a322915)

12 years agor14506: Remove remaining references to a KCM credential cache type.
Günther Deschner [Fri, 17 Mar 2006 10:22:13 +0000 (10:22 +0000)]
r14506: Remove remaining references to a KCM credential cache type.

Guenther
(This used to be commit aae8f8ae7a79d06c74151186f3c2470bdec5687d)

12 years agor14505: Rename the timed_event to lockout_policy_event.
Günther Deschner [Fri, 17 Mar 2006 10:14:33 +0000 (10:14 +0000)]
r14505: Rename the timed_event to lockout_policy_event.

Guenther
(This used to be commit 3e607aa69ae2d43fb6ec170d03221a6b22d3f35d)

12 years agor14503: Fix principal in debug statement.
Günther Deschner [Fri, 17 Mar 2006 09:25:26 +0000 (09:25 +0000)]
r14503: Fix principal in debug statement.

Guenther
(This used to be commit 7b1fcb75dadd5ff232d60f93206867cf13322f2e)

12 years agor14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain password
Günther Deschner [Thu, 16 Mar 2006 23:54:05 +0000 (23:54 +0000)]
r14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain password
policies when requested.

No panic, the flags is uint32 so we are not running out of WBFLAG bits.

Guenther
(This used to be commit 2155bb0535656f294bd054d6a0a7d16a9a71c31b)

12 years agor14495: Allow to play with the logon_param flag when testing samlogons.
Günther Deschner [Thu, 16 Mar 2006 22:54:07 +0000 (22:54 +0000)]
r14495: Allow to play with the logon_param flag when testing samlogons.

Guenther
(This used to be commit 52d721b6384cf6f94e1ebb59d21bf09737a539b5)

12 years agor14493: There is no point in falling back to a samlogon when a krb5login has
Günther Deschner [Thu, 16 Mar 2006 22:17:03 +0000 (22:17 +0000)]
r14493: There is no point in falling back to a samlogon when a krb5login has
failed with a clear error indication. This prevents the bad logon count
beeing increased on the DC.

Guenther
(This used to be commit 5fdddffba5cf05ccac23a64fbe404a34e73fa73c)

12 years agor14489: Guard against coverity reversion. #181 is a false positive
Jeremy Allison [Thu, 16 Mar 2006 21:05:15 +0000 (21:05 +0000)]
r14489: Guard against coverity reversion. #181 is a false positive
but make the intent clearer.
Jeremy.
(This used to be commit 2703df7a8f26a315ae6ab53de8f7814fa66a1c54)

12 years agor14482: Fixes for spoolss code (after coverity fixes) when the
Gerald Carter [Thu, 16 Mar 2006 16:46:23 +0000 (16:46 +0000)]
r14482: Fixes for spoolss code (after coverity fixes) when the
client sends a NULL RPC_BUFFER*
(This used to be commit 69f816e9f885bdeb6e8c67222b6fdca76d9d1025)

12 years agor14480: Kill one boolean flag passed down :-)
Volker Lendecke [Thu, 16 Mar 2006 15:21:41 +0000 (15:21 +0000)]
r14480: Kill one boolean flag passed down :-)
(This used to be commit d9b85e3b287c24d2a3e2076da331fe06192b0eef)

12 years agor14475: patch from Oliver Schulze L. <oliver@samera.com.py> for BUG 3580. Make RHEL...
Gerald Carter [Thu, 16 Mar 2006 13:48:01 +0000 (13:48 +0000)]
r14475: patch from Oliver Schulze L. <oliver@samera.com.py> for BUG 3580.  Make RHEL makerpms.sh script more verbose and add some additional options to the rpmbuild process
(This used to be commit 7d73973db1a9133d6165b52031f09257046a64f7)

12 years agor14474: Also flush the nscd caches before entering the main winbindd loop.
Günther Deschner [Thu, 16 Mar 2006 13:37:23 +0000 (13:37 +0000)]
r14474: Also flush the nscd caches before entering the main winbindd loop.

Guenther
(This used to be commit c81eb71834dc827db63c8adb3f816bbbe916473c)

12 years agor14468: Better fix to avoid winbind panic when we have an inproper configuration
Günther Deschner [Thu, 16 Mar 2006 11:32:01 +0000 (11:32 +0000)]
r14468: Better fix to avoid winbind panic when we have an inproper configuration
and want to just shutdown and exit.

Guenther
(This used to be commit 0aa6328ed6ba6d0d24169ffdff0099405c9bfb00)

12 years agor14467: Reverting 13660. This needs to be fixed differently.
Günther Deschner [Thu, 16 Mar 2006 11:04:21 +0000 (11:04 +0000)]
r14467: Reverting 13660. This needs to be fixed differently.

Guenther
(This used to be commit 4157bfe9cfe79ff78e7e527a50058cf9103cab61)

12 years agor14462: Fix warning. ber_tag_t is an unsigned int for
Jeremy Allison [Wed, 15 Mar 2006 23:10:38 +0000 (23:10 +0000)]
r14462: Fix warning. ber_tag_t is an unsigned int for
printing purposes.
Jeremy.
(This used to be commit 3c33eda430426e40e179799e7341db10c4b2e98e)

12 years agor14460: SMBexit closes by pid and vuid. Tested with smbtorture.
Jeremy Allison [Wed, 15 Mar 2006 22:52:59 +0000 (22:52 +0000)]
r14460: SMBexit closes by pid and vuid. Tested with smbtorture.
Jeremy.
(This used to be commit 71e81580421225d5b35a25d46a7b6064a826685c)

12 years agor14457: Add a few more special cases for RID 513 in the samr code.
Gerald Carter [Wed, 15 Mar 2006 17:40:28 +0000 (17:40 +0000)]
r14457: Add a few more special cases for RID 513 in the samr code.
Now that I know what all the requirements for this group are
I can generalize the code some more and make it cleaner.
But at least this is working with lusrmgr.msc on XP and 2k now.
(This used to be commit d2c1842978cd50485849bfc4fb6d94767d96cab0)

12 years agor14454: Janitor for tridge - same code exists in Samba3 and 4.
Jeremy Allison [Wed, 15 Mar 2006 16:37:37 +0000 (16:37 +0000)]
r14454: Janitor for tridge - same code exists in Samba3 and 4.
Jeremy.
-----------------------------
fixed an hmac-md5 error for keys longer than 64 (using deallocated
stack variable)
(This used to be commit f3879dd6bbbb20524e138b9ba8a54f6464fee5eb)

12 years agor14452: Sorry. Need more coffee....
Gerald Carter [Wed, 15 Mar 2006 16:09:24 +0000 (16:09 +0000)]
r14452: Sorry.  Need more coffee....

* Fix sprintf() args when createing the group search filter.
(This used to be commit 0b7549997a3739b2c1500e7838ebaaa249dbfaf4)

12 years agor14451: In order to get pdb_ldap searching for SID_NAME_ALIAS
Gerald Carter [Wed, 15 Mar 2006 16:00:34 +0000 (16:00 +0000)]
r14451: In order to get pdb_ldap searching for SID_NAME_ALIAS
groups in the ${MACHINESID} and S_1-5-32 domains correctly,
I had to add a substr search on sambaSID.

* add substr matching rule to OpenLDAP schema
  (we need to update the other schema as will since this
  is a pretty important change).  Sites will need to
  - install the new schema
  - add 'indea sambaSID   sub' to slapd.conf
  - run slapindex

* remove uses of SID_NAME_WKN_GRP in pdb_ldap.c
(This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)

12 years agor14450: Fix more get_md4pw() breakage caused by missing "breaks"
Gerald Carter [Wed, 15 Mar 2006 15:38:15 +0000 (15:38 +0000)]
r14450: Fix more get_md4pw() breakage caused by missing "breaks"
in the switch statement which matched the schannel type
against the account type.
(This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)

12 years agor14449: fix the build (sorry everyone)
Gerald Carter [Wed, 15 Mar 2006 15:11:44 +0000 (15:11 +0000)]
r14449: fix the build (sorry everyone)
(This used to be commit e49ca3af8c2522aee670e6b807d7b3df31be47f6)

12 years agor14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()
Gerald Carter [Wed, 15 Mar 2006 14:58:39 +0000 (14:58 +0000)]
r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)

12 years agor14443: rework get_md4pw() to ease debugging. The only functional change is that
Günther Deschner [Wed, 15 Mar 2006 12:23:09 +0000 (12:23 +0000)]
r14443: rework get_md4pw() to ease debugging. The only functional change is that
we now check wheter the sec_channel_type matches the trust account type.

Guenther
(This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)

12 years agor14432: Give in and grant BUILT\Administrators all privileges
Gerald Carter [Wed, 15 Mar 2006 05:50:52 +0000 (05:50 +0000)]
r14432: Give in and grant BUILT\Administrators all privileges
(This used to be commit b6170910604dba6533b727de8d7f0cc75256d14f)

12 years agor14428: Call fill_share_mode_entry with NO_OPLOCK instead of 0.
James Peach [Wed, 15 Mar 2006 05:49:32 +0000 (05:49 +0000)]
r14428: Call fill_share_mode_entry with NO_OPLOCK instead of 0.
(This used to be commit a39cbaa699d111264c2c9dda49a6e4f42acd3fb8)

12 years agor14421: This does two things
Gerald Carter [Wed, 15 Mar 2006 03:46:20 +0000 (03:46 +0000)]
r14421: This does two things

* Automatically creates the BUILTIN\Users group similar to
  how BUILTIN\Administrators is done.  This code does need to
  be cleaned up considerably.  I'll continue to work on this.

* The important fix is for getusergroups() when dealing with a
  local user and nested groups.  Now I can run the following
  successfully:

    $ su - jerry -c groups
    users BUILTIN\users
(This used to be commit f54d911e686ffd68ddc6dbc073987b9d8eb2fa5b)

12 years agor14418: Try and fix Coverity #39 and #40 by making the
Jeremy Allison [Wed, 15 Mar 2006 03:27:03 +0000 (03:27 +0000)]
r14418: Try and fix Coverity #39 and #40 by making the
implicit function contract explicit.
Jeremy.
(This used to be commit 6de5e9ae4628d384631db9b66e22d439a303b75c)

12 years agor14416: Remove deadcode. Coverity #198.
Jeremy Allison [Wed, 15 Mar 2006 03:00:49 +0000 (03:00 +0000)]
r14416: Remove deadcode. Coverity #198.
Jeremy.
(This used to be commit 7fc61f5a63c982cfd0fbe1838979ba7be8f69fca)

12 years agor14408: More on fix for coverity #36. The previous fix would cause us to
Jim McDonough [Wed, 15 Mar 2006 02:31:11 +0000 (02:31 +0000)]
r14408: More on fix for coverity #36.  The previous fix would cause us to
marshall a buffer based on an unknown size.  Zero out the sec_desc
buffer to prevent this.  This is still not getting proper results for
a registry security descriptor (everything gets ACCESS DENIED), but
at least we aren't blowing out memory now...
(This used to be commit cb370cc28ce361628df137c9aef02739aca062db)

12 years agor14406: Disable this call until we can sort out how this
Jeremy Allison [Wed, 15 Mar 2006 02:16:14 +0000 (02:16 +0000)]
r14406: Disable this call until we can sort out how this
should be done correctly. Fix coverity #37.
Jeremy.
(This used to be commit d241f74e06eac7b61e5b7e09c2b9a955ec560fec)

12 years agor14405: Fix the build when nscd_flush_cache is detected
Jeremy Allison [Wed, 15 Mar 2006 00:35:51 +0000 (00:35 +0000)]
r14405: Fix the build when nscd_flush_cache is detected
(variable definition was missing).
Jeremy.
(This used to be commit 48594f0270502149069fc883096181a9730d76bf)

12 years agor14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
Gerald Carter [Wed, 15 Mar 2006 00:10:38 +0000 (00:10 +0000)]
r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
  group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476aef62e8e8eef632fa6be7d30282bb83)

12 years agor14399: Fix deadcode coverity bug #3.
Jeremy Allison [Tue, 14 Mar 2006 21:01:30 +0000 (21:01 +0000)]
r14399: Fix deadcode coverity bug #3.
Jeremy.
(This used to be commit 3799f18b356934592206679310e6e409c0d1ca0f)

12 years agor14397: Fix deadcode in coverity error #1.
Jeremy Allison [Tue, 14 Mar 2006 20:37:24 +0000 (20:37 +0000)]
r14397: Fix deadcode in coverity error #1.
Jeremy.
(This used to be commit 4a4953c4d27cd1e925c9afe24fa49b015ce033ec)

12 years agor14395: Fix coverity bug #55. Ensure no unsigned/signed comparisons.
Jeremy Allison [Tue, 14 Mar 2006 20:32:27 +0000 (20:32 +0000)]
r14395: Fix coverity bug #55. Ensure no unsigned/signed comparisons.
Jeremy.
(This used to be commit cd3ad3f1a6f622b4bad5cb21b132de4cc476e03f)

12 years agor14393: Fix a couple of AIX warnings.
Jeremy Allison [Tue, 14 Mar 2006 20:07:36 +0000 (20:07 +0000)]
r14393: Fix a couple of AIX warnings.
Jeremy.
(This used to be commit 8444c997bd3e18b1d04ebe85f06c8c6e34d7373f)

12 years agor14392: Use KRB5_TGS_NAME.
Günther Deschner [Tue, 14 Mar 2006 18:50:55 +0000 (18:50 +0000)]
r14392: Use KRB5_TGS_NAME.

Guenther
(This used to be commit 4cfd737cc1d8840888f80e360119eeb627acb381)

12 years agor14387: Try and fix the coverity issues (#53, #54) with negative
Jeremy Allison [Tue, 14 Mar 2006 17:21:30 +0000 (17:21 +0000)]
r14387: Try and fix the coverity issues (#53, #54) with negative
sink by ensuring all uses of rpcstr_push are consistent
with a size_t dest size arg.
Jeremy.
(This used to be commit f65d7afe1977d9d85046732842f9643716c15088)

12 years agor14377: Fix coverity #4 for 3_0 too
Simo Sorce [Tue, 14 Mar 2006 13:58:17 +0000 (13:58 +0000)]
r14377: Fix coverity #4 for 3_0 too
(This used to be commit aa26642ee19dcf7cfa3cb36032eadc823b01966b)

12 years agor14368: Remove redundant set of logon flags (now in rpc_netlogon.h).
Günther Deschner [Tue, 14 Mar 2006 09:22:01 +0000 (09:22 +0000)]
r14368: Remove redundant set of logon flags (now in rpc_netlogon.h).

Guenther
(This used to be commit 8d4290cb8ed75cf12fa45bcf3e93cfe1a5567919)

12 years agor14367: Not that I fully understand what's going on here, but the code as it was...
Volker Lendecke [Tue, 14 Mar 2006 08:27:44 +0000 (08:27 +0000)]
r14367: Not that I fully understand what's going on here, but the code as it was here
was clearly buggy as Coverity showed with bug id #36.

According to samba4 idl the sec_desc_buf is [in,out,ref], so we _have_ to ship
it in the request.

Volker
(This used to be commit 075e784491e6f2b491bd063db08ff1267f9cabbb)

12 years agor14365: As solaris nss includes includes.h, make sure we use
Jeremy Allison [Tue, 14 Mar 2006 06:22:18 +0000 (06:22 +0000)]
r14365: As solaris nss includes includes.h, make sure we use
the correct malloc-macros.
Jeremy.
(This used to be commit 412dc6f5dbc796126b94f3809fe660afac5d3c2a)

12 years agor14359: Try and fix Coverity #176 by making the pointer
Jeremy Allison [Mon, 13 Mar 2006 23:58:58 +0000 (23:58 +0000)]
r14359: Try and fix Coverity #176 by making the pointer
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
(This used to be commit a3b8bee3ff8211d78f793877c877ccd2e15825dd)

12 years agor14357: Try and fix Coverity #169 by making the pointer
Jeremy Allison [Mon, 13 Mar 2006 23:56:02 +0000 (23:56 +0000)]
r14357: Try and fix Coverity #169 by making the pointer
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
 line, and those below, will be ignored--

M    source/smbd/posix_acls.c
(This used to be commit b8397c9f33424e0d1ed3ff849e1c99812f978000)

12 years agor14355: Try and fix Coverity #158 by making the pointer
Jeremy Allison [Mon, 13 Mar 2006 23:48:13 +0000 (23:48 +0000)]
r14355: Try and fix Coverity #158 by making the pointer
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
(This used to be commit 7ada96a1cfb1e928b7dfde101ca250b20024243f)

12 years agor14353: Fix coverity bugs #61 and #62. Remember to divide by
Jeremy Allison [Mon, 13 Mar 2006 23:07:14 +0000 (23:07 +0000)]
r14353: Fix coverity bugs #61 and #62. Remember to divide by
the size of the data table. Clean up the struct a little.
Jeremy.
(This used to be commit 338538410d484a9358b60b05a86180275344ffa4)

12 years agor14351: Ensure we use the minimum of PATH_MAX and sizeof(pstring).
Jeremy Allison [Mon, 13 Mar 2006 22:49:56 +0000 (22:49 +0000)]
r14351: Ensure we use the minimum of PATH_MAX and sizeof(pstring).
Fix Coverity #59.
Jeremy.
(This used to be commit d793e1550cc8c79a2764609cddec082470d226e4)

12 years agor14345: Fix Coverity #71. We don't currently propagate *any*
Jeremy Allison [Mon, 13 Mar 2006 21:11:15 +0000 (21:11 +0000)]
r14345: Fix Coverity #71. We don't currently propagate *any*
alloc error back up the stack from smbldap_set_mod()
so ensure we abort correctly.
Jeremy.
(This used to be commit 9a1e35079af9404e1775e2a098990277b3771086)

12 years agor14342: Fix coverity #68, resource leak on error path.
Jeremy Allison [Mon, 13 Mar 2006 19:47:18 +0000 (19:47 +0000)]
r14342: Fix coverity #68, resource leak on error path.
Jeremy.
(This used to be commit 7520a8d2a10c72d330099c6502848afca60f56ff)

12 years agor14340: Fix coverity #78, resource leak in error path.
Jeremy Allison [Mon, 13 Mar 2006 19:40:51 +0000 (19:40 +0000)]
r14340: Fix coverity #78, resource leak in error path.
Jeremy.
(This used to be commit 76c4f2c4dc6fcd91a350985b16f4a6a321ac4bf6)

12 years agor14338: Fix coverity #55 by explicit cast.
Jeremy Allison [Mon, 13 Mar 2006 18:59:31 +0000 (18:59 +0000)]
r14338: Fix coverity #55 by explicit cast.
Jeremy.
(This used to be commit 1fece52da4d667fa182aa9a87aaee3917860448b)

12 years agor14336: Try and quieten coverity #53 and #54. Make it obvious
Jeremy Allison [Mon, 13 Mar 2006 18:56:26 +0000 (18:56 +0000)]
r14336: Try and quieten coverity #53 and #54. Make it obvious
we're using -1 as a special size_t case by casting.
Jeremy.
(This used to be commit 415530bd082bf351f5e4c1fd32408f123ed77f85)

12 years agor14333: Fix coverity #77, ensure we can't exit after allocation.
Jeremy Allison [Mon, 13 Mar 2006 18:42:57 +0000 (18:42 +0000)]
r14333: Fix coverity #77, ensure we can't exit after allocation.
Jeremy.
(This used to be commit 15d78ab1fc83249552476d99144389cfe42a786f)

12 years agor14331: Add a comment on top of test_pam_modules about what we're testing.
Lars Müller [Mon, 13 Mar 2006 17:45:04 +0000 (17:45 +0000)]
r14331: Add a comment on top of test_pam_modules about what we're testing.
(This used to be commit 90eb092083383c2b606e21dc65fb036bb973b032)