Derrell Lipman [Mon, 7 May 2007 03:02:24 +0000 (03:02 +0000)]
r22731: - Fix bug #4594.
configure.in determines if -Werror-implicit-function-declaration is
available, and if so it enables that flag if --enable-developer is
specified. Since the configure tests themselves did not use that flag, it
was possible for a configure test to succeed, followed by a failed
compilation due to a facility being available but not having a proper
declaration in a header file. (This bit me with readahead().) This patch
ensures that if implicit function declarations will kill the build, the
feature being tested is deselected so the build will succeed.
The autoconf manual suggests using return instead of exit in configure
tests because the declaration for exit is often missing. We require this
now, since we error if prototypes are missing. See section 5.5.1 of
http://www.gnu.org/software/autoconf/manual/autoconf.html. This patch makes
these changes, because in fact, an external declaration for exit is missing
here (and likely elsewhere).
I've verified that the features selected (here) with the original
configure.in and the new one are the same except for, in my case,
readahead. I've also confirmed that the generated Makefile is identical.
These changes are not being applied to the 3.0.26 branch because it does not
exhibit the initial problem this patch is supposed to solve since it doesn't
attempt to use -Werror-implicit-function-declaration.
Gerald Carter [Sun, 6 May 2007 22:22:47 +0000 (22:22 +0000)]
r22730: Fix password changes via pam_winbindd when using "winbind normalize names"
and the username has been munged. Make sure to munge it back before
performing the change_password() request.
Gerald Carter [Sun, 6 May 2007 22:18:44 +0000 (22:18 +0000)]
r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.)
Gerald Carter [Sun, 6 May 2007 21:45:53 +0000 (21:45 +0000)]
r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
Gerald Carter [Sun, 6 May 2007 21:40:28 +0000 (21:40 +0000)]
r22727: remove outdated comment about templatre shell and homedir
Gerald Carter [Sun, 6 May 2007 21:36:20 +0000 (21:36 +0000)]
r22726: When performing an offline logon for a user in a trusted domain,
take care not to expire the name2sid cache entry just because
that child does not know that the primary domain is offline.
Gerald Carter [Sun, 6 May 2007 21:34:24 +0000 (21:34 +0000)]
r22725: * Don't try to update the sequence_number when offline
* Log the NTSTATUS when saving name/sid cache entry
* Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c
to inform the wcache manager that the group list should not be cached
(needed for one-way trusts).
Gerald Carter [Sun, 6 May 2007 21:31:19 +0000 (21:31 +0000)]
r22724: Call an nss_info backend's init() function if the
previous call was unsuccessful. needed for offline
logons.
Gerald Carter [Sun, 6 May 2007 21:26:01 +0000 (21:26 +0000)]
r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain
is offline.
Gerald Carter [Sun, 6 May 2007 21:23:40 +0000 (21:23 +0000)]
r22719: Missed change for one-way trust support. Ignore password policy
settings from one trusted domain with no incoming trust path.
Guenther, I think this is ok as we only need the pw policy
to give feedback on upcoming expiration times.
Gerald Carter [Sun, 6 May 2007 21:17:02 +0000 (21:17 +0000)]
r22717: Add Everyone and AuthenticatedUsers to the user's token
for use by the require-membership-of pam_winbind option.
Gerald Carter [Sun, 6 May 2007 21:15:45 +0000 (21:15 +0000)]
r22716: Clarify comment in winbindd_domain structure
Gerald Carter [Sun, 6 May 2007 21:10:30 +0000 (21:10 +0000)]
r22715: When our primary domain does on or offline, make sure to send a msg
to the idmap child.
Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.
Gerald Carter [Sun, 6 May 2007 21:06:55 +0000 (21:06 +0000)]
r22714: Prevent DNS lookup storms when the DNS servers are unreachable.
Helps when transitioning from offline to online mode.
Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
Gerald Carter [Sun, 6 May 2007 21:04:30 +0000 (21:04 +0000)]
r22713: Offline logon fixes for idmap manager:
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
as the backend routines will not be called until we go
online anyways. This prevents idmap_init() from failing
when a backend's init() function fails becuase of lack of
network connectivity
Gerald Carter [Sun, 6 May 2007 20:33:33 +0000 (20:33 +0000)]
r22712: Inform the user when logging in via pam_winbind
and the krb5 tkt cache could not be created due to clock skew.
Gerald Carter [Sun, 6 May 2007 20:32:36 +0000 (20:32 +0000)]
r22711: Fix a compile warnign in query_user(). Ensure that user_rid
is initialized.
Gerald Carter [Sun, 6 May 2007 20:16:12 +0000 (20:16 +0000)]
r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
Gerald Carter [Sun, 6 May 2007 19:48:13 +0000 (19:48 +0000)]
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)
Gerald Carter [Sun, 6 May 2007 19:46:03 +0000 (19:46 +0000)]
r22708: disable saving the trusted domain list as we want to the parent daemon to manage the complete trusted domain cache
Gerald Carter [Sun, 6 May 2007 19:42:25 +0000 (19:42 +0000)]
r22707: missed merge from local tree: pass the correct state to the domain when calling the async lookupsid() routine
Gerald Carter [Sun, 6 May 2007 19:39:41 +0000 (19:39 +0000)]
r22706: missed one reference to domain->native_mode in the previous commit
Gerald Carter [Sun, 6 May 2007 19:37:13 +0000 (19:37 +0000)]
r22705: Implement new set_dc_type_and_flags() called based on the
information return from our DC in the DsEnumerateDomainTrusts()
call. If the fails, we callback ot the older
connect-to-the-remote-domain method.
Note that this means we can only reliably expect the native_mode
flag to be set for our own domain as this information in not
available outside our primary domain from the trusted information.
This is ok as we only really need the flag when trying to
determine to enumerate domain local groups via RPC.
Use the AD flag rather than the native_mode flag when using
ldap to obtain the seq_num for a domain.
Gerald Carter [Sun, 6 May 2007 19:17:30 +0000 (19:17 +0000)]
r22704: Implement three step method for enumerating domain trusts.
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
Gerald Carter [Sun, 6 May 2007 19:04:31 +0000 (19:04 +0000)]
r22703: Convert winbindd_getgrgid() and winbindd_getgetpwnam()
to use the same code path after we resolve the name/gid to
a SID. Use the async lookupname/lookupsid interface.
Gerald Carter [Sun, 6 May 2007 19:01:54 +0000 (19:01 +0000)]
r22702: Convert both lookup name and lookup sid to follow the
same heuristic. First try our DC and then try a DC in the
root of our forest. Use a temporary state since
winbindd_lookupXXX_async() is called from various winbindd
API entry points.
Note this will break the compile. That will be fixed in the
next commit.
Gerald Carter [Sun, 6 May 2007 18:56:43 +0000 (18:56 +0000)]
r22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping
Gerald Carter [Sun, 6 May 2007 18:39:31 +0000 (18:39 +0000)]
r22700: Add a simple wcache TRUSTDOM api for maintaing a complete
list of trusted domains without requiring each winbindd process
to aquire this on its own. This is needed for various idmap
plugins and for dealing with different trust topoligies.
list_trusted_domain() patches coming next.
Volker Lendecke [Sun, 6 May 2007 13:46:30 +0000 (13:46 +0000)]
r22695: Dummy checkin (reformatting) to make the AIX hosts retry.
Volker Lendecke [Sun, 6 May 2007 08:22:59 +0000 (08:22 +0000)]
r22693: Always compile before checkin.... I've now installed dmapi on my laptop :-)
Volker Lendecke [Sat, 5 May 2007 22:47:07 +0000 (22:47 +0000)]
r22692: Fix compilation of explicit --without-winbind.
Thanks to Tom Bork for reporting this!
Volker
Volker Lendecke [Sat, 5 May 2007 21:13:40 +0000 (21:13 +0000)]
r22691: Fix a 64-bit warning and a const const discard warning
Volker Lendecke [Sat, 5 May 2007 20:43:06 +0000 (20:43 +0000)]
r22688: Change lock_data in struct byte_range_lock from void * to struct lock_struct *
Simo Sorce [Fri, 4 May 2007 22:41:35 +0000 (22:41 +0000)]
r22677: One line fix to make net idmap restore work again
Jerry, please add this for 3.0.25 final
Jeremy Allison [Fri, 4 May 2007 22:15:33 +0000 (22:15 +0000)]
r22676: Fix zero alloc with create_rpc_blob().
Jeremy.
Jeremy Allison [Fri, 4 May 2007 22:01:26 +0000 (22:01 +0000)]
r22675: Simo's patch for 0 size allocation. Still need
to examine parse_misc.c fix.
Jeremy.
Jeremy Allison [Fri, 4 May 2007 19:14:51 +0000 (19:14 +0000)]
r22673: Fix for Jerry's reversion. We still need to check size
before talloc.
Jeremy.
Günther Deschner [Fri, 4 May 2007 10:21:39 +0000 (10:21 +0000)]
r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make
winbindd's kerberized pam_auth use that.
Guenther
Günther Deschner [Fri, 4 May 2007 09:55:40 +0000 (09:55 +0000)]
r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS
codes directly out of the krb5_error edata.
Guenther
Günther Deschner [Fri, 4 May 2007 09:46:17 +0000 (09:46 +0000)]
r22663: Restructure kerberos_kinit_password_ext() error path.
Guenther
Stefan Metzmacher [Fri, 4 May 2007 06:59:26 +0000 (06:59 +0000)]
r22659: merge from SAMBA_4_0:
- add AC_GNU_SOURCE macro for systems which don't have it
(sles8)
- fix compiler warning on some systems
metze
Günther Deschner [Thu, 3 May 2007 20:12:00 +0000 (20:12 +0000)]
r22655: Call correct free-macros in netsamlogon_cache_get() error paths. Forgot those
in the previous commit.
Guenther
Gerald Carter [Thu, 3 May 2007 17:05:25 +0000 (17:05 +0000)]
r22654: And this is now Samba 3.0.27pre1-SVN
James Peach [Thu, 3 May 2007 16:14:22 +0000 (16:14 +0000)]
r22648: Fix comment to match the code.
Günther Deschner [Thu, 3 May 2007 12:29:32 +0000 (12:29 +0000)]
r22647: Avoid leaking a full info3 structure on each winbindd cached login by making
netsamlogon_cache_get() return a talloc'ed structure.
Guenther
Simo Sorce [Thu, 3 May 2007 12:28:25 +0000 (12:28 +0000)]
r22646: segfault fix in idmap_ldap.c from 3_0_25
Günther Deschner [Thu, 3 May 2007 11:49:32 +0000 (11:49 +0000)]
r22644: Fix memleak.
Guenther
Günther Deschner [Thu, 3 May 2007 11:44:18 +0000 (11:44 +0000)]
r22643: Don't clear cached U/SID and UG/SID entries when we want to logon offline.
Guenther
Jelmer Vernooij [Wed, 2 May 2007 18:10:57 +0000 (18:10 +0000)]
r22641: Install tdbdump and tdbbackup.
Günther Deschner [Wed, 2 May 2007 15:44:05 +0000 (15:44 +0000)]
r22636: Fix logic bug.
We certainly don't want to crash winbind on each sucessfull
centry_uint{8,16,32,64} read.
Jeremy, please check :-)
Guenther
James Peach [Tue, 1 May 2007 21:22:55 +0000 (21:22 +0000)]
r22633: Fix typo in debug message.
James Peach [Tue, 1 May 2007 20:03:44 +0000 (20:03 +0000)]
r22631: Remove the possibility of sid_check_is_domain and
sid_check_is_in_our_domain getting out of sync.
Gerald Carter [Tue, 1 May 2007 16:49:00 +0000 (16:49 +0000)]
r22630: Revert svn r22576 (parse change to enum_aliasmem(). Original code was correct
Michael Adam [Mon, 30 Apr 2007 22:21:46 +0000 (22:21 +0000)]
r22615: fix prototype
James Peach [Mon, 30 Apr 2007 18:59:34 +0000 (18:59 +0000)]
r22614: Only enable GNU-isms in the Makefile if we can be sure that the GNU
make we found is what will be run when the user invokes "make".
Volker Lendecke [Mon, 30 Apr 2007 17:19:49 +0000 (17:19 +0000)]
r22613: Fix an uninitialized variable warning
Jeremy Allison [Mon, 30 Apr 2007 16:32:17 +0000 (16:32 +0000)]
r22611: Fix from Jens Nissen <jens.nissen@gmx.net>. Fix bad
memory leak I introduced into acl code, also remove
redundent extra check for global_sid_System :
global_sid_System == S-1-5-18 which is already
included in the check for a domain of
global_sid_NT_Authority == S-1-5
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 04:16:56 +0000 (04:16 +0000)]
r22593: Finish doing the same for raw TALLOC.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 03:41:40 +0000 (03:41 +0000)]
r22592: Fix TALLOC_SIZE to be consistent.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 03:38:19 +0000 (03:38 +0000)]
r22591: Fix up the examples also.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 02:51:26 +0000 (02:51 +0000)]
r22590: Make TALLOC_ARRAY consistent across all uses.
That should be it....
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 02:39:34 +0000 (02:39 +0000)]
r22589: Make TALLOC_ARRAY consistent across all uses.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 01:34:28 +0000 (01:34 +0000)]
r22588: Make all uses of TALLOC_MEMDUP consistent.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 01:17:34 +0000 (01:17 +0000)]
r22587: Ensure TALLOC_ZERO_ARRAY is consistent.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 00:53:17 +0000 (00:53 +0000)]
r22586: Add a modified version of Simo's patch.
Jeremy.
Jeremy Allison [Mon, 30 Apr 2007 00:48:20 +0000 (00:48 +0000)]
r22585: Get us into a consistent state with TALLOC_ZERO_ARRAY also.
Jeremy.
Jelmer Vernooij [Sun, 29 Apr 2007 21:46:13 +0000 (21:46 +0000)]
r22584: Don't hardcode specific Python version.
Patch by the Samba packaging team for Debian.
Jelmer Vernooij [Sun, 29 Apr 2007 21:44:48 +0000 (21:44 +0000)]
r22583: Support non-Linux GNU systems (such as Debians' GNU with FreeBSD kernel and
Hurd systems).
Patch by the Samba packaging team for Debian.
Jelmer Vernooij [Sun, 29 Apr 2007 21:37:24 +0000 (21:37 +0000)]
r22578: Remove python build directory and generated smbadduser.
Patch originally by the Debian packaging team for Samba.
Jeremy Allison [Sun, 29 Apr 2007 21:13:13 +0000 (21:13 +0000)]
r22577: Change all of parse/*.c to use standard form. Fix some
marshalling bugs.
Jeremy.
Jeremy Allison [Sun, 29 Apr 2007 20:57:04 +0000 (20:57 +0000)]
r22576: Fix marshalling bug in aliasmem.
Jeremy.
Jeremy Allison [Sun, 29 Apr 2007 19:54:26 +0000 (19:54 +0000)]
r22574: Fix reply when we have no dfs shares.
Jeremy.
Jeremy Allison [Sun, 29 Apr 2007 19:20:48 +0000 (19:20 +0000)]
r22573: Fix old bug mixing free() and talloc_free()
when the add_sid_to_array_XX code was moved
from malloc to talloc. Found running valgrind
and rpcclient. Needs merging for 3.0.25 final.
Jeremy.
Jeremy Allison [Sun, 29 Apr 2007 00:09:22 +0000 (00:09 +0000)]
r22564: Move the _strict -> _zeronull functions into lib/util.c
and out of talloc at tridge's request.
Jeremy.
Volker Lendecke [Sat, 28 Apr 2007 18:16:33 +0000 (18:16 +0000)]
r22561: Fix a memleak in lanman.c: Nobody would free the session_list.
Volker
Steve French [Sat, 28 Apr 2007 16:56:35 +0000 (16:56 +0000)]
r22560: Clean up frees of realloc memory in mount.cifs (thanks to Alex for
reminding me how to use Valgrind).
Jeremy Allison [Sat, 28 Apr 2007 14:33:46 +0000 (14:33 +0000)]
r22555: Ensure our paranoid malloc functions return NULL on
size == 0 so we have a known behavior.
Jeremy.
Volker Lendecke [Sat, 28 Apr 2007 13:52:49 +0000 (13:52 +0000)]
r22554: Fix an assumption that TALLOC_ARRAY(.., 0) != NULL.
Volker
Volker Lendecke [Sat, 28 Apr 2007 12:50:35 +0000 (12:50 +0000)]
r22553: Fix the build
Jeremy Allison [Sat, 28 Apr 2007 02:51:55 +0000 (02:51 +0000)]
r22543: Fix bad call to talloc_strict (too few args).
Should fix build farm breakage.
Jeremy.
Jeremy Allison [Fri, 27 Apr 2007 23:18:41 +0000 (23:18 +0000)]
r22542: Move over to using the _strict varients of the talloc
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
Jeremy Allison [Fri, 27 Apr 2007 22:04:27 +0000 (22:04 +0000)]
r22541: Added talloc_size_strict macro.
Jeremy.
Jeremy Allison [Fri, 27 Apr 2007 21:58:10 +0000 (21:58 +0000)]
r22540: Added _strict varients of the macro calls - added
prototypes.
Jeremy.
Jeremy Allison [Fri, 27 Apr 2007 21:09:16 +0000 (21:09 +0000)]
r22539: Added _strict varients of the talloc calls to
return NULL on size == 0 varients.
Jeremy.
Michael Adam [Fri, 27 Apr 2007 15:26:40 +0000 (15:26 +0000)]
r22537: Use a (more speaking) macro when there is one.
Volker Lendecke [Fri, 27 Apr 2007 14:00:27 +0000 (14:00 +0000)]
r22533: Use lib functions where we have them
Michael Adam [Fri, 27 Apr 2007 08:43:06 +0000 (08:43 +0000)]
r22529: Add implementation of HP-UX ACLs in the new vfs-module framework.
James Peach [Thu, 26 Apr 2007 17:36:19 +0000 (17:36 +0000)]
r22527: note the svn location of samba-docs on svnanon.samba.org
Steve French [Thu, 26 Apr 2007 17:23:33 +0000 (17:23 +0000)]
r22526: Support deep tree mounts after share (instead of having to specify
prepath)
Günther Deschner [Thu, 26 Apr 2007 12:09:25 +0000 (12:09 +0000)]
r22524: Fix memleak.
Guenther
Günther Deschner [Wed, 25 Apr 2007 10:01:21 +0000 (10:01 +0000)]
r22511: Remove unused LDAPMessage.
Guenther
Gerald Carter [Wed, 25 Apr 2007 09:32:03 +0000 (09:32 +0000)]
r22509: Fix some memory corruption caused by calling free()
on talloc()'d memory when adding/removing members
from Local Groups.
James Peach [Tue, 24 Apr 2007 18:19:13 +0000 (18:19 +0000)]
r22507: Wrap the method of obtaining sockets to listen on.
Alexander Bokovoy [Tue, 24 Apr 2007 18:01:46 +0000 (18:01 +0000)]
r22505: Fix build
Jim McDonough [Tue, 24 Apr 2007 15:56:02 +0000 (15:56 +0000)]
r22504: Fix bug Jerry found during his tutorial. Sorry :-(
Allows authorized users (e.g. BUILTIN\Administrators members) to
set attributes on an account, particularly "user cannot change
password".
add become_root() around updating attributes, after checking that
access has been granted.
Jeremy Allison [Tue, 24 Apr 2007 12:56:23 +0000 (12:56 +0000)]
r22502: Fix bug #4536 - delete symlinks to a directory correctly.
Jeremy.
Michael Adam [Tue, 24 Apr 2007 00:12:28 +0000 (00:12 +0000)]
r22496: reg_enumvalue should return WERR_NO_MORE_ITEMS instead of
WERR_BAD_FILE when all items have been successfully enumerated.
Besides seeming the reasonable code to return,
this is what I have seen from w2k3, w2k, wxp.
James Peach [Mon, 23 Apr 2007 22:17:06 +0000 (22:17 +0000)]
r22495: Create wrapper to hide the details of obtaining a set of sockets
to listen on.
Jeremy Allison [Mon, 23 Apr 2007 21:40:54 +0000 (21:40 +0000)]
r22493: Fix horrible memory corruption bug with CIFS POSIX open/mkidr.
Found by SteveF + valgrind :-). Jerry - essential for rc3.
Jeremy.
Jeremy Allison [Mon, 23 Apr 2007 21:07:05 +0000 (21:07 +0000)]
r22492: Add objectid code.
Jeremy.