Jeremy Allison [Sat, 1 Apr 2006 05:41:34 +0000 (05:41 +0000)]
r14847: Tell static checkers that exit_server() doesn't
return.
Jeremy.
Günther Deschner [Fri, 31 Mar 2006 11:48:01 +0000 (11:48 +0000)]
r14841: Fix IRIX build --with-pam.
Guenther
Jeremy Allison [Fri, 31 Mar 2006 00:50:09 +0000 (00:50 +0000)]
r14833: Fix resource leak on error code path. Coverity #280.
Jeremy.
Jeremy Allison [Fri, 31 Mar 2006 00:47:08 +0000 (00:47 +0000)]
r14831: Fix possible null deref. Coverity #279.
Jeremy.
Jeremy Allison [Fri, 31 Mar 2006 00:44:24 +0000 (00:44 +0000)]
r14829: Fix reversed test in coverity fixes.
Jeremy.
Gerald Carter [Thu, 30 Mar 2006 14:28:33 +0000 (14:28 +0000)]
r14825: add support for max connections parameter
Stefan Metzmacher [Thu, 30 Mar 2006 13:11:08 +0000 (13:11 +0000)]
r14820: sync test_posix_p3.sh with test_posix.sh from samba4
but only run the BASE-* tests and ignore some more than in samba4
metze
Stefan Metzmacher [Thu, 30 Mar 2006 09:34:02 +0000 (09:34 +0000)]
r14809: - add my email address
- fix usage()
- remove unused var
metze
Jeremy Allison [Wed, 29 Mar 2006 23:45:08 +0000 (23:45 +0000)]
r14790: Fix possible null deref. Coverity #277.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:42:03 +0000 (23:42 +0000)]
r14788: Fix coverity bug #276. null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:35:16 +0000 (23:35 +0000)]
r14786: Fix coverity #275. null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:32:40 +0000 (23:32 +0000)]
r14784: Fix coverity bug #274. Null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:25:04 +0000 (23:25 +0000)]
r14782: Fix coverity bug #273, null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:22:57 +0000 (23:22 +0000)]
r14780: Fix coverity bug #272, null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:18:58 +0000 (23:18 +0000)]
r14778: Fix coverity null deref bugs #268 - #271.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:13:27 +0000 (23:13 +0000)]
r14776: Fix coverity #263 - #267. No one was checking talloc
returns. Doh !
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 23:03:34 +0000 (23:03 +0000)]
r14774: Fix null deref coverity bugs #260, #261, #262.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:59:33 +0000 (22:59 +0000)]
r14772: Fix coverity bug #258. Seems coverity has discovered talloc :-).
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:56:05 +0000 (22:56 +0000)]
r14770: Fix coverity bug #257. Possible null deref.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:51:23 +0000 (22:51 +0000)]
r14768: Fix potential null deref coverity bugs #255, #256.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:45:52 +0000 (22:45 +0000)]
r14766: Fix possible NULL deref. Coverity #254.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:41:24 +0000 (22:41 +0000)]
r14764: Fix possible null pointer deref. Coverity #253.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 22:19:01 +0000 (22:19 +0000)]
r14763: Add a new tuning parameter, open files database hash size,
this allows us to experiment with ensuring the tdb hash
size for our open files and locking db are appropriately
sized. Make the hash size larger by default (10007 instead
of 1049) and make the locking db hash size the same as the
open file db hash size.
Jeremy.
Jeremy Allison [Wed, 29 Mar 2006 18:55:39 +0000 (18:55 +0000)]
r14760: Fix #3642, ensure we don't call FD_SET on read with fd == -1.
Jeremy.
Günther Deschner [Wed, 29 Mar 2006 18:24:34 +0000 (18:24 +0000)]
r14758: Fix broken LDAP search filter.
Guenther
Günther Deschner [Wed, 29 Mar 2006 15:30:26 +0000 (15:30 +0000)]
r14757: Make sure we only send out a CLDAP request to an connected AD server.
Guenther
Günther Deschner [Wed, 29 Mar 2006 14:52:03 +0000 (14:52 +0000)]
r14756: Make smbpasswd -a root work for eDirectory where there is no "account"
structural objectclass.
Guenther
Günther Deschner [Wed, 29 Mar 2006 09:40:42 +0000 (09:40 +0000)]
r14753: Fix the kerberized pam_auth: As we could have created a new credential
cache with a valid TGT in it but we werent able to get or verify the
service ticket for this local host afterwards and therefor didn't get
the PAC, we need to remove that ccache entirely.
Also remove an ugly pair of (not needed) seteuid calls around the ticket
destroy wrapper.
Guenther
Jeremy Allison [Tue, 28 Mar 2006 15:50:13 +0000 (15:50 +0000)]
r14751: Use the noreturn attribute to try and tell coverity that
smb_panic can't return.
Jeremy.
Gerald Carter [Tue, 28 Mar 2006 13:34:13 +0000 (13:34 +0000)]
r14748: store the name/ip address combination when we doa reverse look up in case future forward lookups would fail
Jeremy Allison [Mon, 27 Mar 2006 19:50:45 +0000 (19:50 +0000)]
r14746: Add the Samba4 replacements for opendir/readdir etc. to
Samba3 - with some 64-bit macro madness. Attempt to fix
the broken directory handling in the *BSD-of-the-month
club.
Jeremy.
Stefan Metzmacher [Mon, 27 Mar 2006 12:32:42 +0000 (12:32 +0000)]
r14744: allow ./timelimit 5 ./timelimit 20 ./ignore_all_signals
to work,
this is needed when we enable samba3's make test
in the build-farm
metze
Jeremy Allison [Mon, 27 Mar 2006 02:51:25 +0000 (02:51 +0000)]
r14743: Fix coverity bug #227. Possible deref of null pointer
in error code path.
Jeremy.
Jeremy Allison [Sat, 25 Mar 2006 01:35:43 +0000 (01:35 +0000)]
r14703: Clarify the return codes for the POSIX locking case. This
was confusing.
Jeremy.
Gerald Carter [Fri, 24 Mar 2006 23:54:08 +0000 (23:54 +0000)]
r14699: allow 'net sam addmem' to accept a SID for the member
Gerald Carter [Fri, 24 Mar 2006 22:04:16 +0000 (22:04 +0000)]
r14698: Make sure we expand our own local groups and not
just the BUILTIN group when calling winbindd_getgroups.
$ id foo
uid=502(foo) gid=100(users) groups=100(users),10007(RHEL4\staff),
10001(BUILTIN\users)
Jelmer Vernooij [Fri, 24 Mar 2006 19:12:04 +0000 (19:12 +0000)]
r14696: make pdb_find_backend_entry public (for use by an external "multi" pdb backend)
Volker Lendecke [Fri, 24 Mar 2006 18:40:28 +0000 (18:40 +0000)]
r14695: Patch from Björn Jacke:
- add DMAPI/XDSM support for AIX
- find JFS DMAPI libs on Linux when only they are available
Volker
Jelmer Vernooij [Thu, 23 Mar 2006 20:19:05 +0000 (20:19 +0000)]
r14684: Remove obsolete file (belonged to pdb_xml)
Jim McDonough [Thu, 23 Mar 2006 18:35:15 +0000 (18:35 +0000)]
r14683: Get rid of hardcoded output file. With no arg, print to stdout,
otherwise append to output file specified.
Günther Deschner [Thu, 23 Mar 2006 17:32:21 +0000 (17:32 +0000)]
r14682: Small cleanup in ads_verify_ticket.
Guenther
Jim McDonough [Thu, 23 Mar 2006 16:39:37 +0000 (16:39 +0000)]
r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a
different directory the temp files should be in, or is /tmp ok?
Still have to get rid of the output file hardcoding, but that is to
come, because I need to cleanup stdout.
Stefan Metzmacher [Thu, 23 Mar 2006 14:55:38 +0000 (14:55 +0000)]
r14678: - we need to use 127.0.0.2/8 as interface for the server
as nmbd skip interfaces with address 127.0.0.1
- add samba3 smbclient -L tests
- add samba3 smbtorture tests
metze
Stefan Metzmacher [Thu, 23 Mar 2006 14:53:10 +0000 (14:53 +0000)]
r14676: add make valgrindtest and remove old 'make check' and old 'make test'
metze
Günther Deschner [Thu, 23 Mar 2006 13:22:54 +0000 (13:22 +0000)]
r14675: Protect against null sids and rids in the cached credentials functions.
Guenther
Günther Deschner [Thu, 23 Mar 2006 12:50:25 +0000 (12:50 +0000)]
r14674: Further cleanup for cached logins, only dump hashes with DEBUG_PASSWORD.
Guenther
James Peach [Thu, 23 Mar 2006 00:12:37 +0000 (00:12 +0000)]
r14669: Remove duplicate source caused by running patch(1) once too often.
James Peach [Wed, 22 Mar 2006 23:49:09 +0000 (23:49 +0000)]
r14668: Set the FILE_STATUS_OFFLINE bit by observing the events a DMAPI-based
HSM is interested in. Tested on both IRIX and SLES9.
Derrell Lipman [Wed, 22 Mar 2006 22:05:19 +0000 (22:05 +0000)]
r14664: r13868@cabra: derrell | 2006-03-22 17:04:30 -0500
Implement enhancement request 3505. Two additional features are added here.
There is now a method of saving an opaque user data handle in the smbc_
context, and there is now a way to request that the context be passed to the
authentication function. See examples/libsmbclient/testbrowse.c for an example
of using these features.
Lars Müller [Wed, 22 Mar 2006 20:16:50 +0000 (20:16 +0000)]
r14659: Fix installpammodules for shells where a
for module in ; do ... ; done
leads to an error (true64, solaris 8).
We now use {,UN}INSTALL_PAM_MODULES to get replaced by configure.
Therfore we don't run into the {,un}installpammodules rule if no PAM
module is requested.
Thanks to Björn Jacke for pointing to this issue.
Günther Deschner [Wed, 22 Mar 2006 15:00:42 +0000 (15:00 +0000)]
r14646: Adding samr querygroup infolevels 2 & 5.
Guenther
Günther Deschner [Wed, 22 Mar 2006 14:58:54 +0000 (14:58 +0000)]
r14645: No idea how this happened, fixing the build.
Guenther
Günther Deschner [Wed, 22 Mar 2006 14:41:07 +0000 (14:41 +0000)]
r14643: Merge dcerpc_errstr from Samba 4.
Might need to rework prs_dcerpc_status().
Guenther
Gerald Carter [Wed, 22 Mar 2006 08:04:13 +0000 (08:04 +0000)]
r14634: Many bug fixes thanks to train rides and overnight stays in airports
* Finally fix parsing idmap uid/gid ranges not to break with spaces
surrounding the '-'
* Allow local groups to renamed by adding info level 2 to
_samr_set_aliasinfo()
* Fix parsing bug in _samr_del_dom_alias() reply
* Prevent root from being deleted via Samba
* Prevent builting groups from being renamed or deleted
* Fix bug in pdb_tdb that broke renaming user accounts
* Make sure winbindd is running when trying to create the Administrators
and Users BUILTIN groups automatically from smbd (and not just check the
winbind nexted groups parameter value).
* Have the top level rid allocator verify that the RID it is about to
grant is not already assigned in our own SAM (retries up to 250 times).
This fixes passdb with existing SIDs assigned to users from the RID algorithm
but not monotonically allocating the RIDs from passdb.
Stefan Metzmacher [Tue, 21 Mar 2006 22:16:44 +0000 (22:16 +0000)]
r14632: add basic 'make test' using samba4's smbtorture
I'll try to add some tests using samba3's smbtorture and smbclient
later.
can someone check if this would be save to run on the build-farm
without leaking child processes...
metze
Lars Müller [Tue, 21 Mar 2006 21:54:53 +0000 (21:54 +0000)]
r14631: Add {,un}installpammodules rule and add it to the install rule.
Nothing happens if PAM_MODULES is empty which is our default.
The default destination dir is "${LIBDIR}/security". It's possible to
overwrite the default with --with-pammodulesdir while calling configure.
Stefan Metzmacher [Tue, 21 Mar 2006 21:25:29 +0000 (21:25 +0000)]
r14628: sync timelimit.c with the version from the build-farm repository
metze
Lars Müller [Tue, 21 Mar 2006 19:50:28 +0000 (19:50 +0000)]
r14627: Adapt the linkage text from pam_smbpass to pam_winbind.
Lars Müller [Tue, 21 Mar 2006 16:18:34 +0000 (16:18 +0000)]
r14626: Only set libdir and mandir to the defaults if we haven't used --libdir
or --mandir to set them already. Till now we overwrrote a setting made
with --libdir or --mandir.
Stefan Metzmacher [Tue, 21 Mar 2006 15:33:14 +0000 (15:33 +0000)]
r14624: - add timelimit.c
- add configure tests --with-selftest-prefix=/tmp/samba-test
this is needed because the path name of unix socket can only be 108 chars long
- add configure test --with-smbtorture4-path=/home/foo/prefix/samba4/bin/smbtorture
this will be used to run samba4's smbtorture inside samba3's make test later
metze
Stefan Metzmacher [Tue, 21 Mar 2006 13:16:50 +0000 (13:16 +0000)]
r14618: add --no-process-group to all server programms
to make the following possible:
timelimit 20000 bin/nmbd -F -S --no-process-group
timelimit 20000 bin/smbd -F -S --no-process-group
this is needed to 'make test' working without losing child processes
metze
Lars Müller [Tue, 21 Mar 2006 12:32:12 +0000 (12:32 +0000)]
r14617: Fix typo in comment.
Günther Deschner [Tue, 21 Mar 2006 11:14:29 +0000 (11:14 +0000)]
r14611: Fix init_creds_opts issue jerry discovered when using MIT krb5 1.3:
We were using a far too short renewable_time in the request; newer MIT
releases take care interally that the renewable time is never shorter
then the default ticket lifetime.
Guenther
Jeremy Allison [Tue, 21 Mar 2006 06:53:49 +0000 (06:53 +0000)]
r14602: Fix another logic bug in new oplock handling. Just
because lck->num_share_modes != 0 doesn't mean that
there *are* other valid share modes. They may be
all marked "UNUSED" or be deferred open entries.
In that case don't downgrade the granted oplock to
level2 needlessly - a client can have an exclusive
oplock in this case. The original code handled this
correctly in the lck->num_share_modes == 0 case but
not in the case where there were no valid share modes
but lck->num_share_modes != 0. I'll clean up my
Samba4 torture tester for this and commit it tomorrow.
Jeremy.
James Peach [Tue, 21 Mar 2006 02:56:49 +0000 (02:56 +0000)]
r14600: Refactor capability interface from being IRIX-specific to using only
the POSIX interface. Note that this removes support for inherited
capabilities. This wasn't used, and probably should not be.
Günther Deschner [Tue, 21 Mar 2006 00:04:05 +0000 (00:04 +0000)]
r14597: Merge DCERPC_FAULT constants from Samba 4.
Guenther
Jeremy Allison [Mon, 20 Mar 2006 23:40:43 +0000 (23:40 +0000)]
r14596: Fix a logic bug with multiple oplock contention.
The sad thing is the core of this bug fix is just
removing a paranoia "exit_server" call, as the
rest of the logic was already correct :-).
Lots of comments to explain the logic added.
I will look at adding tests to exercise this,
might be possible.
Jeremy.
Günther Deschner [Mon, 20 Mar 2006 19:05:44 +0000 (19:05 +0000)]
r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options.
Guenther
Lars Müller [Mon, 20 Mar 2006 16:40:42 +0000 (16:40 +0000)]
r14584: Really follow with roosbindir by defaulr the setting we use for sbindir.
Gerald Carter [Mon, 20 Mar 2006 12:14:07 +0000 (12:14 +0000)]
r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid
Günther Deschner [Mon, 20 Mar 2006 11:32:08 +0000 (11:32 +0000)]
r14579: Add REJECT_REASON_OTHER in the rpcclient chgpasswd3.
Guenther
Gerald Carter [Mon, 20 Mar 2006 10:55:48 +0000 (10:55 +0000)]
r14578: fix incorrect comment in fill_sam_account(). This function is called from multiple places now (krb5, winbindd auth and domain_client_validate()
Gerald Carter [Mon, 20 Mar 2006 10:18:23 +0000 (10:18 +0000)]
r14577: BUG Fixes:
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
Günther Deschner [Mon, 20 Mar 2006 10:05:51 +0000 (10:05 +0000)]
r14576: Skip remaining keytab entries when we have a clear indication that
krb5_rd_req could decrypt the ticket but that ticket is just not valid
at the moment (either not yet valid or already expired). (This also
prevents an MIT kerberos related crash)
Guenther
James Peach [Sun, 19 Mar 2006 23:32:50 +0000 (23:32 +0000)]
r14574: Allow use of sendfile as long as the write cache has not been enabled
on the particular file we are performing I/O on, irrespective of whether
the write cache is globally enabled
Volker Lendecke [Sun, 19 Mar 2006 11:11:37 +0000 (11:11 +0000)]
r14559: Oplocks have changed, process_smb can be static again
Gerald Carter [Fri, 17 Mar 2006 20:35:44 +0000 (20:35 +0000)]
r14530: removing unused 'winbind max idle children' parameter
Stefan Metzmacher [Fri, 17 Mar 2006 16:30:00 +0000 (16:30 +0000)]
r14522: sync socket_wrapper code with samba4
metze
Gerald Carter [Fri, 17 Mar 2006 14:44:15 +0000 (14:44 +0000)]
r14515: fix soname breakage caused by mad merge from trunk (missed replacing a AC variable)
Günther Deschner [Fri, 17 Mar 2006 14:31:05 +0000 (14:31 +0000)]
r14514: Fixing last commit. Thanks Volker.
Guenther
Günther Deschner [Fri, 17 Mar 2006 14:18:05 +0000 (14:18 +0000)]
r14513: Fix winbindd_chauthtok: only fallback when the chgpasswd3 call is not
supported.
Is there a better way to check for the 0x1c010002 status code?
Guenther
Gerald Carter [Fri, 17 Mar 2006 13:57:00 +0000 (13:57 +0000)]
r14512: Guenther, This code breaks winbind with MIT krb1.3.
I'm disabling it for now until we have en effective
means of dealing with the ticket request flags for users
and computers.
Volker Lendecke [Fri, 17 Mar 2006 11:53:33 +0000 (11:53 +0000)]
r14509: Attempt to fix the build on "sun1"
Günther Deschner [Fri, 17 Mar 2006 10:43:33 +0000 (10:43 +0000)]
r14508: Return PAM_SUCCESS in pam_sm_close_session when there is no KRB5CCNAME
environment.
Guenther
Günther Deschner [Fri, 17 Mar 2006 10:36:07 +0000 (10:36 +0000)]
r14507: Re-disable accidentially re-enabled paranoia check. This should make
offline logons work again with NT4 and older Samba3 DCs.
Guenther
Günther Deschner [Fri, 17 Mar 2006 10:22:13 +0000 (10:22 +0000)]
r14506: Remove remaining references to a KCM credential cache type.
Guenther
Günther Deschner [Fri, 17 Mar 2006 10:14:33 +0000 (10:14 +0000)]
r14505: Rename the timed_event to lockout_policy_event.
Guenther
Günther Deschner [Fri, 17 Mar 2006 09:25:26 +0000 (09:25 +0000)]
r14503: Fix principal in debug statement.
Guenther
Günther Deschner [Thu, 16 Mar 2006 23:54:05 +0000 (23:54 +0000)]
r14496: Add WBFLAG_PAM_GET_PWD_POLICY bit to only callout for domain password
policies when requested.
No panic, the flags is uint32 so we are not running out of WBFLAG bits.
Guenther
Günther Deschner [Thu, 16 Mar 2006 22:54:07 +0000 (22:54 +0000)]
r14495: Allow to play with the logon_param flag when testing samlogons.
Guenther
Günther Deschner [Thu, 16 Mar 2006 22:17:03 +0000 (22:17 +0000)]
r14493: There is no point in falling back to a samlogon when a krb5login has
failed with a clear error indication. This prevents the bad logon count
beeing increased on the DC.
Guenther
Jeremy Allison [Thu, 16 Mar 2006 21:05:15 +0000 (21:05 +0000)]
r14489: Guard against coverity reversion. #181 is a false positive
but make the intent clearer.
Jeremy.
Gerald Carter [Thu, 16 Mar 2006 16:46:23 +0000 (16:46 +0000)]
r14482: Fixes for spoolss code (after coverity fixes) when the
client sends a NULL RPC_BUFFER*
Volker Lendecke [Thu, 16 Mar 2006 15:21:41 +0000 (15:21 +0000)]
r14480: Kill one boolean flag passed down :-)
Gerald Carter [Thu, 16 Mar 2006 13:48:01 +0000 (13:48 +0000)]
r14475: patch from Oliver Schulze L. <oliver@samera.com.py> for BUG 3580. Make RHEL makerpms.sh script more verbose and add some additional options to the rpmbuild process
Günther Deschner [Thu, 16 Mar 2006 13:37:23 +0000 (13:37 +0000)]
r14474: Also flush the nscd caches before entering the main winbindd loop.
Guenther
Günther Deschner [Thu, 16 Mar 2006 11:32:01 +0000 (11:32 +0000)]
r14468: Better fix to avoid winbind panic when we have an inproper configuration
and want to just shutdown and exit.
Guenther
Günther Deschner [Thu, 16 Mar 2006 11:04:21 +0000 (11:04 +0000)]
r14467: Reverting 13660. This needs to be fixed differently.
Guenther
Jeremy Allison [Wed, 15 Mar 2006 23:10:38 +0000 (23:10 +0000)]
r14462: Fix warning. ber_tag_t is an unsigned int for
printing purposes.
Jeremy.
Jeremy Allison [Wed, 15 Mar 2006 22:52:59 +0000 (22:52 +0000)]
r14460: SMBexit closes by pid and vuid. Tested with smbtorture.
Jeremy.