Jeff Layton [Tue, 12 Aug 2008 18:32:54 +0000 (14:32 -0400)]
cifs.upcall: negatively instantiate keys on error
When a request-key upcall exits without instantiating a key, the kernel
will negatively instantiate the key with a 60s timeout. Older kernels,
however seem to also link that key into the session keyring. This
behavior can interefere with subsequent mount attempts until the
key times out. The next request_key() call will get this negative key
even if the upcall would have worked the second time.
Fix this by having cifs.upcall negatively instantiate the key itself
with a 1s timeout and don't attach it to the session keyring.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
(This used to be commit
f760dd3f3128c846cdeab16cc52bbb5189427955)
Volker Lendecke [Tue, 12 Aug 2008 09:59:13 +0000 (11:59 +0200)]
Remove two unused variables
(This used to be commit
257b0401ee675b6b7eddf2b46a0f8115940e6640)
Volker Lendecke [Tue, 29 Jul 2008 07:04:17 +0000 (09:04 +0200)]
Do not create a new mapping if a domain with an explicit config fails
(This used to be commit
2c27de44269198e22c323191dd4762d1aab81b22)
Volker Lendecke [Fri, 18 Jul 2008 10:30:24 +0000 (12:30 +0200)]
Make the docs actually build
Thanks to Karolin for the friendly build service :-)
(This used to be commit
4bfc7cb662411d245f3ad7613bec8531d9ce3a57)
Volker Lendecke [Thu, 17 Jul 2008 12:05:57 +0000 (14:05 +0200)]
Document idmap rewrite
(This used to be commit
4b9132e8bd1b2bc397b657ef07796f44d55f33da)
Volker Lendecke [Thu, 17 Jul 2008 11:32:28 +0000 (13:32 +0200)]
Some doxygen comments for idmap
(This used to be commit
adecc6d91338e7e34afd0672aada5d0e47247a33)
Volker Lendecke [Wed, 16 Jul 2008 16:14:33 +0000 (18:14 +0200)]
Fix prototypes
(This used to be commit
8b9d12714679745b98755e6805e71b75828ce227)
Volker Lendecke [Wed, 16 Jul 2008 14:51:46 +0000 (16:51 +0200)]
Remove "idmap alloc config : range" parameter
This was overwritten by "idmap uid/gid" anyway. These are now the range
parameters for the alloc backend.
(This used to be commit
d563a7b80dc3e759069db2cd54d596a1b8c55191)
Volker Lendecke [Sun, 13 Jul 2008 10:07:40 +0000 (12:07 +0200)]
Volker Lendecke [Sun, 13 Jul 2008 07:59:57 +0000 (09:59 +0200)]
Remove the multi-ID lookup code and the 3.2.0 version of idmap_cache
(This used to be commit
1bd98521dc3f16ad77ccccd3979288c58e03ebe8)
Volker Lendecke [Mon, 14 Jul 2008 10:32:18 +0000 (12:32 +0200)]
Directly call backends from idmap_[ugs]_to_[ugs]id
(This used to be commit
f955407042e6d2384acccc399d72ff65ba0e721c)
Volker Lendecke [Fri, 11 Jul 2008 11:58:31 +0000 (13:58 +0200)]
Move the gid2sid cache to the parent winbind process
(This used to be commit
a86a6835e2737fdbdf1f36bcd594d4b01a60acb9)
Volker Lendecke [Mon, 7 Jul 2008 20:09:39 +0000 (22:09 +0200)]
Move the uid2sid cache to the parent winbind process
(This used to be commit
6e885aeabba2265a06b726f567cb14dde12c8ccb)
Michael Adam [Tue, 12 Aug 2008 08:18:51 +0000 (10:18 +0200)]
WHATSNEW: fix one occurrence of 3.2.0 to say 3.3.0.
Michael
(This used to be commit
82b132c4749eb3b6f56b9954655cd8be5cc762a3)
Günther Deschner [Wed, 30 Jul 2008 19:38:21 +0000 (21:38 +0200)]
libnetjoin: support kerberized joining/unjoing (fix #5416).
Guenther
(This used to be commit
da6e0f4f375aa533c4c765891c960070478972eb)
Günther Deschner [Fri, 1 Aug 2008 17:15:52 +0000 (19:15 +0200)]
netapi: add NetLocalGroupSetMembers example code.
Guenther
(This used to be commit
4fea49ae83510225c51c580a2bea2c664851bb39)
Günther Deschner [Fri, 1 Aug 2008 15:13:43 +0000 (17:13 +0200)]
netapi: add NetLocalGroupDelMembers example code.
Guenther
(This used to be commit
b2a413148e470e059c877f4e54955ab61559edee)
Günther Deschner [Fri, 1 Aug 2008 14:03:00 +0000 (16:03 +0200)]
netapi: add NetLocalGroupAddMembers example code.
Guenther
(This used to be commit
01c4640b1ca66c3285fd23d447d08db12cf83b42)
Günther Deschner [Mon, 11 Aug 2008 17:43:24 +0000 (19:43 +0200)]
netapi: implement NetLocalGroupSetMembers_r().
Guenther
(This used to be commit
bb52ba58e47364d7c7ed38862a007e8e3d9dc104)
Günther Deschner [Mon, 11 Aug 2008 17:42:42 +0000 (19:42 +0200)]
netapi: implement NetLocalGroupDelMembers_r().
Guenther
(This used to be commit
bd31d8f9ec9a24ca68e1d5441c0cafd98132060f)
Günther Deschner [Fri, 1 Aug 2008 14:02:21 +0000 (16:02 +0200)]
netapi: implement NetLocalGroupAddMembers_r().
Guenther
(This used to be commit
53dc9a11810b93a1771304fbfbf4ae84f551612b)
Günther Deschner [Thu, 31 Jul 2008 14:24:58 +0000 (16:24 +0200)]
netapi: add NetLocalGroup*Member calls to public headers.
Guenther
(This used to be commit
d4a51bb01d33ad17db4e623085a89d258e91b57e)
Günther Deschner [Thu, 31 Jul 2008 14:05:11 +0000 (16:05 +0200)]
netapi: add skeleton for NetLocalGroup*Member calls.
Guenther
(This used to be commit
563fb06107d2d3279e08c5c801a940f03229131b)
Günther Deschner [Mon, 11 Aug 2008 17:08:46 +0000 (19:08 +0200)]
re-run make idl.
Guenther
(This used to be commit
b6b24094daf170f457bc414d8e17e43effab6e1b)
Günther Deschner [Thu, 31 Jul 2008 14:03:57 +0000 (16:03 +0200)]
netapi: add remaining NetLocalGroup*Member calls to IDL.
Guenther
(This used to be commit
c06dfb823548de3652778c67918335578f194678)
Günther Deschner [Thu, 31 Jul 2008 19:09:00 +0000 (21:09 +0200)]
netapi: add NetUserModalsGet and NetUserModalsSet tests.
Guenther
(This used to be commit
a9c444a342968b539918c082b78af8640f8c87cd)
Günther Deschner [Thu, 31 Jul 2008 19:08:31 +0000 (21:08 +0200)]
netapi: implement NetUserModalsSet_r.
Guenther
(This used to be commit
bb345187b7c62e9ad214037120545addd87a666d)
Günther Deschner [Thu, 31 Jul 2008 17:26:29 +0000 (19:26 +0200)]
netapi: implement NetUserModalsGet_r.
Guenther
(This used to be commit
7f7e6ca9091101aa7a3dc275c1d0258d97743f4b)
Günther Deschner [Thu, 31 Jul 2008 15:39:07 +0000 (17:39 +0200)]
netapi: add example code for NetUserModalsGet and NetUserModalsSet.
Guenther
(This used to be commit
316575b412e19008ecb6729f97e93b6103d8ba56)
Günther Deschner [Thu, 31 Jul 2008 14:47:15 +0000 (16:47 +0200)]
netapi: add NetUserModalsGet and NetUserModalsSet to public headers.
Guenther
(This used to be commit
b4c912bfbc62768ff4d7ecb39c02dc4a2a9825d2)
Günther Deschner [Thu, 31 Jul 2008 14:43:27 +0000 (16:43 +0200)]
netapi: add skeleton for NetUserModalsGet and NetUserModalsSet.
Guenther
(This used to be commit
5648145bec3bd24ecedea24a8834ac6768bfc640)
Günther Deschner [Mon, 11 Aug 2008 17:07:51 +0000 (19:07 +0200)]
re-run make idl.
Guenther
(This used to be commit
36c5de4702c03bd71d689aaecea87168133021c2)
Günther Deschner [Thu, 31 Jul 2008 14:42:42 +0000 (16:42 +0200)]
netapi: add NetUserModalsSet and NetUserModalsGet to IDL.
Guenther
(This used to be commit
2af33ceeb8bece347d67e27a662a7cd0a58f75f8)
Günther Deschner [Fri, 1 Aug 2008 15:22:00 +0000 (17:22 +0200)]
doserr: add WERR_MEMBER_IN_ALIAS.
Guenther
(This used to be commit
b62de0d1944de3dba55e182e0d8eb7c6ca5ec045)
Günther Deschner [Fri, 1 Aug 2008 14:44:05 +0000 (16:44 +0200)]
netapi: add NetApiBufferAllocate.
Guenther
(This used to be commit
99cc8f023b4ad9210b677e11371f404048752031)
Günther Deschner [Fri, 1 Aug 2008 13:15:05 +0000 (15:15 +0200)]
netapi: add ConvertStringSidToSid().
Guenther
(This used to be commit
36f1e45e4ec295115f1ba39ec7ad3690a96dac3e)
Günther Deschner [Thu, 31 Jul 2008 19:04:51 +0000 (21:04 +0200)]
netapi: generate the netapi testsuite makefile.
Guenther
(This used to be commit
a2247a5b19237291cec8c6a873652d78d55aaeb7)
Günther Deschner [Mon, 11 Aug 2008 09:20:38 +0000 (11:20 +0200)]
fix build warning.
Guenther
(This used to be commit
85021d6a459c957cc276a93c3515029244f52677)
Volker Lendecke [Sat, 9 Aug 2008 19:39:18 +0000 (21:39 +0200)]
Make events robust against their event_context being freed
(This used to be commit
3d4e7b29c235e329aaea4fa2c2078df0ce3e59eb)
Volker Lendecke [Sun, 10 Aug 2008 15:53:35 +0000 (17:53 +0200)]
fix smb_len calculation for chained requests
I think chain_reply() is one of the most tricky parts of Samba. This recursion
needs to go away, we need to sequentially walk the chain list.
(This used to be commit
af2b01d85188d2301580643f7e862e3e3988aadc)
Volker Lendecke [Sun, 10 Aug 2008 15:37:08 +0000 (17:37 +0200)]
Fix andx offset calculation for more than 2 chained requests
Untested code is broken code.... Test follows later, it's quite an intrusive
change to libsmb/
(This used to be commit
0ff16e8573f3c312f10fc723648319fa1f514ac0)
Volker Lendecke [Sun, 10 Aug 2008 09:33:15 +0000 (11:33 +0200)]
Remove an unused variable, process.c has its static copy
(This used to be commit
59136544ec16b6ceb14a75259aedd22856832bf1)
Michael Adam [Fri, 8 Aug 2008 23:04:55 +0000 (01:04 +0200)]
nmbd: add support for delayed initial samlogon packages.
The hosts or networks configured with "init logon delayed hosts"
have their initial samlogon packages (empty username) delayed
by the value configured with "init logon delay" (defaulting
to 100 milliseconds).
This gives the administrator some control over what clients would
consider the preferred logon server: they choose the server that
repsonds most quickly.
Michael
(This used to be commit
d52b9beede1fb14e1d7e3acd9765d6cd14dfcc3d)
Michael Adam [Fri, 8 Aug 2008 23:03:06 +0000 (01:03 +0200)]
nmbd_packets: make queue_packet() public.
Michael
(This used to be commit
363eb90ce8380ce1bbc74673936ba1e6d7eee23b)
Michael Adam [Fri, 8 Aug 2008 22:31:48 +0000 (00:31 +0200)]
loadparm: add two parameters "init logon delay hosts" and "init logon delay"
"init logon delays hosts" takes a list of hosts names or addresses
or networks for which the initial SAMLOGON reply should be delayed
(so other DCs get preferred by XP workstations if there are any).
This option takes the same type of list as "hosts allow" does.
"init logon delay" allows one to configure the delay for the hosts
configured for delayed initial samlogon with "init logon delayed hosts".
The value is interpreted as milliseconds. The default value is 100.
This commit only introduces the parameters.
They will be activated in a subsequent commit.
Michael
(This used to be commit
f7c1f85438f7e0da2a96e3fc8f774f8c6936370e)
Michael Adam [Fri, 8 Aug 2008 22:05:38 +0000 (00:05 +0200)]
lib/access: make list_match() public.
Michael
(This used to be commit
742bedce417c666b5e91d8d0a7dc7682dc62eba2)
Michael Adam [Fri, 8 Aug 2008 22:03:23 +0000 (00:03 +0200)]
lib/access: make client_match() public.
Michael
(This used to be commit
1b2dec93b635dfd23af78a370c223ea2dd486aa7)
Jeremy Allison [Fri, 8 Aug 2008 23:08:11 +0000 (16:08 -0700)]
One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined before we compile the new code.
Jeremy.
(This used to be commit
7686752c5b015b15a6729631ba4aeedd25ebc659)
Jeremy Allison [Fri, 8 Aug 2008 22:15:36 +0000 (15:15 -0700)]
Try and fix the build for systems that don't have krb5_auth_con_set_req_cksumtype().
Jeremy.
(This used to be commit
8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
Jeremy Allison [Fri, 8 Aug 2008 21:33:55 +0000 (14:33 -0700)]
Merge branch 'v3-3-test' of ssh://jra@git.samba.org/data/git/samba into v3-3-test
(This used to be commit
5b3579b14cd5ea6e67ff3c91f5bed155d944c049)
Jeremy Allison [Fri, 8 Aug 2008 21:32:15 +0000 (14:32 -0700)]
Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. Some
work by me and advice by Love.
Jeremy.
(This used to be commit
ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc)
Michael Adam [Fri, 8 Aug 2008 21:30:19 +0000 (23:30 +0200)]
build: fix a no previous prototype warning when building without ldap/gssapia
move prototype of dns_create_update_request() to appropriate section in dns.h
Michael
(This used to be commit
0fba9549894affa8e2ea0b7fd15812f56f3319a3)
Michael Adam [Fri, 8 Aug 2008 21:03:51 +0000 (23:03 +0200)]
libnet samsync ldif: fix the build without LDAP.
Michael
(This used to be commit
32df05bd1f49f2290ad69f84d5a47207b1469629)
Yannick Bergeron [Fri, 8 Aug 2008 17:32:15 +0000 (13:32 -0400)]
using NGROUPS_MAX instead of 32 for the max group value in rep_initgroups() subroutine in lib/replace/replace.c
(This used to be commit
13b1a232d2fe05ae3e924ea2503d05ff5084146e)
Volker Lendecke [Fri, 8 Aug 2008 16:30:57 +0000 (18:30 +0200)]
Add simple async wrappers around send, recv and connect
To be used later :-)
(This used to be commit
0d161d336ab9eeccd90d19ef1473646c3008864a)
Jeremy Allison [Fri, 8 Aug 2008 00:55:57 +0000 (17:55 -0700)]
Fix bug #5675 with a varient of Tim Waugh's patch,
as proposed by James Peach.
Jeremy.
(This used to be commit
5c27ad75836136c39774c9456d63f46fa62e281f)
Jeremy Allison [Fri, 8 Aug 2008 00:49:19 +0000 (17:49 -0700)]
Fix "might be used uninitialized" warnings.
Jeremy.
(This used to be commit
5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea)
Volker Lendecke [Thu, 7 Aug 2008 16:18:10 +0000 (18:18 +0200)]
Fix a build failure on host sunX
(This used to be commit
30b5be872501dc87380fd10084aacda13a308ac8)
Yannick Bergeron [Wed, 6 Aug 2008 17:23:00 +0000 (13:23 -0400)]
Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c
(This used to be commit
b45e7fabc64e699e4fa013ef15f98a004dae3f32)
Karolin Seeger [Wed, 6 Aug 2008 12:26:41 +0000 (14:26 +0200)]
WHATSNEW: Start WHATSNEW for 3.3.0pre1.
Karolin
(This used to be commit
28ae738eee37face7dc5e938a036f0c2d3d2a9d6)
Michael Adam [Wed, 6 Aug 2008 11:56:52 +0000 (13:56 +0200)]
libnetapi: fix build of shared library after libnet_join changes.
This needs create_builtin_administrators() and create_builtin_users()
from token_utils now. Did not pop up because the only users of the
shared lib currently are the examples in lib/netapi/examples/
which are not automatically built.
Michael
(This used to be commit
8dca23a5597a717c7f79bab0494122e71528272b)
Andrew Tridgell [Wed, 6 Aug 2008 06:35:43 +0000 (16:35 +1000)]
fixed permissions on ctdb databases
(This used to be commit
123fc3980a83d956bffaa689f3af81bbf81ce1c1)
Andrew Tridgell [Wed, 6 Aug 2008 04:02:45 +0000 (14:02 +1000)]
fixed a fd leak when trying to regain contact to a domain controller
in winbind
When a w2k3 DC is rebooted the 139/445 ports come up before the
udp/389 cldap port. During this brief period, winbind manages to
connect to 139/445 but not to udp 389. It then enters a tight loop
where it leaks one fd each time. In a couple of seconds it runs out of
file descriptors, and leaves winbind crippled after the DC does
finally come up
(This used to be commit
57187cafbcc053e75bb54750494df9feabe3a738)
Michael Adam [Tue, 5 Aug 2008 21:38:56 +0000 (23:38 +0200)]
dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().
Michael
(This used to be commit
f8f21c8e3922806230e240cb54205fc2db7a3619)
Michael Adam [Tue, 5 Aug 2008 21:14:05 +0000 (23:14 +0200)]
secrets: fix replacemend random seed generator (security issue).
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
(This used to be commit
bfc5d34a196f667276ce1e173821db478d01258b)
Michael Adam [Tue, 5 Aug 2008 21:13:06 +0000 (23:13 +0200)]
dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().
Michael
(This used to be commit
7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0)
Michael Adam [Tue, 5 Aug 2008 20:38:44 +0000 (22:38 +0200)]
idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
The race is a regression introduced by the change to dbwrap.
It might have led to two concurrent processes returning the same id.
This fix is achieved by changing dbwrap_change_uint32_atomic() to
match the original behaviour of tdb_change_uint32_atomic(), which
is the following: *oldval is used as initial value when
the value does not yet exist and that the old value should be
returned in *oldval.
dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
to get new ids.
Michael
(This used to be commit
72bd83fea7572a6202027b200d192c05023aa633)
Michael Adam [Mon, 4 Aug 2008 21:30:16 +0000 (23:30 +0200)]
registry: use _bystring wrappers to dbwrap_trans_(store|delete).
Michael
(This used to be commit
103ce6c9e94ce74e616fe922f2584fd46ae1f3f8)
Steve French [Tue, 5 Aug 2008 20:36:11 +0000 (15:36 -0500)]
Building cifs.upcall is giving this build warning:
client/cifs.upcall.c:205: warning: function declaration isn’t a prototype
This patch fixes this by properly declaring usage() args as void.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
(This used to be commit
148a012421cdd875167e708c5dfa771d97bf9856)
Steve French [Tue, 5 Aug 2008 18:27:07 +0000 (13:27 -0500)]
cifs.upcall: fix manpage and comments
The "cifs.resolver" key type has been changed to "dns_resolver". Fix
the comments at the top of cifs.upcall and the manpage accordingly.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve French <sfrench@samba.org>
---
docs-xml/manpages-3/cifs.upcall.8.xml | 4 ++--
source/client/cifs.upcall.c | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
(This used to be commit
24a93d03c2ca4e718968e2024604e0f398c96659)
Steve French [Tue, 5 Aug 2008 18:15:46 +0000 (13:15 -0500)]
Backing out most of changeset
5222b8db3fb692e5071bfd1b41849a8eb0a17995
(so parsing for domain parameter in mount.cifs matches online help)
and rephrasing original code to make it more clear.
The check for "domain" was meant to allow for "dom" or "DOM" and the
option ("dom") described in the help (e.g. "/sbin/mount.cifs -?") is the
shorter ("dom") form. The reason that the string we compare against
is larger was to improve readability (we could compare against "dom"
but note /* "domain" or "DOMAIN" or "dom" or "DOM" */ but it seemed
terser to just show the larger string in the strcmp target. The
change to "workgoup" from workg* (anything which begins with "workg"
doesn't matter - it is a minor behavior change - but probably few
scripts depend on the "alias" for this option).
Rework code so that it is clearer what we are comparing against.
(This used to be commit
92fad0fc537e75c726d5d6794dd0c4fd61edca2d)
Karolin Seeger [Tue, 5 Aug 2008 12:20:32 +0000 (14:20 +0200)]
man pages: Improve description of boolean values in smb.conf.5.
This fixes bug #5378.
Thanks Morton K. Poulsen <morten+bugzilla.samba.org [at] afdelingp.dk>
for reporting!
Karolin
(This used to be commit
8195ca2132cbdba396dc35e9d04d4bdc3a8a666c)
Karolin Seeger [Tue, 5 Aug 2008 12:10:11 +0000 (14:10 +0200)]
man pages: Add documentation about smbclient command "rename".
This fixes bug #5268.
Thanks to Alexander Franz <a.franz [at] gmx.net> for reporting!
Karolin
(This used to be commit
0a93fd2dedfa7fed1ad0b8a5e079bf7be72a4bd5)
Karolin Seeger [Tue, 5 Aug 2008 10:55:20 +0000 (12:55 +0200)]
README.Coding: A few minor fixes.
Karolin
(This used to be commit
e61c6963cc25883c0b6e7e20596723397e294807)
Stefan Metzmacher [Mon, 4 Aug 2008 12:28:02 +0000 (14:28 +0200)]
libnet_keytab: fix the build with heimdal
metze
(This used to be commit
ba18af00cc79a4e92372d3c1151061f200bc0655)
Stefan Metzmacher [Mon, 4 Aug 2008 11:52:18 +0000 (13:52 +0200)]
clikrb5: don't use krb5_keyblock_init() when no salt is specified
If the caller wants to create a key with no salt we should
not use krb5_keyblock_init() (only used when using heimdal)
because it does sanity checks on the key length.
metze
(This used to be commit
c83de77b750837a110611d7023c4cf71d2d0bab1)
Volker Lendecke [Fri, 1 Aug 2008 14:05:49 +0000 (16:05 +0200)]
cli_request_new() already gave use the req, remove a pointless function call
(This used to be commit
08e97bd369ebe3ab1fd92433b168585faea92c68)
Volker Lendecke [Fri, 1 Aug 2008 13:29:06 +0000 (15:29 +0200)]
Michael Adam [Fri, 1 Aug 2008 15:13:42 +0000 (17:13 +0200)]
libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync().
Don't leak temporary data to callers but use a temporary context
that is freed at the end.
Michael
(This used to be commit
2d98ad57f56ddd4318bc721929a3ca9ede189a25)
Michael Adam [Fri, 1 Aug 2008 15:10:59 +0000 (17:10 +0200)]
libnet dssync: fix memory allocation for error/result messages.
Use the libnet_dssync_context as a talloc context for the
result_message and error_message string members.
Using the passed in mem_ctx makes the implicit assumption
that mem_ctx is at least as long-lived as the libnet_dssync_context,
which is wrong.
Michael
(This used to be commit
635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)
Michael Adam [Fri, 1 Aug 2008 15:09:08 +0000 (17:09 +0200)]
dssync keytab: add comment header explaining add_to_keytab_entries().
Michael
(This used to be commit
1072bd9f96ff3853e5ff58239123fc8c76a99063)
Michael Adam [Fri, 1 Aug 2008 12:26:46 +0000 (14:26 +0200)]
libnet dssync: add my C after dssync keytab changes.
Michael
(This used to be commit
9391aec8d4600c685b14d3cd1624f8758f2cc80d)
Michael Adam [Thu, 31 Jul 2008 22:12:18 +0000 (00:12 +0200)]
vampire keytab: add command line switch --clean-old-entries .
This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).
Michael
(This used to be commit
21385e1c635ea67215eb1da90e7dca97ae2f5d56)
Michael Adam [Thu, 31 Jul 2008 22:09:28 +0000 (00:09 +0200)]
dssync: add clean_old_entries flag to dssync_ctx.
Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().
Unused yet.
Michael
Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit
12e884f227e240860e49f9e41d8c1f45e10ad3be)
Michael Adam [Thu, 31 Jul 2008 22:07:40 +0000 (00:07 +0200)]
libnet keytab: implement cleaning of old entries in libnet_keytab_add().
Triggered by the flag clean_old_entries from the libnet_keytab_contex
(unused yet...).
Michael
(This used to be commit
a5f4e3ad95c26064881918f3866efa7556055a8f)
Michael Adam [Thu, 31 Jul 2008 22:05:42 +0000 (00:05 +0200)]
libnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries()
to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)
This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.
Michael
(This used to be commit
6047f7b68548b33a2c132fc4333355a2c6abb19a)
Michael Adam [Thu, 31 Jul 2008 22:03:10 +0000 (00:03 +0200)]
libnet keytab: add flag clean_old_entries to libnet_keytab_context.
Michael
(This used to be commit
f40eb8cc20a297c57f6db22e0c2457ce7425d00c)
Michael Adam [Thu, 31 Jul 2008 21:15:35 +0000 (23:15 +0200)]
libnet keytab: use proper counter type (uint32_t) in libnet_keytab_add().
Michael
(This used to be commit
d0bd9195f04ae0f45c2e571d31625b31347f13e9)
Michael Adam [Thu, 31 Jul 2008 21:05:45 +0000 (23:05 +0200)]
vampire keytab: introduce switch --single-obj-repl.
This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.
NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.
Michael
(This used to be commit
0f81111ea8c049eb60f98d4939e520a5a562d2e6)
Michael Adam [Thu, 31 Jul 2008 20:53:41 +0000 (22:53 +0200)]
dssync keytab: when not in single object replication mode, use object dn list as write filter.
I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.
Michael
(This used to be commit
a013f926ae5aadf64e02ef9254306e32aea79e80)
Michael Adam [Thu, 31 Jul 2008 10:25:06 +0000 (12:25 +0200)]
dssync keytab: support storing kerberos keys from supplemental credentials.
Michael
(This used to be commit
50b1673289f5c147bdb4953f3511a7afe783758c)
Michael Adam [Wed, 30 Jul 2008 15:53:28 +0000 (17:53 +0200)]
libnet dssync: rename flag single to single_object_replication
So that it is more obvious what this controls.
Michael
(This used to be commit
2360f0a19f0fb89798b814a02cfca335a4a35b6d)
Michael Adam [Wed, 30 Jul 2008 15:46:13 +0000 (17:46 +0200)]
net rpc vampire: rename --repl-nodiff to --force-full-repl.
This more clear.
Michael
(This used to be commit
0ddde9aae88e6244276e1c143056a4bfc7c7fcca)
Michael Adam [Wed, 30 Jul 2008 15:44:22 +0000 (17:44 +0200)]
libnet dssync: rename repl_nodiff flag to force_full_replication.
Michael
(This used to be commit
ec959b4609c3f4927a9f2811c46d738f9c78a914)
Michael Adam [Wed, 30 Jul 2008 11:02:36 +0000 (13:02 +0200)]
libnet dssync: support lists of dns (instead of one dn) for single object replication.
Just specify several DNs separated by spaces on the command line of
"net rpc vampire keytab" to get the passwords for each of these
accouns via single object replication.
Michael
(This used to be commit
6e53dc2db882d88470be5dfa1155b420fac8e6c5)
Michael Adam [Wed, 30 Jul 2008 10:35:45 +0000 (12:35 +0200)]
libnet dssync: move determination of request level into build_request()
...where it belongs.
Michael
(This used to be commit
012b33f1c52df086e4f20e7494248d98fbced76a)
Michael Adam [Wed, 30 Jul 2008 10:32:30 +0000 (12:32 +0200)]
libnet dssync: refactor dsgetncchanges loop out into libnet_dssync_getncchanges().
Michael
(This used to be commit
93cda1aa0a627e81eff46547b247801aec2880a3)
Michael Adam [Wed, 30 Jul 2008 10:31:38 +0000 (12:31 +0200)]
libnet dssync: fix single object replication by adding one check.
Before, this used the old uptodate vector in the request...
Michael
(This used to be commit
04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d)
Michael Adam [Wed, 30 Jul 2008 10:00:49 +0000 (12:00 +0200)]
libnet dssync: simplify logic of libnet_dssync_process() main loop.
Untangle parsing of results and processing.
Make loop logic more obvious.
Call finishing operation after the loop, not inside.
Michael
(This used to be commit
47c8b3391cb1bb9656f93b55f9ea39c78b74ed36)
Michael Adam [Wed, 30 Jul 2008 08:27:00 +0000 (10:27 +0200)]
libnet dssync: refactor creation of request out into new function
libnet_dssync_build_request().
Michael
(This used to be commit
d745c1af405058ec23d7d0c139505576a99f9057)