Lars Müller [Mon, 14 May 2007 21:22:14 +0000 (21:22 +0000)]
r22869: Add bin/{ldap,nss,tdb}.@SHLIBEXT@ rules.
Not tested for SAMBA_3_0 as I didn't get autogen.sh or autoreconf to
build a configure.
(This used to be commit
6f19e5853da8a13698912dc8a19311920cadce63)
Volker Lendecke [Mon, 14 May 2007 20:31:28 +0000 (20:31 +0000)]
r22868: Replace some message_send_pid calls with messaging_send_pid calls. More
tomorrow.
(This used to be commit
74fa57ca5d7fa8eace72bbe948a08a0bca3cc4ca)
Alexander Bokovoy [Mon, 14 May 2007 19:26:22 +0000 (19:26 +0000)]
r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
(This used to be commit
c3f4fdd37e62491a11d3993864ba51fdb596ea1b)
Michael Adam [Mon, 14 May 2007 14:53:45 +0000 (14:53 +0000)]
r22855: fix the build
(#if inside DEBUG macro not allowed...)
Michael
(This used to be commit
f0570dc3d9e07475764e466901d4abfe939590f8)
Gerald Carter [Mon, 14 May 2007 14:23:51 +0000 (14:23 +0000)]
r22852: merge fixes for CVE-2007-2446 and CVE-2007-2447 to all branches
(This used to be commit
f65214be68c1a59d9598bfb9f3b19e71cc3fa07b)
Derrell Lipman [Mon, 14 May 2007 14:19:30 +0000 (14:19 +0000)]
r22850: - Fixes bug 4601. smbc_getxattr() would not, in one case, properly return the
required size of a buffer needed to contain the extended attributes.
(This used to be commit
34f77af02e2073ccaabe1583011abeeabbbb24e1)
Michael Adam [Mon, 14 May 2007 13:36:14 +0000 (13:36 +0000)]
r22848: Fix brace alignment.
(This used to be commit
d909a6064159bc746bd558238e81d57cc274a162)
Michael Adam [Mon, 14 May 2007 13:31:42 +0000 (13:31 +0000)]
r22847: The new validate_panic function calls exit (instead of setting
a global error flag an returning), so cleanups and returns
subsequent to calls of smb_panic_fn have become unnecessary.
(This used to be commit
9d2db8c70f10a9285abd4a61fa66ee8aff2e7e6b)
Volker Lendecke [Mon, 14 May 2007 13:01:28 +0000 (13:01 +0000)]
r22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.
(This used to be commit
bbb508414683eeddd2ee0d2d36fe620118180bbb)
Michael Adam [Mon, 14 May 2007 12:57:24 +0000 (12:57 +0000)]
r22845: Modified and extended the winbindd cache validation code:
* Replaced signal catching/longjmp magic by a fork:
Let the child do the actual validation of the entries.
Exit code and signals are intercepted by waitpid.
* Fix logic so that also encounter of an unknown key in the
tdb leads to an error.
* Extended status of validation is kept in a (as yet simple)
stuct and communicated over a pipe from child to parent.
* Added two validation_ functions for two new keys.
The call of winbindd_validate_cache is still commented out
in the winbindd main loop. But I am currently testing it
and so far it seems to work fine.
The next step in my plan is to generalize the validation
mechanism to a tdb_open_log_validate function in lib/util_tdb.c.
There ist nothing very special about the cache tdb here,
and this might be useful elsewhere...
Michael
(This used to be commit
417325b9e6f9ac0afe1f2f3b552527788f6a7cee)
Volker Lendecke [Mon, 14 May 2007 12:16:20 +0000 (12:16 +0000)]
r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit
3d3d61687ef00181f4f04e001d42181d93ac931e)
Lars Müller [Mon, 14 May 2007 09:50:39 +0000 (09:50 +0000)]
r22841: Add comment to endif statement.
(This used to be commit
1351207626ee0f99aef93326ef96bf69651bf472)
Alexander Bokovoy [Mon, 14 May 2007 09:47:58 +0000 (09:47 +0000)]
r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
(This used to be commit
b090b8983bf26779c476c047e952e475c095932e)
Lars Müller [Mon, 14 May 2007 09:44:26 +0000 (09:44 +0000)]
r22839: Fix endif comment.
(This used to be commit
e522fb9bb72580a162c46db4e7ee8c7933705cee)
James Peach [Sun, 13 May 2007 20:51:39 +0000 (20:51 +0000)]
r22828: Fix typo. Bugzilla #4589.
(This used to be commit
b8959b172090eef6b40ff1fb012d6ff0d3d732ef)
James Peach [Sun, 13 May 2007 15:45:50 +0000 (15:45 +0000)]
r22826: Fix the gettimeofday test that I broke in rev 22821.
(This used to be commit
74ca1992056f9a340b3964b17f868a84335333ed)
James Peach [Sun, 13 May 2007 04:38:44 +0000 (04:38 +0000)]
r22821: Replace unnecessary AC_TRY_RUN with AC_TRY_LINK. Fixes bug #2287.
(This used to be commit
0268eafc26f6d6da25eca582241b136b5a3245ad)
James Peach [Sun, 13 May 2007 04:08:26 +0000 (04:08 +0000)]
r22820: Move FAM libraries from smbd to vfs_fam_notify. Should fix bugzilla #4426.
(This used to be commit
9d9950a6d10675c3568179312ff27289d3f9b340)
Volker Lendecke [Sat, 12 May 2007 19:53:47 +0000 (19:53 +0000)]
r22819: Fix Bug 4613. We just dumped the must change & friends. With the
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"
(This used to be commit
450e4d94f64f86a3dd709265d15ed5082d4b53e8)
Jeremy Allison [Sat, 12 May 2007 01:08:09 +0000 (01:08 +0000)]
r22812: Fix bug #3024 (and also the group varient). Patch from
Johann Hanne <jhml@gmx.net> and also Kaya Bekiro?lu <kaya.bekiroglu@isilon.com>
Jeremy.
(This used to be commit
c0ba891be06f49968317a90079554cfce2344f39)
Lars Müller [Fri, 11 May 2007 20:42:51 +0000 (20:42 +0000)]
r22805: Inform in examples/pdb about the location of the external support for
the SQL backends.
(This used to be commit
37f2191cd364dd6c2223b2e19072920ad2a257d6)
Günther Deschner [Fri, 11 May 2007 15:28:07 +0000 (15:28 +0000)]
r22803: Add some more flesh to the GPO security filtering (still very basic).
Guenther
(This used to be commit
8cfe32cb9cbe791308368f07b5bdbfcc84ac33d7)
Günther Deschner [Fri, 11 May 2007 15:08:05 +0000 (15:08 +0000)]
r22802: Add dummy gpo_apply_security_filtering() call.
Guenther
(This used to be commit
61982d842288d880c24bc4808811452547c0b622)
Günther Deschner [Fri, 11 May 2007 13:37:51 +0000 (13:37 +0000)]
r22801: Pass down the token to add_gplink_to_gpo_list().
Guenther
(This used to be commit
2c2e212bc592b387e23f5b058c72b0ccadda6748)
Günther Deschner [Fri, 11 May 2007 13:33:37 +0000 (13:33 +0000)]
r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute.
Guenther
(This used to be commit
e4e8f840605dfdf92ca60cc8fc6a4c85336565fb)
Günther Deschner [Fri, 11 May 2007 13:19:49 +0000 (13:19 +0000)]
r22799: Fix the build.
Guenther
(This used to be commit
6e911c442bf9b076f43f99576f9b588df2c39233)
Günther Deschner [Fri, 11 May 2007 12:59:16 +0000 (12:59 +0000)]
r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT
ACEs).
Guenther
(This used to be commit
e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
Günther Deschner [Fri, 11 May 2007 12:52:48 +0000 (12:52 +0000)]
r22797: We are only interested in the DACL of the security descriptor, so search with
the SD_FLAGS control.
Guenther
(This used to be commit
648df57e53ddabe74052e816b8eba95180736208)
Günther Deschner [Fri, 11 May 2007 12:41:11 +0000 (12:41 +0000)]
r22796: Add security descriptor to GROUP_POLICY_OBJECT structure (in preparation of
adding GPO security filtering for libgpo).
Guenther
(This used to be commit
b376a39fbf42a6a541fd311418c4a980b9fd4b9e)
Günther Deschner [Fri, 11 May 2007 11:54:41 +0000 (11:54 +0000)]
r22794: Add "debug_state" and "silent" to pam_winbind.conf template. Honor the silent
argument when parsing pam configuration file options.
Guenther
(This used to be commit
5b4a4df26f32fe1947a0c4fb741a4cb89e308f92)
Volker Lendecke [Fri, 11 May 2007 08:59:01 +0000 (08:59 +0000)]
r22787: More from Karolin: Make map_unix_group() static to net_sam.c, add "net
sam unmapunixgroup"
(This used to be commit
55e2f35fad8bda3ff2c2ace5323ddeaee87d783e)
Volker Lendecke [Fri, 11 May 2007 08:46:54 +0000 (08:46 +0000)]
r22786: Some cleanup by Karolin Seeger: Remove unused pdb_find_alias, and change
return values of some alias-releated pdb functions from BOOL to NTSTATUS
Thanks :-)
(This used to be commit
590d2164b3a33250410338771e160f6ebd1aa89d)
Andrew Tridgell [Fri, 11 May 2007 07:22:10 +0000 (07:22 +0000)]
r22784: fixed change notify for delete on close
(This used to be commit
6f52435a72427a8264096ac14bad54020c9d852b)
Steve French [Thu, 10 May 2007 19:16:36 +0000 (19:16 +0000)]
r22779: Patch for not prompting for password on cifs mounts when "sec=none"
specified
(This used to be commit
9af97d8ead85c05d08ee24727525894df5866630)
Michael Adam [Thu, 10 May 2007 13:31:15 +0000 (13:31 +0000)]
r22777: Fix for [Bug 4543] - POSIX ACL support on FreeBSD.
This adds vfs_posixacl to the list of static modules and
makes use of HAVE_ACL_GET_PERM_NP.
This is just a quick fix. FreeBSD acl support is still
hardcoded in configure.in, but actually this could be
detected in a unified test for freebsd, linux, *,
as suggested in the bugreport. This has still to be
checked and elaborated.
Michael
(This used to be commit
af94654772f743f0c0b7809ff3f2ef019feb713a)
Volker Lendecke [Thu, 10 May 2007 10:42:13 +0000 (10:42 +0000)]
r22775: For the cluster code I've developed a wrapper around tdb to put different
database backends in place dynamically.
The main abstractions are db_context and db_record, it should be mainly
self-describing, see include/dbwrap.h. You open the db just as you would open
a tdb, this time with db_open(). If you want to fetch a record, just do the
db->fetch() call, if you want to do operations on it, you need to get it with
fetch_locked().
I added dbwrap_file.c (not heavily tested lately) as an example for what can
be done with that abstraction, uses a file per key. So if anybody is willing
to shape that up, we might have a chance on reiserfs again.... :-)
This abstraction works fine for brlock.tdb, locking.tdb, connections.tdb and
sessionid.tdb. It should work fine for the others as well, I just did not yet
get around to convert them.
If nobody loudly screams NO, then I will import the code that uses this soon.
Volker
(This used to be commit
e9d7484ca246cfca4a1fd23be35edc2783136ebe)
Derrell Lipman [Thu, 10 May 2007 02:48:22 +0000 (02:48 +0000)]
r22773: - Clean up the the rest of the cruft from my earlier work on the readahead()
missing declaration problem.
(This used to be commit
44365130ce794e442f52ec7cf3fc51065f713c5f)
Derrell Lipman [Thu, 10 May 2007 01:27:18 +0000 (01:27 +0000)]
r22772: - Still working on the fact that readahead() is not declared (on at least one
OS) but is available for linking. Instead of running configure tests with
-Werror-implicit-function-declaration in developer mode (which may lead to
different library functions being used in developer mode than when not in
developer mode), add tests for whether readahead is declared. If not,
provide a replacement declaration in lib/replace.
(This used to be commit
7d05fa8b32b5b33e95fd9d552d2a45013b4803ec)
Simo Sorce [Wed, 9 May 2007 21:38:41 +0000 (21:38 +0000)]
r22771: One liner fix for idmap_ldap
Fixes the strange behavior we were seeing about idmap_ldap creating
a new connection for each query.
Jerry we need this in for 3.0.25
(This used to be commit
4fb3e0f65562059bd717ea28df701256e8fa9a77)
Volker Lendecke [Wed, 9 May 2007 11:40:48 +0000 (11:40 +0000)]
r22767: Argl. Typed in 'svn ci' in the wrong branch. Revert.
(This used to be commit
2c5b951eba509e826a29775db992aca474476484)
Volker Lendecke [Wed, 9 May 2007 11:39:55 +0000 (11:39 +0000)]
r22766: Merge from 3_0:
r22412 | obnox | 2007-04-20 14:23:36 +0200 (Fr, 20 Apr 2007) | 5 lines
Add a "deletelocalgroup" subcommand to net sam.
Thanks to Karolin Seeger <ks@sernet.de>.
(This used to be commit
fb6ac8a5b247a961963a9b6a95cd6608c5b53d09)
Jeremy Allison [Wed, 9 May 2007 00:52:46 +0000 (00:52 +0000)]
r22765: Fix from Alison Winters <alisonw@sgi.com> for missing return
in sendfilereadbraw.
Jeremy.
(This used to be commit
b523e782b0f3a3899e5f448698fbecddd59f4369)
Volker Lendecke [Tue, 8 May 2007 13:44:36 +0000 (13:44 +0000)]
r22761: This introduces lib/conn_tdb.c with two main functions: connections_traverse
and connections_forall. This centralizes all the routines that did individual
tdb_open("connections.tdb") and direct tdb_traverse.
Volker
(This used to be commit
e43e94cda1ad8876b3cb5d1129080b57fa6ec214)
Stefan Metzmacher [Tue, 8 May 2007 11:12:11 +0000 (11:12 +0000)]
r22759: sync lib/talloc with samba4
metze
(This used to be commit
86c510e3198e03ed6efa61b27530bbb008f6802b)
Volker Lendecke [Mon, 7 May 2007 20:53:10 +0000 (20:53 +0000)]
r22755: Second half of r22754. As it stands now, string_replace expects a
pstring. Give it one, although I hate putting it in :-)
Thanks to Tom Bork! :-)
(This used to be commit
f4ea3fd36543120fa7d712e6e650c704e4e23759)
Jeremy Allison [Mon, 7 May 2007 19:27:46 +0000 (19:27 +0000)]
r22754: When processing a string, ensure we don't write one past
the terminating NULL if we've already processed the null
in iconv. Jerry, once I get confirmation from Thomas Bork
this needs to be in 3.0.25 final. Tests fine with valgrind
here.
Jeremy.
(This used to be commit
14b167ef6e0f2100bd9cdd05c4457e57e952fa5e)
Volker Lendecke [Mon, 7 May 2007 15:31:12 +0000 (15:31 +0000)]
r22751: Next step for the cluster merge: sessionid.tdb should contain a 'struct
server_id' instead of a 'uint32 pid'
(This used to be commit
be7bac55c37676a8137c59a22dfb2e4c4821ac21)
Volker Lendecke [Mon, 7 May 2007 15:07:49 +0000 (15:07 +0000)]
r22747: Fix some C++ warnings
(This used to be commit
a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
Volker Lendecke [Mon, 7 May 2007 13:56:57 +0000 (13:56 +0000)]
r22745: Add local groups to the --required-membership-sid test. This needs
merging to 3_0_26 once Michael's net conf changes have been merged. It
depends on token_utils.c.
(This used to be commit
a99ab3a2ed44522054175f03b60e63fa05a0378a)
Volker Lendecke [Mon, 7 May 2007 13:39:25 +0000 (13:39 +0000)]
r22744: Fix a valgrind error. parse_domain_username does not necessarily fill in
the domain.
(This used to be commit
f4f0d7137758cc674876517590807cc3d634043d)
Volker Lendecke [Mon, 7 May 2007 12:15:11 +0000 (12:15 +0000)]
r22740: Move debug_*_user_token to token_utils.c
(This used to be commit
4ad9f8aa61cef94be8d38c6e91aac3a5c848f81f)
Michael Adam [Mon, 7 May 2007 11:25:00 +0000 (11:25 +0000)]
r22739: Make prototypes in include/util_tdb.h of some functions from
lib/util_tdb.c exactly match the definitions. (There were
some [u]int_32_t instead of [u]int32, which made a gcc 2.95
on an old AIX without system [u]int32[_t] types complain...)
(This used to be commit
7cae0d61170485eb220f546899dfa78f1805a272)
Volker Lendecke [Mon, 7 May 2007 11:04:38 +0000 (11:04 +0000)]
r22738: Fix a debug message.
Günther, please check this!
Thanks,
Volker
(This used to be commit
8a038b8cd3f43bb8743eda160b852efdbc80ed70)
Günther Deschner [Mon, 7 May 2007 10:14:32 +0000 (10:14 +0000)]
r22737: Fix crash bug (info3 is now talloced).
Guenther
(This used to be commit
08a7ee8d968b493a17fd669f3dc6fed7abe3d36e)
Volker Lendecke [Mon, 7 May 2007 09:35:35 +0000 (09:35 +0000)]
r22736: Start to merge the low-hanging fruit from the now 7000-line cluster patch.
This changes "struct process_id" to "struct server_id", keeping both is
just too much hassle. No functional change (I hope ;-))
Volker
(This used to be commit
0ad4b1226c9d91b72136310d3bbb640d2c5d67b8)
Derrell Lipman [Mon, 7 May 2007 03:07:39 +0000 (03:07 +0000)]
r22732: - Testing of libsmbclient against Vista revealed what is likely a bug in
Vista. Vista provides a plethora of kludges to simulate older versions of
Windows. The kludges are in the form of shortcuts (or more likely symbolic
links, but I don't know enough about Vista to determine that definitively)
and in most cases, attempts to access them get back an "access denied"
error. On one particular folder, however, "<share>/Users/All Users", it
returns an unknown (to ethereal and the Samba3 code) NT status code:
0x8000002d. Although this code does not have a high byte of 0xc0 indicating
that it is an error, it appears to be an alternate form of "access denied".
Without this patch, libsmbclient times out on an attempt to enumerate that
folder rather than returning an error to the caller. This patch corrects
that problem.
(This used to be commit
cc0cd3a12f76b8cd711e3165d4cfe920552f256d)
Derrell Lipman [Mon, 7 May 2007 03:02:24 +0000 (03:02 +0000)]
r22731: - Fix bug #4594.
configure.in determines if -Werror-implicit-function-declaration is
available, and if so it enables that flag if --enable-developer is
specified. Since the configure tests themselves did not use that flag, it
was possible for a configure test to succeed, followed by a failed
compilation due to a facility being available but not having a proper
declaration in a header file. (This bit me with readahead().) This patch
ensures that if implicit function declarations will kill the build, the
feature being tested is deselected so the build will succeed.
The autoconf manual suggests using return instead of exit in configure
tests because the declaration for exit is often missing. We require this
now, since we error if prototypes are missing. See section 5.5.1 of
http://www.gnu.org/software/autoconf/manual/autoconf.html. This patch makes
these changes, because in fact, an external declaration for exit is missing
here (and likely elsewhere).
I've verified that the features selected (here) with the original
configure.in and the new one are the same except for, in my case,
readahead. I've also confirmed that the generated Makefile is identical.
These changes are not being applied to the 3.0.26 branch because it does not
exhibit the initial problem this patch is supposed to solve since it doesn't
attempt to use -Werror-implicit-function-declaration.
(This used to be commit
4d42720915b8f65842147171f689127e94d1b973)
Gerald Carter [Sun, 6 May 2007 22:22:47 +0000 (22:22 +0000)]
r22730: Fix password changes via pam_winbindd when using "winbind normalize names"
and the username has been munged. Make sure to munge it back before
performing the change_password() request.
(This used to be commit
ff025d451e165383ad7d524e0e8176d987554049)
Gerald Carter [Sun, 6 May 2007 22:18:44 +0000 (22:18 +0000)]
r22729: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.)
(This used to be commit
3f588e0b65433176f8f80312c1456836717cf6de)
Gerald Carter [Sun, 6 May 2007 21:45:53 +0000 (21:45 +0000)]
r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit
3004cc6e593e6659a618de66f659f579e71c07f7)
Gerald Carter [Sun, 6 May 2007 21:40:28 +0000 (21:40 +0000)]
r22727: remove outdated comment about templatre shell and homedir
(This used to be commit
e8f9bd655829f671e9ce395aa9b4b94ff4bab36a)
Gerald Carter [Sun, 6 May 2007 21:36:20 +0000 (21:36 +0000)]
r22726: When performing an offline logon for a user in a trusted domain,
take care not to expire the name2sid cache entry just because
that child does not know that the primary domain is offline.
(This used to be commit
0399f52a1cdbb1acf8d41afddf498529ff4923cf)
Gerald Carter [Sun, 6 May 2007 21:34:24 +0000 (21:34 +0000)]
r22725: * Don't try to update the sequence_number when offline
* Log the NTSTATUS when saving name/sid cache entry
* Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c
to inform the wcache manager that the group list should not be cached
(needed for one-way trusts).
(This used to be commit
693ab48408dbb775b57dcc5140e27ad9221852a1)
Gerald Carter [Sun, 6 May 2007 21:31:19 +0000 (21:31 +0000)]
r22724: Call an nss_info backend's init() function if the
previous call was unsuccessful. needed for offline
logons.
(This used to be commit
c3a8dc5d136e33b66849c38bfa910cd044cd521f)
Gerald Carter [Sun, 6 May 2007 21:26:01 +0000 (21:26 +0000)]
r22720: Fixes for offline auth when using krb5_auth = yes in pam_winbind.
Assume that "NO_DOMAIN_CONTROLLERS_FOUND" means that the domain
is offline.
(This used to be commit
30f9cc52bf8270652624c79691d147e05e476583)
Gerald Carter [Sun, 6 May 2007 21:23:40 +0000 (21:23 +0000)]
r22719: Missed change for one-way trust support. Ignore password policy
settings from one trusted domain with no incoming trust path.
Guenther, I think this is ok as we only need the pw policy
to give feedback on upcoming expiration times.
(This used to be commit
c79ae57388d087496777129d6936cd51aab38d5b)
Gerald Carter [Sun, 6 May 2007 21:17:02 +0000 (21:17 +0000)]
r22717: Add Everyone and AuthenticatedUsers to the user's token
for use by the require-membership-of pam_winbind option.
(This used to be commit
11f81c5997a014cca9d98c474e7870ebb07c4642)
Gerald Carter [Sun, 6 May 2007 21:15:45 +0000 (21:15 +0000)]
r22716: Clarify comment in winbindd_domain structure
(This used to be commit
32fd8558bd4531a745a04810a1cb6392dfab16a5)
Gerald Carter [Sun, 6 May 2007 21:10:30 +0000 (21:10 +0000)]
r22715: When our primary domain does on or offline, make sure to send a msg
to the idmap child.
Also remove the check for the global offline state in child_msg_offline()
as this means we cannot mark domains offline due to network outages.
(This used to be commit
1b99e8b521eae3e9fa775577de01116bb20fb8b3)
Gerald Carter [Sun, 6 May 2007 21:06:55 +0000 (21:06 +0000)]
r22714: Prevent DNS lookup storms when the DNS servers are unreachable.
Helps when transitioning from offline to online mode.
Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit
4f05c6fe26f4abd7ca71eac339fee2ef5e254369)
Gerald Carter [Sun, 6 May 2007 21:04:30 +0000 (21:04 +0000)]
r22713: Offline logon fixes for idmap manager:
(a) Ignore the negative cache when the domain is offline
(b) don't delete expired entries from the cache as these
can be used when offline (same model as thw wcache entries)
(c) Delay idmap backend initialization when offline
as the backend routines will not be called until we go
online anyways. This prevents idmap_init() from failing
when a backend's init() function fails becuase of lack of
network connectivity
(This used to be commit
4086ef15b395f1a536fb669af2103a33ecc14de4)
Gerald Carter [Sun, 6 May 2007 20:33:33 +0000 (20:33 +0000)]
r22712: Inform the user when logging in via pam_winbind
and the krb5 tkt cache could not be created due to clock skew.
(This used to be commit
24616f7d6be40b090dc74851b1ea7d09d6976811)
Gerald Carter [Sun, 6 May 2007 20:32:36 +0000 (20:32 +0000)]
r22711: Fix a compile warnign in query_user(). Ensure that user_rid
is initialized.
(This used to be commit
ef0304268284df7166ecd1b17328076e7ce40de9)
Gerald Carter [Sun, 6 May 2007 20:16:12 +0000 (20:16 +0000)]
r22710: Support one-way trusts.
* Rely on the fact that name2sid will work for any name
in a trusted domain will work against our primary domain
(even in the absense of an incoming trust path)
* Only logons will reliably work and the idmap backend
is responsible for being able to manage id's without contacting
the trusted domain
* "getent passwd" and "getent group" for trusted users and groups
will work but we cannot get the group membership of a user in any
fashion without the user first logging on (via NTLM or krb5)
and the netsamlogon_cache being updated.
(This used to be commit
dee2bce2af6aab8308dcef4109cc5248cfba5ef5)
Gerald Carter [Sun, 6 May 2007 19:48:13 +0000 (19:48 +0000)]
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)
(This used to be commit
3d2123383d9dab6f0c8832e0f04238aa9a972c70)
Gerald Carter [Sun, 6 May 2007 19:46:03 +0000 (19:46 +0000)]
r22708: disable saving the trusted domain list as we want to the parent daemon to manage the complete trusted domain cache
(This used to be commit
3a9152a2acfc7b615a5c6b8764ea9462443f00d1)
Gerald Carter [Sun, 6 May 2007 19:42:25 +0000 (19:42 +0000)]
r22707: missed merge from local tree: pass the correct state to the domain when calling the async lookupsid() routine
(This used to be commit
3d814862af7382a9ea56b2c8d3cc9a31dca4bdb6)
Gerald Carter [Sun, 6 May 2007 19:39:41 +0000 (19:39 +0000)]
r22706: missed one reference to domain->native_mode in the previous commit
(This used to be commit
aa2ac5a1944884586c9f7e97c3a0b1b6c418b554)
Gerald Carter [Sun, 6 May 2007 19:37:13 +0000 (19:37 +0000)]
r22705: Implement new set_dc_type_and_flags() called based on the
information return from our DC in the DsEnumerateDomainTrusts()
call. If the fails, we callback ot the older
connect-to-the-remote-domain method.
Note that this means we can only reliably expect the native_mode
flag to be set for our own domain as this information in not
available outside our primary domain from the trusted information.
This is ok as we only really need the flag when trying to
determine to enumerate domain local groups via RPC.
Use the AD flag rather than the native_mode flag when using
ldap to obtain the seq_num for a domain.
(This used to be commit
4b4148a9642f03b8f27dda2132708bcc0cbb3b8e)
Gerald Carter [Sun, 6 May 2007 19:17:30 +0000 (19:17 +0000)]
r22704: Implement three step method for enumerating domain trusts.
(a) Query our primary domain for trusts
(b) Query all tree roots in our forest
(c) Query all forest roots in trusted forests.
This will give us a complete trust topology including
domains via transitive Krb5 trusts. We also store the
trust type, flags, and attributes so we can determine
one-way trusted domains (outgoing only trust path).
Patch for one-way trusts coming in a later check-in.
"wbinfo -m" now lists all domains in the domain_list() as held
by the main winbindd process.
(This used to be commit
9cf6068f1e0a1063d331af17aa493140497b96ef)
Gerald Carter [Sun, 6 May 2007 19:04:31 +0000 (19:04 +0000)]
r22703: Convert winbindd_getgrgid() and winbindd_getgetpwnam()
to use the same code path after we resolve the name/gid to
a SID. Use the async lookupname/lookupsid interface.
(This used to be commit
d12b8147d6bd34fad680cb8705dc6d7bbea1db12)
Gerald Carter [Sun, 6 May 2007 19:01:54 +0000 (19:01 +0000)]
r22702: Convert both lookup name and lookup sid to follow the
same heuristic. First try our DC and then try a DC in the
root of our forest. Use a temporary state since
winbindd_lookupXXX_async() is called from various winbindd
API entry points.
Note this will break the compile. That will be fixed in the
next commit.
(This used to be commit
b442644bac2a7d5853440254257ca34a8e7c25de)
Gerald Carter [Sun, 6 May 2007 18:56:43 +0000 (18:56 +0000)]
r22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping
(This used to be commit
2ab617fbbffbd6bf98ee02150f62b87a2610531f)
Gerald Carter [Sun, 6 May 2007 18:39:31 +0000 (18:39 +0000)]
r22700: Add a simple wcache TRUSTDOM api for maintaing a complete
list of trusted domains without requiring each winbindd process
to aquire this on its own. This is needed for various idmap
plugins and for dealing with different trust topoligies.
list_trusted_domain() patches coming next.
(This used to be commit
2da62a3d965a9701e16e644fd6bc728b43f28489)
Volker Lendecke [Sun, 6 May 2007 13:46:30 +0000 (13:46 +0000)]
r22695: Dummy checkin (reformatting) to make the AIX hosts retry.
(This used to be commit
cd55ccef6a1d0c95836feeb5efb5abcaedb35df2)
Volker Lendecke [Sun, 6 May 2007 08:22:59 +0000 (08:22 +0000)]
r22693: Always compile before checkin.... I've now installed dmapi on my laptop :-)
(This used to be commit
7460511c4e92f6fdde430d0c56bbb72377e80b4b)
Volker Lendecke [Sat, 5 May 2007 22:47:07 +0000 (22:47 +0000)]
r22692: Fix compilation of explicit --without-winbind.
Thanks to Tom Bork for reporting this!
Volker
(This used to be commit
3f956d345143f64f57c02419eb8494c6ed51ce59)
Volker Lendecke [Sat, 5 May 2007 21:13:40 +0000 (21:13 +0000)]
r22691: Fix a 64-bit warning and a const const discard warning
(This used to be commit
3a2ca1b1b85e268928587287f61d26f992b303a5)
Volker Lendecke [Sat, 5 May 2007 20:43:06 +0000 (20:43 +0000)]
r22688: Change lock_data in struct byte_range_lock from void * to struct lock_struct *
(This used to be commit
8e0e278961ebf2fa4301874d522636699ace1b9b)
Simo Sorce [Fri, 4 May 2007 22:41:35 +0000 (22:41 +0000)]
r22677: One line fix to make net idmap restore work again
Jerry, please add this for 3.0.25 final
(This used to be commit
e04ca2d7f8ea2d4c70c2a35201a98c5ecd672d59)
Jeremy Allison [Fri, 4 May 2007 22:15:33 +0000 (22:15 +0000)]
r22676: Fix zero alloc with create_rpc_blob().
Jeremy.
(This used to be commit
c73963a60ad2d35d69d1ac4c02e24f3272efdd87)
Jeremy Allison [Fri, 4 May 2007 22:01:26 +0000 (22:01 +0000)]
r22675: Simo's patch for 0 size allocation. Still need
to examine parse_misc.c fix.
Jeremy.
(This used to be commit
80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
Jeremy Allison [Fri, 4 May 2007 19:14:51 +0000 (19:14 +0000)]
r22673: Fix for Jerry's reversion. We still need to check size
before talloc.
Jeremy.
(This used to be commit
9e4c6ab7392b2dbaccfaced88d3bc7502ff073ee)
Günther Deschner [Fri, 4 May 2007 10:21:39 +0000 (10:21 +0000)]
r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make
winbindd's kerberized pam_auth use that.
Guenther
(This used to be commit
0f436eab5b2e5891c341c27cb22db52a72bf1af7)
Günther Deschner [Fri, 4 May 2007 09:55:40 +0000 (09:55 +0000)]
r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit
dcd902f24a59288bbb7400d59c0afc0c8303ed69)
Günther Deschner [Fri, 4 May 2007 09:46:17 +0000 (09:46 +0000)]
r22663: Restructure kerberos_kinit_password_ext() error path.
Guenther
(This used to be commit
997ded4e3f0dc2199b9a66a9485c919c16fbabc6)
Stefan Metzmacher [Fri, 4 May 2007 06:59:26 +0000 (06:59 +0000)]
r22659: merge from SAMBA_4_0:
- add AC_GNU_SOURCE macro for systems which don't have it
(sles8)
- fix compiler warning on some systems
metze
(This used to be commit
cb785d9bed23fdf930bbd059eeeba5bde04af829)
Günther Deschner [Thu, 3 May 2007 20:12:00 +0000 (20:12 +0000)]
r22655: Call correct free-macros in netsamlogon_cache_get() error paths. Forgot those
in the previous commit.
Guenther
(This used to be commit
fce2fe9903417f4ee58a1ddc03ad0083109b7c50)
Gerald Carter [Thu, 3 May 2007 17:05:25 +0000 (17:05 +0000)]
r22654: And this is now Samba 3.0.27pre1-SVN
(This used to be commit
435a6e5e82b5910acc116f211f1dfc3fe32a43ca)
James Peach [Thu, 3 May 2007 16:14:22 +0000 (16:14 +0000)]
r22648: Fix comment to match the code.
(This used to be commit
e93d33b4631e634499b2e74c31d483d306d10367)