Derrell Lipman [Thu, 6 Sep 2007 13:21:31 +0000 (13:21 +0000)]
r24981: - Use the formal syntax for calling functions through pointers. I've wanted
to make this change for ages, but now with the issue of "open" requiring it,
this is the time to just do all of them.
Derrell
Stefan Metzmacher [Thu, 6 Sep 2007 11:08:44 +0000 (11:08 +0000)]
r24978: move domain_init_recv() near the functions that uses it
metze
Rafal Szczesniak [Thu, 6 Sep 2007 11:07:58 +0000 (11:07 +0000)]
r24977: Ensure negative caching for name2sid, sid2name and rids2names
mappings.
rafal
Stefan Metzmacher [Thu, 6 Sep 2007 10:51:17 +0000 (10:51 +0000)]
r24974: catch SIGINT and SIGQUIT like SIGTERM
metze
Michael Adam [Wed, 5 Sep 2007 16:01:27 +0000 (16:01 +0000)]
r24970: Polish some comments and add my (C).
Michael
Simo Sorce [Wed, 5 Sep 2007 12:53:56 +0000 (12:53 +0000)]
r24969: Fwd port "open" patch
Michael Adam [Tue, 4 Sep 2007 14:54:00 +0000 (14:54 +0000)]
r24955: Reformat some object lists in Makefile.in to minimize the diff.
Günther Deschner [Tue, 4 Sep 2007 14:32:28 +0000 (14:32 +0000)]
r24954: Fix the build without krb5.
Guenther
Günther Deschner [Tue, 4 Sep 2007 14:06:33 +0000 (14:06 +0000)]
r24952: Set the kdc locator env vars. This makes the krb5 locator plugin fully
operational (from within winbindd and outside).
Guenther
Volker Lendecke [Tue, 4 Sep 2007 13:21:24 +0000 (13:21 +0000)]
r24951: Warn if "os level" > 255
Thanks to Karolin Seeger <ks@sernet.de>
Volker Lendecke [Tue, 4 Sep 2007 10:15:04 +0000 (10:15 +0000)]
r24949: Remove some static buffers
Volker Lendecke [Tue, 4 Sep 2007 05:39:06 +0000 (05:39 +0000)]
r24943: Some stackframes
Günther Deschner [Mon, 3 Sep 2007 12:23:45 +0000 (12:23 +0000)]
r24920: Reformatting.
Guenther
Volker Lendecke [Sun, 2 Sep 2007 17:50:05 +0000 (17:50 +0000)]
r24903: One more tick in #if 0 code
Volker Lendecke [Sun, 2 Sep 2007 17:48:01 +0000 (17:48 +0000)]
r24902: DEBUG might use talloc_tos() itself...
Michael Adam [Sun, 2 Sep 2007 00:32:57 +0000 (00:32 +0000)]
r24879: Activate the winbindd cache-validation message handler.
Now the winbindd cache can be checked at runtime by
calling "smbcontrol winbindd validate-cache".
For the execution of the validation code, I fork a child
and in the child restore the default SIGCHLD handler in
order for the fork/waitpid mechanism of tdb_validate to work.
Michael
Michael Adam [Sun, 2 Sep 2007 00:23:02 +0000 (00:23 +0000)]
r24877: Don't panic in tdb validation code when the fork or waitpid fails.
Return error instead.
Michael
Derrell Lipman [Sat, 1 Sep 2007 18:34:50 +0000 (18:34 +0000)]
r24864: - Correct failure of libsmbclient against a version of Windows found on a NAS
device. The device resets a NBT connection on port 139 when it receives a
NetBIOS keepalive request. That request should be supported when NetBIOS is
in use; Windows is behaving badly.
libsmbclient needs a way to determine if a connection is still alive, and
was using a NetBIOS keepalive request if port 139 was in use (on the
assumption that it was probably NBT), and getpeername() when port 139 was
not being used (assuming naked transport).
This patch simplifies the code by exclusively using getpeername() to check
whether a connection is still alive. The NetBIOS keepalive request is
optional anyway (with preference being given to using TCP mechanisms for the
same purpose), so this should be both simpler and more reliable.
Derrell
Rafal Szczesniak [Fri, 31 Aug 2007 21:25:53 +0000 (21:25 +0000)]
r24853: Rename function as Jerry asked.
s/net_use_upn_machine_account/net_use_krb_machine_account/
rafal
Michael Adam [Fri, 31 Aug 2007 16:30:40 +0000 (16:30 +0000)]
r24848: Make tdb_validate() take an open tdb handle instead of a file name.
A new wrapper tdb_validate_open() takes a filename an opens and closes
the tdb before and after calling tdb_validate() respectively.
winbindd_validata_cache_nobackup() now dynamically calls one of
the above functions depending on whether the cache tdb has already
been opened or not.
Michael
Michael Adam [Fri, 31 Aug 2007 15:51:05 +0000 (15:51 +0000)]
r24847: Change standard failure return code of tdb_validate from "-1" to "1".
(This is more safely used with casts from int to uint8, e.g.)
Michael
Michael Adam [Fri, 31 Aug 2007 15:34:26 +0000 (15:34 +0000)]
r24845: Fix a segfault in smbcontrol when called with parameters but no extra args.
Michael
Michael Adam [Fri, 31 Aug 2007 15:24:43 +0000 (15:24 +0000)]
r24843: Add a "validate-cache" control message to winbindd.
So there is a new subcommand "smbcontrol winbindd validate-cache" now.
This change provides the infrastructure:
The function currently returns "true" unconditionally.
The call of a real cache validation function will be incorporated
in subsequent changes.
Michael
Günther Deschner [Fri, 31 Aug 2007 15:01:50 +0000 (15:01 +0000)]
r24842: Fix build warning.
Guenther
Günther Deschner [Fri, 31 Aug 2007 14:58:26 +0000 (14:58 +0000)]
r24841: The locator has no dependencies to ldap libs anymore. Also fix the build.
Guenther
Günther Deschner [Fri, 31 Aug 2007 13:51:02 +0000 (13:51 +0000)]
r24838: Now for real: build the locator, if we can.
Guenther
Michael Adam [Fri, 31 Aug 2007 13:39:51 +0000 (13:39 +0000)]
r24836: Initialize some uninitialized variables.
This prevents a segfault when get_kdc_ip_string() is called
with sitename == NULL.
Michael
Günther Deschner [Fri, 31 Aug 2007 12:21:18 +0000 (12:21 +0000)]
r24833: Move locator to nsswitch (does not belong to libads anymore).
Guenther
Günther Deschner [Fri, 31 Aug 2007 12:18:21 +0000 (12:18 +0000)]
r24832: In the winbind-locator recursion case, try to pick up the kdc from the
environment.
Guenther
Michael Adam [Fri, 31 Aug 2007 10:47:42 +0000 (10:47 +0000)]
r24830: Add a winbindd cache validation function that does not do
backup and corrupt file handling. (To be used in subsequent
changes.)
Michael Adam [Fri, 31 Aug 2007 10:30:14 +0000 (10:30 +0000)]
r24829: Make use of a variable, that is available... :-)
Michael Adam [Fri, 31 Aug 2007 10:06:37 +0000 (10:06 +0000)]
r24828: Give smbcontrol an initial talloc stackframe.
Michael Adam [Fri, 31 Aug 2007 09:54:30 +0000 (09:54 +0000)]
r24827: Give smbstatus an initial talloc stackframe.
Rewrite main() so as to exit only at a single point
where the stack frame is freed, too.
Michael
Volker Lendecke [Fri, 31 Aug 2007 09:39:11 +0000 (09:39 +0000)]
r24826: Fix two memleaks in idmap_cache.c, bug 4917
Thanks again to Patrick Rynhart for persisting :-)
Simo, please check!
Michael Adam [Fri, 31 Aug 2007 09:15:57 +0000 (09:15 +0000)]
r24825: Give testparm an initial talloc stackframe, so it does not complain
it is leaking.
Michael Adam [Fri, 31 Aug 2007 09:10:54 +0000 (09:10 +0000)]
r24824: Create an initial talloc stackframe for the net binary.
Jeremy Allison [Thu, 30 Aug 2007 23:07:10 +0000 (23:07 +0000)]
r24813: Reformat to 80 columns.
Jeremy.
Jeremy Allison [Thu, 30 Aug 2007 21:46:42 +0000 (21:46 +0000)]
r24811: Simple reformatting to fit the 80 columns rule.
Jeremy.
Volker Lendecke [Thu, 30 Aug 2007 19:48:31 +0000 (19:48 +0000)]
r24809: Consolidate the use of temporary talloc contexts.
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
Jeremy Allison [Thu, 30 Aug 2007 17:34:47 +0000 (17:34 +0000)]
r24808: Fix the same problem Volker noticed.
For some funny reason us4/gcc seems to fall over the '
Jeremy.
Günther Deschner [Thu, 30 Aug 2007 16:24:51 +0000 (16:24 +0000)]
r24807: Add WINBINDD_LOCATOR_KDC_ADDRESS env which will be used for the case when the
locator gets called from within winbindd.
Guenther
Günther Deschner [Thu, 30 Aug 2007 16:02:22 +0000 (16:02 +0000)]
r24806: Fix the build, sorry...
Guenther
Günther Deschner [Thu, 30 Aug 2007 15:55:59 +0000 (15:55 +0000)]
r24805: When we can build the locator, build it.
Guenther
Günther Deschner [Thu, 30 Aug 2007 15:39:51 +0000 (15:39 +0000)]
r24804: As a temporary workaround, also try to guess the server's principal in the
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.
Guenther
Volker Lendecke [Thu, 30 Aug 2007 14:55:32 +0000 (14:55 +0000)]
r24803: For some funny reason us4/gcc seems to fall over the '
Volker Lendecke [Thu, 30 Aug 2007 14:16:20 +0000 (14:16 +0000)]
r24802: Activate new tests
RAW-SAMBA3CASEINSENSITIVE and RAW-SAMBA3POSIXTIMEDLOCK
Günther Deschner [Thu, 30 Aug 2007 11:26:17 +0000 (11:26 +0000)]
r24801: When told to ignore the winbind cache also do so while trying to store entries.
Thanks Michael for pointing this out.
Guenther
Günther Deschner [Thu, 30 Aug 2007 09:52:21 +0000 (09:52 +0000)]
r24799: Prefer IP address to dns name when replying in winbindd dsgetdcname.
Guenther
Günther Deschner [Thu, 30 Aug 2007 09:15:07 +0000 (09:15 +0000)]
r24797: Fix logic in dsgetdcname().
Guenther
Jeremy Allison [Wed, 29 Aug 2007 20:49:09 +0000 (20:49 +0000)]
r24791: Fix logic error in timeout of blocking lock processing found by
Ronnie. If a lock timeout expires, we must check we can get the
lock before responding with failure. Volker is writing a torture test.
Jeremy.
Rafal Szczesniak [Wed, 29 Aug 2007 19:55:13 +0000 (19:55 +0000)]
r24789: Add implementation of machine-authenticated connection to netlogon
pipe used when connecting to win2k and newer domain controllers. The
server may be configured to deny anonymous netlogon connections which
would stop domain join verification step. Still, winnt domains require
such smb sessions not to be authenticated using machine credentials.
Creds employed in smb session cannot have a username in upn form, so
provide the separate function to use machine account.
rafal
Gerald Carter [Wed, 29 Aug 2007 19:03:20 +0000 (19:03 +0000)]
r24788: Cleanup some linking msgs and remove references to libmsrpc
in SAMBA_3_2_0
Günther Deschner [Wed, 29 Aug 2007 14:50:04 +0000 (14:50 +0000)]
r24786: Fix another build warning.
Guenther
Günther Deschner [Wed, 29 Aug 2007 14:35:32 +0000 (14:35 +0000)]
r24785: Put checks in parentheses.
Guenther
Michael Adam [Wed, 29 Aug 2007 14:34:15 +0000 (14:34 +0000)]
r24784: Initialize uninitalized data to prevent segfaults.
Thanks to Volker for the hint!
Michael
Günther Deschner [Wed, 29 Aug 2007 14:08:29 +0000 (14:08 +0000)]
r24783: Remove unused off_t type.
Guenther
Volker Lendecke [Wed, 29 Aug 2007 13:56:52 +0000 (13:56 +0000)]
r24782: Fix C++ warnings
Günther Deschner [Wed, 29 Aug 2007 13:52:07 +0000 (13:52 +0000)]
r24781: Fix build warning.
Guenther
Günther Deschner [Wed, 29 Aug 2007 12:43:23 +0000 (12:43 +0000)]
r24778: Make sure krb5 locator requests go to a separate locator winbind child.
Guenther
Günther Deschner [Wed, 29 Aug 2007 12:35:20 +0000 (12:35 +0000)]
r24776: Remove accidentially commited flag checks.
Guenther
Volker Lendecke [Wed, 29 Aug 2007 11:46:44 +0000 (11:46 +0000)]
r24773: Fix a ctdb connection lockup
The lockup could happen when packet_read_sync() gets two packets in a row, the
first one being an async message, and the second one being the response to a
ctdb request.
Also add some debug msg to ctdb_conn.c, and cut off the "locking key" messages
to only dump 20 hex chars at debug level 10. >10 will dump everything.
Rafal Szczesniak [Wed, 29 Aug 2007 11:02:04 +0000 (11:02 +0000)]
r24771: Use infolevel 25 to set the machine account's password (just like winxp).
This correctly updates pwdLastSet field on win2k3 server.
rafal
Günther Deschner [Wed, 29 Aug 2007 10:12:43 +0000 (10:12 +0000)]
r24769: Merge error handling for locator plugin.
Guenther
Jeremy Allison [Wed, 29 Aug 2007 04:06:09 +0000 (04:06 +0000)]
r24764: Fix second TALLOC_SIZE definition. Still watching the
build farm to see I didn't stuff this up...
Jeremy.
Jeremy Allison [Wed, 29 Aug 2007 01:48:46 +0000 (01:48 +0000)]
r24762: Fix the build, missed TALLOC_SIZE -> talloc_named_const.
Jeremy.
Jeremy Allison [Wed, 29 Aug 2007 01:23:31 +0000 (01:23 +0000)]
r24759: Comment out the _nonnull calls for 3.2.x, as agreed with tridge.
Leaving the commented out code for now, in case I need to re-test
some stuff.
Jeremy
Günther Deschner [Tue, 28 Aug 2007 16:39:03 +0000 (16:39 +0000)]
r24752: Make sure to return properly when the locator is called from within winbindd.
Guenther
Michael Adam [Tue, 28 Aug 2007 15:38:03 +0000 (15:38 +0000)]
r24750: Fix one more caller of name_resolve_bcast().
Michael
Günther Deschner [Tue, 28 Aug 2007 15:31:42 +0000 (15:31 +0000)]
r24749: Increase debuglevel.
Guenther
Günther Deschner [Tue, 28 Aug 2007 15:26:59 +0000 (15:26 +0000)]
r24748: Remove all dependencies to samba internals and convert the krb5 locator plugin
into a tiny winbindd DsGetDcName client. This still does not solve the case of
using the locator from within winbindd itself but at least gencache.tdb and
others are no longer corrupted.
Guenther
Günther Deschner [Tue, 28 Aug 2007 15:20:54 +0000 (15:20 +0000)]
r24747: Add WINBINDD_DSGETDCNAME call.
Guenther
Günther Deschner [Tue, 28 Aug 2007 15:16:42 +0000 (15:16 +0000)]
r24746: As the winbindd pipe is officially broken since a while: split out request
specfic and generic flags in a winbindd_request.
It turns out that the WBFLAG_RECURSE flag is the only non-PAM specific flag we
put into the "flags" field of a winbind request anyway. Now each request
command can use the entire space of the "flags" field.
Guenther
Gerald Carter [Tue, 28 Aug 2007 15:12:11 +0000 (15:12 +0000)]
r24745: Merge Simo's shared lib build fix from svn r22842 that was lost
somehow. Don't include the PIE_FLAGS when building shared libs.
Volker Lendecke [Tue, 28 Aug 2007 15:09:47 +0000 (15:09 +0000)]
r24744: Increase length by what we got from recv, not from ioctl
Günther Deschner [Tue, 28 Aug 2007 15:07:13 +0000 (15:07 +0000)]
r24743: Fix build warning.
Guenther
Günther Deschner [Tue, 28 Aug 2007 15:01:23 +0000 (15:01 +0000)]
r24742: Add experimental DsGetDcName() call (will be used by krb5 locator for fine
grained KDC DNS queries).
Guenther
Günther Deschner [Tue, 28 Aug 2007 14:31:31 +0000 (14:31 +0000)]
r24740: Fix the build.
Guenther
Günther Deschner [Tue, 28 Aug 2007 14:27:48 +0000 (14:27 +0000)]
r24739: With resolve_ads() allow to query for PDCs as well.
Also add dns query functions to find GCs and DCs by GUID.
Guenther
Michael Adam [Tue, 28 Aug 2007 14:25:46 +0000 (14:25 +0000)]
r24738: Fix one more use of pwrite in tdb code in the spirit of r23972 and r23977.
Michael
Günther Deschner [Tue, 28 Aug 2007 14:20:53 +0000 (14:20 +0000)]
r24737: Remove older TODO: Convert internal_resolve_name() and friends to NTSTATUS.
Guenther
Günther Deschner [Tue, 28 Aug 2007 12:49:46 +0000 (12:49 +0000)]
r24734: Move nss_err_str() to a more public place.
Guenther
Günther Deschner [Tue, 28 Aug 2007 12:40:01 +0000 (12:40 +0000)]
r24733: Add support for storing DATA_BLOBs in gencache.tdb (including torturetest).
Mimir, please have a look. DATA_BLOBs will now just show up as "DATA_BLOB"
values with "net cache list".
Guenther
Gerald Carter [Mon, 27 Aug 2007 20:09:37 +0000 (20:09 +0000)]
r24722: Squashed commit of the following:
commit
fb52f971986dd298abbcd9745ddf702820ce0184
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:50:26 2007 -0500
Check correct return type for pam_winbind_request_log() wnibind_upn_to_username
which is an int and not NSS_STATUS.
commit
7382edf6fc0fe555df89d5b2a94d12b35049b279
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Mon Aug 27 13:30:26 2007 -0500
Allow wbinfo -n to convert a UPN to a SID
commit
8266c0fe1ccf2141e5a983f3213356419e626dda
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 09:53:16 2007 -0500
Merge some of Guenther UPN work for pam_winbind.c (check the winbind separator
and better pam logging when converting a upn to a username).
commit
15156c17bc81dbcadf32757015c4e5158823bf3f
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Fri Aug 3 08:52:50 2007 -0500
Include Universal groups from the cached PAC/SamLogon info when
generating the list of domain group SIDs for a user's token.
commit
979053c0307b051954261d539445102c55f309c7
Author: Gerald Carter <coffeedude@plainjoe.org>
Date: Thu Aug 2 17:35:41 2007 -0500
merge upnlogon patch from my tree
Günther Deschner [Mon, 27 Aug 2007 18:26:40 +0000 (18:26 +0000)]
r24714: Fix confusing indent.
Guenther
Günther Deschner [Mon, 27 Aug 2007 18:12:29 +0000 (18:12 +0000)]
r24713: Fix obvious error in enum_dom_groups. We were returning NT_STATUS_OK when the realloc failed.
Guenther
Günther Deschner [Mon, 27 Aug 2007 18:07:49 +0000 (18:07 +0000)]
r24711: Remove unused talloc context from query_user_list rpc.
Guenther
Volker Lendecke [Mon, 27 Aug 2007 12:04:09 +0000 (12:04 +0000)]
r24702: Remove the old API pointers
Volker Lendecke [Mon, 27 Aug 2007 11:41:05 +0000 (11:41 +0000)]
r24701: Fix the swat build
Swat has not been built by default for a while, so I did not notice that
the _ macro is actually used. Re-add the lang_msg_rotate function, this
time only to swat so that this is the only binary that has to take the
16k penalty.
Volker Lendecke [Mon, 27 Aug 2007 11:01:13 +0000 (11:01 +0000)]
r24699: Actually write 24 zeros instead of zero 24's...
Jeremy, please check ;-)
Volker Lendecke [Sun, 26 Aug 2007 10:50:39 +0000 (10:50 +0000)]
r24661: Fix some obvious diffs between 3_2 and 3_2_0
Jeremy, there are two remaining diffs in sesssetup.c which I don't really
know which one is right. Can you take a look?
Thanks,
Volker
Volker Lendecke [Sat, 25 Aug 2007 19:47:57 +0000 (19:47 +0000)]
r24659: Some formatting changes helping to minimize the 3_2_0 diff
Günther Deschner [Fri, 24 Aug 2007 15:50:12 +0000 (15:50 +0000)]
r24654: Adapt to coding conventions.
Guenther
Volker Lendecke [Fri, 24 Aug 2007 11:25:38 +0000 (11:25 +0000)]
r24649: Attempt to fix bug 4917. Simo, please check!
Thanks Patrick Rynhart for reporting this.
Jeremy Allison [Thu, 23 Aug 2007 21:53:00 +0000 (21:53 +0000)]
r24639: Add parameter "directory name cache size" - parameterize
use of directory name cache, 100 by default. Will be needed
to turn this off for *BSD systems.
Jeremy.
Jeremy Allison [Thu, 23 Aug 2007 21:34:08 +0000 (21:34 +0000)]
r24638: Remove redundent setting of vuid.
Jeremy
Michael Adam [Thu, 23 Aug 2007 15:33:25 +0000 (15:33 +0000)]
r24637: In order for "net rpc registry" to be able to write to
Samba's own registry, the access mask for opening the
registry for the write operations needs to be
SEC_RIGHTS_MAXIMUM_ALLOWED instead of REG_WRITE: we can
not open e.g. HKLM read write explicitly, since we can
not write to this virtual part of the registry, only
to the subkeys like 'HKLM\Software\Samba\smbconf' that
are stored on disk.
Note that MAXIMUM_ALLOWED is also what windows' regedit
passed to the open calls.
Michael
Michael Adam [Thu, 23 Aug 2007 14:32:00 +0000 (14:32 +0000)]
r24636: Raise one debug level, since the callers (that want to do so)
issue a level 0 debug message.
Michael
Günther Deschner [Thu, 23 Aug 2007 09:39:14 +0000 (09:39 +0000)]
r24632: Fix build warnings.
Guenther
Michael Adam [Wed, 22 Aug 2007 16:03:17 +0000 (16:03 +0000)]
r24630: Store Samba configuratin options only under the default name, not as aliases.
This prevents creation of problematic configurations from registry editors
like regedit or "net rpc registry".
I will refactor the code to be somewhat more concise,
but I wanted to have this in the tree, now I got it working... :-)
Michael
Michael Adam [Wed, 22 Aug 2007 13:51:44 +0000 (13:51 +0000)]
r24629: Make read_sock return the total number of bytes read instead
of the number of bytes read in the last of possibly several
read calls.
This was noted by Metze.
Michael