1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-17 02:05:21 +03:00

19743 Commits

Author SHA1 Message Date
Jeremy Allison
e5787cf75b r15700: Make nmbd udp sockets non-blocking to prevent problem
with select returning true but no data being available.
Fix for bug #3779.
Jeremy.
2007-10-10 11:17:08 -05:00
Günther Deschner
7d766b5505 r15698: An attempt to make the winbind lookup_usergroups() call in security=ads
more scalable:

The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).

Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.

The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.

The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.

Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.

Guenther
2007-10-10 11:17:08 -05:00
Günther Deschner
52423e01dc r15697: I take no comments as no objections :)
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.

This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).

Guenther
2007-10-10 11:17:08 -05:00
Günther Deschner
ec26c355b3 r15696: Free LDAP search result.
Guenther
2007-10-10 11:17:07 -05:00
Stefan Metzmacher
b79ceece95 r15691: - samba3 also pass RAW-CHKPATH, RAW-SEEK, RAW-SFILEINFO-BUG
- samba3 pass the limited version of RAW-LOCK
  (the lock cancel and error checking tests are skipped)

metze
2007-10-10 11:17:07 -05:00
Stefan Metzmacher
fc343051af r15686: - start testing the RAW-* tests in make test
- RAW-READ now passes samba3
- skip the rest for now

metze
2007-10-10 11:17:07 -05:00
Stefan Metzmacher
cd2fa1da6c r15682: fix option passing
metze
2007-10-10 11:17:07 -05:00
Gerald Carter
d77768cb23 r15681: fix segv in 'kinit && net ads join' 2007-10-10 11:17:07 -05:00
Gerald Carter
ae2bf464c4 r15680: use the user creds when calling net_set_machine_spn() rather than the machine creds (just like WinXP) 2007-10-10 11:17:07 -05:00
Gerald Carter
126ab8ccec r15679: fix some popt warnings 2007-10-10 11:17:06 -05:00
Jeremy Allison
ff3fe39b83 r15676: Fix meaningless debug statement from uninitialized variable.
Spotted by "John E. Malmberg" <wb8tyw@qsl.net>.
Jeremy.
2007-10-10 11:17:06 -05:00
Jeremy Allison
256ae3a16b r15675: Man pages say never look at the fd_set after a select
if it returned -1 (treat as undefined). Ensure we obey
this.
Jeremy.
2007-10-10 11:17:06 -05:00
Jeremy Allison
24aaa48677 r15672: Fix for bug #3783. winbindd_cm.c calls open_any_socket_out()
to make connections to ports 445 or 139 on the DC it's trying
to contact. It calls sys_select() on the non-blocking sockets,
not sys_select_intr(). This is a mistake (I believe) as it allows
a signal to early terminate the connection attempts - whereas
sys_select_intr() will ignore signals until we get back to
the main processing loop where they'll be handled correctly.
This change means winbindd_cm will not early terminate if it
gets a message whilst trying to connect to DC's.
Gunther, Volker and Jerry please review (but I think this
is correct).
Jeremy.
2007-10-10 11:17:06 -05:00
Jeremy Allison
31d16c434e r15670: Fix valgrind-spotted issue in BASE-DELETE test.
We were forgetting to increment after copying
the primary group gid.
Jeremy
2007-10-10 11:17:06 -05:00
Jeremy Allison
fd6fa1d4ea r15668: DOS or FCB opens share one share mode entry from different
fsp pointers. Ensure we cope with this to pass Samba4
DENY tests (we used to pass these, there must have been
a regression with newer code). We now pass them.
Jeremy
2007-10-10 11:17:06 -05:00
Volker Lendecke
f66b9701b5 r15660: Without this when using smbcquotas I get
close fd=-1 fnum=4321 (numopen=1)
close_file: Could not get share mode lock for file $Extend/$Quota:$Q:$INDEX_ALLOCATION
unix_error_packet: error string = Das Argument ist ungültig
error packet at smbd/reply.c(3325) cmd=4 (SMBclose) NT_STATUS_INVALID_HANDLE

so a fake file needs special close handling I think. Jeremy, can you check
this?

Thanks,

Volker
2007-10-10 11:17:06 -05:00
Volker Lendecke
a85dfb9eff r15657: Fix some Tru64 warnings 2007-10-10 11:17:05 -05:00
James Peach
3446ee5c00 r15655: Log the result of module initialisation if it fails. 2007-10-10 11:17:05 -05:00
James Peach
9559886a92 r15654: Update our internal copy of popt to that distributed with the RPM 4.2
source code.
2007-10-10 11:17:05 -05:00
Günther Deschner
b5a5d0b24e r15649: Allow to store 24 password history entries in ldapsam (same limit as on
Windows). Fixes bug #1914.

Guenther
2007-10-10 11:17:05 -05:00
Simo Sorce
51df47c772 r15646: Implement an setdomainsid command as well 2007-10-10 11:17:05 -05:00
Paul Green
dafe36ec4c r15644: Now that we are referencing uint32_t and other data types
defined in <stdint.h>, ensure that it is present. (Not all
implementations pull it in when <sys/types.h> is used).

Paul
2007-10-10 11:17:05 -05:00
Volker Lendecke
53f7104b4f r15635: Fix a bogus gcc uninit variable message 2007-10-10 11:17:04 -05:00
Günther Deschner
206cdbb8e9 r15634: Prevent passwords of winbindd's list of credential caches from beeing
swapped to disc using mlock(). (patch was reviewed by Jeremy).

Guenther
2007-10-10 11:17:04 -05:00
Günther Deschner
1b5a712467 r15633: Minor smbldap/pdb_ldap cleanup
Guenther
2007-10-10 11:17:04 -05:00
Günther Deschner
181fa02497 r15632: Remove length limitation from the winbind cache cleanup traversal.
Guenther
2007-10-10 11:17:04 -05:00
James Peach
b591892800 r15631: Add a new option "enable core files". Administrators can use this to
disable automatic core file dumping. Core files are enabled by default.
2007-10-10 11:17:03 -05:00
Jim McDonough
ae56154fc7 r15630: adapt smbclient fix to smbtree to enable long share names 2007-10-10 11:17:03 -05:00
Stefan Metzmacher
fab4de70b6 r15620: pass 'target:samba3=yes' to samba4's smbtorture when running samba3's make test
we can use this in samba4's smbtorture to disable tests sections which doesn't pass
against samba3

metze
2007-10-10 11:17:03 -05:00
James Peach
71fd0d3de4 r15611: Remove used but uninitialised variable "count". 2007-10-10 11:17:03 -05:00
Jeremy Allison
b108ab7b12 r15610: Fix Coverity #288 - possible null deref.
Jeremy.
2007-10-10 11:17:03 -05:00
Volker Lendecke
696e210bf6 r15608: Fix a couple of Coverity errors 2007-10-10 11:17:03 -05:00
Volker Lendecke
ea7cced6bc r15601: Fix segfaults with 'security=share' and 'guest only = yes'
Volker
2007-10-10 11:17:03 -05:00
Volker Lendecke
6071dd5db0 r15600: Correctly fill in the gid for local users.
Volker
2007-10-10 11:17:02 -05:00
Gerald Carter
d933ac273d r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb flags on the setuserinfo(), not the createuser info call 2007-10-10 11:17:02 -05:00
Volker Lendecke
8059d0ae39 r15589: While trying to understand the vuid code I found that security=share is broken
right now. r14112 broke it, in 3.0.22 register_vuid for security=share returns
UID_FIELD_INVALID which in current 3_0 is turned into an error condition. This
makes sure that we only call register_vuid if sec!=share and meanwhile also
fixes a little memleak.

Then I also found a crash in smbclient with sec=share and hostmsdfs=yes.

There's another crash with sec=share when coming from w2k3, but I need sleep
now.

Someone (jerry,jra?) please review the sesssetup.c change.

Thanks,

Volker
2007-10-10 11:17:02 -05:00
Volker Lendecke
7945c935bf r15583: Add a comment while trying to understand this code 2007-10-10 11:17:02 -05:00
Volker Lendecke
2cf503d7da r15571: Fix Coverity bug #285 2007-10-10 11:17:02 -05:00
Volker Lendecke
c6bf2c8922 r15570: Fix Coverity bug # 286. I really wonder why gcc -O1 did not catch this one.
Volker
2007-10-10 11:17:02 -05:00
Volker Lendecke
5787bd0ee9 r15569: Fix Coverity bug # 287. Jerry, can you check if WERR_NOMEM is a correct error
code here?

Thanks,

Volker
2007-10-10 11:17:01 -05:00
Volker Lendecke
0ece5b32f9 r15566: Fix Coverity bug # 284. The lp_ldap_xx_suffix function only return NULL if
talloc fails.

Volker
2007-10-10 11:17:01 -05:00
Volker Lendecke
3762effca5 r15562: Attempt to fix Coverity bug # 283 2007-10-10 11:17:01 -05:00
Gerald Carter
00c795e366 r15561: Should re-fix older systems without RC4-HMAC support 2007-10-10 11:17:01 -05:00
Gerald Carter
b69ac0e304 r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....
Re-add the capability to specify an OU in which to create
the machine account.  Done via LDAP prior to the RPC join.
2007-10-10 11:17:01 -05:00
Günther Deschner
8dd925c5fb r15559: Smaller fixes for the new cldap code:
* replace printf to stderr with DEBUG statements as they get printed in
  daemons
* "net ads lookup" return code

Guenther
2007-10-10 11:17:01 -05:00
Günther Deschner
821bbb4566 r15558: Do not wait endless for a CLDAP reply when the LDAP server is
unavailable; use "ldap timeout" handling.

Jerry, please check.

Guenther
2007-10-10 11:16:59 -05:00
Jeremy Allison
502f3e911a r15556: Better fix for leading // or \\ from "David R. Linn"
<drl@vuse.vanderbilt.edu>.
Jeremy.
2007-10-10 11:16:59 -05:00
Jeremy Allison
5a17bffbcd r15555: Make "change notify timeout" a per-share parameter - used
when there's no kernel or FAM change notify. If set to zero
this will turn off change notify for the share except when
we ourselves change something (renames / deletes etc. ).
Designed to help on large directory shares where a new
changenotify is issued between each delete. This will
be fixed correctly when we move to internal change notify
(eg. back-port Samba4 changenotify).
Jeremy.
2007-10-10 11:16:59 -05:00
Günther Deschner
a80f366057 r15553: minor rpcclient cleanup: length is already set in data_blob.
Guenther
2007-10-10 11:16:59 -05:00
Günther Deschner
ff93fc7c1e r15552: Fix segfault...
Guenther
2007-10-10 11:16:58 -05:00