1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

22623 Commits

Author SHA1 Message Date
Volker Lendecke
4944a5227c r23483: Revert 23482, I must have run 'make test' in the wrong subdir.
(This used to be commit 1ce0c582bc)
2007-10-10 12:23:20 -05:00
Volker Lendecke
c03c86232c r23482: Slightly simplify the rename code: Remove two local variables that are
not really needed.
(This used to be commit e068e38ef3)
2007-10-10 12:23:20 -05:00
James Peach
94f284e631 r23480: Fix DEVELOPER_CFLAGS quoting.
(This used to be commit 4cdc7eaac7)
2007-10-10 12:23:20 -05:00
James Peach
6e631e5fb5 r23478: Change the handling of the developer CFLAGS so that they are always
emited to the Makefile in the DEVELOPER_CFLAGS variable. This makes
it easy to turn developer mode on and off without waiting for
configure to run. The developer flags are only added to CFLAGS for
the --enable-developer and --enable-krb5developer cases.
(This used to be commit 4b392a76eb)
2007-10-10 12:23:20 -05:00
Gerald Carter
b4a39dc10e r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting context flags.
(This used to be commit 903145e957)
2007-10-10 12:23:19 -05:00
James Peach
274782432b r23475: Fix the prototype for sys_broken_setgroups and log *BSD group list
truncation a bit more verbosely.
(This used to be commit e3ea997289)
2007-10-10 12:23:19 -05:00
Gerald Carter
4caefdf348 r23474: Here's a small patch that disables the libkrb5.so replay cache
when verifying a ticket from winbindd_pam.c.

I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.

There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator.  Checked against MIT 1.5.1.  Have not
researched how Heimdal does it.

My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f7)
2007-10-10 12:23:19 -05:00
Gerald Carter
bfbf08adff r23472: add missing default setting for 'winbind nss info' (merge from 3.0.26)
(This used to be commit 1f80f9d145)
2007-10-10 12:23:19 -05:00
Gerald Carter
78d6b95e18 r23471: Here's a rough patch for expanding domain group membership
in the winbindd_getgrnam() call.  Couple of comments:

* Adds "winbind expand groups" parameter which defines the
  max depth winbindd will expand group members.  The default
  is the current behavior of one level of expansion.
* The entire getrgnam() interface should be async.  I
  haven't done that.
* Refactors the domain users hack in fill_grent_mem() into
  its own function.
(This used to be commit 3d3a813035)
2007-10-10 12:23:19 -05:00
James Peach
2cbe284e59 r23470: Fix supplementary group list truncation for *BSD. We need to pass
the correct group list length and only truncate to NGROUPS_MAX if
it is too long.
(This used to be commit 07f562be7a)
2007-10-10 12:23:18 -05:00
Volker Lendecke
8b2637631e r23469: Fix a comment
(This used to be commit 47cc9359aa)
2007-10-10 12:23:18 -05:00
Michael Adam
a2762cfcaa r23468: Open registry.tdb with sequence number.
Add a function to retrieve the registry db sequence number.

This is in preparation of loadparm integration of registry global
smb.conf options: this will allow to detect changes in order to trigger reload.

Michael
(This used to be commit ebe2ea8f22)
2007-10-10 12:23:18 -05:00
Volker Lendecke
0e0fed6f25 r23467: Next little simplification: In rename_internals it's a bit pointless to
first ask for existence of a file when we do the open_file_ntcreate in
can_rename later on anyway. That also gets us the right error message in
case the file is not there automatically.
(This used to be commit f3d582cb90)
2007-10-10 12:23:18 -05:00
Volker Lendecke
719df44c03 r23466: Fix RAW-NOTIFY: by using delete on close the notify is triggered deep
inside close_file() already.
(This used to be commit 0b29e3ad0f)
2007-10-10 12:23:18 -05:00
Michael Adam
46906b2c75 r23465: There was this diff between reg_printing in 3_0 and 3_0_26:
before writing to secdesc_buf->sd,
3_0 checked secdesc_buf->sd while 3_0_26 checked secdesc_buf->sd_size.

This patch makes both revisions check _both_ befor writing.

Jerry / Jeremy : please check if this is correct!

Michael
(This used to be commit dfc4217870)
2007-10-10 12:23:18 -05:00
Michael Adam
6f28dc588c r23460: Re-add whitespace to reduce diff between branches.
Sorry for the noise...

Michael
(This used to be commit c7d004dec4)
2007-10-10 12:23:17 -05:00
Michael Adam
00323dc738 r23459: Remove one superfluous cast.
(This used to be commit beed875507)
2007-10-10 12:23:17 -05:00
Michael Adam
cb7f45560f r23458: Cosmetic fix in debug output.
(This used to be commit 03dbdb561a)
2007-10-10 12:23:17 -05:00
Volker Lendecke
062a411c12 r23457: After Jeremy's ack:
The attached patch removes a little race condition for
people with real kernel oplock support, and reduces some
code paths. It changes reply_unlink to open_file_ntcreate,
set_delete_on_close and close_file.

The race condition happens if we break the oplock in
can_delete via open_file_ntcreate, we close the file,
someone else gets a batch oplock and we try to unlink.

It reduces code paths by calling SMB_VFS_UNLINK in 2 fewer
places.
(This used to be commit 0342ce7057)
2007-10-10 12:23:17 -05:00
Jeremy Allison
28bc066aa8 r23450: max_params_return is complete fiction when getting a changenotify
request. Ignore it. Should fix bug #4689 but more tests and
valgrinding will follow.
Jeremy.
(This used to be commit c23e08cc09)
2007-10-10 12:23:17 -05:00
Jeremy Allison
5aadea741f r23448: Doh ! Don't call winbind_child_died() *before* the
kill call as that sets pid = 0 ! :-).
Jeremy.
(This used to be commit bcfce39094)
2007-10-10 12:23:17 -05:00
Jeremy Allison
a5f3e848c0 r23447: Add kill signal to child dead path. After talking
to Jerry add to 3.0.25b.
Jeremy.
(This used to be commit ade91e78cb)
2007-10-10 12:23:16 -05:00
Volker Lendecke
07d2301040 r23446: Restore Jeremy's original formatting, just fix the comment.
(This used to be commit 5b983957e3)
2007-10-10 12:23:16 -05:00
Jeremy Allison
cacbe41945 r23445: Fix suggested by Volker. Don't call rename_open_files
if the name wasn't changed.
Jeremy.
(This used to be commit 7a9629365e)
2007-10-10 12:23:16 -05:00
Michael Adam
4a6aaabe6f r23434: Coorect a comment.
(This used to be commit c9f38fa30e)
2007-10-10 12:23:16 -05:00
Michael Adam
5d14172c15 r23433: remove superfluous semicolon.
(This used to be commit b8269f4543)
2007-10-10 12:23:16 -05:00
Michael Adam
9af7b35db0 r23432: Remove superfluous comment.
(A relict from regkey_open_internal days.)

Michael
(This used to be commit 4025cbc202)
2007-10-10 12:23:16 -05:00
Volker Lendecke
d9f7cbacb0 r23429: Ooops, sorry.
Revert an accidential checkin of r23410.

Volker
(This used to be commit 23ecb5439f)
2007-10-10 12:23:15 -05:00
Volker Lendecke
501d97c653 r23426: Correct a comment. The default timeout is not 1min, but 30s. While
there, do some reformatting.

Jeremy, I think we should also kill the child. It might hang in
something (an fcntl lock for example) that the next child might run into
immediately again.
(This used to be commit 6729a4df4b)
2007-10-10 12:23:15 -05:00
Jeremy Allison
9ae6e51616 r23425: Volker noticed this obvious fix for the wins server
code :-). Thanks Volker !
Jeremy.
(This used to be commit e3f33a2a50)
2007-10-10 12:23:15 -05:00
Jeremy Allison
24e05d4df2 r23424: Thanks to Jerry, we finally tracked down the :
winbindd: Exceeding 200 client connections, no idle connection found"
bug #3204. This fixes it in Jerry's testing !
Jeremy.
(This used to be commit 0c7ce6a682)
2007-10-10 12:23:15 -05:00
James Peach
0d5265e9d4 r23423: Use the correct structure types in the NT_ACL operations. It's not
clear to my why the catia module feels it's necessary to implement
these operations, but at least they're now the right type.
(This used to be commit b5be0c7403)
2007-10-10 12:23:15 -05:00
Simo Sorce
c99449016b r23411: We were missing displayName and that was preventing us
from successfully deleting an entry when "account" is
the STRUCTURAL objectclass used for users and machines.
"account" is used each time the user entry is in /etc/passwd
and we have only the samba attributes in ldap, as well
as for rfc2307(bis) standard based directories.
(This used to be commit e6399f1aa1)
2007-10-10 12:23:15 -05:00
Volker Lendecke
de565785f5 r23410: Merge the core of the cluster code.
I'm 100% certain I've forgotten to merge something, but the main code
should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and
messages_ctdbd.c.

There should be no changes to the non-cluster case, it does survive make
test on my laptop.

It survives some very basic tests with ctdbd enables, I did not do the
full test suite for clusters yet.

Phew...

Volker
(This used to be commit 15553d6327)
2007-10-10 12:23:14 -05:00
Volker Lendecke
b05c7b9783 r23408: Remove a bogus comment
(This used to be commit 0442e680ee)
2007-10-10 12:23:14 -05:00
Simo Sorce
6250b82014 r23407: While verifying a bug I found out that for some reason
the code to add a machine was different then the one used
to add a user, the old code led to the machine SID not being
built out correctly allocationg a new RID out of the passdb
but instead by using the old algorithmic method.
This may easily end up in creating duplicated SID when the
RID counter get close to the values built by the algorithmic method.

Simo.
(This used to be commit e077142aa3)
2007-10-10 12:23:14 -05:00
Simo Sorce
22a7d90bfe r23406: Evn if not strictly currently necessary do check for correct
init also in idmap_nss and idmap_passdb for coherency and to
prevent errors in future if we change the init functions to
actually do something and not just return NT_STATUS_OK
(This used to be commit 86f532c1b0)
2007-10-10 12:23:13 -05:00
Simo Sorce
6c5805aa70 r23404: Fix wrong (and missing) action on error condition in ldap reply evaluation loop
Fixes one of the segfaults in bug #4667
(This used to be commit 176e1c0b69)
2007-10-10 12:23:13 -05:00
Jeremy Allison
f461e53e7a r23402: Got bitten by a talloc hierarchy. Make sure we alloc
off the pipe ctx now ->names is part of the containing
struct.
Jeremy.
(This used to be commit 02fd434902)
2007-10-10 12:23:13 -05:00
Jeremy Allison
2e6deee020 r23400: Fix lsa crash bug #4683. The "names" enum struct
in a lookup_sidX reply isn't optional - like the
lookup_sidX query it needs to be defined in the
struct.
All this will go away with PIDL (thank goodness....).
Jerry - I think this is a showstopper to be merged
for 3.0.25b.
I'll be watching the build farm to see if anything broke.
Jeremy.
(This used to be commit 9300b92f7a)
2007-10-10 12:23:13 -05:00
James Peach
bde0642ab4 r23398: Support membership of >16 groups on Darwin by making sure we opt in to the
dynamic group resolution mechanism when switching UNIX credentials.
(This used to be commit b5cb21e951)
2007-10-10 12:23:13 -05:00
James Peach
0ae0d33a3a r23396: Make VFS callbacks static. Mark operations as OPAQUE because they
do not pass through.
(This used to be commit b9d6eee5d4)
2007-10-10 12:23:13 -05:00
James Peach
74c74f8dcc r23393: Support BSD group semantics by making sure that the effective GID is always
passed as the first GID when calling setgroups(2).
(This used to be commit 6ebaf856c1)
2007-10-10 12:23:12 -05:00
Jeremy Allison
0a1f5d71e4 r23391: Second part of the patch for Apple.
Change the sequence :

gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);

to a function call :

set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)

James - should be safe for you to create a Darwin-specific
version of this function now.

Jeremy.
(This used to be commit 8ee982b367)
2007-10-10 12:23:12 -05:00
Jeremy Allison
334c961cc5 r23390: First part of the patch to make Apple's life easier.
Doing this in two stages to make it very easy to
review. Context switching must look like :

gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);

Re-arrange order so these three calls are always
seen together.

Next will be to turn these into a function.

Jeremy.
(This used to be commit eb537185ee)
2007-10-10 12:23:12 -05:00
Michael Adam
19dbef7ca4 r23389: Disabling ACL support on Darwin/Mac OS X for now.
Current configure check detects posix ACL support
but compile of modules/vfs_posixacl.c fails due
to missing defines in sys/acl.h:
ACL_USER, ACL_USER_OBJ, ACL_GROUP, ACL_GROUP_OBJ, ACL_OTHER,
ACL_MASK, ACL_WRITE, ACL_READ

It has to be investigated, if this can be fixed within
the posixacl vfs module or if we need a darwinacl module.

Michael
(This used to be commit f275991c2f)
2007-10-10 12:23:12 -05:00
Michael Adam
e0cdcf065f r23387: 1. This unifies the POSIX ACL detection code:
Linux, FreeBSD and other (which?) ACL implementations
are now checked in the same block instead of in three
separate blocks. This was inspired by Timur Bakeyev
in Bug #4543. Since bugzilla is currently unavailable
this patch is probably slightly different from Timurs
original patch. This should finally fix Bug #4543.

2. The default of the --with-acl-support configure
option is changed to "auto" (which is actually the
same as "yes"). So configure tries to detect acl
support by default. This had been discussed with
Metze and others.

Michael
(This used to be commit 234b32c7bc)
2007-10-10 12:23:12 -05:00
Günther Deschner
1ea5dfae04 r23380: netr_getdcname returns WERROR not NTSTATUS.
Guenther
(This used to be commit 5e75ea7f2b)
2007-10-10 12:23:12 -05:00
Michael Adam
774ceeea50 r23379: Whitespace cosmetics, to reduce irritating diffs...
Michael
(This used to be commit df30f8d5c2)
2007-10-10 12:23:11 -05:00
Gerald Carter
544b376d1a r23377: Patch from Bjoern Jacke <bjoern@j3e.de> to deal
with non-GNU implementations of tr in autogen.sh
(This used to be commit ccc466c56a)
2007-10-10 12:23:11 -05:00