summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23549: Make "net conf setparm" always use registry data type "sz".Michael Adam1-7/+4
This simplifies the usage of this command from "net conf setparm <section> <param> <type> <value>" to "net conf setparm <section> <param> <value>". Micheal (This used to be commit 41a8f8ec5f5361f536d047c4ca5d90203b16ff06)
2007-10-10r23548: Fix comments.Michael Adam1-3/+3
Michael (This used to be commit 73e41c1d0a7af7488b35b54182ea532103b51fd4)
2007-10-10r23547: Ignore parameter "include" in regsitry globals.Michael Adam1-0/+5
Michael (This used to be commit f0992c0d79bb6a5810c84a9eac208d83390bb047)
2007-10-10r23543: Adjust comments.Michael Adam1-13/+3
(This used to be commit ec22c30581f0809b6a008982abceb97b4f9cd12e)
2007-10-10r23541: Linking the LSA pipe module only once is probably enough.James Peach1-2/+0
(This used to be commit 1d941961e0739c22d32720bac4ecd6beef6d74c5)
2007-10-10r23539: Remove code duplication and unify behaviour of winbind_nss_*.h filesKai Blin2-6/+1
(This used to be commit 13c6eacff02b55b9fd6201406802f271dcf13e8e)
2007-10-10r23538: Fix for wild-card rename: We can't return directly on error, we need toVolker Lendecke1-2/+2
CloseDir. (This used to be commit 48cdafc10a0eb615d79057ec9e235ffe9a85e016)
2007-10-10r23537: Revert the inbuf/outbuf part of r23528: This caused the Solaris CC ↵Volker Lendecke1-10/+54
make test to break. The Solaris CC put the static char InBuffer[TOTAL_BUFFER_SIZE] on an odd address, the malloc'ed one is always aligned. The problem showed up in pull_ucs2, ucs2_align uses the address of InBuffer as an indication whether to bump up the src of the string by one. Unfortunately in the trans calls the data portion is malloced and thus has different alignment guarantees than a static variable. This one is bigger.... Volker (This used to be commit 6affd7818f6981be2a9f44fcf302e7fddb468347)
2007-10-10r23536: Fix a typo. James: Please check!Michael Adam1-1/+1
Michael (This used to be commit d90aa8368af624761a19cd1e55ed9f18bc64f45d)
2007-10-10r23530: Fix bugs #4678 and #4697 which had the same root cause.Jeremy Allison1-0/+54
In make_server_info_pw() we assign a user SID in our authoritative SAM, even though this may be from a pure "Unix User" that doesn't exist in the SAM. This causes lookups on "[in]valid users" to fail as they will lookup this name as a "Unix User" SID to check against the user token. Fix this by adding the "Unix User"\unix_username SID to the sid array. The correct fix should probably be changing the server_info->sam_account user SID to be a S-1-22 Unix SID, but this might break old configs where plaintext passwords were used with no SAM backend. Jeremy (This used to be commit 80d1da7e6cce451d3934751feaa6ad60a337e3db)
2007-10-10r23528: Two changes to make the valgrind massif (heap profiler) output readable:Volker Lendecke2-55/+11
Remove the allocated inbuf/output. In async I/O we copy the buffers explicitly now, so NewInBuffer is called exactly once. This does not reduce memory footprint, but removes one of the larger chunks that clobber the rest of the massif output In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes per group x 2 (once in the routine itself and once in libc) = 512k just to throw it away directly again. This reduces it do a more typical limit of 32 groups per user. We certainly cope with overflow fine if 32 is not enough. Not 100% sure about this one, a DEVELOPER only thing? (This used to be commit 009af0909944e0f303c5d496b56fb65ca40a41d5)
2007-10-10r23527: Use existing escaping function pointed by JamesSimo Sorce1-27/+3
(This used to be commit 9dcbef9615aec7cfe8f72e6f21f01af4e4fcc90e)
2007-10-10r23525: I believe this patch is ok, got no reply of it being not ok.Simo Sorce1-2/+40
This closes #4624 for me. (This used to be commit 3635b304155299ac93fda57e5e9ece0acd605e77)
2007-10-10r23524: Fix bug 2319.Simo Sorce1-13/+60
Got report this is all ok form a tester. Close a loong standing bug preventing people to freely use any character in their password when printing via cups were involved. (This used to be commit 54ca011212982cf1d94a76ca9d39c391783da04f)
2007-10-10r23523: Gaa -- had renamed "name" to "path" and apparently not compiled afterVolker Lendecke1-1/+1
that.... Volker (This used to be commit 1a45ea28ced3775acd6127e05e844873ed23d40b)
2007-10-10r23522: Save us a kilobyte stack space in a hot code path: I can't see a reasonVolker Lendecke2-33/+28
why check_path_syntax should not be able to run in-line. The destination pointer either walks side by side with the source pointer or is decremented. So as far as I can see s>=d is true throughout the whole routine. Jeremy, I'm checking this only into 3_0 for now. Please review and ack or directly merge this to 3_0_26. Thanks, Volker (This used to be commit 34a13c82a3b72d6900614b57c58fbaefeeca8fa7)
2007-10-10r23518: Remove the silly assumption that string_replace requires a pstring.Volker Lendecke2-24/+49
Jeremy, I am always very confused about the different length arguments in convert_string and friends. Can you take a look at the change in string_replace and verify it's ok? Thanks! While at it, remove the pstring limit for strhasupper and strhaslower. (This used to be commit e6e5703658aeaeb0cca5d7281095e17553001d4b)
2007-10-10r23517: After Jeremy has given is ack on irc:Volker Lendecke1-179/+61
Change rename_internals to open the file/directory and then call rename_internals_fsp. Two reasons: Remove code duplication and remove a race condition. The race condition was due to the fact that in can_rename the share mode check closed the file and then after that did the rename. (This used to be commit aa16d8a649d1a38593edd5ca94ed2c7d4291911b)
2007-10-10r23516: Fix bug found & fixed by Doug Rudoff (doug_rudoff@isilon.com)Jeremy Allison1-0/+6
- when cleaning up invalid locks make sure we mark the lck struct as modified so it'll get saved back correctly (that was the original intent). Jeremy. (This used to be commit cbf0829abcc3689edd7ab225054dfc79d43c6309)
2007-10-10r23515: Ensure status isn't used uninitialized.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 5b2836e2d5f9081b5e39637538d8f2d19e1115c4)
2007-10-10r23514: Remove unused function ads_get_dn_from_extended_dn().Jeremy Allison1-29/+0
Jeremy. (This used to be commit 03763bc5287fef5f100c911041668e23d4305f8d)
2007-10-10r23513: Fix one more use of VALUE_PREFIX.Jeremy Allison1-1/+1
Jeremy. (This used to be commit fca5637dc6c91a57c4e087670068688557e5bf32)
2007-10-10r23512: Fix conflict in #define for SECDESC_PREFIX. Ensure allJeremy Allison2-7/+7
reg #defines use "REG_" prefix. Michael - please check gcc warnings on compiles. Jeremy. (This used to be commit 7885b68bb5df0ebe290feca0e74b4a20ef59e718)
2007-10-10r23510: Tidy calls to smb_panic by removing trailing newlines. Print theJames Peach33-113/+120
failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713)
2007-10-10r23509: This activates the global options from the registry in loadparm.Michael Adam5-12/+305
The global options are stored as values in the subkey "global" of the SMBCONF registry key. The activation is accomplished in smb.conf though a new special semantic of the "include" parameter: "include = registry" triggers the processing of the registry global options exactly at the position of the include statement. Options read from the registry take the same precedence as parameters loaded from a file via include. Need to reload the registry globals is detected by watching the tdb sequence number. Registry shares are automatically activated when the registry globals are processed. So a "registry only" configuration can be realized by an smb.conf that looks as follows: ================================ [global] include = registry ================================ The global options and registry shares can be conveniently edited with the "net conf" utility. Caveat: A possible pitfall consists in using "include = registry" together with the "lock directory" directive in the registry. This problem will be addressed in the next time. Note on the code: Processing of the registry options is accomplished by a function process_registry_globals() in loadparm.c The current version is only an interim solution: It is handcoded instead of using the infrastructure of reg_api.c. The reason for this is that using reg_api still has too large linker dependencies, bloating virtually all targets by PASSDB_OBJ, SMBLDAP_OBJ, GROUPDB_OBJ and LDB stuff. A version of process_registry_globals that uses reg_api is included but commented out. The goal is to eventually refactor and restructure the registry code so that one can use the reg_api to access only the registry tdb and not link all the dynamic backends with all their linking implications. (This used to be commit 24b0cbcb3741dd14b04728448a85cc04a057e7d0)
2007-10-10r23508: Fix sync_file() to return NTSTATUS and return thisJeremy Allison3-13/+69
on failure in the write path. Jeremy. (This used to be commit cd3f7dbee809fb40194af0e7509142166e02b252)
2007-10-10r23507: Split one general function normalize_dbkey from reg_db.c into util_reg.cMichael Adam2-7/+7
(To be used in other place in subsequent commit.) Michael (This used to be commit 6fd71140499e30b8fd0f083301512db7b8c2f236)
2007-10-10r23504: Use tdb_wrap_open (instead of usual tdb_open) in reg_db.Michael Adam1-27/+22
This eliminates the need of maintaining reg_db's own reference counter for the tdb. Maybe as a next step... Michael (This used to be commit 31d64767fc8a73be1f6b81e2712d687897f812a0)
2007-10-10r23502: Restore exit-on-idle. Small refactoring for clarity. Exit ifJames Peach1-17/+26
we are idle and we timed out waiting for something to do. (This used to be commit b4ab1a0cd992cf9e966b8edb9796d1eae53db744)
2007-10-10r23501: Move notify_rename before rename_internals_fsp and call it from there.Volker Lendecke1-42/+44
(This used to be commit 8d3828871c561cd05e6461e157db4c0ccddd5f22)
2007-10-10r23500: Two changes to survive the now activated test for rename_internals_fsp:Volker Lendecke3-6/+17
With the target being open we have to return NT_STATUS_ACCESS_DENIED and root_fid != 0 leads to NT_STATUS_INVALID_PARAMETER (This used to be commit b599e5b1e10bdf825b2ce53de4a6ec35726d00f6)
2007-10-10r23497: Disable building of libaddns (no defined API) andGerald Carter1-38/+8
libmsrpc (unmaintained). (This used to be commit 13d78ace49d0f7c5330c5297ef563284f573239a)
2007-10-10r23496: Fix logic error in getgrnam_recv() that brokeGerald Carter1-1/+1
getgrnam() for machine and domain local groups. (This used to be commit 4d4c1eca30ce57b4072e9f8c59fcc49bf3a5c48e)
2007-10-10r23495: Replace literal occurrences of libsmb/errormap.o by $(ERRORMAP_OBJ).Michael Adam1-2/+2
(This used to be commit 2041c35a305e0d6ee015b54fb17fe416dc14a8bc)
2007-10-10r23494: Synchronize some occurrences of BINARY_PREREQS and bin/.dummy.Michael Adam1-13/+18
Further reduce the diff between 3_0 and 3_0_26 by some reformatting and rearrangements. Michael (This used to be commit 02685358d104775e6b8cad156aa70458ab3a55f6)
2007-10-10r23489: (Re-)Add tdbtorture as a build target to 3_0_26.Michael Adam1-0/+3
Add the tdbtorture test to the test script in 3_0 and 3_0_26. Michael (This used to be commit 30d71cf4b8decd6fad0c44a3eb57e29ea7d898a0)
2007-10-10r23486: Ok, this time with a hopefully successful make test in the right place:Volker Lendecke2-22/+33
Remove two local variables (This used to be commit 575e594e936c3cb197945063309f0b424dcdefc8)
2007-10-10r23485: This checkin consists mostly of refactorings in preparation of theMichael Adam10-680/+874
activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
2007-10-10r23484: When chasing AD referrals make sure to honor the base returned from ↵Günther Deschner1-1/+2
the server. Guenther (This used to be commit 865bdcacae49299c19d7000242832fa41fdfa9d2)
2007-10-10r23483: Revert 23482, I must have run 'make test' in the wrong subdir.Volker Lendecke1-14/+18
(This used to be commit 1ce0c582bccc90e54a69b1e70973ed7ccb47cbbb)
2007-10-10r23482: Slightly simplify the rename code: Remove two local variables that areVolker Lendecke1-18/+14
not really needed. (This used to be commit e068e38ef3b364f2c6477f9d8d6ef3b81a6207ca)
2007-10-10r23480: Fix DEVELOPER_CFLAGS quoting.James Peach1-1/+1
(This used to be commit 4cdc7eaac78f04f19f1ed738fd918862bd2f7d4c)
2007-10-10r23478: Change the handling of the developer CFLAGS so that they are alwaysJames Peach2-13/+32
emited to the Makefile in the DEVELOPER_CFLAGS variable. This makes it easy to turn developer mode on and off without waiting for configure to run. The developer flags are only added to CFLAGS for the --enable-developer and --enable-krb5developer cases. (This used to be commit 4b392a76eb392375f369c8c64fccd138833dcb52)
2007-10-10r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting ↵Gerald Carter1-1/+1
context flags. (This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
2007-10-10r23475: Fix the prototype for sys_broken_setgroups and log *BSD group listJames Peach1-2/+2
truncation a bit more verbosely. (This used to be commit e3ea997289f9f2613c304c016b42b2d35af48c84)
2007-10-10r23474: Here's a small patch that disables the libkrb5.so replay cacheGerald Carter4-42/+68
when verifying a ticket from winbindd_pam.c. I've found during multiple, fast, automated SSH logins (such as from a cron script) that the replay cache in MIT's krb5 lib will occasionally fail the krb5_rd_req() as a replay attack. There seems to be a small window during which the MIT krb5 libs could reproduce identical time stamps for ctime and cusec in the authenticator since Unix systems only give back milli-seconds rather than the micro-seconds needed by the authenticator. Checked against MIT 1.5.1. Have not researched how Heimdal does it. My thinking is that if someone can spoof the KDC and TDS services we are pretty hopeless anyways. (This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
2007-10-10r23472: add missing default setting for 'winbind nss info' (merge from 3.0.26)Gerald Carter1-0/+1
(This used to be commit 1f80f9d14553650fb9d24f1d4c36e5cf7986ce23)
2007-10-10r23471: Here's a rough patch for expanding domain group membershipGerald Carter3-155/+351
in the winbindd_getgrnam() call. Couple of comments: * Adds "winbind expand groups" parameter which defines the max depth winbindd will expand group members. The default is the current behavior of one level of expansion. * The entire getrgnam() interface should be async. I haven't done that. * Refactors the domain users hack in fill_grent_mem() into its own function. (This used to be commit 3d3a8130351753dc5caa2a270d130e2150da6b54)
2007-10-10r23470: Fix supplementary group list truncation for *BSD. We need to passJames Peach1-2/+8
the correct group list length and only truncate to NGROUPS_MAX if it is too long. (This used to be commit 07f562be7a64a2ded7ec0e6f5910447dc5b8b85f)
2007-10-10r23469: Fix a commentVolker Lendecke1-1/+1
(This used to be commit 47cc9359aa1b4d5fcd9469be0b1378030ac388fc)