summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23485: This checkin consists mostly of refactorings in preparation of theMichael Adam10-680/+874
activation of global registry options in loadparm.c, mainly to extract functionality from net_conf.c to be made availabel elsewhere and to minimize linker dependencies. In detail: * move functions registry_push/pull_value from lib/util_reg.c to new file lib/util_reg_api.c * create a fake user token consisting of builtin administrators sid and se_disk_operators privilege by hand instead of using get_root_nt_token() to minimize linker deps for bin/net. + new function registry_create_admin_token() in new lib/util_reg_smbconf.c + move dup_nt_token from auth/token_util.c to new file lib/util_nttoken.c + adapt net_conf.c and Makefile.in accordingly. * split lib/profiles.c into two parts: new file lib/profiles_basic.c takes all the low level mask manipulation and format conversion functions (se_priv, privset, luid). the privs array is completely hidden from profiles.c by adding some access-functions. some mask-functions are not static anymore. Generally, SID- and LUID-related stuff that has more dependencies is kept in lib/profiles.c * Move initialization of regdb from net_conf.c into a function registry_init_regdb() in lib/util_reg_smbconf.c. Michael (This used to be commit efd3e2bfb756ac5c4df7984791c67e7ae20a582e)
2007-10-10r23484: When chasing AD referrals make sure to honor the base returned from ↵Günther Deschner1-1/+2
the server. Guenther (This used to be commit 865bdcacae49299c19d7000242832fa41fdfa9d2)
2007-10-10r23483: Revert 23482, I must have run 'make test' in the wrong subdir.Volker Lendecke1-14/+18
(This used to be commit 1ce0c582bccc90e54a69b1e70973ed7ccb47cbbb)
2007-10-10r23482: Slightly simplify the rename code: Remove two local variables that areVolker Lendecke1-18/+14
not really needed. (This used to be commit e068e38ef3b364f2c6477f9d8d6ef3b81a6207ca)
2007-10-10r23480: Fix DEVELOPER_CFLAGS quoting.James Peach1-1/+1
(This used to be commit 4cdc7eaac78f04f19f1ed738fd918862bd2f7d4c)
2007-10-10r23478: Change the handling of the developer CFLAGS so that they are alwaysJames Peach2-13/+32
emited to the Makefile in the DEVELOPER_CFLAGS variable. This makes it easy to turn developer mode on and off without waiting for configure to run. The developer flags are only added to CFLAGS for the --enable-developer and --enable-krb5developer cases. (This used to be commit 4b392a76eb392375f369c8c64fccd138833dcb52)
2007-10-10r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting ↵Gerald Carter1-1/+1
context flags. (This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
2007-10-10r23475: Fix the prototype for sys_broken_setgroups and log *BSD group listJames Peach1-2/+2
truncation a bit more verbosely. (This used to be commit e3ea997289f9f2613c304c016b42b2d35af48c84)
2007-10-10r23474: Here's a small patch that disables the libkrb5.so replay cacheGerald Carter4-42/+68
when verifying a ticket from winbindd_pam.c. I've found during multiple, fast, automated SSH logins (such as from a cron script) that the replay cache in MIT's krb5 lib will occasionally fail the krb5_rd_req() as a replay attack. There seems to be a small window during which the MIT krb5 libs could reproduce identical time stamps for ctime and cusec in the authenticator since Unix systems only give back milli-seconds rather than the micro-seconds needed by the authenticator. Checked against MIT 1.5.1. Have not researched how Heimdal does it. My thinking is that if someone can spoof the KDC and TDS services we are pretty hopeless anyways. (This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
2007-10-10r23472: add missing default setting for 'winbind nss info' (merge from 3.0.26)Gerald Carter1-0/+1
(This used to be commit 1f80f9d14553650fb9d24f1d4c36e5cf7986ce23)
2007-10-10r23471: Here's a rough patch for expanding domain group membershipGerald Carter3-155/+351
in the winbindd_getgrnam() call. Couple of comments: * Adds "winbind expand groups" parameter which defines the max depth winbindd will expand group members. The default is the current behavior of one level of expansion. * The entire getrgnam() interface should be async. I haven't done that. * Refactors the domain users hack in fill_grent_mem() into its own function. (This used to be commit 3d3a8130351753dc5caa2a270d130e2150da6b54)
2007-10-10r23470: Fix supplementary group list truncation for *BSD. We need to passJames Peach1-2/+8
the correct group list length and only truncate to NGROUPS_MAX if it is too long. (This used to be commit 07f562be7a64a2ded7ec0e6f5910447dc5b8b85f)
2007-10-10r23469: Fix a commentVolker Lendecke1-1/+1
(This used to be commit 47cc9359aa1b4d5fcd9469be0b1378030ac388fc)
2007-10-10r23468: Open registry.tdb with sequence number.Michael Adam1-3/+15
Add a function to retrieve the registry db sequence number. This is in preparation of loadparm integration of registry global smb.conf options: this will allow to detect changes in order to trigger reload. Michael (This used to be commit ebe2ea8f22bfe0855beee087af771c690db443c1)
2007-10-10r23467: Next little simplification: In rename_internals it's a bit pointless toVolker Lendecke1-38/+13
first ask for existence of a file when we do the open_file_ntcreate in can_rename later on anyway. That also gets us the right error message in case the file is not there automatically. (This used to be commit f3d582cb908f95c1b557bda5d41b5a8aff75b124)
2007-10-10r23466: Fix RAW-NOTIFY: by using delete on close the notify is triggered deepVolker Lendecke1-6/+0
inside close_file() already. (This used to be commit 0b29e3ad0f2b1759eb195fb37f1f8667d87f5670)
2007-10-10r23465: There was this diff between reg_printing in 3_0 and 3_0_26:Michael Adam1-1/+4
before writing to secdesc_buf->sd, 3_0 checked secdesc_buf->sd while 3_0_26 checked secdesc_buf->sd_size. This patch makes both revisions check _both_ befor writing. Jerry / Jeremy : please check if this is correct! Michael (This used to be commit dfc42178708144ef0b9273438ee15451078d3f4e)
2007-10-10r23460: Re-add whitespace to reduce diff between branches.Michael Adam1-1/+1
Sorry for the noise... Michael (This used to be commit c7d004dec4822c0d8e5c7fd6519850f906c7bb1a)
2007-10-10r23459: Remove one superfluous cast.Michael Adam1-1/+1
(This used to be commit beed87550786052891969f6014088c17a5d77157)
2007-10-10r23458: Cosmetic fix in debug output.Michael Adam1-1/+1
(This used to be commit 03dbdb561a16a6e3dbd99ee29aac598457873002)
2007-10-10r23457: After Jeremy's ack:Volker Lendecke1-24/+29
The attached patch removes a little race condition for people with real kernel oplock support, and reduces some code paths. It changes reply_unlink to open_file_ntcreate, set_delete_on_close and close_file. The race condition happens if we break the oplock in can_delete via open_file_ntcreate, we close the file, someone else gets a batch oplock and we try to unlink. It reduces code paths by calling SMB_VFS_UNLINK in 2 fewer places. (This used to be commit 0342ce7057045a362134281bcc7030111276dea0)
2007-10-10r23450: max_params_return is complete fiction when getting a changenotifyJeremy Allison2-18/+6
request. Ignore it. Should fix bug #4689 but more tests and valgrinding will follow. Jeremy. (This used to be commit c23e08cc09b8de860ab9c7ac9d0e7c2502dfccd9)
2007-10-10r23448: Doh ! Don't call winbind_child_died() *before* theJeremy Allison1-7/+6
kill call as that sets pid = 0 ! :-). Jeremy. (This used to be commit bcfce39094ef30a1d1ae4dba5a90738e2678bcbf)
2007-10-10r23447: Add kill signal to child dead path. After talkingJeremy Allison1-0/+3
to Jerry add to 3.0.25b. Jeremy. (This used to be commit ade91e78cbe2871d3a8df18fa1f92bc16a7600a8)
2007-10-10r23446: Restore Jeremy's original formatting, just fix the comment.Volker Lendecke1-21/+17
(This used to be commit 5b983957e3a0a05f77bfb8a10a7986c22b81088d)
2007-10-10r23445: Fix suggested by Volker. Don't call rename_open_filesJeremy Allison1-2/+0
if the name wasn't changed. Jeremy. (This used to be commit 7a9629365eb4eb2829982fe2b2bfffd840648e6f)
2007-10-10r23434: Coorect a comment.Michael Adam1-1/+1
(This used to be commit c9f38fa30e9b784a56f08d0ab4765e9c7a42aa7d)
2007-10-10r23433: remove superfluous semicolon.Michael Adam1-1/+1
(This used to be commit b8269f454338c8b20b90451f3866fc193871e9af)
2007-10-10r23432: Remove superfluous comment.Michael Adam1-2/+0
(A relict from regkey_open_internal days.) Michael (This used to be commit 4025cbc2024acf36e96d7236225b439dbd3e4df0)
2007-10-10r23429: Ooops, sorry.Volker Lendecke1-3/+3
Revert an accidential checkin of r23410. Volker (This used to be commit 23ecb5439f509f8f1eef6dded74357af5760094f)
2007-10-10r23426: Correct a comment. The default timeout is not 1min, but 30s. WhileVolker Lendecke1-17/+21
there, do some reformatting. Jeremy, I think we should also kill the child. It might hang in something (an fcntl lock for example) that the next child might run into immediately again. (This used to be commit 6729a4df4b57f638161ec55f9b1edd0bc8bb947e)
2007-10-10r23425: Volker noticed this obvious fix for the wins serverJeremy Allison1-2/+2
code :-). Thanks Volker ! Jeremy. (This used to be commit e3f33a2a503ada232aa1165e2321822584a026bd)
2007-10-10r23424: Thanks to Jerry, we finally tracked down the :Jeremy Allison1-0/+62
winbindd: Exceeding 200 client connections, no idle connection found" bug #3204. This fixes it in Jerry's testing ! Jeremy. (This used to be commit 0c7ce6a68286fa98258828545fc869aaac19a028)
2007-10-10r23423: Use the correct structure types in the NT_ACL operations. It's notJames Peach1-2/+2
clear to my why the catia module feels it's necessary to implement these operations, but at least they're now the right type. (This used to be commit b5be0c7403195d2bd503fb1512cb46e65587adc4)
2007-10-10r23411: We were missing displayName and that was preventing usSimo Sorce1-0/+1
from successfully deleting an entry when "account" is the STRUCTURAL objectclass used for users and machines. "account" is used each time the user entry is in /etc/passwd and we have only the samba attributes in ldap, as well as for rfc2307(bis) standard based directories. (This used to be commit e6399f1aa1c98d2d6e700245bb95c84f7e173236)
2007-10-10r23410: Merge the core of the cluster code.Volker Lendecke22-18/+2396
I'm 100% certain I've forgotten to merge something, but the main code should be in. It's mainly in dbwrap_ctdb.c, ctdbd_conn.c and messages_ctdbd.c. There should be no changes to the non-cluster case, it does survive make test on my laptop. It survives some very basic tests with ctdbd enables, I did not do the full test suite for clusters yet. Phew... Volker (This used to be commit 15553d6327a3aecdd2b0b94a3656d04bf4106323)
2007-10-10r23408: Remove a bogus commentVolker Lendecke1-1/+0
(This used to be commit 0442e680eeacb56852e200fdf6f78e4972ecad68)
2007-10-10r23407: While verifying a bug I found out that for some reasonSimo Sorce1-17/+14
the code to add a machine was different then the one used to add a user, the old code led to the machine SID not being built out correctly allocationg a new RID out of the passdb but instead by using the old algorithmic method. This may easily end up in creating duplicated SID when the RID counter get close to the values built by the algorithmic method. Simo. (This used to be commit e077142aa39ad927a16e0d04874857bbc171ce07)
2007-10-10r23406: Evn if not strictly currently necessary do check for correctSimo Sorce2-0/+16
init also in idmap_nss and idmap_passdb for coherency and to prevent errors in future if we change the init functions to actually do something and not just return NT_STATUS_OK (This used to be commit 86f532c1b0cf7961b8331bb212c3ed2084fda3fc)
2007-10-10r23404: Fix wrong (and missing) action on error condition in ldap reply ↵Simo Sorce1-1/+5
evaluation loop Fixes one of the segfaults in bug #4667 (This used to be commit 176e1c0b692b9509a29bbbb2b35ad821dfb0d5aa)
2007-10-10r23402: Got bitten by a talloc hierarchy. Make sure we allocJeremy Allison1-3/+3
off the pipe ctx now ->names is part of the containing struct. Jeremy. (This used to be commit 02fd43490212e9ff8f784ce4d33d64566d58fd82)
2007-10-10r23400: Fix lsa crash bug #4683. The "names" enum structJeremy Allison4-44/+23
in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
2007-10-10r23398: Support membership of >16 groups on Darwin by making sure we opt in ↵James Peach2-0/+64
to the dynamic group resolution mechanism when switching UNIX credentials. (This used to be commit b5cb21e951550fe836b0ef5febc037af9a7f51ec)
2007-10-10r23396: Make VFS callbacks static. Mark operations as OPAQUE because theyJames Peach1-8/+9
do not pass through. (This used to be commit b9d6eee5d4d0894ded88455675a470cbf04d8f45)
2007-10-10r23393: Support BSD group semantics by making sure that the effective GID is ↵James Peach3-27/+103
always passed as the first GID when calling setgroups(2). (This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780)
2007-10-10r23391: Second part of the patch for Apple.Jeremy Allison1-14/+22
Change the sequence : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); to a function call : set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) James - should be safe for you to create a Darwin-specific version of this function now. Jeremy. (This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
2007-10-10r23390: First part of the patch to make Apple's life easier.Jeremy Allison1-6/+6
Doing this in two stages to make it very easy to review. Context switching must look like : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); Re-arrange order so these three calls are always seen together. Next will be to turn these into a function. Jeremy. (This used to be commit eb537185ee4a3f460709267c843c9303a9bb61b5)
2007-10-10r23389: Disabling ACL support on Darwin/Mac OS X for now.Michael Adam1-1/+5
Current configure check detects posix ACL support but compile of modules/vfs_posixacl.c fails due to missing defines in sys/acl.h: ACL_USER, ACL_USER_OBJ, ACL_GROUP, ACL_GROUP_OBJ, ACL_OTHER, ACL_MASK, ACL_WRITE, ACL_READ It has to be investigated, if this can be fixed within the posixacl vfs module or if we need a darwinacl module. Michael (This used to be commit f275991c2fc92cf1e140e4cf8f8bc1a7fbcbbb0c)
2007-10-10r23387: 1. This unifies the POSIX ACL detection code:Michael Adam1-75/+40
Linux, FreeBSD and other (which?) ACL implementations are now checked in the same block instead of in three separate blocks. This was inspired by Timur Bakeyev in Bug #4543. Since bugzilla is currently unavailable this patch is probably slightly different from Timurs original patch. This should finally fix Bug #4543. 2. The default of the --with-acl-support configure option is changed to "auto" (which is actually the same as "yes"). So configure tries to detect acl support by default. This had been discussed with Metze and others. Michael (This used to be commit 234b32c7bc18b3e450329dbee496d9f600a642ee)
2007-10-10r23380: netr_getdcname returns WERROR not NTSTATUS.Günther Deschner4-16/+16
Guenther (This used to be commit 5e75ea7f2b568d76c8ced5f43171741532cc97c2)