Work around iconv conversion failure from generated smb.conf.5 on Ubuntu 8.04.
Have no idea why the previous sequence of characters was causing
iconv to choke on my Ubuntu 8.04. Reword the entry some
for clarity and to advoid this failure.
(cherry picked from commit b0b4bd2466658deacb1de3d58154bcc8d198d675)
Michael Adam [Mon, 26 May 2008 10:38:48 +0000 (12:38 +0200)]
winbind: correctly omit check for trusted domain support in cm_prepare_connection
when checking for a trusted domain situation.
This is how it was meant to be:
Otherwise, with a dc-trusted-domain situation but trusted domains disabled,
we would attempt to do a session setup and fail (wouldn't even get a trust
password).
Michael Adam [Mon, 26 May 2008 09:58:11 +0000 (11:58 +0200)]
loadarm: fix testparm with "config backend = registry".
Set the iServiceIndex to "-1" for starup with either config
backend (originally only for text backend). Otherwise,
process_registry_shares() will fail.
Currently, the only user of lp_load_with_registry_shares() is testparm.
cli_session_setup_spnego() was not taking into consideration the situation
where we're connecting to a trusted domain, specifically one (like W2K8)
which doesn't return a SPN in the NegTokenInit.
This caused two problems:
1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we
were always using our default realm, not the realm of the domain we're
connecting to.
2) When falling back on NTLMSSP for authentication we were passing the name
of the domain we're connecting to for use in our credentials when we should be
passing our own workgroup name.
The fix for both was to split the single "domain" parameter into
"user_domain" and "dest_realm" parameters. We use the "user_domain"
parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN
if none was returned in the NegTokenInit2 packet. If no "dest_realm" is
provided we assume we're connecting to our own domain and use the credentials
cache to build the SPN.
Since we have a reasonable guess at the SPN, I removed the check that defaults
us directly to NTLM when negHint is empty.
Jeremy Allison [Thu, 22 May 2008 23:23:07 +0000 (16:23 -0700)]
Remove MAX_SESS_ENTRIES and MAX_CONN_ENTRIES limits
as they are no longer needed now we have IDL marshalling.
Change the calculation of the 32-bit fileid we return
to a Windows client. We can't just use the generation
count as it starts at zero for every smbd - and this
command must enumerate all files open across all smbds.
We'd really like combination of process-id + dev + inode +
generation count to be unique, but as we can't fit that
into 32 bits just use 16 bits of pid + generation count.
Jeremy.
Jeremy Allison [Thu, 22 May 2008 21:28:13 +0000 (14:28 -0700)]
Fix 2 bugs with displaying open file state. Firstly
the IDL is documented incorrectly in the MS-DOCS.
Username and path need to be reversed (yes I will
raise this with MS). Secondly, we need to check
access_mask for the permissions, not share_access
(share_access are the deny modes).
Jeremy.
Steven Danneman [Thu, 22 May 2008 03:16:33 +0000 (20:16 -0700)]
Make WINBINDD_LIST_GROUPS handler asynchronous.
Previously WINBINDD_LIST_GROUPS requests (ex: wbinfo -g) were handled by the
winbindd parent process in a sequential fashion. This patch, delegates the work
to the winbindd children so that the request is handled much faster in large
domain topologies, and doesn't block the parent from receiving new requests.
The core group enumeration and conversion that was handled in
winbindd_list_groups() has been moved into winbindd_dual_list_groups() to be
done by the child.
The parent winbindd_list_groups() simply calls each of the children
asynchronously.
listgroups_recv() aggregates the final group list that will be returned to the
client and tracks how many of the children have returned their lists.
The domain name of the child is passed back through the callbacks to be used in
debugging messages.
There are also several fixes to typos in various comments.
Volker Lendecke [Tue, 20 May 2008 19:54:36 +0000 (21:54 +0200)]
Fix nesting tdb_traverse in a transaction
Calling tdb_traverse inside a transaction led to the transaction lock being
held indefinitely. This was caused by the tdb_transaction_lock/unlock inside
tdb_traverse: The transaction code holds the global lock at offset
TRANSACTION_LOCK. The call to tdb_transaction_lock does nothing because the
transaction_lock is already being held. tdb_transaction_unlock inside tdb_wrap
resets tdb->have_transaction_lock but does not release the kernel-level fcntl
lock. transaction_commit later on does not release that fcntl lock either,
because tdb->have_transaction_lock was already reset by tdb_transaction().
This patch does fix that problem for me. An alternative would be to make
tdb->have_transaction_lock a counter that can cope with proper nesting, maybe
in other places as well.
projects / thirdparty / samba.git / log
