Jeremy Allison [Tue, 22 May 2007 20:20:01 +0000 (20:20 +0000)]
r23080: Fix bug #4637 - we hads missed some cases where
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6fa276ca4b0726fbb7baf0daafbdc46d)
Michael Adam [Tue, 22 May 2007 15:13:32 +0000 (15:13 +0000)]
r23078: Don't handle return code NT_STATUS_NONE_MAPPED from lookup sids
as an error. (This is purely cosmetic here, issuing a success
message at the end.)
(This used to be commit 4d9e8c91dc387cef37ea9035ac4483916e854732)
Michael Adam [Tue, 22 May 2007 13:40:01 +0000 (13:40 +0000)]
r23073: In the internal rpccli_lsa_lookup_sids_noalloc(), use a temporary
talloc context for use with the actual rpc query and response.
So the the parent context does not get flooded by the posslibly
large amount of response data (when looking up a lot of sids).
Note: It not possible, to simply use the names and domains arrays
as talloc contexts for the talloc_strdup calls, because from
rpccli_lsa_lookup_sids_all, this is called with names + offset
and domains + offset where names and domains are talloced
arraye for the complete response.
(This used to be commit 8e60900c5c5fccbe1718b805b6b1628d32b920d0)
Michael Adam [Tue, 22 May 2007 12:49:41 +0000 (12:49 +0000)]
r23072: In winbindd_ads.c:lookup_groupmem, replace the bottleneck
dn_lookup loop by a rpccli_lsa_lookupsids_all (see r23070)
call. This replaces one ldap search per member sid by one
rpc call per 1000 sids. This greatly speeds up groupmem
lookups for groups with lots of users.
Since the loop in lookup_groupmem was the only use of dn_lookup,
the function is removed.
Michael Adam [Tue, 22 May 2007 11:30:35 +0000 (11:30 +0000)]
r23070: The lsa rpc lookup sids call has a maximum number of SIDS to be
looked up at one time. This limit is at 20480 for w2k3.
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get
nothing back. Since typically rpccli_lsa_lookup_sids is given
one SID (or a small number of SIDS), this did not do harm
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.
I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.
If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.
Volker Lendecke [Mon, 21 May 2007 22:17:13 +0000 (22:17 +0000)]
r23055: Rewrite messages.c to use auto-generated marshalling in the tdb. I'm
doing this because for the clustering the marshalling is needed in more
than one place, so I wanted a decent routine to marshall a message_rec
struct which was not there before.
Tridge, this seems about the same speed as it used to be before, the
librpc/ndr overhead in my tests was under the noise.
Gerald Carter [Mon, 21 May 2007 21:33:51 +0000 (21:33 +0000)]
r23054: Move the check for the lookup_domain of S-1-22-{1,2} before the
check for IS_DC. Otherwise we will for example fail to lookup a
sid of S-1-22-1-780 because it has no valid struct winbindd_domain*
in the list. Thanks to Simo for the catch.
(This used to be commit f53aa56998411b90de238e12e9c3de7f2ff0d2b6)
Gerald Carter [Mon, 21 May 2007 20:36:22 +0000 (20:36 +0000)]
r23048: Simo is correct in that winbind_lookup{sid,name}_async() needs
to be able to handle SIDs in the S-1-22-{1,2} domain in order
for winbindd_sid_to_uid(), et. al. to succeed. For 3.0.25a,
we will short circuit in the sid_to_uid() family of functions
so that smbd is ok.
Gerald Carter [Mon, 21 May 2007 19:12:14 +0000 (19:12 +0000)]
r23046: Few missing merges from cleaning out the Centeris winbindd tree.
Nothing of major interest. Will fix a few problems with one way trusts.
(This used to be commit 3d48a7e72d9268fd495e0ca4b6e73bed5bb57214)
Jim McDonough [Mon, 21 May 2007 16:01:22 +0000 (16:01 +0000)]
r23041: Remainder of fix for 4630: fix special case of unix_to_nt_time() for
TIME_T_MAX, and also display of it in http_timestring()
(This used to be commit 2553b6a56d20ef6273001ae3b090e156e676592c)
Volker Lendecke [Sun, 20 May 2007 20:11:23 +0000 (20:11 +0000)]
r23024: Ok, neither the duplicates_allowed nor the timeout argument to
message_send_pid is used anymore. Two users of duplicates_allowed: winbind and
the printer notify system.
I don't thing this really changes semantics: duplicates_allowed is hell racy
anyway, we can't guarantee that we don't send the same message in sequence
twice, and I think the only thing we can harm with the print notify is
performance.
For winbind I talked to Günther, and he did not seem too worried.
Volker Lendecke [Sun, 20 May 2007 19:43:49 +0000 (19:43 +0000)]
r23023: Get rid of the only caller of message_send_pid_with_timeout(). This replaces
the timeouts on the individual message send calls with an overall timeout on
all the calls.
The timeout in message_send_pid_with_timeout() did not make much sense IMO
anyway, because the tdb_fetch() for the messages_pending_for_pid was blocking
in a readlock anyway, we "just" did the timeout for the write lock.
This new code goes through the full wait for the write lock once and then
breaks out of sending the notifies instead of running into the timeout per
target.
Jeremy Allison [Sat, 19 May 2007 20:57:12 +0000 (20:57 +0000)]
r23014: For all branches, ensure that if we're blocked on a POSIX
lock we know nothing about that we retry the lock every
10 seconds instead of waiting for the standard select
timeout. This is how we used to (and are supposed to)
work.
Jeremy.
(This used to be commit fa18fc25a50cf13c687ae88e7e5e2dda1120e017)
Jeremy Allison [Fri, 18 May 2007 23:38:56 +0000 (23:38 +0000)]
r23005: If we're running on a system where time_t is 8 bytes
we have to take care to preserve the "special" values
for Windows of 0x80000000 and 0x7FFFFFFF when casting
between time_t and uint32. Add conversion functions
(and use them).
Jeremy.
(This used to be commit 4e1a0b2549f7c11326deed2801de19564af0f16a)
Volker Lendecke [Fri, 18 May 2007 08:35:01 +0000 (08:35 +0000)]
r22994: Fix HP/UX compiler flags by Don McCall. Lets see how the other HP/UX
boxes like this. Thanks, Don!
(This used to be commit c53cf972cf35fc344eb40078a1a778260a3de07f)
Steve French [Thu, 17 May 2007 22:40:48 +0000 (22:40 +0000)]
r22982: Do not prompt for password on sec=none for mount.cifs (and allow guest
option to pass to kernel code so it can know when to retry)
(This used to be commit 500d9236c419be6ec32cc209279aeea2234f1a21)
Steve French [Thu, 17 May 2007 22:28:28 +0000 (22:28 +0000)]
r22979: Revert previous checkin (which had some debug junk) and fix misc frees that
valgrind noticed
(This used to be commit c8aa60692ba23c43820b820db3371a86dfbf40b5)
Gerald Carter [Thu, 17 May 2007 22:27:42 +0000 (22:27 +0000)]
r22978: Don't use current_user to prep the security ctx in change_to_user
since any SID/uid/gid translation calls will reset the struct when
popping the security ctx. This should fix the standalone server
configuration issues reported by David Rankin (thanks for the logs).
(This used to be commit 63cb25bad19d9600399a6ee2221497d71e805320)
Gerald Carter [Thu, 17 May 2007 19:56:54 +0000 (19:56 +0000)]
r22977: Trim noise by removing redundant WARNING log message that
would flood at log level 2. We know when we're using the legacy
mapping code anyways since it will log an informative msg.
(This used to be commit 51aac0fcb4528df790aa3ae078f9ef639cc01363)
Gerald Carter [Thu, 17 May 2007 19:16:27 +0000 (19:16 +0000)]
r22975: BUG 4616: Don't return a dns or forest name when replying to the
DsDGetPrimaryRoleInfo() and configured for security = domain.
(This used to be commit 55ba4a04d0efe2ae7b0d945648b2db801ff9e9f1)
r22973: Apparently, 3.0.25 broke smb4k badly ;-)
smb4k uses 'net rap server domain' to list servers in domain.
Previously we just ignored all arguments in net_rap_server() but now we don't
as 'net rap server name' has added an explicit check on arguments.
Jeremy Allison [Wed, 16 May 2007 22:52:17 +0000 (22:52 +0000)]
r22956: Fix security=server (bug #4622). Volker's patch
(slightly truncated by me). Will be in 3.0.25a.
Jeremy.
(This used to be commit 039fb906af883a7ca1a68955f1b36b583fe1b698)
Volker Lendecke [Wed, 16 May 2007 20:02:32 +0000 (20:02 +0000)]
r22953: Well, this apparently has never been tested. But *this* code never saw a
release yet .... ;-))
(This used to be commit f93b6353fe18e2c992a3dad96afd1a4c16032c55)
Michael Adam [Wed, 16 May 2007 11:15:16 +0000 (11:15 +0000)]
r22931: Fix logic in detection of the need to replace dlopen and friends.
Originally, dlfcn.o was only added to LIBREPLACEOBJ if dlopen
was found in libdl but header dlfcn.h was not appropriate.
Jeremy Allison [Wed, 16 May 2007 00:07:38 +0000 (00:07 +0000)]
r22920: Add in the UNIX capability for 24-bit readX, as discussed
with the Apple guys and Linux kernel guys. Still looking
at how to do writeX as there's no recvfile().
Jeremy.
(This used to be commit a53268fb2082de586e2df250d8ddfcff53379102)
Derrell Lipman [Tue, 15 May 2007 19:10:29 +0000 (19:10 +0000)]
r22914: - Fixes bug 4599. A missing <code>if</code> statement forced subseqeuent
attempts to set attributes to fail.
- I also noticed that missing attributes were setting an invalid return string
by getxattr(), e.g. if there was not group, the return string had "GROUP:;"
instead of excluding the GROUP attribute entirely as it should. The big
problem with the way it was, is that the string could not then be passed to
setxattr() and parsed.
(This used to be commit 7213b5ebec8cd7f1955f5aa8ee4050c39cd11ed1)
Günther Deschner [Tue, 15 May 2007 13:46:26 +0000 (13:46 +0000)]
r22903: Now that we have the on-disc trustdomaincache with type flags we can better
decide whether it's worth to register a krb5 ticket gain handler while users
logon offline.
Michael Adam [Tue, 15 May 2007 10:47:40 +0000 (10:47 +0000)]
r22893: Use ldap_rename_s instead of deprecated ldap_rename2_s.
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.
r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
Strip them out when referencing share_type[] entries.
Apparently, some Windows XP installs create shares set to STYPE_HIDDEN by default, found by
Damir Shayhutdinov <damir@altlinux.org>. This also fixes smb4k crashes as it does call 'net share -l'.
(This used to be commit c3f4fdd37e62491a11d3993864ba51fdb596ea1b)
Derrell Lipman [Mon, 14 May 2007 14:19:30 +0000 (14:19 +0000)]
r22850: - Fixes bug 4601. smbc_getxattr() would not, in one case, properly return the
required size of a buffer needed to contain the extended attributes.
(This used to be commit 34f77af02e2073ccaabe1583011abeeabbbb24e1)
Michael Adam [Mon, 14 May 2007 13:31:42 +0000 (13:31 +0000)]
r22847: The new validate_panic function calls exit (instead of setting
a global error flag an returning), so cleanups and returns
subsequent to calls of smb_panic_fn have become unnecessary.
(This used to be commit 9d2db8c70f10a9285abd4a61fa66ee8aff2e7e6b)
Volker Lendecke [Mon, 14 May 2007 13:01:28 +0000 (13:01 +0000)]
r22846: Chunk one to replace message_send_pid with messaging_send: Deep inside
locking/locking.c we have to send retry messages to timed lock holders.
The majority of this patch passes a "struct messaging_context" down
there. No functional change, survives make test.
(This used to be commit bbb508414683eeddd2ee0d2d36fe620118180bbb)
Michael Adam [Mon, 14 May 2007 12:57:24 +0000 (12:57 +0000)]
r22845: Modified and extended the winbindd cache validation code:
* Replaced signal catching/longjmp magic by a fork:
Let the child do the actual validation of the entries.
Exit code and signals are intercepted by waitpid.
* Fix logic so that also encounter of an unknown key in the
tdb leads to an error.
* Extended status of validation is kept in a (as yet simple)
stuct and communicated over a pipe from child to parent.
* Added two validation_ functions for two new keys.
The call of winbindd_validate_cache is still commented out
in the winbindd main loop. But I am currently testing it
and so far it seems to work fine.
The next step in my plan is to generalize the validation
mechanism to a tdb_open_log_validate function in lib/util_tdb.c.
There ist nothing very special about the cache tdb here,
and this might be useful elsewhere...
Volker Lendecke [Mon, 14 May 2007 12:16:20 +0000 (12:16 +0000)]
r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
(This used to be commit b090b8983bf26779c476c047e952e475c095932e)
Volker Lendecke [Sat, 12 May 2007 19:53:47 +0000 (19:53 +0000)]
r22819: Fix Bug 4613. We just dumped the must change & friends. With the
pass_last_changed == 0 we now return "Change now!" instead of "Change
never"
(This used to be commit 450e4d94f64f86a3dd709265d15ed5082d4b53e8)
projects / thirdparty / samba.git / log
