svn commit: samba r22693 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_26/source/smbd
Author: vlendec Date: 2007-05-06 08:22:59 + (Sun, 06 May 2007) New Revision: 22693 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22693 Log: Always compile before checkin I've now installed dmapi on my laptop :-) Modified: branches/SAMBA_3_0/source/smbd/dmapi.c branches/SAMBA_3_0_26/source/smbd/dmapi.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/dmapi.c === --- branches/SAMBA_3_0/source/smbd/dmapi.c 2007-05-05 22:47:07 UTC (rev 22692) +++ branches/SAMBA_3_0/source/smbd/dmapi.c 2007-05-06 08:22:59 UTC (rev 22693) @@ -153,7 +153,8 @@ /* No session already defined. */ if (dmapi_session == DM_NO_SESSION) { err = dm_create_session(DM_NO_SESSION, - CONST_DISCARD(DMAPI_SESSION_NAME), + CONST_DISCARD(char *, + DMAPI_SESSION_NAME), dmapi_session); if (err 0) { DEBUGADD(DMAPI_TRACE, Modified: branches/SAMBA_3_0_26/source/smbd/dmapi.c === --- branches/SAMBA_3_0_26/source/smbd/dmapi.c 2007-05-05 22:47:07 UTC (rev 22692) +++ branches/SAMBA_3_0_26/source/smbd/dmapi.c 2007-05-06 08:22:59 UTC (rev 22693) @@ -153,7 +153,8 @@ /* No session already defined. */ if (dmapi_session == DM_NO_SESSION) { err = dm_create_session(DM_NO_SESSION, - CONST_DISCARD(DMAPI_SESSION_NAME), + CONST_DISCARD(char *, + DMAPI_SESSION_NAME), dmapi_session); if (err 0) { DEBUGADD(DMAPI_TRACE,
svn commit: samba r22694 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: vlendec Date: 2007-05-06 11:03:33 + (Sun, 06 May 2007) New Revision: 22694 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22694 Log: It seems that AIX 5.3 with XLC has difficulties with ctype.h. This is an attempt to work around this: Maybe it helps if we include other stuff first. This raises a question however: Do we want the DN handling to be locale dependent? isalpha() can return different things depending on the current locale. Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 08:22:59 UTC (rev 22693) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 11:03:33 UTC (rev 22694) @@ -34,8 +34,8 @@ * Author: Simo Sorce */ +#include ldb_includes.h #include ctype.h -#include ldb_includes.h #define LDB_DN_NULL_FAILED(x) if (!(x)) goto failed
svn commit: samba r22695 - in branches/SAMBA_3_0/source/smbd: .
Author: vlendec Date: 2007-05-06 13:46:30 + (Sun, 06 May 2007) New Revision: 22695 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22695 Log: Dummy checkin (reformatting) to make the AIX hosts retry. Modified: branches/SAMBA_3_0/source/smbd/process.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/process.c === --- branches/SAMBA_3_0/source/smbd/process.c2007-05-06 11:03:33 UTC (rev 22694) +++ branches/SAMBA_3_0/source/smbd/process.c2007-05-06 13:46:30 UTC (rev 22695) @@ -144,11 +144,11 @@ for (pml = deferred_open_queue; pml; pml = pml-next) { uint16 msg_mid = SVAL(pml-buf.data,smb_mid); - DEBUG(10,(schedule_deferred_open_smb_message: [%d] msg_mid = %u\n, i++, - (unsigned int)msg_mid )); + DEBUG(10, (schedule_deferred_open_smb_message: [%d] + msg_mid = %u\n, i++, (unsigned int)msg_mid )); if (mid == msg_mid) { - DEBUG(10,(schedule_deferred_open_smb_message: scheduling mid %u\n, - mid )); + DEBUG(10, (schedule_deferred_open_smb_message: + scheduling mid %u\n, mid)); pml-end_time.tv_sec = 0; pml-end_time.tv_usec = 0; DLIST_PROMOTE(deferred_open_queue, pml); @@ -156,8 +156,8 @@ } } - DEBUG(10,(schedule_deferred_open_smb_message: failed to find message mid %u\n, - mid )); + DEBUG(10, (schedule_deferred_open_smb_message: failed to find + message mid %u\n, mid )); } /
Re: svn commit: samba r22694 - in branches/SAMBA_4_0/source/lib/ldb/common: .
On Sun, 2007-05-06 at 11:03 +, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2007-05-06 11:03:33 + (Sun, 06 May 2007) New Revision: 22694 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22694 Log: It seems that AIX 5.3 with XLC has difficulties with ctype.h. This is an attempt to work around this: Maybe it helps if we include other stuff first. This raises a question however: Do we want the DN handling to be locale dependent? isalpha() can return different things depending on the current locale. Uhmm, we may want to add an isascii() on top, just to be sure (attribute names can contain only ascii chars). Thanks, for spotting this. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org
svn commit: samba r22696 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: idra Date: 2007-05-06 15:17:14 + (Sun, 06 May 2007) New Revision: 22696 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22696 Log: Make sure this is an ascii char spotted by Volker Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 13:46:30 UTC (rev 22695) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2007-05-06 15:17:14 UTC (rev 22696) @@ -292,6 +292,12 @@ /* first char */ trim = false; + if (!isascii(*p)) { + /* attr names must be ascii only */ + dn-invalid = true; + goto failed; + } + if (isdigit(*p)) { is_oid = true; } else @@ -338,6 +344,12 @@ continue; } + if (!isascii(*p)) { + /* attr names must be ascii only */ + dn-invalid = true; + goto failed; + } + if (is_oid ( ! (isdigit(*p) || (*p == '.' { /* not a digit nor a dot, invalid attribute oid */ dn-invalid = true;
svn commit: samba r22697 - in branches/SAMBA_4_0/source: . build/m4 lib
Author: jelmer Date: 2007-05-06 15:31:03 + (Sun, 06 May 2007) New Revision: 22697 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22697 Log: Support building with external talloc. Modified: branches/SAMBA_4_0/source/build/m4/public.m4 branches/SAMBA_4_0/source/configure.ac branches/SAMBA_4_0/source/lib/basic.mk Changeset: Modified: branches/SAMBA_4_0/source/build/m4/public.m4 === --- branches/SAMBA_4_0/source/build/m4/public.m42007-05-06 15:17:14 UTC (rev 22696) +++ branches/SAMBA_4_0/source/build/m4/public.m42007-05-06 15:31:03 UTC (rev 22697) @@ -6,12 +6,14 @@ dnl dnl SMB_SUBSYSTEM(name,obj_files,required_subsystems) dnl -dnl SMB_EXT_LIB_FROM_PKGCONFIG(name,pkg-config name) +dnl SMB_EXT_LIB_FROM_PKGCONFIG(name,pkg-config name,[ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) dnl dnl SMB_EXT_LIB(name,libs,cflags,cppflags,ldflags) dnl dnl SMB_ENABLE(name,default_build) dnl +dnl SMB_INCLUDE_MK(file) +dnl dnl ### dnl ### And now the implementation ### dnl ### @@ -32,7 +34,7 @@ ]) -dnl SMB_EXT_LIB_FROM_PKGCONFIG(name,pkg-config name) +dnl SMB_EXT_LIB_FROM_PKGCONFIG(name,pkg-config name,[ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], [ dnl Figure out the correct variables and call SMB_EXT_LIB() @@ -46,8 +48,10 @@ echo *** in your path, or set the PKG_CONFIG environment variable echo *** to the full path to pkg-config. echo *** Or see http://www.freedesktop.org/software/pkgconfig to get pkg-config. - SMB_EXT_LIB($1) - SMB_ENABLE($1, NO) + SMB_EXT_LIB($1) + SMB_ENABLE($1, NO) + $4 + else if $PKG_CONFIG --atleast-pkgconfig-version 0.9.0; then AC_MSG_CHECKING(for $2) @@ -55,6 +59,7 @@ if test $SMB_$1x = NOx ; then SMB_ENABLE($1, NO) AC_MSG_RESULT(disabled) + $4 elif $PKG_CONFIG --exists '$2' ; then AC_MSG_RESULT(yes) @@ -76,22 +81,33 @@ [`$PKG_CONFIG --cflags-only-other '$2'`], [`$PKG_CONFIG --cflags-only-I '$2'`], [`$PKG_CONFIG --libs-only-other '$2'` `$PKG_CONFIG --libs-only-L '$2'`]) + $3 else SMB_EXT_LIB($1) SMB_ENABLE($1, NO) AC_MSG_RESULT(no) $PKG_CONFIG --errors-to-stdout --print-errors '$2' + $4 fi else echo *** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer. echo *** See http://www.freedesktop.org/software/pkgconfig; SMB_EXT_LIB($1) SMB_ENABLE($1, NO) + $4 fi fi ]) +dnl SMB_INCLUDE_MK(file) +AC_DEFUN([SMB_INCLUDE_MK], +[ +SMB_INFO_EXT_LIBS=$SMB_INFO_EXT_LIBS +include $1 + +]) + dnl SMB_EXT_LIB(name,libs,cflags,cppflags,ldflags) AC_DEFUN([SMB_EXT_LIB], [ Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2007-05-06 15:17:14 UTC (rev 22696) +++ branches/SAMBA_4_0/source/configure.ac 2007-05-06 15:31:03 UTC (rev 22697) @@ -25,7 +25,10 @@ m4_include(lib/popt/samba.m4) m4_include(lib/charset/config.m4) m4_include(lib/socket/config.m4) -m4_include(lib/talloc/libtalloc.m4) +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.0, [], [ + m4_include(lib/talloc/libtalloc.m4) + SMB_INCLUDE_MK(lib/talloc/config.mk) +]) m4_include(lib/tdb/libtdb.m4) m4_include(lib/ldb/sqlite3.m4) m4_include(lib/ldb/libldb.m4) Modified: branches/SAMBA_4_0/source/lib/basic.mk === --- branches/SAMBA_4_0/source/lib/basic.mk 2007-05-06 15:17:14 UTC (rev 22696) +++ branches/SAMBA_4_0/source/lib/basic.mk 2007-05-06 15:31:03 UTC (rev 22697) @@ -3,7 +3,6 @@ include socket/config.mk include charset/config.mk include ldb/config.mk -include talloc/config.mk include tdb/config.mk include tls/config.mk include registry/config.mk
svn commit: samba r22698 - in branches/SAMBA_4_0/source: . lib
Author: jelmer Date: 2007-05-06 15:46:24 + (Sun, 06 May 2007) New Revision: 22698 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22698 Log: Support using system tdb, when available. Modified: branches/SAMBA_4_0/source/configure.ac branches/SAMBA_4_0/source/lib/basic.mk Changeset: Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2007-05-06 15:31:03 UTC (rev 22697) +++ branches/SAMBA_4_0/source/configure.ac 2007-05-06 15:46:24 UTC (rev 22698) @@ -29,7 +29,10 @@ m4_include(lib/talloc/libtalloc.m4) SMB_INCLUDE_MK(lib/talloc/config.mk) ]) -m4_include(lib/tdb/libtdb.m4) +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, [], [ +m4_include(lib/tdb/libtdb.m4) +SMB_INCLUDE_MK(lib/tdb/config.mk) +]) m4_include(lib/ldb/sqlite3.m4) m4_include(lib/ldb/libldb.m4) m4_include(lib/tls/config.m4) Modified: branches/SAMBA_4_0/source/lib/basic.mk === --- branches/SAMBA_4_0/source/lib/basic.mk 2007-05-06 15:31:03 UTC (rev 22697) +++ branches/SAMBA_4_0/source/lib/basic.mk 2007-05-06 15:46:24 UTC (rev 22698) @@ -3,7 +3,6 @@ include socket/config.mk include charset/config.mk include ldb/config.mk -include tdb/config.mk include tls/config.mk include registry/config.mk include messaging/config.mk
svn commit: samba r22699 - in branches/SAMBA_4_0/source/lib/popt: .
Author: jelmer Date: 2007-05-06 15:58:12 + (Sun, 06 May 2007) New Revision: 22699 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22699 Log: Reduce amount of magic required for popt detection. Added: branches/SAMBA_4_0/source/lib/popt/config.mk Modified: branches/SAMBA_4_0/source/lib/popt/samba.m4 Changeset: Added: branches/SAMBA_4_0/source/lib/popt/config.mk === --- branches/SAMBA_4_0/source/lib/popt/config.mk2007-05-06 15:46:24 UTC (rev 22698) +++ branches/SAMBA_4_0/source/lib/popt/config.mk2007-05-06 15:58:12 UTC (rev 22699) @@ -0,0 +1,7 @@ +[SUBSYSTEM::LIBPOPT] +OBJ_FILES = findme.o \ + popt.o \ + poptconfig.o \ + popthelp.o \ + poptparse.o +CFLAGS = -Ilib/popt Modified: branches/SAMBA_4_0/source/lib/popt/samba.m4 === --- branches/SAMBA_4_0/source/lib/popt/samba.m4 2007-05-06 15:46:24 UTC (rev 22698) +++ branches/SAMBA_4_0/source/lib/popt/samba.m4 2007-05-06 15:58:12 UTC (rev 22699) @@ -2,9 +2,7 @@ if test x$POPT_OBJ = x; then SMB_EXT_LIB(LIBPOPT, [${POPT_LIBS}]) - SMB_ENABLE(LIBPOPT,YES) else - SMB_SUBSYSTEM(LIBPOPT, - [lib/popt/findme.o lib/popt/popt.o lib/popt/poptconfig.o lib/popt/popthelp.o lib/popt/poptparse.o], [], [-Ilib/popt]) + SMB_INCLUDE_MK(lib/popt/config.mk) fi
svn commit: samba r22700 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 18:39:31 + (Sun, 06 May 2007) New Revision: 22700 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22700 Log: Add a simple wcache TRUSTDOM api for maintaing a complete list of trusted domains without requiring each winbindd process to aquire this on its own. This is needed for various idmap plugins and for dealing with different trust topoligies. list_trusted_domain() patches coming next. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd.h branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c Changeset: Sorry, the patch is too large (1033 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22700
svn commit: samba r22701 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_26/source/libads
Author: jerry Date: 2007-05-06 18:56:43 + (Sun, 06 May 2007) New Revision: 22701 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22701 Log: Fix the krb5_nt_status error table and add the no DCs found mapping Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c branches/SAMBA_3_0_26/source/libads/krb5_errs.c Changeset: Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c === --- branches/SAMBA_3_0/source/libads/krb5_errs.c2007-05-06 18:39:31 UTC (rev 22700) +++ branches/SAMBA_3_0/source/libads/krb5_errs.c2007-05-06 18:56:43 UTC (rev 22701) @@ -58,10 +58,12 @@ #endif {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE}, {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE}, - {KRB5KDC_ERR_NONE, NT_STATUS_OK}, {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY}, {ENOMEM, NT_STATUS_NO_MEMORY}, - {0, NT_STATUS_OK} + {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, + + /* Must be last entry */ + {KRB5KDC_ERR_NONE, NT_STATUS_OK} }; static const struct { Modified: branches/SAMBA_3_0_26/source/libads/krb5_errs.c === --- branches/SAMBA_3_0_26/source/libads/krb5_errs.c 2007-05-06 18:39:31 UTC (rev 22700) +++ branches/SAMBA_3_0_26/source/libads/krb5_errs.c 2007-05-06 18:56:43 UTC (rev 22701) @@ -58,10 +58,12 @@ #endif {KRB5_CC_NOTFOUND, NT_STATUS_NO_SUCH_FILE}, {KRB5_FCC_NOFILE, NT_STATUS_NO_SUCH_FILE}, - {KRB5KDC_ERR_NONE, NT_STATUS_OK}, {KRB5_RC_MALLOC, NT_STATUS_NO_MEMORY}, {ENOMEM, NT_STATUS_NO_MEMORY}, - {0, NT_STATUS_OK} + {KRB5_REALM_CANT_RESOLVE, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND}, + + /* Must be last entry */ + {KRB5KDC_ERR_NONE, NT_STATUS_OK} }; static const struct {
svn commit: samba r22702 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:01:54 + (Sun, 06 May 2007) New Revision: 22702 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22702 Log: Convert both lookup name and lookup sid to follow the same heuristic. First try our DC and then try a DC in the root of our forest. Use a temporary state since winbindd_lookupXXX_async() is called from various winbindd API entry points. Note this will break the compile. That will be fixed in the next commit. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c Changeset: Sorry, the patch is too large (581 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22702
svn commit: samba r22703 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:04:31 + (Sun, 06 May 2007) New Revision: 22703 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22703 Log: Convert winbindd_getgrgid() and winbindd_getgetpwnam() to use the same code path after we resolve the name/gid to a SID. Use the async lookupname/lookupsid interface. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_group.c Changeset: Sorry, the patch is too large (619 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22703
svn commit: samba r22704 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/include SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:17:30 + (Sun, 06 May 2007) New Revision: 22704 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22704 Log: Implement three step method for enumerating domain trusts. (a) Query our primary domain for trusts (b) Query all tree roots in our forest (c) Query all forest roots in trusted forests. This will give us a complete trust topology including domains via transitive Krb5 trusts. We also store the trust type, flags, and attributes so we can determine one-way trusted domains (outgoing only trust path). Patch for one-way trusts coming in a later check-in. wbinfo -m now lists all domains in the domain_list() as held by the main winbindd process. Modified: branches/SAMBA_3_0/source/include/rpc_ds.h branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/nsswitch/winbindd_misc.c branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_26/source/include/rpc_ds.h branches/SAMBA_3_0_26/source/nsswitch/winbindd.c branches/SAMBA_3_0_26/source/nsswitch/winbindd.h branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_misc.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c Changeset: Sorry, the patch is too large (1141 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22704
svn commit: samba r22705 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:37:13 + (Sun, 06 May 2007) New Revision: 22705 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22705 Log: Implement new set_dc_type_and_flags() called based on the information return from our DC in the DsEnumerateDomainTrusts() call. If the fails, we callback ot the older connect-to-the-remote-domain method. Note that this means we can only reliably expect the native_mode flag to be set for our own domain as this information in not available outside our primary domain from the trusted information. This is ok as we only really need the flag when trying to determine to enumerate domain local groups via RPC. Use the AD flag rather than the native_mode flag when using ldap to obtain the seq_num for a domain. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c Changeset: Sorry, the patch is too large (535 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22705
svn commit: samba r22706 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:39:41 + (Sun, 06 May 2007) New Revision: 22706 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22706 Log: missed one reference to domain-native_mode in the previous commit Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-05-06 19:37:13 UTC (rev 22705) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-05-06 19:39:41 UTC (rev 22706) @@ -275,7 +275,7 @@ DEBUG(3,(ads: enum_dom_groups\n)); /* only grab domain local groups for our domain */ - if ( domain-native_mode strequal(lp_realm(), domain-alt_name) ) { + if ( domain-active_directory strequal(lp_realm(), domain-alt_name) ) { enum_dom_local_groups = True; } Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c2007-05-06 19:37:13 UTC (rev 22705) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c2007-05-06 19:39:41 UTC (rev 22706) @@ -275,7 +275,7 @@ DEBUG(3,(ads: enum_dom_groups\n)); /* only grab domain local groups for our domain */ - if ( domain-native_mode strequal(lp_realm(), domain-alt_name) ) { + if ( domain-active_directory strequal(lp_realm(), domain-alt_name) ) { enum_dom_local_groups = True; }
svn commit: samba r22707 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:42:25 + (Sun, 06 May 2007) New Revision: 22707 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22707 Log: missed merge from local tree: pass the correct state to the domain when calling the async lookupsid() routine Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-06 19:39:41 UTC (rev 22706) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-06 19:42:25 UTC (rev 22707) @@ -797,7 +797,7 @@ s-caller_private_data = private_data; do_async_domain(mem_ctx, domain, request, lookupsid_recv, - (void *)cont, private_data); + (void *)cont, s); } enum winbindd_result winbindd_dual_lookupsid(struct winbindd_domain *domain, Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-06 19:39:41 UTC (rev 22706) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-06 19:42:25 UTC (rev 22707) @@ -797,7 +797,7 @@ s-caller_private_data = private_data; do_async_domain(mem_ctx, domain, request, lookupsid_recv, - (void *)cont, private_data); + (void *)cont, s); } enum winbindd_result winbindd_dual_lookupsid(struct winbindd_domain *domain,
svn commit: samba r22708 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:46:03 + (Sun, 06 May 2007) New Revision: 22708 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22708 Log: disable saving the trusted domain list as we want to the parent daemon to manage the complete trusted domain cache Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 19:42:25 UTC (rev 22707) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 19:46:03 UTC (rev 22708) @@ -2021,6 +2021,10 @@ status = NT_STATUS_OK; } + +#if 0/* Disabled as we want the trust dom list to be managed by + the main parent and always to make the query. --jerry */ + /* and save it */ refresh_sequence_number(domain, False); @@ -2041,6 +2045,8 @@ centry_free(centry); skip_save: +#endif + return status; } Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 19:42:25 UTC (rev 22707) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 19:46:03 UTC (rev 22708) @@ -1999,6 +1999,10 @@ status = NT_STATUS_OK; } + +#if 0/* Disabled as we want the trust dom list to be managed by + the main parent and always to make the query. --jerry */ + /* and save it */ refresh_sequence_number(domain, False); @@ -2019,6 +2023,8 @@ centry_free(centry); skip_save: +#endif + return status; }
svn commit: samba r22709 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 19:48:13 + (Sun, 06 May 2007) New Revision: 22709 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22709 Log: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC) Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2007-05-06 19:46:03 UTC (rev 22708) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2007-05-06 19:48:13 UTC (rev 22709) @@ -2092,7 +2092,7 @@ return NT_STATUS_OK; } - if (!get_trust_pw(domain-name, mach_pwd, sec_chan_type)) { + if (domain-primary !get_trust_pw(domain-name, mach_pwd, sec_chan_type)) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -2102,6 +2102,12 @@ return result; } + if ( !domain-primary ) { + /* Clear the schannel request bit and drop down */ + neg_flags = ~NETLOGON_NEG_SCHANNEL; + goto no_schannel; + } + if (lp_client_schannel() != False) { neg_flags |= NETLOGON_NEG_SCHANNEL; } @@ -2146,6 +2152,7 @@ return NT_STATUS_ACCESS_DENIED; } + no_schannel: if ((lp_client_schannel() == False) || ((neg_flags NETLOGON_NEG_SCHANNEL) == 0)) { /* We're done - just keep the existing connection to NETLOGON Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c 2007-05-06 19:46:03 UTC (rev 22708) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c 2007-05-06 19:48:13 UTC (rev 22709) @@ -2092,7 +2092,7 @@ return NT_STATUS_OK; } - if (!get_trust_pw(domain-name, mach_pwd, sec_chan_type)) { + if (domain-primary !get_trust_pw(domain-name, mach_pwd, sec_chan_type)) { return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } @@ -2102,6 +2102,12 @@ return result; } + if ( !domain-primary ) { + /* Clear the schannel request bit and drop down */ + neg_flags = ~NETLOGON_NEG_SCHANNEL; + goto no_schannel; + } + if (lp_client_schannel() != False) { neg_flags |= NETLOGON_NEG_SCHANNEL; } @@ -2146,6 +2152,7 @@ return NT_STATUS_ACCESS_DENIED; } + no_schannel: if ((lp_client_schannel() == False) || ((neg_flags NETLOGON_NEG_SCHANNEL) == 0)) { /* We're done - just keep the existing connection to NETLOGON
svn commit: samba r22710 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 20:16:12 + (Sun, 06 May 2007) New Revision: 22710 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22710 Log: Support one-way trusts. * Rely on the fact that name2sid will work for any name in a trusted domain will work against our primary domain (even in the absense of an incoming trust path) * Only logons will reliably work and the idmap backend is responsible for being able to manage id's without contacting the trusted domain * getent passwd and getent group for trusted users and groups will work but we cannot get the group membership of a user in any fashion without the user first logging on (via NTLM or krb5) and the netsamlogon_cache being updated. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0/source/nsswitch/winbindd_user.c branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_user.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_util.c Changeset: Sorry, the patch is too large (1241 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22710
svn commit: samba r22711 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 20:32:36 + (Sun, 06 May 2007) New Revision: 22711 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22711 Log: Fix a compile warnign in query_user(). Ensure that user_rid is initialized. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-05-06 20:16:12 UTC (rev 22710) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2007-05-06 20:32:36 UTC (rev 22711) @@ -461,7 +461,6 @@ char *sidstr; uint32 group_rid; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - uint32 user_rid; NET_USER_INFO_3 *user; DEBUG(3,(ads: query_user\n)); @@ -478,7 +477,7 @@ DEBUG(5,(query_user: Cache lookup succeeded for %s\n, sid_string_static(sid))); - sid_compose(info-user_sid, domain-sid, user_rid); + sid_compose(info-user_sid, domain-sid, user-user_rid); sid_compose(info-group_sid, domain-sid, user-group_rid); info-acct_name = unistr2_tdup(mem_ctx, user-uni_user_name); Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2007-05-06 20:16:12 UTC (rev 22710) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2007-05-06 20:32:36 UTC (rev 22711) @@ -438,7 +438,7 @@ DEBUG(5,(query_user: Cache lookup succeeded for %s\n, sid_string_static(user_sid))); - sid_compose(user_info-user_sid, domain-sid, user_rid); + sid_compose(user_info-user_sid, domain-sid, user-user_rid); sid_compose(user_info-group_sid, domain-sid, user-group_rid); Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c2007-05-06 20:16:12 UTC (rev 22710) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_ads.c2007-05-06 20:32:36 UTC (rev 22711) @@ -461,7 +461,6 @@ char *sidstr; uint32 group_rid; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - uint32 user_rid; NET_USER_INFO_3 *user; DEBUG(3,(ads: query_user\n)); @@ -478,7 +477,7 @@ DEBUG(5,(query_user: Cache lookup succeeded for %s\n, sid_string_static(sid))); - sid_compose(info-user_sid, domain-sid, user_rid); + sid_compose(info-user_sid, domain-sid, user-user_rid); sid_compose(info-group_sid, domain-sid, user-group_rid); info-acct_name = unistr2_tdup(mem_ctx, user-uni_user_name); Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c2007-05-06 20:16:12 UTC (rev 22710) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_rpc.c2007-05-06 20:32:36 UTC (rev 22711) @@ -438,7 +438,7 @@ DEBUG(5,(query_user: Cache lookup succeeded for %s\n, sid_string_static(user_sid))); - sid_compose(user_info-user_sid, domain-sid, user_rid); + sid_compose(user_info-user_sid, domain-sid, user-user_rid); sid_compose(user_info-group_sid, domain-sid, user-group_rid);
svn commit: samba r22712 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/include SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 20:33:33 + (Sun, 06 May 2007) New Revision: 22712 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22712 Log: Inform the user when logging in via pam_winbind and the krb5 tkt cache could not be created due to clock skew. Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0/source/nsswitch/pam_winbind.h branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/include/rpc_netlogon.h branches/SAMBA_3_0_26/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_26/source/nsswitch/pam_winbind.h branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h === --- branches/SAMBA_3_0/source/include/rpc_netlogon.h2007-05-06 20:32:36 UTC (rev 22711) +++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2007-05-06 20:33:33 UTC (rev 22712) @@ -89,6 +89,7 @@ #define LOGON_RESOURCE_GROUPS 0x0200 #define LOGON_PROFILE_PATH_RETURNED0x0400 #define LOGON_GRACE_LOGON 0x0100 +#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x0200 #define SE_GROUP_MANDATORY 0x0001 #define SE_GROUP_ENABLED_BY_DEFAULT0x0002 Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-05-06 20:32:36 UTC (rev 22711) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-05-06 20:33:33 UTC (rev 22712) @@ -928,6 +928,30 @@ } /** + * Send PAM_ERROR_MSG for krb5 errors. + * + * @param pamh PAM handle + * @param ctrl PAM winbind options. + * @param username User in PAM request. + * @param info3_user_flgs Info3 flags containing logon type bits. + * + * @return void. + */ + +static void _pam_warn_krb5_failure(pam_handle_t *pamh, int ctrl, const char *username, uint32 info3_user_flgs) +{ + if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, +Failed to establish your Kerberos Ticket cache +due time differences\n +with the domain controller. +Please verify the system time.\n); + _pam_log_debug(pamh, ctrl, LOG_DEBUG, + User %s: Clock skew when getting Krb5 TGT\n, username); + } +} + +/** * Compose Password Restriction String for a PAM_ERROR_MSG conversation. * * @param response The struct winbindd_response. @@ -1125,6 +1149,9 @@ /* inform about logon type */ _pam_warn_logon_type(pamh, ctrl, user, response.data.auth.info3.user_flgs); + /* inform about krb5 failures */ + _pam_warn_krb5_failure(pamh, ctrl, user, response.data.auth.info3.user_flgs); + /* set some info3 info for other modules in the stack */ _pam_set_data_info3(pamh, ctrl, response); Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.h === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.h2007-05-06 20:32:36 UTC (rev 22711) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.h2007-05-06 20:33:33 UTC (rev 22712) @@ -184,6 +184,8 @@ /* from include/rpc_netlogon.h */ #define LOGON_CACHED_ACCOUNT 0x0004 #define LOGON_GRACE_LOGON 0x0100 +#define LOGON_KRB5_FAIL_CLOCK_SKEW 0x0200 #define PAM_WB_CACHED_LOGON(x) (x LOGON_CACHED_ACCOUNT) +#define PAM_WB_KRB5_CLOCK_SKEW(x) (x LOGON_KRB5_FAIL_CLOCK_SKEW) #define PAM_WB_GRACE_LOGON(x) ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON))) Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 20:32:36 UTC (rev 22711) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 20:33:33 UTC (rev 22712) @@ -1326,6 +1326,7 @@ struct winbindd_cli_state *state) { NTSTATUS result = NT_STATUS_LOGON_FAILURE; + NTSTATUS krb5_result = NT_STATUS_OK; fstring name_domain, name_user; NET_USER_INFO_3 *info3 = NULL; @@ -1365,6 +1366,9 @@ if (domain-online (state-request.flags WBFLAG_PAM_KRB5)) { result = winbindd_dual_pam_auth_kerberos(domain, state, info3); + /* save for later */ + krb5_result = result; + if (NT_STATUS_IS_OK(result)) { DEBUG(10,(winbindd_dual_pam_auth_kerberos succeeded\n)); @@ -1412,6 +1416,10 @@
svn commit: samba r22713 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:04:30 + (Sun, 06 May 2007) New Revision: 22713 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22713 Log: Offline logon fixes for idmap manager: (a) Ignore the negative cache when the domain is offline (b) don't delete expired entries from the cache as these can be used when offline (same model as thw wcache entries) (c) Delay idmap backend initialization when offline as the backend routines will not be called until we go online anyways. This prevents idmap_init() from failing when a backend's init() function fails becuase of lack of network connectivity Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/idmap_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0_26/source/nsswitch/idmap.c branches/SAMBA_3_0_26/source/nsswitch/idmap_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd.h Changeset: Sorry, the patch is too large (555 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22713
svn commit: samba r22714 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_26/source/libads
Author: jerry Date: 2007-05-06 21:06:55 + (Sun, 06 May 2007) New Revision: 22714 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22714 Log: Prevent DNS lookup storms when the DNS servers are unreachable. Helps when transitioning from offline to online mode. Note that this is a quick hack and a better solution would be to start the DNS server's state between processes (similar to the namecache entries). Modified: branches/SAMBA_3_0/source/libads/dns.c branches/SAMBA_3_0_26/source/libads/dns.c Changeset: Modified: branches/SAMBA_3_0/source/libads/dns.c === --- branches/SAMBA_3_0/source/libads/dns.c 2007-05-06 21:04:30 UTC (rev 22713) +++ branches/SAMBA_3_0/source/libads/dns.c 2007-05-06 21:06:55 UTC (rev 22714) @@ -270,45 +270,76 @@ Simple wrapper for a DNS query */ +#define DNS_FAILED_WAITTIME 30 + static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type, uint8 **buf, int *resp_length ) { uint8 *buffer = NULL; size_t buf_len; int resp_len = NS_PACKETSZ; - + static time_t last_dns_check = 0; + static NTSTATUS last_dns_status = NT_STATUS_OK; + time_t now = time(NULL); + + /* Try to prevent bursts of DNS lookups if the server is down */ + + /* Protect against large clock changes */ + + if ( last_dns_check now ) + last_dns_check = 0; + + /* IF we had a DNS timeout or a bad server and we are still + in the 30 second cache window, just return the previous + status and save the network timeout. */ + + if ( (NT_STATUS_EQUAL(last_dns_status,NT_STATUS_IO_TIMEOUT) || + NT_STATUS_EQUAL(last_dns_status,NT_STATUS_CONNECTION_REFUSED)) +(last_dns_check+DNS_FAILED_WAITTIME) now ) + { + DEBUG(10,(last_dns_check: Returning cached status (%s)\n, + nt_errstr(last_dns_status) )); + return last_dns_status; + } + + /* Send the Query */ do { if ( buffer ) TALLOC_FREE( buffer ); buf_len = resp_len * sizeof(uint8); - if (buf_len) { + if (buf_len) { if ( (buffer = TALLOC_ARRAY(ctx, uint8, buf_len)) == NULL ) { DEBUG(0,(ads_dns_lookup_srv: talloc() failed!\n)); - return NT_STATUS_NO_MEMORY; + last_dns_status = NT_STATUS_NO_MEMORY; + last_dns_check = time(NULL); + return last_dns_status; } - } else { - buffer = NULL; } if ( (resp_len = res_query(name, C_IN, q_type, buffer, buf_len)) 0 ) { DEBUG(3,(ads_dns_lookup_srv: Failed to resolve %s (%s)\n, name, strerror(errno))); TALLOC_FREE( buffer ); + last_dns_status = NT_STATUS_UNSUCCESSFUL; + if (errno == ETIMEDOUT) { - return NT_STATUS_IO_TIMEOUT; + last_dns_status = NT_STATUS_IO_TIMEOUT; } if (errno == ECONNREFUSED) { - return NT_STATUS_CONNECTION_REFUSED; + last_dns_status = NT_STATUS_CONNECTION_REFUSED; } - return NT_STATUS_UNSUCCESSFUL; + last_dns_check = time(NULL); + return last_dns_status; } } while ( buf_len resp_len resp_len MAX_DNS_PACKET_SIZE ); *buf = buffer; *resp_length = resp_len; - return NT_STATUS_OK; + last_dns_check = time(NULL); + last_dns_status = NT_STATUS_OK; + return last_dns_status; } /* Modified: branches/SAMBA_3_0_26/source/libads/dns.c === --- branches/SAMBA_3_0_26/source/libads/dns.c 2007-05-06 21:04:30 UTC (rev 22713) +++ branches/SAMBA_3_0_26/source/libads/dns.c 2007-05-06 21:06:55 UTC (rev 22714) @@ -270,45 +270,76 @@ Simple wrapper for a DNS query */ +#define DNS_FAILED_WAITTIME 30 + static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type, uint8 **buf, int *resp_length ) { uint8 *buffer = NULL; size_t buf_len;
svn commit: samba r22715 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:10:30 + (Sun, 06 May 2007) New Revision: 22715 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22715 Log: When our primary domain does on or offline, make sure to send a msg to the idmap child. Also remove the check for the global offline state in child_msg_offline() as this means we cannot mark domains offline due to network outages. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2007-05-06 21:06:55 UTC (rev 22714) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2007-05-06 21:10:30 UTC (rev 22715) @@ -246,8 +246,9 @@ struct winbindd_domain *domain = (struct winbindd_domain *)private_data; - DEBUG(10,(check_domain_online_handler: called for domain %s\n, - domain-name )); + DEBUG(10,(check_domain_online_handler: called for domain + %s (online = %s)\n, domain-name, + domain-online ? True : False )); if (domain-check_online_event) { TALLOC_FREE(domain-check_online_event); @@ -349,6 +350,23 @@ DEBUG(10,(set_domain_offline: added event handler for domain %s\n, domain-name )); + + /* Send an offline message to the idmap child when our + primary domain goes offline */ + + if ( domain-primary ) { + struct winbindd_child *idmap = idmap_child(); + + if ( idmap-pid != 0 ) { + message_send_pid(pid_to_procid(idmap-pid), +MSG_WINBIND_OFFLINE, +domain-name, +strlen(domain-name)+1, +False); + } + } + + return; } / @@ -409,6 +427,23 @@ message_deregister(MSG_WINBIND_FAILED_TO_GO_ONLINE); domain-online = True; + + /* Send an online message to the idmap child when our + primary domain comes online */ + + if ( domain-primary ) { + struct winbindd_child *idmap = idmap_child(); + + if ( idmap-pid != 0 ) { + message_send_pid(pid_to_procid(idmap-pid), +MSG_WINBIND_ONLINE, +domain-name, +strlen(domain-name)+1, +False); + } + } + + return; } / Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-05-06 21:06:55 UTC (rev 22714) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2007-05-06 21:10:30 UTC (rev 22715) @@ -504,21 +504,6 @@ } DEBUG(5,(winbind_msg_offline: marking %s offline.\n, domain-name)); set_domain_offline(domain); - - /* Send an offline message to the idmap child when our - primary domain goes offline */ - - if ( domain-primary ) { - struct winbindd_child *idmap = idmap_child(); - - if ( idmap-pid != 0 ) { - message_send_pid(pid_to_procid(idmap-pid), -MSG_WINBIND_OFFLINE, -domain-name, -strlen(domain-name)+1, -False); - } - } } for (child = children; child != NULL; child = child-next) { @@ -703,12 +688,6 @@ return; } - /* Set our global state as offline. */ - if (!set_global_winbindd_state_offline()) { - DEBUG(10,(child_msg_offline: offline request failed.\n)); - return; - } - /* Mark the requested domain offline. */ for (domain = domain_list(); domain; domain = domain-next) { Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cm.c 2007-05-06 21:06:55 UTC (rev 22714) +++
svn commit: samba r22716 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:15:45 + (Sun, 06 May 2007) New Revision: 22716 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22716 Log: Clarify comment in winbindd_domain structure Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0_26/source/nsswitch/winbindd.h Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2007-05-06 21:10:30 UTC (rev 22715) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2007-05-06 21:15:45 UTC (rev 22716) @@ -153,8 +153,8 @@ /* Structures to hold per domain information */ struct winbindd_domain { - fstring name; /* Domain name */ - fstring alt_name; /* alt Domain name (if any) */ + fstring name; /* Domain name (NetBIOS) */ + fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */ fstring forest_name; /* Name of the AD forest we're in */ DOM_SID sid; /* SID for this domain */ uint32 domain_flags; /* Domain flags from rpc_ds.h */ Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd.h === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd.h2007-05-06 21:10:30 UTC (rev 22715) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd.h2007-05-06 21:15:45 UTC (rev 22716) @@ -153,8 +153,8 @@ /* Structures to hold per domain information */ struct winbindd_domain { - fstring name; /* Domain name */ - fstring alt_name; /* alt Domain name (if any) */ + fstring name; /* Domain name (NetBIOS) */ + fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */ fstring forest_name; /* Name of the AD forest we're in */ DOM_SID sid; /* SID for this domain */ uint32 domain_flags; /* Domain flags from rpc_ds.h */
svn commit: samba r22717 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:17:02 + (Sun, 06 May 2007) New Revision: 22717 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22717 Log: Add Everyone and AuthenticatedUsers to the user's token for use by the require-membership-of pam_winbind option. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:15:45 UTC (rev 22716) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:17:02 UTC (rev 22717) @@ -128,7 +128,11 @@ DOM_SID *require_membership_of_sid; size_t num_require_membership_of_sid; DOM_SID *all_sids; - size_t num_all_sids = (2 + info3-num_groups2 + info3-num_other_sids); + /* UserSID, GroupSID, Grooup2SIDs, OtherSIDs, WellKnownSIDs */ + size_t num_all_sids = (2 + + info3-num_groups2 + + info3-num_other_sids + + 2 ); size_t i, j = 0, k; size_t group_sid_length; const char *search_location; @@ -213,6 +217,11 @@ } j++; + /* Well-Known SIDs */ + + sid_copy( all_sids[j++], global_sid_World ); + sid_copy( all_sids[j++], global_sid_Authenticated_Users ); + for (i = 0; i info3-num_groups2; i++) { sid_copy(all_sids[j], (info3-dom_sid.sid)); Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:15:45 UTC (rev 22716) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:17:02 UTC (rev 22717) @@ -128,7 +128,11 @@ DOM_SID *require_membership_of_sid; size_t num_require_membership_of_sid; DOM_SID *all_sids; - size_t num_all_sids = (2 + info3-num_groups2 + info3-num_other_sids); + /* UserSID, GroupSID, Grooup2SIDs, OtherSIDs, WellKnownSIDs */ + size_t num_all_sids = (2 + + info3-num_groups2 + + info3-num_other_sids + + 2 ); size_t i, j = 0, k; size_t group_sid_length; const char *search_location; @@ -213,6 +217,11 @@ } j++; + /* Well-Known SIDs */ + + sid_copy( all_sids[j++], global_sid_World ); + sid_copy( all_sids[j++], global_sid_Authenticated_Users ); + for (i = 0; i info3-num_groups2; i++) { sid_copy(all_sids[j], (info3-dom_sid.sid));
svn commit: samba r22718 - in branches/SAMBA_4_0/source: .
Author: metze Date: 2007-05-06 21:19:22 + (Sun, 06 May 2007) New Revision: 22718 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22718 Log: remove autoconf warnings, we should only include .m4 files only once metze Modified: branches/SAMBA_4_0/source/configure.ac Changeset: Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2007-05-06 21:17:02 UTC (rev 22717) +++ branches/SAMBA_4_0/source/configure.ac 2007-05-06 21:19:22 UTC (rev 22718) @@ -25,14 +25,23 @@ m4_include(lib/popt/samba.m4) m4_include(lib/charset/config.m4) m4_include(lib/socket/config.m4) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.0, [], [ + +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.0, + [samba_cv_internal_talloc=no], + [samba_cv_internal_talloc=yes]) +if test x$samba_cv_internal_talloc = xyes; then m4_include(lib/talloc/libtalloc.m4) SMB_INCLUDE_MK(lib/talloc/config.mk) -]) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, [], [ -m4_include(lib/tdb/libtdb.m4) -SMB_INCLUDE_MK(lib/tdb/config.mk) -]) +fi + +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, + [samba_cv_internal_tdb=no], + [samba_cv_internal_tdb=yes]) +if test x$samba_cv_internal_tdb = xyes; then + m4_include(lib/tdb/libtdb.m4) + SMB_INCLUDE_MK(lib/tdb/config.mk) +fi + m4_include(lib/ldb/sqlite3.m4) m4_include(lib/ldb/libldb.m4) m4_include(lib/tls/config.m4)
svn commit: samba r22719 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:23:40 + (Sun, 06 May 2007) New Revision: 22719 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22719 Log: Missed change for one-way trust support. Ignore password policy settings from one trusted domain with no incoming trust path. Guenther, I think this is ok as we only need the pw policy to give feedback on upcoming expiration times. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:19:22 UTC (rev 22718) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:23:40 UTC (rev 22719) @@ -1534,11 +1534,15 @@ result = fillup_password_policy(domain, state); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result) +!NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) + { DEBUG(10,(Failed to get password policies: %s\n, nt_errstr(result))); goto done; } + result = NT_STATUS_OK; + if (state-request.flags WBFLAG_PAM_UNIX_NAME) { /* We've been asked to return the unix username, per 'winbind use default domain' settings and the like */ Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:19:22 UTC (rev 22718) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:23:40 UTC (rev 22719) @@ -1534,11 +1534,15 @@ result = fillup_password_policy(domain, state); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result) +!NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) + { DEBUG(10,(Failed to get password policies: %s\n, nt_errstr(result))); goto done; } + result = NT_STATUS_OK; + if (state-request.flags WBFLAG_PAM_UNIX_NAME) { /* We've been asked to return the unix username, per 'winbind use default domain' settings and the like */
svn commit: samba r22720 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:26:01 + (Sun, 06 May 2007) New Revision: 22720 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22720 Log: Fixes for offline auth when using krb5_auth = yes in pam_winbind. Assume that NO_DOMAIN_CONTROLLERS_FOUND means that the domain is offline. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:23:40 UTC (rev 22719) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 21:26:01 UTC (rev 22720) @@ -1390,7 +1390,8 @@ NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) || NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { DEBUG(10,(winbindd_dual_pam_auth_kerberos setting domain to offline\n)); - domain-online = False; + set_domain_offline( domain ); + goto cached_logon; } /* there are quite some NT_STATUS errors where there is no @@ -1430,14 +1431,24 @@ info3-user_flgs |= LOGON_KRB5_FAIL_CLOCK_SKEW; } goto process_result; - } else { - DEBUG(10,(winbindd_dual_pam_auth_samlogon failed: %s\n, nt_errstr(result))); + } + + DEBUG(10,(winbindd_dual_pam_auth_samlogon failed: %s\n, + nt_errstr(result))); + + if (NT_STATUS_EQUAL(result, NT_STATUS_NO_LOGON_SERVERS) || + NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) || + NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) + { + DEBUG(10,(winbindd_dual_pam_auth_samlogon setting domain to offline\n)); + set_domain_offline( domain ); + goto cached_logon; + } + if (domain-online) { /* We're still online - fail. */ goto done; } - /* Else drop through and see if we can check offline */ - } } cached_logon: @@ -1472,9 +1483,16 @@ netsamlogon_cache_store(name_user, info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); - /* save name_to_sid info as early as possible */ - sid_compose(user_sid, info3-dom_sid.sid, info3-user_rid); - cache_name2sid(domain, name_domain, name_user, SID_NAME_USER, user_sid); + /* save name_to_sid info as early as possible (only if + this is our primary domain so we don't invalidate + the cache entry by storing the seq_num for the wrong + domain). */ + if ( domain-primary ) { + sid_compose(user_sid, info3-dom_sid.sid, + info3-user_rid); + cache_name2sid(domain, name_domain, name_user, + SID_NAME_USER, user_sid); + } /* Check if the user is in the right group */ Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:23:40 UTC (rev 22719) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 21:26:01 UTC (rev 22720) @@ -1390,7 +1390,8 @@ NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT) || NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND)) { DEBUG(10,(winbindd_dual_pam_auth_kerberos setting domain to offline\n)); - domain-online = False; + set_domain_offline( domain ); + goto cached_logon; } /* there are quite some NT_STATUS errors where there is no @@ -1430,14 +1431,24 @@ info3-user_flgs |= LOGON_KRB5_FAIL_CLOCK_SKEW; } goto process_result; - } else { - DEBUG(10,(winbindd_dual_pam_auth_samlogon failed: %s\n, nt_errstr(result))); + } + + DEBUG(10,(winbindd_dual_pam_auth_samlogon failed: %s\n, + nt_errstr(result))); + +
svn commit: samba r22721 - in branches/SAMBA_4_0/source: .
Author: metze Date: 2007-05-06 21:26:42 + (Sun, 06 May 2007) New Revision: 22721 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22721 Log: use only included talloc and tdb untill jelmer fixes the code to support both... the problem is that we always add EXT::TALLOC in config.mk before 'include lib/talloc/config.mk' metze Modified: branches/SAMBA_4_0/source/configure.ac Changeset: Modified: branches/SAMBA_4_0/source/configure.ac === --- branches/SAMBA_4_0/source/configure.ac 2007-05-06 21:26:01 UTC (rev 22720) +++ branches/SAMBA_4_0/source/configure.ac 2007-05-06 21:26:42 UTC (rev 22721) @@ -26,17 +26,19 @@ m4_include(lib/charset/config.m4) m4_include(lib/socket/config.m4) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.0, - [samba_cv_internal_talloc=no], - [samba_cv_internal_talloc=yes]) +#SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc = 1.0, +# [samba_cv_internal_talloc=no], +# [samba_cv_internal_talloc=yes]) +samba_cv_internal_talloc=yes if test x$samba_cv_internal_talloc = xyes; then m4_include(lib/talloc/libtalloc.m4) SMB_INCLUDE_MK(lib/talloc/config.mk) fi -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, - [samba_cv_internal_tdb=no], - [samba_cv_internal_tdb=yes]) +#SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb = 1.1.0, +# [samba_cv_internal_tdb=no], +# [samba_cv_internal_tdb=yes]) +samba_cv_internal_tdb=yes if test x$samba_cv_internal_tdb = xyes; then m4_include(lib/tdb/libtdb.m4) SMB_INCLUDE_MK(lib/tdb/config.mk)
svn commit: samba r22722 - in branches/SAMBA_4_0/source/lib/ldb: .
Author: metze Date: 2007-05-06 21:27:35 + (Sun, 06 May 2007) New Revision: 22722 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22722 Log: fix dependencies metze Modified: branches/SAMBA_4_0/source/lib/ldb/config.mk Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/config.mk === --- branches/SAMBA_4_0/source/lib/ldb/config.mk 2007-05-06 21:26:42 UTC (rev 22721) +++ branches/SAMBA_4_0/source/lib/ldb/config.mk 2007-05-06 21:27:35 UTC (rev 22722) @@ -189,8 +189,7 @@ # Start SUBSYSTEM LDBSAMBA [SUBSYSTEM::LDBSAMBA] -PRIVATE_DEPENDENCIES = ldb -CFLAGS = -Ilib/ldb/include +PUBLIC_DEPENDENCIES = ldb PRIVATE_PROTO_HEADER = samba/ldif_handlers.h PRIVATE_DEPENDENCIES = LIBSECURITY SAMDB OBJ_FILES = \
svn commit: samba r22723 - in branches/SAMBA_4_0/source/lib/ldb/samba: .
Author: metze Date: 2007-05-06 21:28:03 + (Sun, 06 May 2007) New Revision: 22723 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22723 Log: fix compiler warnings metze Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2007-05-06 21:27:35 UTC (rev 22722) +++ branches/SAMBA_4_0/source/lib/ldb/samba/ldif_handlers.c 2007-05-06 21:28:03 UTC (rev 22723) @@ -437,7 +437,7 @@ for (i=0; i ARRAY_SIZE(samba_attributes); i++) { int ret; uint32_t j; - struct ldb_schema_syntax *s = NULL; + const struct ldb_schema_syntax *s = NULL; for (j=0; j ARRAY_SIZE(samba_syntaxes); j++) { if (strcmp(samba_attributes[i].syntax, samba_syntaxes[j].name) == 0) {
svn commit: samba r22724 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:31:19 + (Sun, 06 May 2007) New Revision: 22724 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22724 Log: Call an nss_info backend's init() function if the previous call was unsuccessful. needed for offline logons. Modified: branches/SAMBA_3_0/source/nsswitch/nss_info.c branches/SAMBA_3_0_26/source/nsswitch/nss_info.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/nss_info.c === --- branches/SAMBA_3_0/source/nsswitch/nss_info.c 2007-05-06 21:28:03 UTC (rev 22723) +++ branches/SAMBA_3_0/source/nsswitch/nss_info.c 2007-05-06 21:31:19 UTC (rev 22724) @@ -190,10 +190,11 @@ nss_domain-backend = nss_backend; nss_domain-domain = talloc_strdup( nss_domain, domain ); - status = nss_domain-backend-methods-init( nss_domain ); - if ( NT_STATUS_IS_OK( status ) ) { + /* Try to init and ave the result */ + + nss_domain-init_status = nss_domain-backend-methods-init( nss_domain ); DLIST_ADD( nss_domain_list, nss_domain ); - } else { + if ( !NT_STATUS_IS_OK(nss_domain-init_status) ) { DEBUG(0,(nss_init: Failed to init backend for %s domain!\n, nss_domain-domain)); } @@ -248,6 +249,10 @@ p = nss_domain_list; } + if ( !NT_STATUS_IS_OK( p-init_status ) ) { + p-init_status = p-backend-methods-init( p ); + } + return p; } Modified: branches/SAMBA_3_0_26/source/nsswitch/nss_info.c === --- branches/SAMBA_3_0_26/source/nsswitch/nss_info.c2007-05-06 21:28:03 UTC (rev 22723) +++ branches/SAMBA_3_0_26/source/nsswitch/nss_info.c2007-05-06 21:31:19 UTC (rev 22724) @@ -190,10 +190,11 @@ nss_domain-backend = nss_backend; nss_domain-domain = talloc_strdup( nss_domain, domain ); - status = nss_domain-backend-methods-init( nss_domain ); - if ( NT_STATUS_IS_OK( status ) ) { + /* Try to init and ave the result */ + + nss_domain-init_status = nss_domain-backend-methods-init( nss_domain ); DLIST_ADD( nss_domain_list, nss_domain ); - } else { + if ( !NT_STATUS_IS_OK(nss_domain-init_status) ) { DEBUG(0,(nss_init: Failed to init backend for %s domain!\n, nss_domain-domain)); } @@ -248,6 +249,10 @@ p = nss_domain_list; } + if ( !NT_STATUS_IS_OK( p-init_status ) ) { + p-init_status = p-backend-methods-init( p ); + } + return p; }
svn commit: samba r22725 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:34:24 + (Sun, 06 May 2007) New Revision: 22725 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22725 Log: * Don't try to update the sequence_number when offline * Log the NTSTATUS when saving name/sid cache entry * Allow the backend loolkup_usergroups() call in winbindd_{rpc,ads}.c to inform the wcache manager that the group list should not be cached (needed for one-way trusts). Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 21:31:19 UTC (rev 22724) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 21:34:24 UTC (rev 22725) @@ -458,6 +458,10 @@ time_t t = time(NULL); unsigned cache_time = lp_winbind_cache_time(); + if ( IS_DOMAIN_OFFLINE(domain) ) { + return; + } + get_cache( domain ); #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */ @@ -829,8 +833,8 @@ fstrcpy(uname, name); strupper_m(uname); centry_end(centry, NS/%s/%s, domain_name, uname); - DEBUG(10,(wcache_save_name_to_sid: %s\\%s - %s\n, domain_name, uname, - sid_string_static(sid))); + DEBUG(10,(wcache_save_name_to_sid: %s\\%s - %s (%s)\n, domain_name, uname, + sid_string_static(sid), nt_errstr(status))); centry_free(centry); } @@ -853,7 +857,8 @@ centry_put_string(centry, name); } centry_end(centry, SN/%s, sid_to_string(sid_string, sid)); - DEBUG(10,(wcache_save_sid_to_name: %s - %s\n, sid_string, name)); + DEBUG(10,(wcache_save_sid_to_name: %s - %s (%s)\n, sid_string, + name, nt_errstr(status))); centry_free(centry); } @@ -1748,6 +1753,9 @@ status = domain-backend-lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids); + if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) ) + goto skip_save; + /* and save it */ refresh_sequence_number(domain, False); centry = centry_start(domain, status); Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 21:31:19 UTC (rev 22724) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 21:34:24 UTC (rev 22725) @@ -449,6 +449,10 @@ time_t t = time(NULL); unsigned cache_time = lp_winbind_cache_time(); + if ( IS_DOMAIN_OFFLINE(domain) ) { + return; + } + get_cache( domain ); #if 0 /* JERRY -- disable as the default cache time is now 5 minutes */ @@ -823,8 +827,8 @@ fstrcpy(uname, name); strupper_m(uname); centry_end(centry, NS/%s/%s, domain_name, uname); - DEBUG(10,(wcache_save_name_to_sid: %s\\%s - %s\n, domain_name, uname, - sid_string_static(sid))); + DEBUG(10,(wcache_save_name_to_sid: %s\\%s - %s (%s)\n, domain_name, uname, + sid_string_static(sid), nt_errstr(status))); centry_free(centry); } @@ -847,7 +851,8 @@ centry_put_string(centry, name); } centry_end(centry, SN/%s, sid_to_string(sid_string, sid)); - DEBUG(10,(wcache_save_sid_to_name: %s - %s\n, sid_string, name)); + DEBUG(10,(wcache_save_sid_to_name: %s - %s (%s)\n, sid_string, + name, nt_errstr(status))); centry_free(centry); } @@ -1730,6 +1735,9 @@ status = domain-backend-lookup_usergroups(domain, mem_ctx, user_sid, num_groups, user_gids); + if ( NT_STATUS_EQUAL(status, NT_STATUS_SYNCHRONIZATION_REQUIRED) ) + goto skip_save; + /* and save it */ refresh_sequence_number(domain, False); centry = centry_start(domain, status);
svn commit: samba r22726 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:36:20 + (Sun, 06 May 2007) New Revision: 22726 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22726 Log: When performing an offline logon for a user in a trusted domain, take care not to expire the name2sid cache entry just because that child does not know that the primary domain is offline. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 21:34:24 UTC (rev 22725) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-05-06 21:36:20 UTC (rev 22726) @@ -2448,6 +2448,7 @@ struct cache_entry *centry = NULL; NTSTATUS status; fstring uname; + BOOL original_online_state; domain = find_lookup_domain_from_name(domain_name); if (domain == NULL) { @@ -2463,7 +2464,14 @@ fstrcpy(uname, name); strupper_m(uname); + /* If we are doing a cached logon, temporarily set the domain + offline so the cache won't expire the entry */ + + original_online_state = domain-online; + domain-online = False; centry = wcache_fetch(cache, domain, NS/%s/%s, domain_name, uname); + domain-online = original_online_state; + if (centry == NULL) { return False; } Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 21:34:24 UTC (rev 22725) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-05-06 21:36:20 UTC (rev 22726) @@ -2426,6 +2426,7 @@ struct cache_entry *centry = NULL; NTSTATUS status; fstring uname; + BOOL original_online_state; domain = find_lookup_domain_from_name(domain_name); if (domain == NULL) { @@ -2441,7 +2442,14 @@ fstrcpy(uname, name); strupper_m(uname); + /* If we are doing a cached logon, temporarily set the domain + offline so the cache won't expire the entry */ + + original_online_state = domain-online; + domain-online = False; centry = wcache_fetch(cache, domain, NS/%s/%s, domain_name, uname); + domain-online = original_online_state; + if (centry == NULL) { return False; }
svn commit: samba r22727 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 21:40:28 + (Sun, 06 May 2007) New Revision: 22727 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22727 Log: remove outdated comment about templatre shell and homedir Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_user.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_user.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_user.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2007-05-06 21:36:20 UTC (rev 22726) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_user.c 2007-05-06 21:40:28 UTC (rev 22727) @@ -105,9 +105,7 @@ safe_strcpy(pw-pw_gecos, full_name, sizeof(pw-pw_gecos) - 1); - /* Home directory and shell - use template config parameters. The - defaults are /tmp for the home directory and /bin/false for - shell. */ + /* Home directory and shell */ if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name, pw-pw_uid, pw-pw_gid, homedir, pw-pw_dir)) Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_user.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_user.c 2007-05-06 21:36:20 UTC (rev 22726) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_user.c 2007-05-06 21:40:28 UTC (rev 22727) @@ -105,9 +105,7 @@ safe_strcpy(pw-pw_gecos, full_name, sizeof(pw-pw_gecos) - 1); - /* Home directory and shell - use template config parameters. The - defaults are /tmp for the home directory and /bin/false for - shell. */ + /* Home directory and shell */ if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name, pw-pw_uid, pw-pw_gid, homedir, pw-pw_dir))
svn commit: samba r22728 - in branches: SAMBA_3_0/source/libads SAMBA_3_0/source/utils SAMBA_3_0_26/source/libads SAMBA_3_0_26/source/utils
Author: jerry Date: 2007-05-06 21:45:53 + (Sun, 06 May 2007) New Revision: 22728 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22728 Log: Patch from Danilo Almeida [EMAIL PROTECTED]: When asked to create a machine account in an OU as part of net ads join and the account already exists in another OU, simply move the machine object to the requested OU. Modified: branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0_26/source/libads/ldap.c branches/SAMBA_3_0_26/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap.c === --- branches/SAMBA_3_0/source/libads/ldap.c 2007-05-06 21:40:28 UTC (rev 22727) +++ branches/SAMBA_3_0/source/libads/ldap.c 2007-05-06 21:45:53 UTC (rev 22728) @@ -1688,6 +1688,76 @@ return ret; } +/** + * move a machine account to another OU on the ADS server + * @param ads - An intialized ADS_STRUCT + * @param machine_name - the NetBIOS machine name of this account. + * @param org_unit - The LDAP path in which to place this account + * @param moved - whether we moved the machine account (optional) + * @return 0 upon success, or non-zero otherwise +**/ + +ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name, + const char *org_unit, BOOL *moved) +{ + ADS_STATUS rc; + int ldap_status; + LDAPMessage *res = NULL; + char *filter = NULL; + char *computer_dn = NULL; + char *parent_dn; + char *computer_rdn = NULL; + BOOL need_move = False; + + if (asprintf(filter, (samAccountName=%s$), machine_name) == -1) { + rc = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } + + /* Find pre-existing machine */ + rc = ads_search(ads, res, filter, NULL); + if (!ADS_ERR_OK(rc)) { + goto done; + } + + computer_dn = ads_get_dn(ads, res); + if (!computer_dn) { + rc = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } + + parent_dn = ads_parent_dn(computer_dn); + if (strequal(parent_dn, org_unit)) { + goto done; + } + + need_move = True; + + if (asprintf(computer_rdn, CN=%s, machine_name) == -1) { + rc = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } + + ldap_status = ldap_rename2_s(ads-ld, computer_dn, computer_rdn, org_unit, 1); + rc = ADS_ERROR(ldap_status); + +done: + ads_msgfree(ads, res); + SAFE_FREE(filter); + SAFE_FREE(computer_dn); + SAFE_FREE(computer_rdn); + + if (!ADS_ERR_OK(rc)) { + need_move = False; + } + + if (moved) { + *moved = need_move; + } + + return rc; +} + /* dump a binary result from ldap */ Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2007-05-06 21:40:28 UTC (rev 22727) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2007-05-06 21:45:53 UTC (rev 22728) @@ -1190,28 +1190,50 @@ static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou ) { ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN); - char *dn, *ou_str; + char *ou_str = NULL; + char *dn = NULL; LDAPMessage *res = NULL; + BOOL moved; ou_str = ads_ou_string(ads, ou); - if ((asprintf(dn, %s,%s, ou_str, ads-config.bind_path)) == -1) { - SAFE_FREE(ou_str); - return ADS_ERROR(LDAP_NO_MEMORY); + if (asprintf(dn, %s,%s, ou_str, ads-config.bind_path) == -1) { + rc = ADS_ERROR(LDAP_NO_MEMORY); + goto done; } rc = ads_search_dn(ads, res, dn, NULL); - ads_msgfree(ads, res); + if (!ADS_ERR_OK(rc)) { + d_fprintf(stderr, The specified OU does not exist.\n); + goto done; + } - if (ADS_ERR_OK(rc)) { /* Attempt to create the machine account and bail if this fails. Assume that the admin wants exactly what they requested */ rc = ads_create_machine_acct( ads, global_myname(), dn ); - if ( rc.error_type == ENUM_ADS_ERROR_LDAP rc.err.rc == LDAP_ALREADY_EXISTS ) { - rc = ADS_SUCCESS; + if (ADS_ERR_OK(rc)) { + DEBUG(1, (machine account created\n)); + goto done; } + if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP rc.err.rc == LDAP_ALREADY_EXISTS) ) { + DEBUG(1, (machine account creation failed\n)); + goto done; } + rc = ads_move_machine_acct(ads, global_myname(), dn, moved); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, (failure to locate/move
Rev 263: merged from ronnie in http://samba.org/~tridge/ctdb
revno: 263 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Mon 2007-05-07 07:56:38 +1000 message: merged from ronnie modified: common/ctdb.c ctdb.c-20061127094323-t50f58d65iaao5of-2 common/ctdb_client.c ctdb_client.c-20070411010216-3kd8v37k61steeya-1 common/ctdb_control.c ctdb_control.c-20070426122724-j6gkpiofhbwdin63-1 direct/recoverd.c recoverd.c-20070503213540-bvxuyd9jm1f7ig90-1 include/ctdb.h ctdb.h-20061117234101-o3qt14umlg9en8z0-11 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 tests/recover.sh recover.sh-20070502031230-tpuiet6m6tjdotta-1 tools/ctdb_control.c ctdb_control.c-20070426122705-9ehj1l5lu2gn9kuj-1 revno: 197.1.82 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Mon 2007-05-07 07:54:17 +1000 message: hang the timeout event off state and thus we dont need to explicitely free it and also we wont accidentally return from the function without killing the event first revno: 197.1.81 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Mon 2007-05-07 07:47:16 +1000 message: it now works to talloc_free() the timed event if we no longer want it to trigger this must have been a sideeffect of a different bug in the recoverd.c code that has now been fixed revno: 197.1.80 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Mon 2007-05-07 06:51:58 +1000 message: recovery daemon with recovery master election election is primitive, it elects the lowest vnn as the recovery master two new controls, to get/set recovery master for a node to use recovery daemon, start one ./bin/recoverd --socket=ctdb.socket* for each ctdb daemon it has been briefly tested by deleting and adding nodes to a 4 node cluster but needs more testing revno: 197.1.79 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Mon 2007-05-07 05:02:48 +1000 message: add new controls to get and set the recovery master node of a daemon i.e. which node is elected to check for and drive recovery revno: 197.1.78 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Mon 2007-05-07 04:41:12 +1000 message: add a test in the function that checks whether the cluster needs recovery or not that all active nodes are in normal mode. If we discover that some node is still in recoverymode it may indicate that a previous recovery ended prematurely and thus we should start a new recovery revno: 197.1.77 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Sun 2007-05-06 12:46:56 +1000 message: update a comment to be more desciptive revno: 197.1.76 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Sun 2007-05-06 10:51:25 +1000 message: change a lot of printf into debug statements revno: 197.1.75 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Sun 2007-05-06 10:42:18 +1000 message: break out the code to update all nodes to the new vnnmap into a helper function revno: 197.1.74 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Sun 2007-05-06 10:38:44 +1000 message: create a helper function for recovery to push all local databases out
svn commit: samba r22729 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_26/source/utils
Author: jerry Date: 2007-05-06 22:18:44 + (Sun, 06 May 2007) New Revision: 22729 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22729 Log: add help text for osver and osname options to 'net ads join' (patch from Dnailo A.) Modified: branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0_26/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2007-05-06 21:45:53 UTC (rev 22728) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2007-05-06 22:18:44 UTC (rev 22729) @@ -1450,7 +1450,12 @@ d_printf( The OU string read from top to bottom without RDNs and delimited by a '/'.\n); d_printf( E.g. \createcomputer=Computers/Servers/Unix\\n); d_printf( NB: A backslash '\\' is used as escape at multiple levels and may\n); - d_printf( need to be doubled or even quadrupled. It is not used as a separator); + d_printf( need to be doubled or even quadrupled. It is not used as a separator.\n); + d_printf( osName=string Set the operatingSystem attribute during the join.\n); + d_printf( osVer=string Set the operatingSystemVersion attribute during the join.\n); + d_printf( NB: osName and osVer must be specified together for either to take effect.\n); + d_printf( Also, the operatingSystemService attribute is also set when along with\n); + d_printf( the two other attributes.\n); return -1; } Modified: branches/SAMBA_3_0_26/source/utils/net_ads.c === --- branches/SAMBA_3_0_26/source/utils/net_ads.c2007-05-06 21:45:53 UTC (rev 22728) +++ branches/SAMBA_3_0_26/source/utils/net_ads.c2007-05-06 22:18:44 UTC (rev 22729) @@ -1450,7 +1450,12 @@ d_printf( The OU string read from top to bottom without RDNs and delimited by a '/'.\n); d_printf( E.g. \createcomputer=Computers/Servers/Unix\\n); d_printf( NB: A backslash '\\' is used as escape at multiple levels and may\n); - d_printf( need to be doubled or even quadrupled. It is not used as a separator); + d_printf( need to be doubled or even quadrupled. It is not used as a separator.\n); + d_printf( osName=string Set the operatingSystem attribute during the join.\n); + d_printf( osVer=string Set the operatingSystemVersion attribute during the join.\n); + d_printf( NB: osName and osVer must be specified together for either to take effect.\n); + d_printf( Also, the operatingSystemService attribute is also set when along with\n); + d_printf( the two other attributes.\n); return -1; }
svn commit: samba r22730 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jerry Date: 2007-05-06 22:22:47 + (Sun, 06 May 2007) New Revision: 22730 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22730 Log: Fix password changes via pam_winbindd when using winbind normalize names and the username has been munged. Make sure to munge it back before performing the change_password() request. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 22:18:44 UTC (rev 22729) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2007-05-06 22:22:47 UTC (rev 22730) @@ -1976,6 +1976,8 @@ /* Setup crap */ + ws_name_return( state-request.data.auth.user, WB_REPLACE_CHAR ); + if (!canonicalize_username(state-request.data.chauthtok.user, domain, user)) { set_auth_errors(state-response, NT_STATUS_NO_SUCH_USER); DEBUG(5, (winbindd_pam_chauthtok: canonicalize_username %s failed with %s Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 22:18:44 UTC (rev 22729) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_pam.c2007-05-06 22:22:47 UTC (rev 22730) @@ -1976,6 +1976,8 @@ /* Setup crap */ + ws_name_return( state-request.data.auth.user, WB_REPLACE_CHAR ); + if (!canonicalize_username(state-request.data.chauthtok.user, domain, user)) { set_auth_errors(state-response, NT_STATUS_NO_SUCH_USER); DEBUG(5, (winbindd_pam_chauthtok: canonicalize_username %s failed with %s
Build status as of Mon May 7 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-05-06 00:01:32.0 + +++ /home/build/master/cache/broken_results.txt 2007-05-07 00:00:54.0 + @@ -1,25 +1,25 @@ -Build status as of Sun May 6 00:00:02 2007 +Build status as of Mon May 7 00:00:02 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 35 5 0 +ccache 34 5 0 ctdb 0 0 0 distcc 3 0 0 -ldb 34 9 0 -libreplace 33 12 0 +ldb 33 7 0 +libreplace 32 11 0 lorikeet-heimdal 29 14 0 -pidl 17 7 0 -ppp 14 0 0 +pidl 18 7 0 +ppp 15 0 0 python 0 0 0 -rsync35 17 0 +rsync34 16 0 samba0 0 0 samba-docs 0 0 0 -samba-gtk3 3 0 -samba4 35 27 2 -samba_3_039 32 1 -smb-build31 30 0 -talloc 34 3 0 -tdb 34 5 0 +samba-gtk4 4 0 +samba4 36 32 3 +samba_3_039 27 0 +smb-build30 29 0 +talloc 33 3 0 +tdb 33 4 0
svn commit: samba r22731 - in branches/SAMBA_3_0/source: . tests
Author: derrell Date: 2007-05-07 03:02:24 + (Mon, 07 May 2007) New Revision: 22731 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22731 Log: - Fix bug #4594. configure.in determines if -Werror-implicit-function-declaration is available, and if so it enables that flag if --enable-developer is specified. Since the configure tests themselves did not use that flag, it was possible for a configure test to succeed, followed by a failed compilation due to a facility being available but not having a proper declaration in a header file. (This bit me with readahead().) This patch ensures that if implicit function declarations will kill the build, the feature being tested is deselected so the build will succeed. The autoconf manual suggests using return instead of exit in configure tests because the declaration for exit is often missing. We require this now, since we error if prototypes are missing. See section 5.5.1 of http://www.gnu.org/software/autoconf/manual/autoconf.html. This patch makes these changes, because in fact, an external declaration for exit is missing here (and likely elsewhere). I've verified that the features selected (here) with the original configure.in and the new one are the same except for, in my case, readahead. I've also confirmed that the generated Makefile is identical. These changes are not being applied to the 3.0.26 branch because it does not exhibit the initial problem this patch is supposed to solve since it doesn't attempt to use -Werror-implicit-function-declaration. Modified: branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/tests/crypttest.c branches/SAMBA_3_0/source/tests/fcntl_lock.c branches/SAMBA_3_0/source/tests/fcntl_lock64.c branches/SAMBA_3_0/source/tests/ftruncate.c branches/SAMBA_3_0/source/tests/getgroups.c branches/SAMBA_3_0/source/tests/shared_mmap.c branches/SAMBA_3_0/source/tests/summary.c branches/SAMBA_3_0/source/tests/trivial.c branches/SAMBA_3_0/source/tests/unixsock.c Changeset: Sorry, the patch is too large (858 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22731
svn commit: samba r22732 - in branches/SAMBA_3_0/source: include libsmb
Author: derrell Date: 2007-05-07 03:07:39 + (Mon, 07 May 2007) New Revision: 22732 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22732 Log: - Testing of libsmbclient against Vista revealed what is likely a bug in Vista. Vista provides a plethora of kludges to simulate older versions of Windows. The kludges are in the form of shortcuts (or more likely symbolic links, but I don't know enough about Vista to determine that definitively) and in most cases, attempts to access them get back an access denied error. On one particular folder, however, share/Users/All Users, it returns an unknown (to ethereal and the Samba3 code) NT status code: 0x802d. Although this code does not have a high byte of 0xc0 indicating that it is an error, it appears to be an alternate form of access denied. Without this patch, libsmbclient times out on an attempt to enumerate that folder rather than returning an error to the caller. This patch corrects that problem. Modified: branches/SAMBA_3_0/source/include/nterr.h branches/SAMBA_3_0/source/libsmb/clierror.c branches/SAMBA_3_0/source/libsmb/clitrans.c Changeset: Modified: branches/SAMBA_3_0/source/include/nterr.h === --- branches/SAMBA_3_0/source/include/nterr.h 2007-05-07 03:02:24 UTC (rev 22731) +++ branches/SAMBA_3_0/source/include/nterr.h 2007-05-07 03:07:39 UTC (rev 22732) @@ -30,6 +30,9 @@ #define STATUS_NO_MORE_FILES NT_STATUS(0x8006) #define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x801a) +/* Vista Status codes. */ +#define NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT NT_STATUS(0x802d) + #define STATUS_MORE_ENTRIES NT_STATUS(0x0105) #define STATUS_SOME_UNMAPPED NT_STATUS(0x0107) #define ERROR_INVALID_PARAMETER NT_STATUS(0x0057) Modified: branches/SAMBA_3_0/source/libsmb/clierror.c === --- branches/SAMBA_3_0/source/libsmb/clierror.c 2007-05-07 03:02:24 UTC (rev 22731) +++ branches/SAMBA_3_0/source/libsmb/clierror.c 2007-05-07 03:07:39 UTC (rev 22732) @@ -385,6 +385,15 @@ return cli_errno_from_nt(status); } +/* + * Yuck! A special case for this Vista error. Since its high-order + * byte isn't 0xc0, it doesn't match cli_is_nt_error() above. + */ +status = cli_nt_error(cli); +if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { +return EACCES; +} + /* for other cases */ return EINVAL; } Modified: branches/SAMBA_3_0/source/libsmb/clitrans.c === --- branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-05-07 03:02:24 UTC (rev 22731) +++ branches/SAMBA_3_0/source/libsmb/clitrans.c 2007-05-07 03:07:39 UTC (rev 22732) @@ -196,11 +196,18 @@ * returned when a trans2 findfirst/next finishes. * When setting up an encrypted transport we can also * see NT_STATUS_MORE_PROCESSING_REQUIRED here. + * + * Vista returns NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT if the folder + * share/Users/All Users is enumerated. This is a special pseudo + * folder, and the response does not have parameters (nor a parameter + * length). */ status = cli_nt_error(cli); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { - if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { + if (NT_STATUS_IS_ERR(status) || +NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES) || + NT_STATUS_EQUAL(status,NT_STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { goto out; } }
svn commit: samba r22733 - in branches/SAMBA_3_0_26/source: include libsmb
Author: derrell Date: 2007-05-07 03:16:54 + (Mon, 07 May 2007) New Revision: 22733 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22733 Log: NOTE: the 3.0.26 branch does not currently fully compile due to a winbind error, and I don't currently have access to Vista to verify this branch's code. Due to differences between this branch and the SAMBA_3_0, this patch is very slightly different than what I used in SAMBA_3_0 in order to match this branch's code better. Hopefully I didn't screw anything up in the changes... - Testing of libsmbclient against Vista revealed what is likely a bug in Vista. Vista provides a plethora of kludges to simulate older versions of Windows. The kludges are in the form of shortcuts (or more likely symbolic links, but I don't know enough about Vista to determine that definitively) and in most cases, attempts to access them get back an access denied error. On one particular folder, however, share/Users/All Users, it returns an unknown (to ethereal and the Samba3 code) NT status code: 0x802d. Although this code does not have a high byte of 0xc0 indicating that it is an error, it appears to be an alternate form of access denied. Without this patch, libsmbclient times out on an attempt to enumerate that folder rather than returning an error to the caller. This patch corrects that problem. Modified: branches/SAMBA_3_0_26/source/include/nterr.h branches/SAMBA_3_0_26/source/libsmb/clierror.c branches/SAMBA_3_0_26/source/libsmb/clitrans.c Changeset: Modified: branches/SAMBA_3_0_26/source/include/nterr.h === --- branches/SAMBA_3_0_26/source/include/nterr.h2007-05-07 03:07:39 UTC (rev 22732) +++ branches/SAMBA_3_0_26/source/include/nterr.h2007-05-07 03:16:54 UTC (rev 22733) @@ -30,6 +30,9 @@ #define STATUS_NO_MORE_FILES NT_STATUS(0x8006) #define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x801a) +/* Vista Status codes. */ +#define STATUS_INACCESSIBLE_SYSTEM_SHORTCUT NT_STATUS(0x802d) + #define STATUS_MORE_ENTRIES NT_STATUS(0x0105) #define STATUS_SOME_UNMAPPED NT_STATUS(0x0107) #define ERROR_INVALID_PARAMETER NT_STATUS(0x0057) Modified: branches/SAMBA_3_0_26/source/libsmb/clierror.c === --- branches/SAMBA_3_0_26/source/libsmb/clierror.c 2007-05-07 03:07:39 UTC (rev 22732) +++ branches/SAMBA_3_0_26/source/libsmb/clierror.c 2007-05-07 03:16:54 UTC (rev 22733) @@ -380,6 +380,15 @@ return cli_errno_from_nt(status); } +/* + * Yuck! A special case for this Vista error. Since its high-order + * byte isn't 0xc0, it doesn't match cli_is_nt_error() above. + */ +status = cli_nt_error(cli); +if (NT_STATUS_V(status) == NT_STATUS_V(STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { +return EACCES; +} + /* for other cases */ return EINVAL; } Modified: branches/SAMBA_3_0_26/source/libsmb/clitrans.c === --- branches/SAMBA_3_0_26/source/libsmb/clitrans.c 2007-05-07 03:07:39 UTC (rev 22732) +++ branches/SAMBA_3_0_26/source/libsmb/clitrans.c 2007-05-07 03:16:54 UTC (rev 22733) @@ -197,7 +197,9 @@ */ status = cli_nt_error(cli); - if (NT_STATUS_IS_ERR(status) || NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES)) { + if (NT_STATUS_IS_ERR(status) || +NT_STATUS_EQUAL(status,STATUS_NO_MORE_FILES) || +NT_STATUS_EQUAL(status,STATUS_INACCESSIBLE_SYSTEM_SHORTCUT)) { goto out; }
svn commit: samba r22734 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2007-05-07 05:42:26 + (Mon, 07 May 2007) New Revision: 22734 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22734 Log: - use samr pipe if it is already opened - close connection handle after domains enumeration - collect domain names in subsequent rounds of enumeration (if there are more than one) rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_domain.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_domain.c === --- branches/SAMBA_4_0/source/libnet/libnet_domain.c2007-05-07 03:16:54 UTC (rev 22733) +++ branches/SAMBA_4_0/source/libnet/libnet_domain.c2007-05-07 05:42:26 UTC (rev 22734) @@ -852,6 +852,7 @@ struct libnet_RpcConnect rpcconn; struct samr_Connect samrconn; struct samr_EnumDomains enumdom; + struct samr_Close samrclose; const char *hostname; struct policy_handle connect_handle; int buf_size; @@ -866,6 +867,7 @@ static void continue_rpc_connect(struct composite_context *c); static void continue_samr_connect(struct rpc_request *c); static void continue_samr_enum_domains(struct rpc_request *req); +static void continue_samr_close_handle(struct rpc_request *req); static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_list_state *s); @@ -927,13 +929,15 @@ /* Stage 3: Receive domain names available and repeat the request - enumeration is not complete yet + enumeration is not complete yet. Close samr connection handle + upon completion. */ static void continue_samr_enum_domains(struct rpc_request *req) { struct composite_context *c; struct domain_list_state *s; struct rpc_request *enumdom_req; + struct rpc_request *samrclose_req; c = talloc_get_type(req-async.private, struct composite_context); s = talloc_get_type(c-private_data, struct domain_list_state); @@ -944,17 +948,18 @@ if (NT_STATUS_IS_OK(s-enumdom.out.result)) { s-domains = get_domain_list(c, s); - composite_done(c); } else if (NT_STATUS_EQUAL(s-enumdom.out.result, STATUS_MORE_ENTRIES)) { s-domains = get_domain_list(c, s); + /* prepare next round of enumeration */ s-enumdom.in.connect_handle = s-connect_handle; s-enumdom.in.resume_handle = s-resume_handle; s-enumdom.in.buf_size = s-buf_size; s-enumdom.out.resume_handle = s-resume_handle; + /* send the request */ enumdom_req = dcerpc_samr_EnumDomains_send(s-ctx-samr.pipe, c, s-enumdom); if (composite_nomem(enumdom_req, c)) return; @@ -962,11 +967,45 @@ } else { composite_error(c, s-enumdom.out.result); + return; } + + /* close samr connection handle */ + s-samrclose.in.handle = s-connect_handle; + s-samrclose.out.handle = s-connect_handle; + + /* send the request */ + samrclose_req = dcerpc_samr_Close_send(s-ctx-samr.pipe, c, s-samrclose); + if (composite_nomem(samrclose_req, c)) return; + + composite_continue_rpc(c, samrclose_req, continue_samr_close_handle, c); } /* + Stage 4: Receive result of closing samr connection handle. +*/ +static void continue_samr_close_handle(struct rpc_request *req) +{ + struct composite_context *c; + struct domain_list_state *s; + + c = talloc_get_type(req-async.private, struct composite_context); + s = talloc_get_type(c-private_data, struct domain_list_state); + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + /* did everything go fine ? */ + if (!NT_STATUS_IS_OK(s-samrclose.out.result)) { + composite_error(c, s-samrclose.out.result); + } + + composite_done(c); +} + + +/* Utility function to copy domain names from result of samr_EnumDomains call */ static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_list_state *s) @@ -974,20 +1013,28 @@ int i; if (mem_ctx == NULL || s == NULL) return NULL; - /* number of entries returned (domains enumerated) */ - s-count = s-enumdom.out.num_entries; - /* copy domain names returned from samr_EnumDomains call */ - s-domains = talloc_array(mem_ctx, struct domainlist, s-enumdom.out.num_entries); - for (i = 0; i s-enumdom.out.num_entries; i++) + if (s-domains == NULL) { + s-domains = talloc_array(mem_ctx, struct domainlist, + s-enumdom.out.num_entries); + } else { + s-domains = talloc_realloc(mem_ctx, s-domains, struct domainlist, + s-count + s-enumdom.out.num_entries); + } + +
svn commit: samba r22735 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2007-05-07 05:55:40 + (Mon, 07 May 2007) New Revision: 22735 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22735 Log: correct some comments rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_domain.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_domain.c === --- branches/SAMBA_4_0/source/libnet/libnet_domain.c2007-05-07 05:42:26 UTC (rev 22734) +++ branches/SAMBA_4_0/source/libnet/libnet_domain.c2007-05-07 05:55:40 UTC (rev 22735) @@ -1013,7 +1013,7 @@ int i; if (mem_ctx == NULL || s == NULL) return NULL; - /* copy domain names returned from samr_EnumDomains call */ + /* prepare domains array */ if (s-domains == NULL) { s-domains = talloc_array(mem_ctx, struct domainlist, s-enumdom.out.num_entries); @@ -1022,6 +1022,7 @@ s-count + s-enumdom.out.num_entries); } + /* copy domain names returned from samr_EnumDomains call */ for (i = s-count; i s-count + s-enumdom.out.num_entries; i++) { struct lsa_String *domain_name = s-enumdom.out.sam-entries[i - s-count].name;