svn commit: samba r17173 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2006-07-21 02:05:45 + (Fri, 21 Jul 2006)
New Revision: 17173
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17173
Log:
Check for oversize output, not oversize input, and fix the GSSAPI mech
to work (it broke it in the previous commit).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21
01:58:17 UTC (rev 17172)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21
02:05:45 UTC (rev 17173)
@@ -741,16 +741,6 @@
input_token.length = in->length;
input_token.value = in->data;
- if (gensec_gssapi_state->sasl) {
- size_t max_input_size =
gensec_gssapi_max_input_size(gensec_security);
- if (max_input_size < in->length) {
- DEBUG(1, ("gensec_gssapi_wrap: INPUT data (%u) is
larger than SASL negotiated maximum size (%u)\n",
- in->length,
- (unsigned int)max_input_size));
- }
- return NT_STATUS_INVALID_PARAMETER;
- }
-
maj_stat = gss_wrap(&min_stat,
gensec_gssapi_state->gssapi_context,
gensec_have_feature(gensec_security,
GENSEC_FEATURE_SEAL),
@@ -767,6 +757,17 @@
*out = data_blob_talloc(mem_ctx, output_token.value,
output_token.length);
gss_release_buffer(&min_stat, &output_token);
+ if (gensec_gssapi_state->sasl) {
+ size_t max_wrapped_size =
gensec_gssapi_max_wrapped_size(gensec_security);
+ if (max_wrapped_size < out->length) {
+ DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data
(%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n",
+ in->length,
+ out->length,
+ (unsigned int)max_wrapped_size));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
&& !conf_state) {
return NT_STATUS_ACCESS_DENIED;
svn commit: samba r17172 - in branches/SAMBA_3_0: .
Author: jht Date: 2006-07-21 01:58:17 + (Fri, 21 Jul 2006) New Revision: 17172 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17172 Log: Fix typo. Modified: branches/SAMBA_3_0/MAINTAINERS Changeset: Modified: branches/SAMBA_3_0/MAINTAINERS === --- branches/SAMBA_3_0/MAINTAINERS 2006-07-21 01:44:24 UTC (rev 17171) +++ branches/SAMBA_3_0/MAINTAINERS 2006-07-21 01:58:17 UTC (rev 17172) @@ -7,7 +7,7 @@ responsible for 3rd party projects that work with Samba (e.g. vfs modules). -Note that this list is for you benefit, but please do not +Note that this list is for your benefit, but please do not abuse it by constantly emailing a stream of help questions to the maintainers. Some are more open to direct communication than others and some struggle with enormous
svn commit: samba r17171 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: abartlet
Date: 2006-07-21 01:44:24 + (Fri, 21 Jul 2006)
New Revision: 17171
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17171
Log:
Add a gensec function to determine the maximum negotiated buffer size,
and the maximum amount of user data that may be fitted into that.
This is used in the new SASL code, to correctly honour SASL buffer sizes.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec.c
branches/SAMBA_4_0/source/auth/gensec/gensec.h
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.c
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-21 01:37:38 UTC
(rev 17170)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-21 01:44:24 UTC
(rev 17171)
@@ -815,6 +815,24 @@
return gensec_security->ops->sig_size(gensec_security, data_size);
}
+size_t gensec_max_input_size(struct gensec_security *gensec_security)
+{
+ if (!gensec_security->ops->max_input_size) {
+ return (1 << 17) - gensec_sig_size(gensec_security, 1 << 17);
+ }
+
+ return gensec_security->ops->max_input_size(gensec_security);
+}
+
+size_t gensec_max_wrapped_size(struct gensec_security *gensec_security)
+{
+ if (!gensec_security->ops->max_wrapped_size) {
+ return (1 << 17);
+ }
+
+ return gensec_security->ops->max_wrapped_size(gensec_security);
+}
+
_PUBLIC_ NTSTATUS gensec_wrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec.h 2006-07-21 01:37:38 UTC
(rev 17170)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec.h 2006-07-21 01:44:24 UTC
(rev 17171)
@@ -78,6 +78,8 @@
const uint8_t *whole_pdu, size_t pdu_length,
DATA_BLOB *sig);
size_t (*sig_size)(struct gensec_security *gensec_security, size_t
data_size);
+ size_t (*max_input_size)(struct gensec_security *gensec_security);
+ size_t (*max_wrapped_size)(struct gensec_security *gensec_security);
NTSTATUS (*check_packet)(struct gensec_security *gensec_security,
TALLOC_CTX *sig_mem_ctx,
const uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21
01:37:38 UTC (rev 17170)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21
01:44:24 UTC (rev 17171)
@@ -67,8 +67,13 @@
uint8_t sasl_protection; /* What was negotiated at the SASL
* layer, independent of the GSSAPI
* layer... */
+
+ size_t max_wrap_buf_size;
};
+static size_t gensec_gssapi_max_input_size(struct gensec_security
*gensec_security);
+static size_t gensec_gssapi_max_wrapped_size(struct gensec_security
*gensec_security);
+
static char *gssapi_error_string(TALLOC_CTX *mem_ctx,
OM_uint32 maj_stat, OM_uint32 min_stat)
{
@@ -129,6 +134,9 @@
return NT_STATUS_NO_MEMORY;
}
+ gensec_gssapi_state->max_wrap_buf_size
+ = lp_parm_int(-1, "gensec_gssapi", "max wrap buf size", 65535);
+
gensec_gssapi_state->sasl = False;
gensec_gssapi_state->sasl_state = STAGE_GSS_NEG;
@@ -490,6 +498,7 @@
}
break;
}
+
/* These last two stages are only done if we were invoked as SASL */
case STAGE_SASL_SSF_NEG:
{
@@ -497,11 +506,17 @@
case GENSEC_CLIENT:
{
uint8_t maxlength_proposed[4];
+ uint8_t maxlength_accepted[4];
uint8_t security_supported;
int conf_state;
gss_qop_t qop_state;
input_token.length = in.length;
input_token.value = in.data;
+
+ /* As a client, we have just send a
+* zero-length blob to the server (after the
+* normal GSSAPI exchange), and it has replied
+* with it's SASL negotiation */
maj_stat = gss_unwrap(&min_stat,
gensec_gssapi_state->gssapi_context,
@@ -521,10 +536,14 @@
mem
svn commit: samba r17170 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: abartlet
Date: 2006-07-21 01:37:38 + (Fri, 21 Jul 2006)
New Revision: 17170
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17170
Log:
Catch some more out-of-memory cases, and provide some clues when
chasing down bad signatures that may be due to data truncation.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c
===
--- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c 2006-07-21
01:35:26 UTC (rev 17169)
+++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_sign.c 2006-07-21
01:37:38 UTC (rev 17170)
@@ -110,6 +110,9 @@
memcpy(sig->data + 4, digest, 8);
memcpy(sig->data + 12, seq_num, 4);
+ DEBUG(10, ("NTLM2: created signature over %llu bytes of
input:\n", (unsigned long long)pdu_length));
+ dump_data(11, sig->data, sig->length);
+
} else {
uint32_t crc;
crc = crc32_calc_buffer(data, length);
@@ -119,8 +122,10 @@
gensec_ntlmssp_state->crypt.ntlm.seq_num++;
arcfour_crypt_sbox(gensec_ntlmssp_state->crypt.ntlm.arcfour_state, sig->data+4,
sig->length-4);
+
+ DEBUG(10, ("NTLM1: created signature over %llu bytes of
input:\n", (unsigned long long)length));
+ dump_data(11, sig->data, sig->length);
}
- dump_data_pw("calculated ntlmssp signature\n", sig->data, sig->length);
return NT_STATUS_OK;
}
@@ -179,26 +184,26 @@
if (local_sig.length != sig->length ||
memcmp(local_sig.data,
sig->data, sig->length) != 0) {
- DEBUG(5, ("BAD SIG NTLM2: wanted signature of\n"));
+ DEBUG(5, ("BAD SIG NTLM2: wanted signature over %llu
bytes of input:\n", (unsigned long long)pdu_length));
dump_data(5, local_sig.data, local_sig.length);
- DEBUG(5, ("BAD SIG: got signature of\n"));
+ DEBUG(5, ("BAD SIG: got signature over %llu bytes of
input:\n", (unsigned long long)pdu_length));
dump_data(5, sig->data, sig->length);
- DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to
invalid signature!\n"));
+ DEBUG(0, ("NTLMSSP NTLM2 packet check failed due to
invalid signature on %llu bytes of input!\n", (unsigned long long)pdu_length));
return NT_STATUS_ACCESS_DENIED;
}
} else {
if (local_sig.length != sig->length ||
memcmp(local_sig.data + 8,
sig->data + 8, sig->length - 8) != 0) {
- DEBUG(5, ("BAD SIG NTLM1: wanted signature of\n"));
+ DEBUG(5, ("BAD SIG NTLM1: wanted signature of %llu
bytes of input:\n", (unsigned long long)length));
dump_data(5, local_sig.data, local_sig.length);
- DEBUG(5, ("BAD SIG: got signature of\n"));
+ DEBUG(5, ("BAD SIG: got signature of %llu bytes of
input:\n", (unsigned long long)length));
dump_data(5, sig->data, sig->length);
- DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to
invalid signature!\n"));
+ DEBUG(0, ("NTLMSSP NTLM1 packet check failed due to
invalid signature on %llu bytes of input:\n", (unsigned long long)length));
return NT_STATUS_ACCESS_DENIED;
}
}
@@ -456,6 +461,9 @@
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)) {
*out = data_blob_talloc(sig_mem_ctx, NULL, in->length +
NTLMSSP_SIG_SIZE);
+ if (!out->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
nt_status = gensec_ntlmssp_seal_packet(gensec_security,
sig_mem_ctx,
@@ -473,6 +481,9 @@
} else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
*out = data_blob_talloc(sig_mem_ctx, NULL, in->length +
NTLMSSP_SIG_SIZE);
+ if (!out->data) {
+ return NT_STATUS_NO_MEMORY;
+ }
memcpy(out->data + NTLMSSP_SIG_SIZE, in->data, in->length);
nt_status = gensec_ntlmssp_sign_packet(gensec_security,
sig_mem_ctx,
svn commit: samba r17169 - in branches/SAMBA_4_0/source/script/tests: .
Author: abartlet Date: 2006-07-21 01:35:26 + (Fri, 21 Jul 2006) New Revision: 17169 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17169 Log: Test LDAP with testnonblock. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/tests/test_ldap.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_ldap.sh === --- branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-07-21 01:34:56 UTC (rev 17168) +++ branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-07-21 01:35:26 UTC (rev 17169) @@ -24,7 +24,7 @@ . $incdir/test_functions.sh for p in $PROTOCOLS; do - for options in "" "-U$USERNAME%$PASSWORD"; do + for options in "" "--option=socket:testnonblock=true" "-U$USERNAME%$PASSWORD --option=socket:testnonblock=true" "-U$USERNAME%$PASSWORD"; do echo "TESTING PROTOCOL $p with options $options" testit "RootDSE" bin/ldbsearch $CONFIGURATION $options --basedn='' -H $p://$SERVER -s base DUMMY=x dnsHostName highestCommittedUSN || failed=`expr $failed + 1`
svn commit: samba r17168 - in branches/SAMBA_4_0/source/lib: socket tls
Author: abartlet
Date: 2006-07-21 01:34:56 + (Fri, 21 Jul 2006)
New Revision: 17168
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17168
Log:
Now that TLS (and soon SASL) is below the socket layer, we need to
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/lib/socket/socket.c
branches/SAMBA_4_0/source/lib/socket/socket.h
branches/SAMBA_4_0/source/lib/tls/config.mk
branches/SAMBA_4_0/source/lib/tls/tls.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/socket/socket.c
===
--- branches/SAMBA_4_0/source/lib/socket/socket.c 2006-07-21 00:56:48 UTC
(rev 17167)
+++ branches/SAMBA_4_0/source/lib/socket/socket.c 2006-07-21 01:34:56 UTC
(rev 17168)
@@ -66,6 +66,7 @@
/* by enabling "testnonblock" mode, all socket receive and
send calls on non-blocking sockets will randomly recv/send
less data than requested */
+
if (!(flags & SOCKET_FLAG_BLOCK) &&
type == SOCKET_TYPE_STREAM &&
lp_parm_bool(-1, "socket", "testnonblock", False)) {
@@ -185,14 +186,21 @@
return NT_STATUS_NOT_IMPLEMENTED;
}
- if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) && wantlen > 1) {
- if (random() % 10 == 0) {
- *nread = 0;
- return STATUS_MORE_ENTRIES;
+ if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK)
+ && wantlen > 1) {
+
+ /* The returning of 0 and MORE_ENTRIES is incompatible
+ with TLS and SASL sockets, as there is not a
+ constant event source to re-trigger the reads */
+
+ if (!(sock->flags & SOCKET_FLAG_FAKE)) {
+ if (random() % 10 == 0) {
+ *nread = 0;
+ return STATUS_MORE_ENTRIES;
+ }
}
return sock->ops->fn_recv(sock, buf, 1+(random() % wantlen),
nread);
}
-
return sock->ops->fn_recv(sock, buf, wantlen, nread);
}
@@ -229,17 +237,21 @@
if (!sock->ops->fn_send) {
return NT_STATUS_NOT_IMPLEMENTED;
}
-
- if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) && blob->length > 1) {
- DATA_BLOB blob2 = *blob;
+
+ if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK)
+ && blob->length > 1) {
if (random() % 10 == 0) {
*sendlen = 0;
return STATUS_MORE_ENTRIES;
}
- blob2.length = 1+(random() % blob2.length);
- return sock->ops->fn_send(sock, &blob2, sendlen);
+ /* The variable size sends are incompatilbe with TLS and SASL
+* sockets, which require re-sends to be consistant */
+ if (!(sock->flags & SOCKET_FLAG_FAKE)) {
+ DATA_BLOB blob2 = *blob;
+ blob2.length = 1+(random() % blob2.length);
+ return sock->ops->fn_send(sock, &blob2, sendlen);
+ }
}
-
return sock->ops->fn_send(sock, blob, sendlen);
}
Modified: branches/SAMBA_4_0/source/lib/socket/socket.h
===
--- branches/SAMBA_4_0/source/lib/socket/socket.h 2006-07-21 00:56:48 UTC
(rev 17167)
+++ branches/SAMBA_4_0/source/lib/socket/socket.h 2006-07-21 01:34:56 UTC
(rev 17168)
@@ -102,6 +102,7 @@
#define SOCKET_FLAG_BLOCK0x0001
#define SOCKET_FLAG_PEEK 0x0002
#define SOCKET_FLAG_TESTNONBLOCK 0x0004
+#define SOCKET_FLAG_FAKE 0x0008 /* This is an implementation not
directly on top of a real socket */
struct socket_context {
enum socket_type type;
Modified: branches/SAMBA_4_0/source/lib/tls/config.mk
===
--- branches/SAMBA_4_0/source/lib/tls/config.mk 2006-07-21 00:56:48 UTC (rev
17167)
+++ branches/SAMBA_4_0/source/lib/tls/config.mk 2006-07-21 01:34:56 UTC (rev
17168)
@@ -5,7 +5,7 @@
tls.o \
tlscert.o
PUBLIC_DEPENDENCIES = \
- LIBTALLOC GNUTLS LIBSAMBA-CONFIG
+ LIBTALLOC GNUTLS LIBSAMBA-CONFIG samba-socket
#
# End SUBSYSTEM LIBTLS
Modified: branches/SAMBA_4_0/source/lib/tls/tls.c
===
--- branches/SAMBA_4_0/source/lib/tls/tls.c 2006-07-21 00:56:48 UTC (rev
17167)
+++ branches/SAMBA_4_0/source/lib/tls/tls.c 2006-07-21 01:34:56 UTC (rev
17168)
@@ -443,7 +443,8 @@
NTSTATUS nt_status;
nt_status = socket_create_with_ops(socket, &tls_socket_ops, &new_sock,
- SOC
svn commit: samba r17167 - in branches/SAMBA_4_0/source/lib/util: .
Author: abartlet
Date: 2006-07-21 00:56:48 + (Fri, 21 Jul 2006)
New Revision: 17167
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17167
Log:
indent
Modified:
branches/SAMBA_4_0/source/lib/util/data_blob.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/util/data_blob.c
===
--- branches/SAMBA_4_0/source/lib/util/data_blob.c 2006-07-20 22:27:03 UTC
(rev 17166)
+++ branches/SAMBA_4_0/source/lib/util/data_blob.c 2006-07-21 00:56:48 UTC
(rev 17167)
@@ -206,7 +206,7 @@
append some data to a data blob
**/
_PUBLIC_ NTSTATUS data_blob_append(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
- const void *p, size_t length)
+ const void *p, size_t length)
{
blob->data = talloc_realloc_size(mem_ctx, blob->data,
blob->length + length);
Build status as of Fri Jul 21 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-20 00:00:18.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-21 00:00:09.0 + @@ -1,18 +1,18 @@ -Build status as of Thu Jul 20 00:00:02 2006 +Build status as of Fri Jul 21 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 34 6 0 -distcc 28 2 0 +ccache 33 6 0 +distcc 27 2 0 lorikeet-heimdal 0 0 0 ppp 17 0 0 -rsync28 0 0 +rsync27 0 0 samba3 0 0 samba-docs 0 0 0 samba4 38 26 4 -samba_3_037 26 3 +samba_3_036 23 1 smb-build24 24 0 -talloc 32 13 0 -tdb 29 10 0 +talloc 31 12 0 +tdb 28 9 0
svn commit: samba r17166 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2006-07-20 22:27:03 + (Thu, 20 Jul 2006) New Revision: 17166 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17166 Log: fixups based on comments from Volker Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 21:22:06 UTC (rev 17165) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 22:27:03 UTC (rev 17166) @@ -18,6 +18,7 @@ running winbindd. o Failure to add users or groups to ACLs using the Windows object picker. + o Failure in file serving code when 'kernel oplocks = yes'. New features in 3.0.23a include: @@ -69,7 +70,7 @@ o Guenther Deschner <[EMAIL PROTECTED]> * Don't clear the cache when starting winbindd in off line mode. -* Fix erron reporting in pam_winbind debug messages. +* Fix errno reporting in pam_winbind debug messages. * BUG 3937: Fix segv in libnss_wins.so. @@ -78,7 +79,7 @@ request code. * AIX portability fixes for DNS client code. * BUG 3811, 3948: Fix alignment bug in on lsaquery. -* BUG 3949: Fixed authorization issue no domain member +* BUG 3949: Fixed authorization issue on domain member servers not running winbindd.
svn commit: samba r17165 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2006-07-20 21:22:06 + (Thu, 20 Jul 2006) New Revision: 17165 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17165 Log: more changes to the release notes Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 20:49:06 UTC (rev 17164) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 21:22:06 UTC (rev 17165) @@ -5,10 +5,28 @@ This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current -bug-fixes. Please read the changes in this section for details on -new features and difference in behavior from previous releases. +bug-fixes. Please read the changes in this section and for the +original 3.0.23 release regarding new features and difference +in behavior from previous releases. +Common bugs fixed in 3.0.23a include: + o Failure to strip the domain name from groups when 'winbind +use default domain = yes' + o Failure in pam_winbind to correctly parse arguments. + o Bad token creation of local users on member servers not +running winbindd. + o Failure to add users or groups to ACLs using the Windows +object picker. + +New features in 3.0.23a include: + + o New "createupn" option to "net ads join" + o Rewritten Kerberos keytab generation when 'use kerberos +keytab = yes' + + + ## Changes ### @@ -19,14 +37,64 @@ commits --- o Jeremy Allison <[EMAIL PROTECTED]> +* Fix memory leaks in the POSIX locking for for the Linux CIFS fs + client. +* Fix memory leaks in the AD schema parsing code. +* Fixed bug in interaction with Linux kernel oplocks. + o Gerald (Jerry) Carter <[EMAIL PROTECTED]> +* Rewrite the detection of the correct DES salting principal name + when joining an Active Directory Domain. +* Rewrite the keytab generation code based on existing SPN, + UPN, and sAMAccountName attributes in the AD machine object. +* Cleanup of dead code from idmap_ad. +* Fix Winbind 32bit/64bit portability issues. +* Fail 'net ads join' and disable the machine account if we cannot + set any SPNs for ourselves. +* Make sure to lower case all usernames before calling the create, + delete, or rename hooks. +* Preserve case for usernames in passdb +* Flush the getpwnam cache after renaming a user +* Add become/unbecome root block in _samr_delete_dom_user() when + trying to verify the account's existence. +* Changed 'net ads join' syntax for specifying an alternate + OU. New syntax is createcomputer=. +* Add createupn=[UPN] option to 'net ads join' for setting the + userPrincipalName attribute. +* Bug 3920: Restore winbind use default domain behavior for domain + groups. This break local users and 'winbind nested groups' on + domain members. + o Guenther Deschner <[EMAIL PROTECTED]> +* Don't clear the cache when starting winbindd in off line mode. +* Fix erron reporting in pam_winbind debug messages. +* BUG 3937: Fix segv in libnss_wins.so. + o Volker Lendecke <[EMAIL PROTECTED]> +* Fix memory leaks in the in error paths out of the CLDAP + request code. +* AIX portability fixes for DNS client code. +* BUG 3811, 3948: Fix alignment bug in on lsaquery. +* BUG 3949: Fixed authorization issue no domain member + servers not running winbindd. +o Andrew Tridgell <[EMAIL PROTECTED]> +* Fixed a bug which caused resolve_ads() to spin forever if + one of the DCs isn't resolvable in DNS. + + +o Simo Sorce <[EMAIL PROTECTED]> +* Debian packaging fixes. + + +o Dietrich Streifert <[EMAIL PROTECTED]> +* BUG 3916: Fix error parsing pam_winbind config arguments. + + Release Notes for older release follow: -- @@ -480,7 +548,7 @@ * Add help text for new 'net rpc audit' utility. * Add net ads search SID. * samrQueryDomainInfo level 5 should return the domain name, not our - netbios name when we are a DC. + NetBIOS name when we are a DC. * Add some more client rpc for the querydominfo calls (from samba4 idl). * Process all the supported info levels in the samr_query_domain_info2 call.
svn commit: samba r17164 - in tags: .
Author: jerry Date: 2006-07-20 20:49:06 + (Thu, 20 Jul 2006) New Revision: 17164 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17164 Log: tagging final real copy of trunk for posterity (and svn annotaue) Added: tags/trunk-final-update/ Changeset: Copied: tags/trunk-final-update (from rev 17033, trunk)
svn commit: samba r17163 - in branches/SAMBA_3_0_RELEASE: . source
Author: jerry
Date: 2006-07-20 20:35:26 + (Thu, 20 Jul 2006)
New Revision: 17163
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17163
Log:
correct version and save draf of release notes
Modified:
branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
branches/SAMBA_3_0_RELEASE/source/VERSION
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 20:23:04 UTC (rev
17162)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-07-20 20:35:26 UTC (rev
17163)
@@ -1,13 +1,41 @@
- ==
- Release Notes for Samba 3.0.23
-Jul 10, 2006
- ==
+ ===
+ Release Notes for Samba 3.0.23a
+ Jul 21, 2006
+ ===
This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the changes in this section for details on
new features and difference in behavior from previous releases.
+
+##
+Changes
+###
+
+Changes since 3.0.23
+
+
+commits
+---
+o Jeremy Allison <[EMAIL PROTECTED]>
+
+o Gerald (Jerry) Carter <[EMAIL PROTECTED]>
+
+o Guenther Deschner <[EMAIL PROTECTED]>
+
+o Volker Lendecke <[EMAIL PROTECTED]>
+
+
+Release Notes for older release follow:
+
+ --
+
+ ==
+ Release Notes for Samba 3.0.23
+Jul 10, 2006
+ ==
+
There has been a substantial amount of cleanup work done during
this development cycle. We would like to thank both Coverity
(http://www.coverity.com/) and Klocwork (http://www.klocwork.com/)
@@ -155,68 +183,12 @@
wins partners Removed
-Changes since 3.0.23rc3
+Changes since 3.0.22
+
commits
---
o Jeremy Allison <[EMAIL PROTECTED]>
-* BUG 3858: Ensure that all files are removed by a wildcard
- delete when 'hide unreadable = yes'.
-* Fix various issues raised by the Klocwork code analyzer.
-* Fix nmbd WINS serving bug causing duplicate IPs in the *<1b>
- query reply ("enhanced browsing = yes").
-* Fix SMB signing failures in client tools.
-* BUG 3909: Avoid EA lookups on MS-DFS links.
-
-
-o Nicholas Brealey <[EMAIL PROTECTED]>
-* Compile fix for pam_winbind.
-
-
-o Gerald (Jerry) Carter <[EMAIL PROTECTED]>
-* Use system provided killproc() in RedHat init scripts for
- more robust shutdown.
-* Fix a crash in the printer publishing code when adding a
- new printer via the APW.
-* Fix broken compile of unsupported smbwrapper utility.
-* BUG 3905: Fix smbd startup failure caused by a failure to
- create an NT token for the guest account.
-* BUG 3908: Fix RPC bind authentication failure which broke
- user password changes.
-* Ensure that "net ads join" reports failure correctly if
- it cannot set the machine account password.
-
-
-o Guenther Deschner <[EMAIL PROTECTED]>
-* Fix different extended_dn handling in adssearch.pl
- (Thanks to Frederic Brin at Novell).
-* Fix a memleak in winbindd's credentials cache.
-* Protect against crashes in CLDAP request processing.
-* Remove incomplete DfsEnum() info level to avoid an smbd crash.
-
-
-o Volker Lendecke <[EMAIL PROTECTED]>
-* Fix a memleak in the server registry code for enumeration
- shares.
-* Fix an invalid munlock() call in winbindd's credentials cache.
-* Fix compile warnings when passing NULL to snprintf().
-* BUG 3915: Fall back to a pure unix user with S-1-22 SIDs in the
- token in case anything weird is going on with the 'force user'.
-* CVE-2006-3403: Fix minor memory exhaustion DoS in smbd.
-
-
-o Jason Mader <[EMAIL PROTECTED]>
-* Compiler warning fixes.
-
-
-o Simo Sorce <[EMAIL PROTECTED]>
-* Set the correct sid type when looking up a gid.
-
-
-Changes since 3.0.22
-
-o Jeremy Allison <[EMAIL PROTECTED]>
* Fixes for various Klocwork defect reports.
* Cleanup pdb_get_XXX() methods and ensure that a failure
to allocate memory for a samu user structure is reported
@@ -313,6 +285,13 @@
read fails (inspired by Justin Best).
* BUG 3668: Workaround Windows bug with LARGE_READX where if
you ask for exactly 64k bytes it returns 0.
+* BUG 3858: Ensure that all files are removed by a wildcard
+ delete when 'hide unreadable = yes'.
+* Fi
svn commit: samba r17162 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0/source/nsswitch SAMBA_3_0_23/source/libsmb SAMBA_3_0_23/source/nsswitch SAMBA_3_0_RELEASE/source/libsmb SAMBA_3_0_RELEASE/sour
Author: jerry
Date: 2006-07-20 20:23:04 + (Thu, 20 Jul 2006)
New Revision: 17162
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17162
Log:
Fix typo small typos noticed by Paul Green.
Modified:
branches/SAMBA_3_0/source/libsmb/clikrb5.c
branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
branches/SAMBA_3_0_23/source/libsmb/clikrb5.c
branches/SAMBA_3_0_23/source/nsswitch/winbindd_nss.h
branches/SAMBA_3_0_RELEASE/source/libsmb/clikrb5.c
branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_nss.h
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c
===
--- branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-07-20 19:44:11 UTC (rev
17161)
+++ branches/SAMBA_3_0/source/libsmb/clikrb5.c 2006-07-20 20:23:04 UTC (rev
17162)
@@ -112,7 +112,7 @@
#ifndef HAVE_KRB5_SET_REAL_TIME
/*
- * Thir function is not in the Heimdal mainline.
+ * This function is not in the Heimdal mainline.
*/
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds,
int32_t microseconds)
{
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-07-20 19:44:11 UTC
(rev 17161)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2006-07-20 20:23:04 UTC
(rev 17162)
@@ -45,7 +45,7 @@
#if defined(uint64)
# define SMB_TIME_T uint64
#else
-# define SMB_TIME_t time_t
+# define SMB_TIME_T time_t
#endif
/* Socket commands */
Modified: branches/SAMBA_3_0_23/source/libsmb/clikrb5.c
===
--- branches/SAMBA_3_0_23/source/libsmb/clikrb5.c 2006-07-20 19:44:11 UTC
(rev 17161)
+++ branches/SAMBA_3_0_23/source/libsmb/clikrb5.c 2006-07-20 20:23:04 UTC
(rev 17162)
@@ -112,7 +112,7 @@
#ifndef HAVE_KRB5_SET_REAL_TIME
/*
- * Thir function is not in the Heimdal mainline.
+ * This function is not in the Heimdal mainline.
*/
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds,
int32_t microseconds)
{
Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_nss.h
===
--- branches/SAMBA_3_0_23/source/nsswitch/winbindd_nss.h2006-07-20
19:44:11 UTC (rev 17161)
+++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_nss.h2006-07-20
20:23:04 UTC (rev 17162)
@@ -45,7 +45,7 @@
#if defined(uint64)
# define SMB_TIME_T uint64
#else
-# define SMB_TIME_t time_t
+# define SMB_TIME_T time_t
#endif
/* Socket commands */
Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/clikrb5.c
===
--- branches/SAMBA_3_0_RELEASE/source/libsmb/clikrb5.c 2006-07-20 19:44:11 UTC
(rev 17161)
+++ branches/SAMBA_3_0_RELEASE/source/libsmb/clikrb5.c 2006-07-20 20:23:04 UTC
(rev 17162)
@@ -112,7 +112,7 @@
#ifndef HAVE_KRB5_SET_REAL_TIME
/*
- * Thir function is not in the Heimdal mainline.
+ * This function is not in the Heimdal mainline.
*/
krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds,
int32_t microseconds)
{
Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_nss.h
===
--- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_nss.h 2006-07-20
19:44:11 UTC (rev 17161)
+++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_nss.h 2006-07-20
20:23:04 UTC (rev 17162)
@@ -45,7 +45,7 @@
#if defined(uint64)
# define SMB_TIME_T uint64
#else
-# define SMB_TIME_t time_t
+# define SMB_TIME_T time_t
#endif
/* Socket commands */
svn commit: samba r17161 - in branches/SAMBA_3_0_RELEASE/source: auth nsswitch passdb rpc_server smbd utils
Author: jerry Date: 2006-07-20 19:44:11 + (Thu, 20 Jul 2006) New Revision: 17161 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17161 Log: sync files from SAMBA_3_0_23 branch Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_group.c branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_interface.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_ldap.c branches/SAMBA_3_0_RELEASE/source/passdb/pdb_tdb.c branches/SAMBA_3_0_RELEASE/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_RELEASE/source/smbd/open.c branches/SAMBA_3_0_RELEASE/source/utils/net_ads.c Changeset: Sorry, the patch is too large (888 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17161
svn commit: samba r17160 - in branches/SAMBA_3_0_23/source/auth: .
Author: jerry
Date: 2006-07-20 19:15:49 + (Thu, 20 Jul 2006)
New Revision: 17160
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17160
Log:
merge r17022 from SAMBA_3_0. Thansk to Thomas Bork for pointing this out
Modified:
branches/SAMBA_3_0_23/source/auth/auth_util.c
Changeset:
Modified: branches/SAMBA_3_0_23/source/auth/auth_util.c
===
--- branches/SAMBA_3_0_23/source/auth/auth_util.c 2006-07-20 18:02:51 UTC
(rev 17159)
+++ branches/SAMBA_3_0_23/source/auth/auth_util.c 2006-07-20 19:15:49 UTC
(rev 17160)
@@ -955,7 +955,8 @@
return NT_STATUS_NO_MEMORY;
}
- if (server_info->was_mapped) {
+ if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
+ server_info->was_mapped) {
status = create_token_from_username(server_info,
server_info->unix_name,
server_info->guest,
svn commit: samba r17159 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_23/source/nsswitch
Author: jerry
Date: 2006-07-20 18:02:51 + (Thu, 20 Jul 2006)
New Revision: 17159
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17159
Log:
Bug 3920: Restore wnibind use default domain behavior for domain groups.
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.
My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c
branches/SAMBA_3_0_23/source/nsswitch/winbindd_util.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2006-07-20 14:39:06 UTC
(rev 17158)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2006-07-20 18:02:51 UTC
(rev 17159)
@@ -41,16 +41,9 @@
const char *gr_name, gid_t unix_gid)
{
fstring full_group_name;
- BOOL can_assume = False;
- /* I *hate* winbind use default domain Somehow I will figure out
- how to remove this parameter.-jerry */
+ fill_domain_username( full_group_name, dom_name, gr_name, True );
- if ( (lp_server_role() == ROLE_DOMAIN_MEMBER) && strequal(dom_name,
lp_workgroup() ) )
- can_assume = True;
-
- fill_domain_username( full_group_name, dom_name, gr_name, can_assume);
-
gr->gr_gid = unix_gid;
/* Group name and password */
@@ -153,7 +146,7 @@
/* Append domain name */
- fill_domain_username(name, domain->name, the_name, False);
+ fill_domain_username(name, domain->name, the_name, True);
len = strlen(name);
@@ -759,7 +752,7 @@
/* Fill in group entry */
fill_domain_username(domain_group_name, ent->domain_name,
-name_list[ent->sam_entry_index].acct_name, False);
+name_list[ent->sam_entry_index].acct_name, True);
result = fill_grent(&group_list[group_list_ndx],
ent->domain_name,
@@ -936,7 +929,7 @@
groups.sam_entries)[i].acct_name;
fstring name;
- fill_domain_username(name, domain->name, group_name,
False);
+ fill_domain_username(name, domain->name, group_name,
True);
/* Append to extra data */
memcpy(&extra_data[extra_data_len], name,
strlen(name));
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-20 14:39:06 UTC
(rev 17158)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-07-20 18:02:51 UTC
(rev 17159)
@@ -812,14 +812,28 @@
/* Is this a domain which we may assume no DOMAIN\ prefix? */
-static BOOL assume_domain(const char *domain) {
- if ((lp_winbind_use_default_domain()
- || lp_winbind_trusted_domains_only()) &&
- strequal(lp_workgroup(), domain))
- return True;
+static BOOL assume_domain(const char *domain)
+{
+ /* never assume the domain on a standalone server */
- if (strequal(get_global_sam_name(), domain))
+ if ( lp_server_role() == ROLE_STANDALONE )
+ return False;
+
+ /* domain member servers may possibly assume for the domain name */
+
+ if ( lp_server_role() == ROLE_DOMAIN_MEMBER ) {
+ if ( !strequal(lp_workgroup(), domain) )
+ return False;
+
+ if ( lp_winbind_use_default_domain() ||
lp_winbind_trusted_domains_only() )
+ return True;
+ }
+
+ /* only left with a domain controller */
+
+ if ( strequal(get_global_sam_name(), domain) ) {
return True;
+ }
return False;
}
@@ -832,7 +846,7 @@
if ( !p ) {
fstrcpy(user, domuser);
-
+
if ( assume_domain(lp_workgroup())) {
fstrcpy(domain, lp_workgroup());
} else {
Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c
===
--- branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c 2006-07-20
14:39:06 UTC (rev 17158)
+++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_group.c 2006-07-20
18:02:51 UTC (rev 17159)
@@ -42,7 +42,7 @@
{
fstring full_group_name;
- fill_domain_username( full_group_name, dom_name, gr_name, False);
+ fill_domain_userna
svn commit: samba r17158 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_23/source/utils
Author: jerry
Date: 2006-07-20 14:39:06 + (Thu, 20 Jul 2006)
New Revision: 17158
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17158
Log:
Add two new options to 'net ads join'
* [EMAIL PROTECTED]
* createcomputer= (this was previously
the only arg)
Modified:
branches/SAMBA_3_0/source/utils/net_ads.c
branches/SAMBA_3_0_23/source/utils/net_ads.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_0/source/utils/net_ads.c 2006-07-20 14:35:41 UTC (rev
17157)
+++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-07-20 14:39:06 UTC (rev
17158)
@@ -928,7 +928,7 @@
static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s )
{
ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
- char *host_upn, *new_dn;
+ char *new_dn;
ADS_MODLIST mods;
const char *servicePrincipalName[3] = {NULL, NULL, NULL};
char *psp;
@@ -964,9 +964,7 @@
return ADS_ERROR(LDAP_NO_MEMORY);
}
- /* Windows only creates HOST/shortname & HOST/fqdn. We create
- the UPN as well so that 'kinit -k' will work. You can only
- request a TGT for entries with a UPN in AD. */
+ /* Windows only creates HOST/shortname & HOST/fqdn. */
if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) )
goto done;
@@ -979,9 +977,63 @@
goto done;
servicePrincipalName[1] = psp;
- if (!(host_upn = talloc_asprintf(ctx, "[EMAIL PROTECTED]",
servicePrincipalName[0], ads_s->config.realm)))
+ if (!(mods = ads_init_mods(ctx))) {
goto done;
+ }
+
+ /* fields of primary importance */
+
+ ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn);
+ ads_mod_strlist(ctx, &mods, "servicePrincipalName",
servicePrincipalName);
+ status = ads_gen_mod(ads_s, new_dn, mods);
+
+done:
+ ads_msgfree(ads_s, res);
+
+ return status;
+}
+
+/***
+ Set a machines dNSHostName and servicePrincipalName attributes
+ /
+
+static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s,
const char *upn )
+{
+ ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
+ char *new_dn;
+ ADS_MODLIST mods;
+ LDAPMessage *res = NULL;
+ char *dn_string = NULL;
+ const char *machine_name = global_myname();
+ int count;
+
+ if ( !machine_name ) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ /* Find our DN */
+
+ status = ads_find_machine_acct(ads_s, (void **)(void *)&res,
machine_name);
+ if (!ADS_ERR_OK(status))
+ return status;
+
+ if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
+ DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
+ if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
+ DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL
(malloc failure?)\n"));
+ goto done;
+ }
+
+ new_dn = talloc_strdup(ctx, dn_string);
+ ads_memfree(ads_s, dn_string);
+ if (!new_dn) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+
/* now do the mods */
if (!(mods = ads_init_mods(ctx))) {
@@ -990,8 +1042,7 @@
/* fields of primary importance */
- ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn);
- ads_mod_strlist(ctx, &mods, "servicePrincipalName",
servicePrincipalName);
+ ads_mod_str(ctx, &mods, "userPrincipalName", upn);
status = ads_gen_mod(ads_s, new_dn, mods);
@@ -1001,7 +1052,6 @@
return status;
}
-
/***
join a domain using ADS (LDAP mods)
/
@@ -1089,6 +1139,19 @@
return kerberos_secrets_store_des_salt( salt );
}
+/*
+ utility function to parse an integer parameter from
+ "parameter = value"
+**/
+static char* get_string_param( const char* param )
+{
+ char *p;
+
+ if ( (p = strchr( param, '=' )) == NULL )
+ return NULL;
+
+ return (p+1);
+}
/***
join a domain using ADS (LDAP mods)
/
@@ -1103,6 +1166,10 @@
struct cldap_netlogon_reply cldap_reply;
TALLOC_CTX *ctx;
DOM_
svn commit: samba r17157 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: metze Date: 2006-07-20 14:35:41 + (Thu, 20 Jul 2006) New Revision: 17157 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17157 Log: bail out if sizeof(size_t) < sizeof(void *) metze Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 === --- branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-20 12:51:42 UTC (rev 17156) +++ branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-20 14:35:41 UTC (rev 17157) @@ -12,3 +12,7 @@ AC_CHECK_SIZEOF(size_t,cross) AC_CHECK_SIZEOF(ssize_t,cross) AC_CHECK_SIZEOF(void *,cross) + +if test $ac_cv_sizeof_size_t -lt $ac_cv_sizeof_void_p; then + AC_ERROR([sizeof(size_t) < sizeof(void *)]) +fi
svn commit: samba r17156 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: metze Date: 2006-07-20 12:51:42 + (Thu, 20 Jul 2006) New Revision: 17156 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17156 Log: check for the size of a pointer metze Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/config.m4 === --- branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-20 12:17:13 UTC (rev 17155) +++ branches/SAMBA_4_0/source/lib/talloc/config.m4 2006-07-20 12:51:42 UTC (rev 17156) @@ -11,3 +11,4 @@ AC_CHECK_SIZEOF(off_t,cross) AC_CHECK_SIZEOF(size_t,cross) AC_CHECK_SIZEOF(ssize_t,cross) +AC_CHECK_SIZEOF(void *,cross)
svn commit: samba r17155 - in branches/tmp/vl-messaging/source: . include libads passdb rpc_parse rpc_server services smbd utils
Author: vlendec Date: 2006-07-20 12:17:13 + (Thu, 20 Jul 2006) New Revision: 17155 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17155 Log: merge -r17132:17154 Modified: branches/tmp/vl-messaging/source/Makefile.in branches/tmp/vl-messaging/source/configure.in branches/tmp/vl-messaging/source/include/ads_dns.h branches/tmp/vl-messaging/source/libads/dns.c branches/tmp/vl-messaging/source/passdb/pdb_interface.c branches/tmp/vl-messaging/source/passdb/pdb_ldap.c branches/tmp/vl-messaging/source/passdb/pdb_tdb.c branches/tmp/vl-messaging/source/rpc_parse/parse_lsa.c branches/tmp/vl-messaging/source/rpc_server/srv_samr_nt.c branches/tmp/vl-messaging/source/services/svc_winreg.c branches/tmp/vl-messaging/source/smbd/open.c branches/tmp/vl-messaging/source/utils/net_ads.c Changeset: Sorry, the patch is too large (1152 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17155
svn commit: samba r17154 - in branches/tmp/vl-messaging/source/lib: .
Author: jmcd Date: 2006-07-20 09:37:44 + (Thu, 20 Jul 2006) New Revision: 17154 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17154 Log: >From Aleksey Fedoseev: - add some more debug - correct the unpacking functions - one shared database can be used now by multiple processes - refactor & clean database messages processing as a result: now smbd with locking via lockd passes tests on a single node server. Modified: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c Changeset: Sorry, the patch is too large (885 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17154
