diff options
author | Gerald Carter <jerry@samba.org> | 2006-06-09 12:25:25 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2006-06-09 12:25:25 +0000 |
commit | 40c1fd5fe6d7e853128919c5fa8633e2cc68b6c4 (patch) | |
tree | 829e949ea3ae0ffc3b0d155730c3591e8046867e | |
parent | ceaad97f523cf302329bb8f1878fdc01508d09a3 (diff) | |
download | samba-40c1fd5fe6d7e853128919c5fa8633e2cc68b6c4.tar.gz samba-40c1fd5fe6d7e853128919c5fa8633e2cc68b6c4.tar.xz samba-40c1fd5fe6d7e853128919c5fa8633e2cc68b6c4.zip |
r16119: pulling changes from 3_0 up to r16117
-rw-r--r-- | WHATSNEW.txt | 11 | ||||
-rw-r--r-- | source/aclocal.m4 | 42 | ||||
-rw-r--r-- | source/configure.in | 9 | ||||
-rw-r--r-- | source/libads/ldap.c | 8 | ||||
-rw-r--r-- | source/libads/util.c | 10 | ||||
-rw-r--r-- | source/nsswitch/winbindd_group.c | 2 | ||||
-rw-r--r-- | source/profile/profile.c | 92 | ||||
-rw-r--r-- | source/smbd/trans2.c | 2 | ||||
-rw-r--r-- | source/utils/net_ads.c | 8 |
9 files changed, 149 insertions, 35 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2bdf2ea6da8..e65dbfa75eb 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -42,6 +42,7 @@ o Jeremy Allison <jra@samba.org> * Fix bug in OS/2 Warp - it doesn't set the ff_last offset correctly when doing info level 1 directory scans. * Add Samba4 replacement for timegm() to work on Solaris. + * Remove extra add-byte in the trans2 UNIX_BASIC infolevel. o Gerald (Jerry) Carter <jerry@samba.org> @@ -60,6 +61,10 @@ o Guenther Deschner <gd@samba.org> * Adding "own-domain" switch to wbinfo which is handy from time to time. * BUG 3823: Fix in-forest domain trust enumeration in winbindd. + * Fix winbindd group enumeration for groups with no members. + * Correct "net ads changetrustpw" to use the sAMAccountName. + * Fix winbindd in ADS domains by removing code using the + UPN and rely upon the sAMAccountName. o Aleksey Fedoseev <fedoseev@ru.ibm.com> @@ -70,6 +75,11 @@ o Paul Green <paulg@samba.org> * Properly rebuild time limit on systems with executable extensions. +o Björn Jacke <samba@j3e.de> + * Fall back to less-preferred clocks until we find one that we + can use if clock_gmtime() is not available at run-time. + + o Volker Lendecke <vl@samba.org> * Fix more potential seg-faults when something on our way to a DC connection fails. @@ -110,6 +120,7 @@ o James Peach <jpeach@sgi.com> parameters in dynconfig.c. * Avoid pulling in -lpthreads caused by -lrt. * Fix build failures on IRIX 6.4 due to DMAPI support. + * Isolate the slow CLOCK_REALTIME message in the profiling code. o Aruna Prabakar <aruna.prabakar@hp.com> diff --git a/source/aclocal.m4 b/source/aclocal.m4 index 8abecd216f0..59bd26bd245 100644 --- a/source/aclocal.m4 +++ b/source/aclocal.m4 @@ -839,10 +839,17 @@ dnl Test whether the current LIBS results in libpthread being present. dnl Execute the corresponding user action list. AC_DEFUN([SMB_IS_LIBPTHREAD_LINKED], [ + AC_MSG_CHECKING(if libpthread is linked) AC_TRY_LINK([], [return pthread_create(0, 0, 0, 0);], - [$1], - [$2]) + [ + AC_MSG_RESULT(yes) + $1 + ], + [ + AC_MSG_RESULT(no) + $2 + ]) ]) dnl SMB_REMOVE_LIB(lib) @@ -943,3 +950,34 @@ void main(void) { fi ]) + +dnl SMB_CHECK_CLOCK_ID(clockid) +dnl Test whether the specified clock_gettime clock ID is available. If it +dnl is, we define HAVE_clockid +AC_DEFUN([SMB_CHECK_CLOCK_ID], +[ + AC_MSG_CHECKING(for $1) + AC_TRY_LINK([ +#if TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# if HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif + ], + [ +clockid_t clk = $1; + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_$1, 1, + [Whether the clock_gettime clock ID $1 is available]) + ], + [ + AC_MSG_RESULT(no) + ]) +]) diff --git a/source/configure.in b/source/configure.in index f8eba2349f9..799441ed950 100644 --- a/source/configure.in +++ b/source/configure.in @@ -2053,8 +2053,13 @@ if test x"$samba_cv_WITH_PROFILE" = x"yes"; then [ SMB_IS_LIBPTHREAD_LINKED( [ SMB_REMOVELIB(rt) ], - [ AC_DEFINE(HAVE_CLOCK_GETTIME, 1, - [Whether clock_gettime is available]) ]) + [ + AC_DEFINE(HAVE_CLOCK_GETTIME, 1, + [Whether clock_gettime is available]) + SMB_CHECK_CLOCK_ID(CLOCK_MONOTONIC) + SMB_CHECK_CLOCK_ID(CLOCK_PROCESS_CPUTIME_ID) + SMB_CHECK_CLOCK_ID(CLOCK_REALTIME) + ]) ]) fi diff --git a/source/libads/ldap.c b/source/libads/ldap.c index bac85f3222b..7b8b41b10a8 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -287,9 +287,13 @@ got_connection: not servicePrincipalName; found by Guenther Deschner @ Sernet. Is this still correct? The comment does not match - the code. --jerry */ + the code. --jerry + + Yes it is :) + - Guenther + */ - asprintf(&ads->auth.user_name, "host/%s", global_myname() ); + asprintf(&ads->auth.user_name, "%s$", global_myname() ); } if (!ads->auth.realm) { diff --git a/source/libads/util.c b/source/libads/util.c index 4a4d90d7fbc..8e3001ccb04 100644 --- a/source/libads/util.c +++ b/source/libads/util.c @@ -26,7 +26,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip { char *password; char *new_password; - char *service_principal; ADS_STATUS ret; uint32 sec_channel_type; @@ -37,9 +36,7 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip new_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); - asprintf(&service_principal, "HOST/%s", host_principal); - - ret = kerberos_set_password(ads->auth.kdc_server, service_principal, password, service_principal, new_password, ads->auth.time_offset); + ret = kerberos_set_password(ads->auth.kdc_server, host_principal, password, host_principal, new_password, ads->auth.time_offset); if (!ADS_ERR_OK(ret)) { goto failed; @@ -53,14 +50,13 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip /* Determine if the KDC is salting keys for this principal in a * non-obvious way. */ - if (!kerberos_derive_salting_principal(service_principal)) { - DEBUG(1,("Failed to determine correct salting principal for %s\n", service_principal)); + if (!kerberos_derive_salting_principal(host_principal)) { + DEBUG(1,("Failed to determine correct salting principal for %s\n", host_principal)); ret = ADS_ERROR_SYSTEM(EACCES); goto failed; } failed: - SAFE_FREE(service_principal); SAFE_FREE(password); return ret; } diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c index 7219292724b..5caaa7aa3ad 100644 --- a/source/nsswitch/winbindd_group.c +++ b/source/nsswitch/winbindd_group.c @@ -789,7 +789,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) /* Append to group membership list */ gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len); - if (!gr_mem_list) { + if (!gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) { DEBUG(0, ("out of memory\n")); gr_mem_list_len = 0; break; diff --git a/source/profile/profile.c b/source/profile/profile.c index ba9596301c6..c3512ec01d8 100644 --- a/source/profile/profile.c +++ b/source/profile/profile.c @@ -30,6 +30,7 @@ static int shm_id; static BOOL read_only; #if defined(HAVE_CLOCK_GETTIME) clockid_t __profile_clock; +BOOL have_profiling_clock = False; #endif #endif @@ -62,6 +63,19 @@ void profile_message(int msg_type, struct process_id src, void *buf, size_t len) (int)procid_to_pid(&src))); break; case 2: /* turn on complete profiling */ + +#if defined(HAVE_CLOCK_GETTIME) + if (!have_profiling_clock) { + do_profile_flag = True; + do_profile_times = False; + DEBUG(1,("INFO: Profiling counts turned ON from " + "pid %d\n", (int)procid_to_pid(&src))); + DEBUGADD(1,("INFO: Profiling times disabled " + "due to lack of a suitable clock\n")); + break; + } +#endif + do_profile_flag = True; do_profile_times = True; DEBUG(1,("INFO: Full profiling turned ON from pid %d\n", @@ -100,28 +114,74 @@ void reqprofile_message(int msg_type, struct process_id src, open the profiling shared memory area ******************************************************************/ #ifdef WITH_PROFILE + +#ifdef HAVE_CLOCK_GETTIME + +/* Find a clock. Just because the definition for a particular clock ID is + * present doesn't mean the system actually supports it. + */ +static void init_clock_gettime(void) +{ + struct timespec ts; + + have_profiling_clock = False; + +#ifdef HAVE_CLOCK_PROCESS_CPUTIME_ID + /* CLOCK_PROCESS_CPUTIME_ID is sufficiently fast that the + * always profiling times is plausible. Unfortunately on Linux + * it is only accurate if we can guarantee we will not be scheduled + * scheduled onto a different CPU between samples. Until there is + * some way to set processor affinity, we can only use this on + * uniprocessors. + */ + if (!this_is_smp()) { + if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &ts) == 0) { + DEBUG(10, ("Using CLOCK_PROCESS_CPUTIME_ID " + "for profile_clock\n")); + __profile_clock = CLOCK_PROCESS_CPUTIME_ID; + have_profiling_clock = True; + } + } +#endif + +#ifdef HAVE_CLOCK_MONOTONIC + if (!have_profiling_clock && + clock_gettime(CLOCK_MONOTONIC, &ts) == 0) { + DEBUG(10, ("Using CLOCK_MONOTONIC for profile_clock\n")); + __profile_clock = CLOCK_MONOTONIC; + have_profiling_clock = True; + } +#endif + +#ifdef HAVE_CLOCK_REALTIME + /* POSIX says that CLOCK_REALTIME should be defined everywhere + * where we have clock_gettime... + */ + if (!have_profiling_clock && + clock_gettime(CLOCK_REALTIME, &ts) == 0) { + __profile_clock = CLOCK_REALTIME; + have_profiling_clock = True; + + SMB_WARN(__profile_clock != CLOCK_REALTIME, + ("forced to use a slow profiling clock")); + } + +#endif + + SMB_WARN(have_profiling_clock == True, + ("could not find a working clock for profiling")); + return; +} +#endif + BOOL profile_setup(BOOL rdonly) { struct shmid_ds shm_ds; read_only = rdonly; -#if defined(HAVE_CLOCK_GETTIME) - if (this_is_smp()) { - /* This is faster that gettimeofday, but not fast enough to - * leave it enabled in production. - */ - __profile_clock = CLOCK_MONOTONIC; - } else { - /* CLOCK_PROCESS_CPUTIME_ID is sufficiently fast that the - * always profiling times is plausible. Unfortunately it is - * only accurate if we can guarantee we will not be scheduled - * onto a different CPU between samples. Until there is some - * way to set processor affinity, we can only use this on - * uniprocessors. - */ - __profile_clock = CLOCK_PROCESS_CPUTIME_ID; - } +#ifdef HAVE_CLOCK_GETTIME + init_clock_gettime(); #endif again: diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index eda4837ba4b..71ff79081de 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -3431,7 +3431,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd SIVAL(pdata,0,sbuf.st_nlink); /* number of hard links */ SIVAL(pdata,4,0); - pdata += 8+1; + pdata += 8; data_size = PTR_DIFF(pdata,(*ppdata)); { diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c index e701803d17e..e82eece0f96 100644 --- a/source/utils/net_ads.c +++ b/source/utils/net_ads.c @@ -1529,19 +1529,19 @@ int net_ads_changetrustpw(int argc, const char **argv) fstrcpy(my_name, global_myname()); strlower_m(my_name); - asprintf(&host_principal, "%s@%s", my_name, ads->config.realm); - d_printf("Changing password for principal: HOST/%s\n", host_principal); + asprintf(&host_principal, "%s$@%s", my_name, ads->config.realm); + d_printf("Changing password for principal: %s\n", host_principal); ret = ads_change_trust_account_password(ads, host_principal); if (!ADS_ERR_OK(ret)) { - d_fprintf(stderr, "Password change failed :-( ...\n"); + d_fprintf(stderr, "Password change failed: %s\n", ads_errstr(ret)); ads_destroy(&ads); SAFE_FREE(host_principal); return -1; } - d_printf("Password change for principal HOST/%s succeeded.\n", host_principal); + d_printf("Password change for principal %s succeeded.\n", host_principal); if (lp_use_kerberos_keytab()) { d_printf("Attempting to update system keytab with new password.\n"); |