summaryrefslogtreecommitdiffstats
path: root/source
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-03-01 04:35:31 +0000
committerGerald Carter <jerry@samba.org>2007-03-01 04:35:31 +0000
commit03984b463596cd654bef952d024b96252909c7c7 (patch)
tree0a278d3c6c5f7cc395772bebc39c8930c134805c /source
parentfec07a7bb897b3c3723d5cb047daa86b45e5e9fd (diff)
downloadsamba-03984b463596cd654bef952d024b96252909c7c7.tar.gz
samba-03984b463596cd654bef952d024b96252909c7c7.tar.xz
samba-03984b463596cd654bef952d024b96252909c7c7.zip
r21619: * Pickup latest changes from SAMBA_3_0_25 (this will be it
for 3.0.25pre1 unless something blows up) * Update release notes some more
Diffstat (limited to 'source')
-rw-r--r--source/Makefile.in4
-rw-r--r--source/configure.in2
-rw-r--r--source/libsmb/clifile.c2
-rw-r--r--source/nsswitch/idmap.c73
-rw-r--r--source/nsswitch/idmap_cache.c61
-rw-r--r--source/nsswitch/nss_info.c46
-rw-r--r--source/nsswitch/pam_winbind.c34
-rw-r--r--source/nsswitch/winbind_nss_aix.c79
-rw-r--r--source/nsswitch/winbindd.c9
-rw-r--r--source/nsswitch/winbindd_async.c2
-rw-r--r--source/nsswitch/winbindd_cache.c2
-rw-r--r--source/nsswitch/winbindd_cred_cache.c17
-rw-r--r--source/nsswitch/winbindd_dual.c34
-rw-r--r--source/nsswitch/winbindd_user.c25
-rw-r--r--source/smbd/trans2.c12
-rw-r--r--source/utils/net_rpc.c22
16 files changed, 357 insertions, 67 deletions
diff --git a/source/Makefile.in b/source/Makefile.in
index 4de8f74082c..3f3aa5ea57a 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -1277,8 +1277,8 @@ bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy
bin/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_OBJ) bin/.dummy
@echo "Linking shared library $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) \
- @SONAMEFLAG@`basename $@` -lpam @INIPARSERLIBS@
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ $(GPLIBS) \
+ @SONAMEFLAG@`basename $@`
bin/builtin.@SHLIBEXT@: $(AUTH_BUILTIN_OBJ)
@echo "Building plugin $@"
diff --git a/source/configure.in b/source/configure.in
index 8f07871bbe9..f54c9bd2982 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -46,7 +46,7 @@ AC_ARG_WITH(fhs,
logfilebase="\${VARDIR}/log/samba"
privatedir="\${CONFIGDIR}/private"
libdir="\${prefix}/lib/samba"
- configdir="${sysconfdir}/samba"
+ configdir="\${sysconfdir}/samba"
swatdir="\${DATADIR}/samba/swat"
;;
esac])
diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c
index 6328a1720a6..2fe9eb17259 100644
--- a/source/libsmb/clifile.c
+++ b/source/libsmb/clifile.c
@@ -330,6 +330,8 @@ static BOOL cli_unix_chmod_chown_internal(struct cli_state *cli, const char *fna
p += clistr_push(cli, p, fname, -1, STR_TERMINATE);
param_len = PTR_DIFF(p, param);
+ memset(data, 0xff, 40); /* Set all sizes/times to no change. */
+
SIVAL(data,40,uid);
SIVAL(data,48,gid);
SIVAL(data,84,mode);
diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c
index d69fd68e103..a58959afe4c 100644
--- a/source/nsswitch/idmap.c
+++ b/source/nsswitch/idmap.c
@@ -225,9 +225,36 @@ NTSTATUS idmap_close(void)
static const char *idmap_default_domain[] = { "default domain", NULL };
+/****************************************************************************
+ ****************************************************************************/
+
+NTSTATUS idmap_init_cache(void)
+{
+ /* Always initialize the cache. We'll have to delay initialization
+ of backends if we are offline */
+
+ if ( idmap_ctx ) {
+ return NT_STATUS_OK;
+ }
+
+ if ( (idmap_ctx = talloc_named_const(NULL, 0, "idmap_ctx")) == NULL ) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if ( (idmap_cache = idmap_cache_init(idmap_ctx)) == NULL ) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ ****************************************************************************/
+
NTSTATUS idmap_init(void)
{
NTSTATUS ret;
+ static NTSTATUS backend_init_status = NT_STATUS_UNSUCCESSFUL;
struct idmap_domain *dom;
char *compat_backend = NULL;
char *compat_params = NULL;
@@ -238,16 +265,23 @@ NTSTATUS idmap_init(void)
int compat = 0;
int i;
- if (idmap_ctx) {
- return NT_STATUS_OK;
- }
+ /* Always initialize the cache. We'll have to delay initialization
+ of backends if we are offline */
- if ( (idmap_ctx = talloc_named_const(NULL, 0, "idmap_ctx")) == NULL ) {
- return NT_STATUS_NO_MEMORY;
+ ret = idmap_init_cache();
+ if ( !NT_STATUS_IS_OK(ret) )
+ return ret;
+
+ if ( NT_STATUS_IS_OK(backend_init_status) ) {
+ return NT_STATUS_OK;
}
+
+ /* We can't reliably call intialization code here unless
+ we are online */
- if ( (idmap_cache = idmap_cache_init(idmap_ctx)) == NULL ) {
- return NT_STATUS_UNSUCCESSFUL;
+ if ( get_global_winbindd_state_offline() ) {
+ backend_init_status = NT_STATUS_FILE_IS_OFFLINE;
+ return backend_init_status;
}
static_init_idmap;
@@ -559,11 +593,17 @@ NTSTATUS idmap_init(void)
/* cleanpu temporary strings */
TALLOC_FREE( compat_backend );
+ backend_init_status = NT_STATUS_OK;
+
return NT_STATUS_OK;
done:
DEBUG(0, ("Aborting IDMAP Initialization ...\n"));
idmap_close();
+
+ /* save the init status for later checks */
+ backend_init_status = ret;
+
return ret;
}
@@ -1067,6 +1107,14 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids)
/* let's see if there is any id mapping to be retieved from the backends */
if (bi) {
+ /* Only do query if we are online */
+ if ( lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline() )
+ {
+ ret = NT_STATUS_FILE_IS_OFFLINE;
+ goto done;
+ }
+
ret = idmap_backends_unixids_to_sids(bids);
IDMAP_CHECK_RET(ret);
@@ -1132,7 +1180,8 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
if ( ! NT_STATUS_IS_OK(ret)) {
if ( ! bids) {
- /* alloc space for ids to be resolved by backends (realloc ten by ten) */
+ /* alloc space for ids to be resolved
+ by backends (realloc ten by ten) */
bids = talloc_array(ctx, struct id_map *, 10);
if ( ! bids) {
DEBUG(1, ("Out of memory!\n"));
@@ -1164,6 +1213,14 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids)
/* let's see if there is any id mapping to be retieved from the backends */
if (bids) {
+ /* Only do query if we are online */
+ if ( lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline() )
+ {
+ ret = NT_STATUS_FILE_IS_OFFLINE;
+ goto done;
+ }
+
ret = idmap_backends_sids_to_unixids(bids);
IDMAP_CHECK_RET(ret);
diff --git a/source/nsswitch/idmap_cache.c b/source/nsswitch/idmap_cache.c
index 897dd9c4f5b..caf5fe72b3a 100644
--- a/source/nsswitch/idmap_cache.c
+++ b/source/nsswitch/idmap_cache.c
@@ -22,6 +22,7 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
#include "includes.h"
+#include "winbindd.h"
#define TIMEOUT_LEN 12
#define IDMAP_CACHE_DATA_FMT "%12u/%s"
@@ -418,14 +419,34 @@ NTSTATUS idmap_cache_map_sid(struct idmap_cache_ctx *cache, struct id_map *id)
/* here ret == NT_STATUS_OK and id->status = ID_MAPPED */
if (t <= time(NULL)) {
- /* We're expired, set an error code for upper layer */
- ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ /* If we've been told to be offline - stay in
+ that state... */
+ if (lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline())
+ {
+ DEBUG(10,("idmap_cache_map_sid: winbindd is "
+ "globally offline.\n"));
+ } else {
+ /* We're expired, set an error code
+ for upper layer */
+ ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ }
}
} else {
if (t <= time(NULL)) {
- /* We're expired, delete the entry and return not mapped */
- tdb_delete(cache->tdb, keybuf);
- ret = NT_STATUS_NONE_MAPPED;
+ /* If we've been told to be offline - stay in
+ that state... */
+ if (lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline())
+ {
+ DEBUG(10,("idmap_cache_map_sid: winbindd is "
+ "globally offline.\n"));
+ } else {
+ /* We're expired, delete the entry and return
+ not mapped */
+ tdb_delete(cache->tdb, keybuf);
+ ret = NT_STATUS_NONE_MAPPED;
+ }
} else {
/* this is not mapped as it was a negative cache hit */
id->status = ID_UNMAPPED;
@@ -508,14 +529,34 @@ NTSTATUS idmap_cache_map_id(struct idmap_cache_ctx *cache, struct id_map *id)
/* here ret == NT_STATUS_OK and id->mapped = True */
if (t <= time(NULL)) {
- /* We're expired, set an error code for upper layer */
- ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ /* If we've been told to be offline - stay in
+ that state... */
+ if (lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline())
+ {
+ DEBUG(10,("idmap_cache_map_sid: winbindd is "
+ "globally offline.\n"));
+ } else {
+ /* We're expired, set an error code
+ for upper layer */
+ ret = NT_STATUS_SYNCHRONIZATION_REQUIRED;
+ }
}
} else {
if (t <= time(NULL)) {
- /* We're expired, delete the entry and return not mapped */
- tdb_delete(cache->tdb, keybuf);
- ret = NT_STATUS_NONE_MAPPED;
+ /* If we've been told to be offline - stay in
+ that state... */
+ if (lp_winbind_offline_logon() &&
+ get_global_winbindd_state_offline())
+ {
+ DEBUG(10,("idmap_cache_map_sid: winbindd is "
+ "globally offline.\n"));
+ } else {
+ /* We're expired, delete the entry and
+ return not mapped */
+ tdb_delete(cache->tdb, keybuf);
+ ret = NT_STATUS_NONE_MAPPED;
+ }
} else {
/* this is not mapped is it was a negative cache hit */
id->status = ID_UNMAPPED;
diff --git a/source/nsswitch/nss_info.c b/source/nsswitch/nss_info.c
index 0b0caeee022..d2516296629 100644
--- a/source/nsswitch/nss_info.c
+++ b/source/nsswitch/nss_info.c
@@ -131,11 +131,17 @@ static BOOL parse_nss_parm( const char *config, char **backend, char **domain )
NTSTATUS nss_init( const char **nss_list )
{
NTSTATUS status;
+ static NTSTATUS nss_initialized = NT_STATUS_UNSUCCESSFUL;
int i;
char *backend, *domain;
struct nss_function_entry *nss_backend;
struct nss_domain_entry *nss_domain;
+ /* check for previous successful initializations */
+
+ if ( NT_STATUS_IS_OK(nss_initialized) )
+ return NT_STATUS_OK;
+
/* The "template" backend should alqays be registered as it
is a static module */
@@ -207,20 +213,25 @@ static BOOL parse_nss_parm( const char *config, char **backend, char **domain )
}
+ nss_initialized = NT_STATUS_OK;
+
return NT_STATUS_OK;
}
/********************************************************************
*******************************************************************/
- NTSTATUS nss_get_info( const char *domain, const DOM_SID *user_sid,
- TALLOC_CTX *ctx,
- ADS_STRUCT *ads, LDAPMessage *msg,
- char **homedir, char **shell, char **gecos,
- gid_t *p_gid)
+static struct nss_domain_entry *find_nss_domain( const char *domain )
{
+ NTSTATUS status;
struct nss_domain_entry *p;
- struct nss_info_methods *m;
+
+ status = nss_init( lp_winbind_nss_info() );
+ if ( !NT_STATUS_IS_OK(status) ) {
+ DEBUG(4,("nss_get_info: Failed to init nss_info API (%s)!\n",
+ nt_errstr(status)));
+ return NULL;
+ }
for ( p=nss_domain_list; p; p=p->next ) {
if ( strequal( p->domain, domain ) )
@@ -231,12 +242,33 @@ static BOOL parse_nss_parm( const char *config, char **backend, char **domain )
if ( !p ) {
if ( !nss_domain_list ) {
- return NT_STATUS_NOT_FOUND;
+ return NULL;
}
p = nss_domain_list;
}
+ return p;
+}
+
+/********************************************************************
+ *******************************************************************/
+
+ NTSTATUS nss_get_info( const char *domain, const DOM_SID *user_sid,
+ TALLOC_CTX *ctx,
+ ADS_STRUCT *ads, LDAPMessage *msg,
+ char **homedir, char **shell, char **gecos,
+ gid_t *p_gid)
+{
+ struct nss_domain_entry *p;
+ struct nss_info_methods *m;
+
+ if ( (p = find_nss_domain( domain )) == NULL ) {
+ DEBUG(4,("nss_get_info: Failed to find nss domain pointer for %s\n",
+ domain ));
+ return NT_STATUS_NOT_FOUND;
+ }
+
m = p->backend->methods;
return m->get_nss_info( p, user_sid, ctx, ads, msg,
diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index ac87fcf32ee..d21c985feee 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -1517,6 +1517,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
dictionary *d = NULL;
char *username_ret = NULL;
char *new_authtok_required = NULL;
+ char *combined_member = NULL;
+ const char *real_username = NULL;
/* parse arguments */
int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
@@ -1535,6 +1537,30 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
goto out;
}
+#if defined(AIX)
+ /* Decode the user name since AIX does not support logn user
+ names by default. The name is encoded as _#uid. */
+
+ if ( username[0] == '_' ) {
+ uid_t id = atoi( &username[1] );
+ struct passwd *pw = NULL;
+
+ if ( (id!=0) && ((pw = getpwuid( id )) != NULL) ) {
+ real_username = strdup( pw->pw_name );
+ }
+ }
+#endif
+
+ if ( !real_username ) {
+ /* Just making a copy of the username we got from PAM */
+ if ( (real_username = strdup( username )) == NULL ) {
+ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "memory allocation failure when copying username");
+ retval = PAM_SERVICE_ERR;
+ goto out;
+ }
+ }
+
retval = _winbind_read_password(pamh, ctrl, NULL,
"Password: ", NULL,
&password);
@@ -1549,9 +1575,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
#ifdef DEBUG_PASSWORD
_pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s' with password '%s'",
- username, password);
+ real_username, password);
#else
- _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", username);
+ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", real_username);
#endif
member = get_member_from_config(pamh, argc, argv, ctrl, d);
@@ -1594,6 +1620,10 @@ out:
free(username_ret);
}
+ if ( real_username ) {
+ free( real_username );
+ }
+
if (d) {
iniparser_freedict(d);
}
diff --git a/source/nsswitch/winbind_nss_aix.c b/source/nsswitch/winbind_nss_aix.c
index 6a39b4b7c41..bc0f252d79b 100644
--- a/source/nsswitch/winbind_nss_aix.c
+++ b/source/nsswitch/winbind_nss_aix.c
@@ -48,6 +48,11 @@
#include "winbind_client.h"
#include <usersec.h>
+/* enable this to log which entry points have not been
+ completed yet */
+#define LOG_UNIMPLEMENTED_CALLS 0
+
+
#define WB_AIX_ENCODED '_'
static int debug_enabled;
@@ -566,14 +571,12 @@ static attrval_t pwd_to_groupsids(struct passwd *pwd)
attrval_t r;
char *s, *p;
- s = wb_aix_getgrset(pwd->pw_name);
- if (!s) {
+ if ( (s = wb_aix_getgrset(pwd->pw_name)) == NULL ) {
r.attr_flag = EINVAL;
return r;
}
- p = malloc(strlen(s)+2);
- if (!p) {
+ if ( (p = malloc(strlen(s)+2)) == NULL ) {
r.attr_flag = ENOMEM;
return r;
}
@@ -626,6 +629,8 @@ static int wb_aix_user_attrib(const char *key, char *attributes[],
if (strcmp(attributes[i], S_ID) == 0) {
results[i].attr_un.au_int = pwd->pw_uid;
+ } else if (strcmp(attributes[i], S_PGID) == 0) {
+ results[i].attr_un.au_int = pwd->pw_gid;
} else if (strcmp(attributes[i], S_PWD) == 0) {
results[i].attr_un.au_char = strdup(pwd->pw_passwd);
} else if (strcmp(attributes[i], S_HOME) == 0) {
@@ -744,21 +749,69 @@ static void wb_aix_close(void *token)
*/
static attrlist_t **wb_aix_attrlist(void)
{
- attrlist_t **ret;
+ /* pretty confusing but we are allocating the array of pointers
+ and the structures we'll be pointing to all at once. So
+ you need N+1 pointers and N structures. */
+
+ attrlist_t **ret = NULL;
+ attrlist_t *offset = NULL;
+ int i;
+ int n;
+ size_t size;
+
+ struct attr_types {
+ const char *name;
+ int flags;
+ int type;
+ } attr_list[] = {
+ /* user attributes */
+ {S_ID, AL_USERATTR, SEC_INT},
+ {S_PGRP, AL_USERATTR, SEC_CHAR},
+ {S_HOME, AL_USERATTR, SEC_CHAR},
+ {S_SHELL, AL_USERATTR, SEC_CHAR},
+ {S_PGID, AL_USERATTR, SEC_INT},
+ {S_GECOS, AL_USERATTR, SEC_CHAR},
+ {S_SHELL, AL_USERATTR, SEC_CHAR},
+ {S_PGRP, AL_USERATTR, SEC_CHAR},
+ {S_GROUPS, AL_USERATTR, SEC_LIST},
+ {"SID", AL_USERATTR, SEC_CHAR},
+
+ /* group attributes */
+ {S_ID, AL_GROUPATTR, SEC_INT}
+ };
+
logit("method attrlist called\n");
- ret = malloc(2*sizeof(attrlist_t *) + sizeof(attrlist_t));
- if (!ret) {
+
+ n = sizeof(attr_list) / sizeof(struct attr_types);
+ size = (n*sizeof(attrlist_t *));
+
+ if ( (ret = malloc( size )) == NULL ) {
errno = ENOMEM;
return NULL;
}
- ret[0] = (attrlist_t *)(ret+2);
+ /* offset to where the structures start in the buffer */
- /* just one extra attribute - the windows SID */
- ret[0]->al_name = strdup("SID");
- ret[0]->al_flags = AL_USERATTR;
- ret[0]->al_type = SEC_CHAR;
- ret[1] = NULL;
+ offset = (attrlist_t *)(ret + n);
+
+ /* now loop over the user_attr_list[] array and add
+ all the members */
+
+ for ( i=0; i<n; i++ ) {
+ attrlist_t *a = malloc(sizeof(attrlist_t));
+
+ if ( !a ) {
+ /* this is bad. Just bail */
+ return NULL;
+ }
+
+ a->al_name = strdup(attr_list[i].name);
+ a->al_flags = attr_list[i].flags;
+ a->al_type = attr_list[i].type;
+
+ ret[i] = a;
+ }
+ ret[n] = NULL;
return ret;
}
diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index b4570f2525a..e0b126f9f2f 100644
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -1011,14 +1011,10 @@ int main(int argc, char **argv, char **envp)
/* Winbind daemon initialisation */
- if ( ! NT_STATUS_IS_OK(idmap_init()) ) {
- DEBUG(1, ("Could not init idmap! - Sid/[UG]id mapping will not be available\n"));
+ if ( ! NT_STATUS_IS_OK(idmap_init_cache()) ) {
+ DEBUG(1, ("Could not init idmap cache!\n"));
}
-#ifdef WITH_ADS
- nss_init( lp_winbind_nss_info() );
-#endif
-
/* Unblock all signals we are interested in as they may have been
blocked by the parent process. */
@@ -1084,6 +1080,7 @@ int main(int argc, char **argv, char **envp)
DEBUG(0,("unable to initalize domain list\n"));
exit(1);
}
+#endif
init_idmap_child();
diff --git a/source/nsswitch/winbindd_async.c b/source/nsswitch/winbindd_async.c
index cafaf1cb056..aa48f513e97 100644
--- a/source/nsswitch/winbindd_async.c
+++ b/source/nsswitch/winbindd_async.c
@@ -535,7 +535,7 @@ void winbindd_sid2gid_async(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
request.cmd = WINBINDD_DUAL_SID2GID;
sid_to_string(request.data.dual_sid2id.sid, sid);
- DEBUG(7,("idmap_sid2gid_async: Resolving %s to a gid\n",
+ DEBUG(7,("winbindd_sid2gid_async: Resolving %s to a gid\n",
request.data.dual_sid2id.sid));
do_async(mem_ctx, idmap_child(), &request, winbindd_sid2gid_recv,
diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c
index 908d6ed19ae..ff5f93bfedd 100644
--- a/source/nsswitch/winbindd_cache.c
+++ b/source/nsswitch/winbindd_cache.c
@@ -2119,7 +2119,7 @@ void wcache_invalidate_cache(void)
}
}
-static BOOL init_wcache(void)
+BOOL init_wcache(void)
{
if (wcache == NULL) {
wcache = SMB_XMALLOC_P(struct winbind_cache);
diff --git a/source/nsswitch/winbindd_cred_cache.c b/source/nsswitch/winbindd_cred_cache.c
index 0847ac9e271..600409420ae 100644
--- a/source/nsswitch/winbindd_cred_cache.c
+++ b/source/nsswitch/winbindd_cred_cache.c
@@ -215,7 +215,8 @@ static void krb5_ticket_gain_handler(struct event_context *event_ctx,
DEBUG(10,("krb5_ticket_gain_handler: successful kinit for: %s in ccache: %s\n",
entry->principal_name, entry->ccname));
- new_start = entry->refresh_time;
+ /* Renew at 1/2 the expiration time */
+ new_start = entry->refresh_time / 2;
goto got_ticket;
}
@@ -369,8 +370,9 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
krb5_ticket_gain_handler,
entry);
} else {
+ /* Renew at 1/2 the ticket expiration time */
entry->event = event_add_timed(winbind_event_context(), entry,
- timeval_set((ticket_end - 1), 0),
+ timeval_set((ticket_end - 1)/2, 0),
"krb5_ticket_refresh_handler",
krb5_ticket_refresh_handler,
entry);
@@ -494,6 +496,17 @@ static NTSTATUS store_memory_creds(struct WINBINDD_MEMORY_CREDS *memcredp, const
memcredp->len += strlen(pass)+1;
}
+#if defined(LINUX)
+ /* aligning the memory on on x86_64 and compiling
+ with gcc 4.1 using -O2 causes a segv in the
+ next memset() --jerry */
+ memcredp->nt_hash = SMB_MALLOC_ARRAY(unsigned char, memcredp->len);
+#else
+ /* On non-linux platforms, mlock()'d memory must be aligned */
+ memcredp->nt_hash = SMB_MEMALIGN_ARRAY(unsigned char,
+ getpagesize(), memcredp->len);
+#endif
+
/* On non-linux platforms, mlock()'d memory must be aligned */
memcredp->nt_hash = SMB_MEMALIGN_ARRAY(unsigned char, psize,
diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index edb4fa504b1..6324de9a2d9 100644
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -502,10 +502,26 @@ void winbind_msg_offline(int msg_type, struct process_id src,
}
DEBUG(5,("winbind_msg_offline: marking %s offline.\n", domain->name));
set_domain_offline(domain);
+
+ /* Send an offline message to the idmap child when our
+ primary domain goes offline */
+
+ if ( domain->primary ) {
+ struct winbindd_child *idmap = idmap_child();
+
+ if ( idmap->pid != 0 ) {
+ message_send_pid(pid_to_procid(idmap->pid),
+ MSG_WINBIND_OFFLINE,
+ domain->name,
+ strlen(domain->name)+1,
+ False);
+ }
+ }
}
for (child = children; child != NULL; child = child->next) {
- /* Don't send message to idmap child. */
+ /* Don't send message to idmap child. We've already
+ done so above. */
if (!child->domain || (child == idmap_child())) {
continue;
}
@@ -556,6 +572,22 @@ void winbind_msg_online(int msg_type, struct process_id src,
winbindd_flush_negative_conn_cache(domain);
set_domain_online_request(domain);
+
+ /* Send an offline message to the idmap child when our
+ primary domain goes offline */
+
+ if ( domain->primary ) {
+ struct winbindd_child *idmap = idmap_child();
+
+ if ( idmap->pid != 0 ) {
+ message_send_pid(pid_to_procid(idmap->pid),
+ MSG_WINBIND_ONLINE,
+ domain->name,
+ strlen(domain->name)+1,
+ False);
+ }
+
+ }
}
for (child = children; child != NULL; child = child->next) {
diff --git a/source/nsswitch/winbindd_user.c b/source/nsswitch/winbindd_user.c
index 9df3a6a3bc1..47a7364e3a7 100644
--- a/source/nsswitch/winbindd_user.c
+++ b/source/nsswitch/winbindd_user.c
@@ -41,20 +41,21 @@ static BOOL fillup_pw_field(const char *lp_template,
if (out == NULL)
return False;
- if ( in && !strequal(in,"") && lp_security() == SEC_ADS ) {
- safe_strcpy(out, in, sizeof(fstring) - 1);
- return True;
- }
-
- /* Home directory and shell - use template config parameters. The
- defaults are /tmp for the home directory and /bin/false for
- shell. */
-
- /* The substitution of %U and %D in the 'template homedir' is done
- by talloc_sub_specified() below. */
+ /* The substitution of %U and %D in the 'template
+ homedir' is done by talloc_sub_specified() below.
+ If we have an in string (which means the value has already
+ been set in the nss_info backend), then use that.
+ Otherwise use the template value passed in. */
- templ = talloc_sub_specified(NULL, lp_template, username, domname,
+ if ( in && !strequal(in,"") && lp_security() == SEC_ADS ) {
+ templ = talloc_sub_specified(NULL, in,
+ username, domname,
uid, gid);
+ } else {
+ templ = talloc_sub_specified(NULL, lp_template,
+ username, domname,
+ uid, gid);
+ }
if (!templ)
return False;
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 584345a906a..5bbd618231b 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -2882,7 +2882,7 @@ static char *store_file_unix_basic(connection_struct *conn,
SOFF_T(pdata,0,get_allocation_size(conn,fsp,psbuf)); /* Number of bytes used on disk - 64 Bit */
pdata += 8;
- put_long_date_timespec(pdata,get_ctimespec(psbuf)); /* Creation Time 64 Bit */
+ put_long_date_timespec(pdata,get_ctimespec(psbuf)); /* Change Time 64 Bit */
put_long_date_timespec(pdata+8,get_atimespec(psbuf)); /* Last access time 64 Bit */
put_long_date_timespec(pdata+16,get_mtimespec(psbuf)); /* Last modification time 64 Bit */
pdata += 24;
@@ -4805,6 +4805,16 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n",
delete_on_fail = True;
}
+#if 1
+ /* Horrible backwards compatibility hack as an old server bug
+ * allowed a CIFS client bug to remain unnoticed :-(. JRA.
+ * */
+
+ if (!size) {
+ size = get_file_size(*psbuf);
+ }
+#endif
+
/*
* Deal with the UNIX specific mode set.
*/
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 9678036d523..34e87ddbd21 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -5683,6 +5683,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
if (!pipe_hnd) {
DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) ));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5692,6 +5693,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5704,6 +5706,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5719,6 +5722,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
domain_sid)) {
DEBUG(0, ("Storing password for trusted domain failed.\n"));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5731,6 +5735,7 @@ static int rpc_trustdom_establish(int argc, const char **argv)
DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5916,6 +5921,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
/* open \PIPE\lsarpc and open policy handle */
if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) {
DEBUG(0, ("Couldn't connect to domain controller\n"));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -5924,6 +5930,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
nt_errstr(nt_status) ));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -5933,6 +5940,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -5945,6 +5953,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -5964,6 +5973,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -5975,6 +5985,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
domain_sids[i], trusted_dom_names[i]);
if (!NT_STATUS_IS_OK(nt_status)) {
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
}
};
@@ -5993,6 +6004,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
nt_errstr(nt_status)));
cli_shutdown(cli);
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6052,6 +6064,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
/* open \PIPE\lsarpc and open policy handle */
if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) {
DEBUG(0, ("Couldn't connect to domain controller\n"));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6059,6 +6072,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (!pipe_hnd) {
DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
nt_errstr(nt_status) ));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6067,6 +6081,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6078,6 +6093,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -6096,6 +6112,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6116,6 +6133,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6133,6 +6151,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
if (!pipe_hnd) {
DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6142,6 +6161,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6153,6 +6173,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Couldn't open domain object. Error was %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};
@@ -6170,6 +6191,7 @@ static int rpc_trustdom_list(int argc, const char **argv)
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
nt_errstr(nt_status)));
+ talloc_destroy(mem_ctx);
return -1;
};