[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-69-20-ge55ac0e
Michael Adam
obnox at samba.org
Mon May 10 08:46:27 MDT 2010
The branch, v3-2-ctdb has been updated
via e55ac0ea83ab095f8a1c9f310c60b91236c34f99 (commit)
via 0233f1972d33d8f25a833f4741ac88f313c7b6c6 (commit)
via 0ded0174f1213c37b7425b59318f106b511df063 (commit)
via 30b5a1d2290fb09d3622de04322bd6eac97cea24 (commit)
via bf36d608f869ea6aaa7007e2df4de0a943f0264e (commit)
via c0d8cc9093fb8f884497b6f19721ce40a7b4c6a4 (commit)
via 8c0608f725c95409f2bb9f6340cfddcec56a613f (commit)
via d98214129a2c65e9705d0737752e84791b135b3f (commit)
via 82265b8a79afcb8c8ecf8899747670cc1e8f27be (commit)
via e14815f7e2a0103fb5b6c8d5e78b0aeb929a93eb (commit)
via a029c01276c7dac66a7b019426c9d31ed69c0bc2 (commit)
via 61357bbc41f450cccb593dcb450a2aa78231198f (commit)
via c430147fb08e5622b1b8f031c0ac8d20a89cb554 (commit)
from af1e35a613fbd4b8671bffbd848493911ef5a7f4 (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb
- Log -----------------------------------------------------------------
commit e55ac0ea83ab095f8a1c9f310c60b91236c34f99
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 17:45:12 2010 +0200
s3: Fork multiple children per domain
commit 0233f1972d33d8f25a833f4741ac88f313c7b6c6
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 17:44:18 2010 +0200
s3: Introduce winbindd_child_busy()
commit 0ded0174f1213c37b7425b59318f106b511df063
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 17:43:37 2010 +0200
s3: Remove the separate "child" argument from setup_domain_child()
commit 30b5a1d2290fb09d3622de04322bd6eac97cea24
Author: Christian Ambach <christian.ambach at de.ibm.com>
Date: Fri Apr 9 13:38:28 2010 +0200
fix snapshot content display with hide unreadable
With the hide unreadable option set, snapshots are be displayed
as empty because the shadow_copy2 module did not implement the
fget_nt_acl call that is used by the hide unreadable code and
so the paths were not corrected internally.
To prevent multiple conversions of the paths when the acl call
does a VFS_STAT (like the nfs4acl code does), a check was added
to convert_shadow2_name() so it will not touch paths any more
that look like they have already been converted.
Signed-off-by: Christian Ambach <christian.ambach at de.ibm.com>
commit bf36d608f869ea6aaa7007e2df4de0a943f0264e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 12:09:21 2010 +0200
libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba at ira.wakeful.net> for pointing this out!
Volker
commit c0d8cc9093fb8f884497b6f19721ce40a7b4c6a4
Author: Christian Ambach <christian.ambach at de.ibm.com>
Date: Mon Apr 5 14:12:52 2010 +0200
fix a segfault in the notify subsystem
When the notify_array cannot be loaded correctly,
do not keep the half-baked parsing results in the global variable.
This can lead to segfaults next time notify_load is entered and
the seqnum has not changed. This has been seen in a case
where mixed smbd versions were running in a CTDB cluster
(versions with and w/o commit c216d1e6 that changed the
notify_entry structure).
There will be missed notifications until all smbds are at the
same software level, but this should be acceptable and is better
than crashing and interrupting client operations.
This fix cleans up the notify_array, removes the unparseable data
from the TDB and returns a fresh notify_array that can be worked
with.
The NDR_PRINT_DEBUG had to be moved to only be called when the
parsing succeeded, it was seen to cause additional segfaults.
The status variable is intentionally left to NT_STATUS_OK to not
make callers abort and report errors to the clients and make them
disconnect.
Signed-off-by: Christian Ambach <christian.ambach at de.ibm.com>
commit 8c0608f725c95409f2bb9f6340cfddcec56a613f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 9 12:33:09 2010 +0100
v3-2-ctdb: bump the ctdb vendor patch level to 71
commit d98214129a2c65e9705d0737752e84791b135b3f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Mar 9 13:05:33 2010 +0100
v3-2-ctdb: Fix the RPM build
commit 82265b8a79afcb8c8ecf8899747670cc1e8f27be
Author: Günther Deschner <gd at samba.org>
Date: Tue Sep 8 11:57:52 2009 +0200
s3-schannel: Fix Bug #6697. Interdomain trusts with Windows 2008 R2 DCs.
The Schannel verifier (aka NL_AUTH_SIGNATURE) structure (32 byte) sent from a
W2k8r2 DC is passed in a buffer with the size of a NL_AUTH_SHA2_SIGNATURE (56
byte). We should just ignore the remaining 12 zeroed bytes and proceed.
Guenther
(cherry picked from commit e7e1e1887e79e4dcbd8836b775e387751c44f318)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit e14815f7e2a0103fb5b6c8d5e78b0aeb929a93eb
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Aug 27 13:16:15 2009 +0200
s3:netlogon: replace cred_hash3 by des_crypt112_16
This makes sure we don't truncate the session key to 8 bytes
Fixes bug #6664.
metze
(similar to commit 570a8cf5bb6924905b3ad20353d1e7b0ca087748)
commit a029c01276c7dac66a7b019426c9d31ed69c0bc2
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Mar 3 12:16:21 2010 +0100
s3:libsmb: fix make proto after krb5 fixes
metze
commit 61357bbc41f450cccb593dcb450a2aa78231198f
Author: Jelmer Vernooij <jelmer at samba.org>
Date: Thu Jun 4 23:43:31 2009 +0200
clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.
Both functions exist in MIT Kerberos >= 1.7, but only
krb5_free_keytab_entry_contents has a prototype.
Part of a fix for bug #6918 (Build breaks with krb5-client-1.7-6.1.i586).
(cherry picked from commit f7f183aba2c53426620bab7e934ce79b516dc4fc)
commit c430147fb08e5622b1b8f031c0ac8d20a89cb554
Author: Andrew Tridgell <tridge at samba.org>
Date: Fri Oct 16 10:40:50 2009 +1100
s3: fixed krb5 build problem on ubuntu karmic
Karmic has MIT krb5 1.7-beta3, which has the symbol
krb5_auth_con_set_req_cksumtype but no prototype for it.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
(cherry picked from commit a6e4cb500b4162cae1d906a1762507370b4ee89e)
Part of a fix for bug #6918.
(cherry picked from commit fbaed41c8f583f633673aca2f600c517744d28b5)
-----------------------------------------------------------------------
Summary of changes:
packaging/RHEL-CTDB/samba.spec.tmpl | 3 ++
source/VERSION | 2 +-
source/configure.in | 4 ++
source/include/rpc_dce.h | 2 +-
source/libsmb/clikrb5.c | 20 ++++++++++--
source/libsmb/trusts_util.c | 6 ++--
source/modules/vfs_shadow_copy2.c | 19 +++++++++++-
source/nsswitch/libwbclient/wbc_idmap.c | 24 +++++++-------
source/nsswitch/libwbclient/wbc_pam.c | 14 +++++---
source/nsswitch/libwbclient/wbclient.c | 31 ++++++++++++++++--
source/nsswitch/libwbclient/wbclient_internal.h | 3 ++
source/param/loadparm.c | 13 ++++++++
source/rpc_client/cli_pipe.c | 2 +-
source/rpc_server/srv_netlog_nt.c | 2 +-
source/smbd/notify_internal.c | 21 +++++++++---
source/winbindd/winbindd.h | 2 +-
source/winbindd/winbindd_domain.c | 12 ++++---
source/winbindd/winbindd_dual.c | 38 +++++++++++++++++++++--
source/winbindd/winbindd_ndr.c | 5 ++-
source/winbindd/winbindd_util.c | 29 ++++++++++-------
20 files changed, 192 insertions(+), 60 deletions(-)
Changeset truncated at 500 lines:
diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl
index 9e7c0f9..190f957 100644
--- a/packaging/RHEL-CTDB/samba.spec.tmpl
+++ b/packaging/RHEL-CTDB/samba.spec.tmpl
@@ -591,6 +591,7 @@ exit 0
%{_mandir}/man1/profiles.1*
%{_mandir}/man1/smbcquotas.1*
%{_mandir}/man1/testparm.1*
+%{_mandir}/man1/sharesec.1*
%{_mandir}/man5/smb.conf.5*
%{_mandir}/man5/lmhosts.5*
%{_mandir}/man8/smbpasswd.8*
@@ -599,11 +600,13 @@ exit 0
%{_mandir}/man8/net.8*
%{_mandir}/man8/pam_winbind.8*
%{_mandir}/man7/libsmbclient.7*
+%{_mandir}/man7/winbind_krb5_locator.7*
%{_mandir}/man1/ldbadd.1*
%{_mandir}/man1/ldbdel.1*
%{_mandir}/man1/ldbedit.1*
%{_mandir}/man1/ldbmodify.1*
%{_mandir}/man1/ldbsearch.1*
+%{_mandir}/man1/ldbrename.1*
%ifarch x86_64 ppc64
%files winbind-32bit
diff --git a/source/VERSION b/source/VERSION
index 1c77ce2..9e4afc2 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -96,4 +96,4 @@ SAMBA_VERSION_IS_GIT_SNAPSHOT=
# -> "CVS 3.0.0rc2-VendorVersion" #
########################################################
SAMBA_VERSION_VENDOR_SUFFIX="ctdb"
-SAMBA_VERSION_VENDOR_PATCH=70
+SAMBA_VERSION_VENDOR_PATCH=71
diff --git a/source/configure.in b/source/configure.in
index 7afa53c..c0a1712 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -3614,6 +3614,10 @@ if test x"$with_ads_support" != x"no"; then
AC_CHECK_FUNC_EXT(krb5_fwd_tgt_creds, $KRB5_LIBS)
AC_CHECK_FUNC_EXT(krb5_auth_con_set_req_cksumtype, $KRB5_LIBS)
+ # MIT krb5 1.7beta3 (in Ubuntu Karmic) does not have this declaration
+ # but does have the symbol
+ AC_CHECK_DECLS(krb5_auth_con_set_req_cksumtype, [], [], [#include <krb5.h>])
+
LIBS="$KRB5_LIBS $LIBS"
AC_CACHE_CHECK(whether krb5_ticket contains kvno and enctype,
diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h
index 33ab365..b2e7b06 100644
--- a/source/include/rpc_dce.h
+++ b/source/include/rpc_dce.h
@@ -150,7 +150,7 @@ enum schannel_direction {
};
/* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
/* Maximum PDU fragment size. */
/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index 007fd8d..15b01bf 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -906,10 +906,15 @@ failed:
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
{
-#if defined(HAVE_KRB5_KT_FREE_ENTRY)
- return krb5_kt_free_entry(context, kt_entry);
-#elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
+/* Try krb5_free_keytab_entry_contents first, since
+ * MIT Kerberos >= 1.7 has both krb5_free_keytab_entry_contents and
+ * krb5_kt_free_entry but only has a prototype for the first, while the
+ * second is considered private.
+ */
+#if defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
return krb5_free_keytab_entry_contents(context, kt_entry);
+#elif defined(HAVE_KRB5_KT_FREE_ENTRY)
+ return krb5_kt_free_entry(context, kt_entry);
#else
#error UNKNOWN_KT_FREE_FUNCTION
#endif
@@ -1823,6 +1828,15 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
char *pChksum = NULL;
char *p = NULL;
+/* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,
+ but still has the symbol */
+#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
+ krb5_error_code krb5_auth_con_set_req_cksumtype(
+ krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_cksumtype cksumtype);
+#endif
+
ZERO_STRUCT(fwdData);
ZERO_STRUCTP(authenticator);
diff --git a/source/libsmb/trusts_util.c b/source/libsmb/trusts_util.c
index 0535d1b..687cf84 100644
--- a/source/libsmb/trusts_util.c
+++ b/source/libsmb/trusts_util.c
@@ -90,9 +90,9 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
netlogon_creds_client_step(cli->dc, &clnt_creds);
- cred_hash3(new_password.hash,
- new_trust_passwd_hash,
- cli->dc->sess_key, 1);
+ des_crypt112_16(new_password.hash,
+ new_trust_passwd_hash,
+ cli->dc->sess_key, 1);
result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
cli->dc->remote_machine,
diff --git a/source/modules/vfs_shadow_copy2.c b/source/modules/vfs_shadow_copy2.c
index 1cc7cc4..0720b93 100644
--- a/source/modules/vfs_shadow_copy2.c
+++ b/source/modules/vfs_shadow_copy2.c
@@ -308,7 +308,7 @@ static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname,
TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
const char *snapdir, *relpath, *baseoffset, *basedir;
size_t baselen;
- char *ret;
+ char *ret, *prefix;
snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
if (snapdir == NULL) {
@@ -324,6 +324,13 @@ static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname,
return NULL;
}
+ prefix = talloc_asprintf(tmp_ctx, "%s/@GMT-", snapdir);
+ if (strncmp(fname, prefix, strlen(prefix)) == 0) {
+ /* this looks like as we have already normalized it, leave it untouched*/
+ talloc_free(tmp_ctx);
+ return talloc_strdup(handle->data, fname);
+ }
+
if (strncmp(fname, "@GMT-", 5) != 0) {
fname = shadow_copy2_normalise_path(tmp_ctx, fname, gmt_path);
if (fname == NULL) {
@@ -532,6 +539,15 @@ static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
SHADOW2_NTSTATUS_NEXT(GET_NT_ACL, (handle, name, security_info, ppdesc), NT_STATUS_ACCESS_DENIED);
}
+static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, uint32 security_info,
+ SEC_DESC **ppdesc)
+{
+ char* fname = fsp->fsp_name;
+ SHADOW2_NTSTATUS_NEXT(GET_NT_ACL, (handle, name, security_info, ppdesc), NT_STATUS_ACCESS_DENIED);
+}
+
+
static NTSTATUS shadow_copy2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *fname, uint32 security_info_sent,
struct security_descriptor *psd)
@@ -711,6 +727,7 @@ static vfs_op_tuple shadow_copy2_ops[] = {
/* NT File ACL operations */
{SMB_VFS_OP(shadow_copy2_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(shadow_copy2_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(shadow_copy2_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
/* POSIX ACL operations */
diff --git a/source/nsswitch/libwbclient/wbc_idmap.c b/source/nsswitch/libwbclient/wbc_idmap.c
index e32d66c..8a6abad 100644
--- a/source/nsswitch/libwbclient/wbc_idmap.c
+++ b/source/nsswitch/libwbclient/wbc_idmap.c
@@ -223,8 +223,8 @@ wbcErr wbcAllocateUid(uid_t *puid)
/* Make request */
- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
/* Copy out result */
@@ -259,8 +259,8 @@ wbcErr wbcAllocateGid(gid_t *pgid)
/* Make request */
- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
/* Copy out result */
@@ -311,8 +311,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -354,8 +354,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -384,8 +384,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm)
request.data.dual_idmapset.id = uid_hwm;
request.data.dual_idmapset.type = _ID_TYPE_UID;
- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -414,8 +414,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm)
request.data.dual_idmapset.id = gid_hwm;
request.data.dual_idmapset.type = _ID_TYPE_GID;
- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c
index 8f1df16..03931b6 100644
--- a/source/nsswitch/libwbclient/wbc_pam.c
+++ b/source/nsswitch/libwbclient/wbc_pam.c
@@ -401,9 +401,12 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
- wbc_status = wbcRequestResponse(cmd,
- &request,
- &response);
+ if (cmd == WINBINDD_PAM_AUTH_CRAP) {
+ wbc_status = wbcRequestResponsePriv(cmd, &request, &response);
+ } else {
+ wbc_status = wbcRequestResponse(cmd, &request, &response);
+ }
+
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(NULL,
@@ -464,9 +467,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
/* Send request */
- wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC,
- &request,
- &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC,
+ &request, &response);
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(NULL,
diff --git a/source/nsswitch/libwbclient/wbclient.c b/source/nsswitch/libwbclient/wbclient.c
index 215b61e..0d174d7 100644
--- a/source/nsswitch/libwbclient/wbclient.c
+++ b/source/nsswitch/libwbclient/wbclient.c
@@ -29,6 +29,9 @@
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response);
/** @brief Wrapper around Winbind's send/receive API call
*
@@ -52,16 +55,20 @@ NSS_STATUS winbindd_request_response(int req_type,
--Volker
**********************************************************************/
-wbcErr wbcRequestResponse(int cmd,
- struct winbindd_request *request,
- struct winbindd_response *response)
+static wbcErr wbcRequestResponseInt(
+ int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response,
+ NSS_STATUS (*fn)(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response))
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
NSS_STATUS nss_status;
/* for some calls the request and/or response cna be NULL */
- nss_status = winbindd_request_response(cmd, request, response);
+ nss_status = fn(cmd, request, response);
switch (nss_status) {
case NSS_STATUS_SUCCESS:
@@ -81,6 +88,22 @@ wbcErr wbcRequestResponse(int cmd,
return wbc_status;
}
+wbcErr wbcRequestResponse(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response)
+{
+ return wbcRequestResponseInt(cmd, request, response,
+ winbindd_request_response);
+}
+
+wbcErr wbcRequestResponsePriv(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response)
+{
+ return wbcRequestResponseInt(cmd, request, response,
+ winbindd_priv_request_response);
+}
+
/** @brief Translate an error value into a string
*
* @param error
diff --git a/source/nsswitch/libwbclient/wbclient_internal.h b/source/nsswitch/libwbclient/wbclient_internal.h
index fc03c54..a8967ba 100644
--- a/source/nsswitch/libwbclient/wbclient_internal.h
+++ b/source/nsswitch/libwbclient/wbclient_internal.h
@@ -27,6 +27,9 @@
wbcErr wbcRequestResponse(int cmd,
struct winbindd_request *request,
struct winbindd_response *response);
+wbcErr wbcRequestResponsePriv(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response);
#endif /* _WBCLIENT_INTERNAL_H */
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index ddb7181..1cd2634 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -196,6 +196,7 @@ struct global {
bool bWinbindNormalizeNames;
bool bWinbindRpcOnly;
bool bCreateKrb5Conf;
+ int winbindMaxDomainConnections;
char *szIdmapBackend;
char *szIdmapAllocBackend;
char *szAddShareCommand;
@@ -4455,6 +4456,15 @@ static struct parm_struct parm_table[] = {
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
+ {
+ .label = "winbind max domain connections",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.winbindMaxDomainConnections,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
};
@@ -4751,6 +4761,7 @@ static void init_globals(bool first_time_only)
Globals.bUnixExtensions = True;
Globals.bResetOnZeroVC = False;
Globals.bCreateKrb5Conf = true;
+ Globals.winbindMaxDomainConnections = 2;
/* hostname lookups can be very expensive and are broken on
a large number of sites (tridge) */
@@ -5073,6 +5084,8 @@ FN_GLOBAL_BOOL(lp_winbind_offline_logon, &Globals.bWinbindOfflineLogon)
FN_GLOBAL_BOOL(lp_winbind_normalize_names, &Globals.bWinbindNormalizeNames)
FN_GLOBAL_BOOL(lp_winbind_rpc_only, &Globals.bWinbindRpcOnly)
FN_GLOBAL_BOOL(lp_create_krb5_conf, &Globals.bCreateKrb5Conf)
+FN_GLOBAL_INTEGER(lp_winbind_max_domain_connections,
+ &Globals.winbindMaxDomainConnections)
FN_GLOBAL_CONST_STRING(lp_idmap_backend, &Globals.szIdmapBackend)
FN_GLOBAL_STRING(lp_idmap_alloc_backend, &Globals.szIdmapAllocBackend)
diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c
index 35b5a8d..2978925 100644
--- a/source/rpc_client/cli_pipe.c
+++ b/source/rpc_client/cli_pipe.c
@@ -349,7 +349,7 @@ static NTSTATUS cli_pipe_verify_schannel(struct rpc_pipe_client *cli, RPC_HDR *p
return NT_STATUS_OK;
}
- if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+ if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 7ea845d..ca4c5b8 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -660,7 +660,7 @@ NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
}
/* Woah - what does this to to the credential chain ? JRA */
- cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
+ des_crypt112_16(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
for(i = 0; i < sizeof(pwd); i++)
diff --git a/source/smbd/notify_internal.c b/source/smbd/notify_internal.c
index 069982a..2191231 100644
--- a/source/smbd/notify_internal.c
+++ b/source/smbd/notify_internal.c
@@ -181,14 +181,25 @@ static NTSTATUS notify_load(struct notify_context *notify, struct db_record *rec
ndr_err = ndr_pull_struct_blob(&blob, notify->array, notify->array,
(ndr_pull_flags_fn_t)ndr_pull_notify_array);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- status = ndr_map_error2ntstatus(ndr_err);
+ /* 1. log that we got a corrupt notify_array
+ * 2. clear the variable the garbage was stored into to not trip
+ * over it next time this method is entered with the same seqnum
+ * 3. delete it from the database */
+ DEBUG(2, ("notify_array is corrupt, discarding it\n"));
+
+ ZERO_STRUCTP(notify->array);
+ if (rec != NULL) {
+ rec->delete_rec(rec);
+ }
+
+ } else {
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10, ("notify_load:\n"));
+ NDR_PRINT_DEBUG(notify_array, notify->array);
+ }
}
}
- if (DEBUGLEVEL >= 10) {
- DEBUG(10, ("notify_load:\n"));
- NDR_PRINT_DEBUG(notify_array, notify->array);
- }
if (!rec) {
talloc_free(dbuf.dptr);
diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h
index 79d0a7c..0703337 100644
--- a/source/winbindd/winbindd.h
+++ b/source/winbindd/winbindd.h
@@ -218,7 +218,7 @@ struct winbindd_domain {
/* The child pid we're talking to */
- struct winbindd_child child;
+ struct winbindd_child *children;
/* Callback we use to try put us back online. */
diff --git a/source/winbindd/winbindd_domain.c b/source/winbindd/winbindd_domain.c
index 2e8c617..08182a3 100644
--- a/source/winbindd/winbindd_domain.c
+++ b/source/winbindd/winbindd_domain.c
@@ -27,13 +27,15 @@
static const struct winbindd_child_dispatch_table domain_dispatch_table[];
-void setup_domain_child(struct winbindd_domain *domain,
- struct winbindd_child *child)
+void setup_domain_child(struct winbindd_domain *domain)
{
- setup_child(child, domain_dispatch_table,
- "log.wb", domain->name);
+ int i;
- child->domain = domain;
+ for (i=0; i<lp_winbind_max_domain_connections(); i++) {
+ setup_child(&domain->children[i], domain_dispatch_table,
+ "log.wb", domain->name);
+ domain->children[i].domain = domain;
+ }
}
static const struct winbindd_child_dispatch_table domain_dispatch_table[] = {
diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
index fe96162..e8b9b51 100644
--- a/source/winbindd/winbindd_dual.c
+++ b/source/winbindd/winbindd_dual.c
@@ -286,6 +286,11 @@ static void async_reply_recv(void *private_data, bool success)
state->continuation(state->private_data, True);
}
--
SAMBA-CTDB repository
More information about the samba-cvs
mailing list