Hello community, here is the log from the commit of package samba checked in at Fri Jun 2 02:08:35 CEST 2006. -------- --- samba/samba.changes 2006-05-29 13:09:41.000000000 +0200 +++ samba/samba.changes 2006-06-01 16:20:29.000000000 +0200 @@ -1,0 +2,16 @@ +Thu Jun 1 16:09:32 CEST 2006 - lmuelle@suse.de + +- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723]. + +------------------------------------------------------------------- +Wed May 31 19:51:49 CEST 2006 - gd@suse.de + +- Add wbinfo --own-domain; [#167344]. +- Fix usability of pam_winbind on a Samba PDC; [bso #3800]. + +------------------------------------------------------------------- +Tue May 30 12:28:17 CEST 2006 - lmuelle@suse.de + +- Remove intrusive affinity patches for winbindd. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.n8PxMW/_old 2006-06-02 02:08:07.000000000 +0200 +++ /var/tmp/diff_new_pack.n8PxMW/_new 2006-06-02 02:08:07.000000000 +0200 @@ -16,7 +16,7 @@ License: GPL URL: http://www.samba.org/ Version: 3.0.22 -Release: 26 +Release: 28 Summary: Samba Documentation Group: Documentation/Other Autoreqprov: on @@ -65,14 +65,11 @@ %endif %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if %{suse_version} < 901 -%define symbols heimdal -%endif %prep %setup -n samba-%{samba_ver} %{setup_common_opts} # patches %setup -T -D -a 2 -n samba-%{samba_ver} -q -for patch in $( patches/tools/guards %symbols <patches/series); do +for patch in $( patches/tools/guards <patches/series); do if ! patch -s -E -p0 --no-backup-if-mismatch -i patches/$patch; then echo "*** Patch $patch failed ***" exit 1 ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.n8PxMW/_old 2006-06-02 02:08:07.000000000 +0200 +++ /var/tmp/diff_new_pack.n8PxMW/_new 2006-06-02 02:08:07.000000000 +0200 @@ -20,7 +20,7 @@ URL: http://www.samba.org/ Autoreqprov: on Version: 3.0.22 -Release: 16 +Release: 17 Provides: sambaxp = %{version}-%{release} samba3 = %{version}-%{release} Obsoletes: samba-classic samba-ldap sambaxp samba3 < %{version} Requires: samba-client >= %{version} @@ -66,9 +66,6 @@ %endif %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if %{suse_version} < 901 -%define symbols heimdal -%endif %package client Summary: Samba Client Utilities Group: Productivity/Networking/Samba @@ -160,7 +157,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 1.34a -Release: 21 +Release: 22 Requires: perl-ldap %endif %if %{suse_version} > 920 @@ -175,7 +172,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 0.3.6b -Release: 45 +Release: 46 Provides: samba3-vscan = 0.3.6b Obsoletes: samba3-vscan Requires: samba = %{samba_ver} @@ -189,7 +186,7 @@ %endif # patches %setup -T -D -a 2 -n samba-%{samba_ver} -q -for patch in $( patches/tools/guards %symbols <patches/series); do +for patch in $( patches/tools/guards <patches/series); do if ! patch -s -E -p0 --no-backup-if-mismatch -i patches/$patch; then echo "*** Patch $patch failed ***" exit 1 @@ -1212,6 +1209,13 @@ %endif %changelog -n samba +* Thu Jun 01 2006 - lmuelle@suse.de +- Remove SO_SNDBUF and SO_RCVBUF from socket options example; [#165723]. +* Wed May 31 2006 - gd@suse.de +- Add wbinfo --own-domain; [#167344]. +- Fix usability of pam_winbind on a Samba PDC; [bso #3800]. +* Tue May 30 2006 - lmuelle@suse.de +- Remove intrusive affinity patches for winbindd. * Sun May 28 2006 - jeallison@suse.de - Merge Volker's winbindd crash fix for half-opened connections in winbindd_cm.c (sessionsetup succeeded but tconX failed). ++++++ patches.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/heimdal-0.7.1-light.diff new/patches/heimdal/heimdal-0.7.1-light.diff --- old/patches/heimdal/heimdal-0.7.1-light.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/heimdal/heimdal-0.7.1-light.diff 2006-05-30 17:38:46.000000000 +0200 @@ -0,0 +1,14 @@ +Author: Björn JACKE <bj at SerNet dot de> +Subject: Limit build of heimdal to the required components + +--- Makefile.in 2005-10-14 12:46:55.325879536 +0000 ++++ Makefile.in 2005-10-14 12:47:53.383879902 +0000 +@@ -367,7 +367,7 @@ + @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la + @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la + @KCM_TRUE@kcm_dir = kcm +-SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools ++SUBDIRS = include lib tools + ACLOCAL_AMFLAGS = -I cf + EXTRA_DIST = Makefile.am.common krb5.conf + all: all-recursive diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/heimdal-configure-pthread.diff new/patches/heimdal/heimdal-configure-pthread.diff --- old/patches/heimdal/heimdal-configure-pthread.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/heimdal/heimdal-configure-pthread.diff 2006-05-30 17:39:05.000000000 +0200 @@ -0,0 +1,19 @@ +Author: Lars Mueller <lmuelle at samba dort org> +Subject: fix pthread libs command line option + +We only could patch configure as our autoconf in ul1/ sles8 and 9.0 is too +old. + +Index: configure +=================================================================== +--- configure ++++ configure +@@ -22578,7 +22578,7 @@ case "$host" in + 2.*) + native_pthread_support=yes + PTHREADS_CFLAGS=-pthread +- PTHREADS_LIBS=-pthread ++ PTHREADS_LIBS=-lpthread + ;; + esac + ;; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/samba3-exampleheimdal4.diff new/patches/heimdal/samba3-exampleheimdal4.diff --- old/patches/heimdal/samba3-exampleheimdal4.diff 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/heimdal/samba3-exampleheimdal4.diff 2006-05-30 17:39:14.000000000 +0200 @@ -0,0 +1,14 @@ +Author: Björn JACKE <bj at SerNet dot de> +Subject: Use the heimdal version we just built + +--- ../examples/pdb/Makefile ++++ ../examples/pdb/Makefile 2005-01-25 13:30:14 +@@ -8,7 +8,7 @@ + SAMBA_INCL = ../../source/include + UBIQX_SRC = ../../source/ubiqx + SMBWR_SRC = ../../source/smbwrapper +-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I/usr/include/heimdal -fPIC ++CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I../../heimdal/include/ -fPIC + PDB_OBJS = test.la + + # Default target diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/heimdal/series new/patches/heimdal/series --- old/patches/heimdal/series 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/heimdal/series 2006-05-30 16:43:13.000000000 +0200 @@ -0,0 +1,4 @@ +# needed if we build heimdal as part of the Samba build process +heimdal/heimdal-0.7.1-light.diff -p0 +heimdal/heimdal-configure-pthread.diff -p0 +heimdal/samba3-exampleheimdal4.diff -p0 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/13310 new/patches/samba.org/13310 --- old/patches/samba.org/13310 2006-05-29 12:36:16.000000000 +0200 +++ new/patches/samba.org/13310 1970-01-01 01:00:00.000000000 +0100 @@ -1,686 +0,0 @@ ------------------------------------------------------------------------- -r13310 | jerry | 2006-02-03 22:19:24 +0100 (Fr, 03 Feb 2006) | 1 line - -first round of server affinity patches for winbindd & net ads join ------------------------------------------------------------------------- -Index: source/nsswitch/winbindd_cm.c -=================================================================== ---- source/nsswitch/winbindd_cm.c (Revision 13309) -+++ source/nsswitch/winbindd_cm.c (Revision 13310) -@@ -358,6 +358,10 @@ - - session_setup_done: - -+ /* cache the server name for later connections */ -+ -+ saf_store( (*cli)->domain, (*cli)->desthost ); -+ - if (!cli_send_tconX(*cli, "IPC$", "IPC", "", 0)) { - - result = cli_nt_error(*cli); -@@ -658,14 +662,6 @@ - return True; - } - -- if ( is_our_domain -- && must_use_pdc(domain->name) -- && get_pdc_ip(domain->name, &ip)) -- { -- if (add_one_dc_unique(mem_ctx, domain->name, inet_ntoa(ip), ip, dcs, num_dcs)) -- return True; -- } -- - /* try standard netbios queries first */ - - get_sorted_dc_list(domain->name, &ip_list, &iplist_size, False); -@@ -752,12 +748,35 @@ - { - TALLOC_CTX *mem_ctx; - NTSTATUS result; -- -+ char *saf_servername = saf_fetch( domain->name ); - int retries; - - if ((mem_ctx = talloc_init("cm_open_connection")) == NULL) - return NT_STATUS_NO_MEMORY; - -+ /* we have to check the server affinity cache here since -+ later we selecte a DC based on response time and not preference */ -+ -+ if ( saf_servername ) -+ { -+ /* convert an ip address to a name */ -+ if ( is_ipaddress( saf_servername ) ) -+ { -+ fstring saf_name; -+ struct in_addr ip; -+ -+ ip = *interpret_addr2( saf_servername ); -+ dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name ); -+ fstrcpy( domain->dcname, saf_name ); -+ } -+ else -+ { -+ fstrcpy( domain->dcname, saf_servername ); -+ } -+ -+ SAFE_FREE( saf_servername ); -+ } -+ - for (retries = 0; retries < 3; retries++) { - - int fd = -1; -@@ -765,27 +784,28 @@ - - result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; - -- if ((strlen(domain->dcname) > 0) && -- NT_STATUS_IS_OK(check_negative_conn_cache( -- domain->name, domain->dcname)) && -- (resolve_name(domain->dcname, &domain->dcaddr.sin_addr, -- 0x20))) { -- int dummy; -- struct sockaddr_in addrs[2]; -- addrs[0] = domain->dcaddr; -- addrs[0].sin_port = htons(445); -- addrs[1] = domain->dcaddr; -- addrs[1].sin_port = htons(139); -- if (!open_any_socket_out(addrs, 2, 10000, -- &dummy, &fd)) { -+ if ((strlen(domain->dcname) > 0) -+ && NT_STATUS_IS_OK(check_negative_conn_cache( domain->name, domain->dcname)) -+ && (resolve_name(domain->dcname, &domain->dcaddr.sin_addr, 0x20))) -+ { -+ struct sockaddr_in *addrs = NULL; -+ int num_addrs = 0; -+ int dummy = 0; -+ -+ -+ add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 445, &addrs, &num_addrs); -+ add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 139, &addrs, &num_addrs); -+ -+ if (!open_any_socket_out(addrs, num_addrs, 10000, &dummy, &fd)) { - fd = -1; - } - } - -- if ((fd == -1) && -- !find_new_dc(mem_ctx, domain, domain->dcname, -- &domain->dcaddr, &fd)) -+ if ((fd == -1) -+ && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd)) -+ { - break; -+ } - - new_conn->cli = NULL; - -Index: source/lib/gencache.c -=================================================================== ---- source/lib/gencache.c (Revision 13309) -+++ source/lib/gencache.c (Revision 13310) -@@ -268,7 +268,7 @@ - SAFE_FREE(entry_buf); - - DEBUG(10, ("Returning %s cache entry: key = %s, value = %s, " -- "timeout = %s\n", t > time(NULL) ? "valid" : -+ "timeout = %s", t > time(NULL) ? "valid" : - "expired", keystr, v, ctime(&t))); - - if (valstr) -@@ -281,20 +281,18 @@ - - return t > time(NULL); - -- } else { -- SAFE_FREE(databuf.dptr); -+ } - -- if (valstr) -- *valstr = NULL; -+ SAFE_FREE(databuf.dptr); - -- if (timeout) -- timeout = NULL; -+ if (valstr) -+ *valstr = NULL; -+ if (timeout) -+ timeout = NULL; - -- DEBUG(10, ("Cache entry with key = %s couldn't be found\n", -- keystr)); -+ DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr)); - -- return False; -- } -+ return False; - } - - -Index: source/libsmb/namequery.c -=================================================================== ---- source/libsmb/namequery.c (Revision 13309) -+++ source/libsmb/namequery.c (Revision 13310) -@@ -24,7 +24,95 @@ - /* nmbd.c sets this to True. */ - BOOL global_in_nmbd = False; - -+ -+/**************************** -+ * SERVER AFFINITY ROUTINES * -+ ****************************/ -+ -+ /* Server affinity is the concept of preferring the last domain -+ controller with whom you had a successful conversation */ -+ - /**************************************************************************** -+****************************************************************************/ -+#define SAFKEY_FMT "SAF/DOMAIN/%s" -+#define SAF_TTL 900 -+ -+static char *saf_key(const char *domain) -+{ -+ char *keystr; -+ -+ asprintf( &keystr, SAFKEY_FMT, strupper_static(domain) ); -+ -+ return keystr; -+} -+ -+/**************************************************************************** -+****************************************************************************/ -+ -+BOOL saf_store( const char *domain, const char *servername ) -+{ -+ char *key; -+ time_t expire; -+ BOOL ret = False; -+ -+ if ( !domain || !servername ) { -+ DEBUG(2,("saf_store: Refusing to store empty domain or servername!\n")); -+ return False; -+ } -+ -+ if ( !gencache_init() ) -+ return False; -+ -+ key = saf_key( domain ); -+ expire = time( NULL ) + SAF_TTL; -+ -+ -+ DEBUG(10,("saf_store: domain = [%s], server = [%s], expire = [%d]\n", -+ domain, servername, expire )); -+ -+ ret = gencache_set( key, servername, expire ); -+ -+ SAFE_FREE( key ); -+ -+ return ret; -+} -+ -+/**************************************************************************** -+****************************************************************************/ -+ -+char *saf_fetch( const char *domain ) -+{ -+ char *server = NULL; -+ time_t timeout; -+ BOOL ret = False; -+ char *key = NULL; -+ -+ if ( !domain ) { -+ DEBUG(2,("saf_fetch: Empty domain name!\n")); -+ return NULL; -+ } -+ -+ if ( !gencache_init() ) -+ return False; -+ -+ key = saf_key( domain ); -+ -+ ret = gencache_get( key, &server, &timeout ); -+ -+ SAFE_FREE( key ); -+ -+ if ( !ret ) { -+ DEBUG(5,("saf_fetch: failed to find server for \"%s\" domain\n", domain )); -+ } else { -+ DEBUG(5,("saf_fetch: Returning \"%s\" for \"%s\" domain\n", -+ server, domain )); -+ } -+ -+ return server; -+} -+ -+ -+/**************************************************************************** - Generate a random trn_id. - ****************************************************************************/ - -@@ -1261,6 +1349,18 @@ - int *count, BOOL ads_only, int *ordered) - { - fstring resolve_order; -+ char *saf_servername; -+ pstring pserver; -+ const char *p; -+ char *port_str; -+ int port; -+ fstring name; -+ int num_addresses = 0; -+ int local_count, i, j; -+ struct ip_service *return_iplist = NULL; -+ struct ip_service *auto_ip_list = NULL; -+ BOOL done_auto_lookup = False; -+ int auto_count = 0; - - /* if we are restricted to solely using DNS for looking - up a domain controller, make sure that host lookups -@@ -1277,148 +1377,145 @@ - fstrcpy( resolve_order, "NULL" ); - } - -+ *ordered = False; - -- *ordered = False; -- -- /* If it's our domain then use the 'password server' parameter. */ -- -+ /* fetch the server we have affinity for. Add the -+ 'password server' list to a search for our domain controllers */ -+ -+ saf_servername = saf_fetch( domain ); -+ - if ( strequal(domain, lp_workgroup()) || strequal(domain, lp_realm()) ) { -- const char *p; -- char *pserver = lp_passwordserver(); /* UNIX charset. */ -- char *port_str; -- int port; -- fstring name; -- int num_addresses = 0; -- int local_count, i, j; -- struct ip_service *return_iplist = NULL; -- struct ip_service *auto_ip_list = NULL; -- BOOL done_auto_lookup = False; -- int auto_count = 0; -- -+ pstr_sprintf( pserver, "%s, %s", -+ saf_servername ? saf_servername : "", -+ lp_passwordserver() ); -+ } else { -+ pstr_sprintf( pserver, "%s, *", -+ saf_servername ? saf_servername : "" ); -+ } - -- if (!*pserver) -- return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order); -+ SAFE_FREE( saf_servername ); - -- p = pserver; -+ /* if we are starting from scratch, just lookup DOMAIN<0x1c> */ - -- /* -- * if '*' appears in the "password server" list then add -- * an auto lookup to the list of manually configured -- * DC's. If any DC is listed by name, then the list should be -- * considered to be ordered -- */ -- -- while (next_token(&p,name,LIST_SEP,sizeof(name))) { -- if (strequal(name, "*")) { -- if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count, resolve_order) ) -- num_addresses += auto_count; -- done_auto_lookup = True; -- DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count)); -- } else { -- num_addresses++; -- } -+ if ( !*pserver ) { -+ DEBUG(10,("get_dc_list: no preferred domain controllers.\n")); -+ return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order); -+ } -+ -+ DEBUG(3,("get_dc_list: preferred server list: \"%s\"\n", pserver )); -+ -+ /* -+ * if '*' appears in the "password server" list then add -+ * an auto lookup to the list of manually configured -+ * DC's. If any DC is listed by name, then the list should be -+ * considered to be ordered -+ */ -+ -+ p = pserver; -+ while (next_token(&p,name,LIST_SEP,sizeof(name))) { -+ if (strequal(name, "*")) { -+ if ( internal_resolve_name(domain, 0x1C, &auto_ip_list, &auto_count, resolve_order) ) -+ num_addresses += auto_count; -+ done_auto_lookup = True; -+ DEBUG(8,("Adding %d DC's from auto lookup\n", auto_count)); -+ } else { -+ num_addresses++; - } -+ } - -- /* if we have no addresses and haven't done the auto lookup, then -- just return the list of DC's */ -+ /* if we have no addresses and haven't done the auto lookup, then -+ just return the list of DC's. Or maybe we just failed. */ - -- if ( (num_addresses == 0) && !done_auto_lookup ) { -+ if ( (num_addresses == 0) ) { -+ if ( !done_auto_lookup ) { - return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order); -- } -- -- /* maybe we just failed? */ -- -- if ( num_addresses == 0 ) { -- DEBUG(4,("get_dc_list: no servers found\n")); -+ } else { -+ DEBUG(4,("get_dc_list: no servers found\n")); - return False; - } -- -- if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) { -- DEBUG(3,("get_dc_list: malloc fail !\n")); -- return False; -- } -+ } - -- p = pserver; -- local_count = 0; -+ if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) { -+ DEBUG(3,("get_dc_list: malloc fail !\n")); -+ return False; -+ } - -- /* fill in the return list now with real IP's */ -+ p = pserver; -+ local_count = 0; -+ -+ /* fill in the return list now with real IP's */ - -- while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) { -- struct in_addr name_ip; -+ while ( (local_count<num_addresses) && next_token(&p,name,LIST_SEP,sizeof(name)) ) { -+ struct in_addr name_ip; - -- /* copy any addersses from the auto lookup */ -+ /* copy any addersses from the auto lookup */ - -- if ( strequal(name, "*") ) { -- for ( j=0; j<auto_count; j++ ) { -- /* Check for and don't copy any known bad DC IP's. */ -- if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain, -- inet_ntoa(auto_ip_list[j].ip)))) { -- DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n", -- inet_ntoa(auto_ip_list[j].ip) )); -- continue; -- } -- return_iplist[local_count].ip = auto_ip_list[j].ip; -- return_iplist[local_count].port = auto_ip_list[j].port; -- local_count++; -+ if ( strequal(name, "*") ) { -+ for ( j=0; j<auto_count; j++ ) { -+ /* Check for and don't copy any known bad DC IP's. */ -+ if(!NT_STATUS_IS_OK(check_negative_conn_cache(domain, -+ inet_ntoa(auto_ip_list[j].ip)))) { -+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n", -+ inet_ntoa(auto_ip_list[j].ip) )); -+ continue; - } -- continue; -+ return_iplist[local_count].ip = auto_ip_list[j].ip; -+ return_iplist[local_count].port = auto_ip_list[j].port; -+ local_count++; - } -+ continue; -+ } - - -- /* added support for address:port syntax for ads (not that I think -- anyone will ever run the LDAP server in an AD domain on something -- other than port 389 */ -+ /* added support for address:port syntax for ads (not that I think -+ anyone will ever run the LDAP server in an AD domain on something -+ other than port 389 */ - -- port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE; -- if ( (port_str=strchr(name, ':')) != NULL ) { -- *port_str = '\0'; -- port_str++; -- port = atoi( port_str ); -- } -+ port = (lp_security() == SEC_ADS) ? LDAP_PORT : PORT_NONE; -+ if ( (port_str=strchr(name, ':')) != NULL ) { -+ *port_str = '\0'; -+ port_str++; -+ port = atoi( port_str ); -+ } - -- /* explicit lookup; resolve_name() will handle names & IP addresses */ -- if ( resolve_name( name, &name_ip, 0x20 ) ) { -+ /* explicit lookup; resolve_name() will handle names & IP addresses */ -+ if ( resolve_name( name, &name_ip, 0x20 ) ) { - -- /* Check for and don't copy any known bad DC IP's. */ -- if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) { -- DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name )); -- continue; -- } -+ /* Check for and don't copy any known bad DC IP's. */ -+ if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain, inet_ntoa(name_ip))) ) { -+ DEBUG(5,("get_dc_list: negative entry %s removed from DC list\n",name )); -+ continue; -+ } - -- return_iplist[local_count].ip = name_ip; -- return_iplist[local_count].port = port; -- local_count++; -- *ordered = True; -- } -+ return_iplist[local_count].ip = name_ip; -+ return_iplist[local_count].port = port; -+ local_count++; -+ *ordered = True; - } -+ } - -- SAFE_FREE(auto_ip_list); -+ SAFE_FREE(auto_ip_list); - -- /* need to remove duplicates in the list if we have any -- explicit password servers */ -- -- if ( local_count ) { -- local_count = remove_duplicate_addrs2( return_iplist, local_count ); -- } -+ /* need to remove duplicates in the list if we have any -+ explicit password servers */ -+ -+ if ( local_count ) { -+ local_count = remove_duplicate_addrs2( return_iplist, local_count ); -+ } - -- if ( DEBUGLEVEL >= 4 ) { -- DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count, -- *ordered ? "":"un")); -- DEBUG(4,("get_dc_list: ")); -- for ( i=0; i<local_count; i++ ) -- DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port )); -- DEBUGADD(4,("\n")); -- } -+ if ( DEBUGLEVEL >= 4 ) { -+ DEBUG(4,("get_dc_list: returning %d ip addresses in an %sordered list\n", local_count, -+ *ordered ? "":"un")); -+ DEBUG(4,("get_dc_list: ")); -+ for ( i=0; i<local_count; i++ ) -+ DEBUGADD(4,("%s:%d ", inet_ntoa(return_iplist[i].ip), return_iplist[i].port )); -+ DEBUGADD(4,("\n")); -+ } - -- *ip_list = return_iplist; -- *count = local_count; -+ *ip_list = return_iplist; -+ *count = local_count; - -- return (*count != 0); -- } -- -- DEBUG(10,("get_dc_list: defaulting to internal auto lookup for domain %s\n", domain)); -- -- return internal_resolve_name(domain, 0x1C, ip_list, count, resolve_order); -+ return (*count != 0); - } - - /********************************************************************* -Index: source/libsmb/namequery_dc.c -=================================================================== ---- source/libsmb/namequery_dc.c (Revision 13309) -+++ source/libsmb/namequery_dc.c (Revision 13310) -@@ -75,31 +75,10 @@ - struct ip_service *ip_list = NULL; - struct in_addr dc_ip, exclude_ip; - int count, i; -- BOOL use_pdc_only; - NTSTATUS result; - - zero_ip(&exclude_ip); - -- use_pdc_only = must_use_pdc(domain); -- -- /* Lookup domain controller name */ -- -- if ( use_pdc_only && get_pdc_ip(domain, &dc_ip) ) -- { -- DEBUG(10,("rpc_dc_name: Atempting to lookup PDC to avoid sam sync delays\n")); -- -- /* check the connection cache and perform the node status -- lookup only if the IP is not found to be bad */ -- -- if (name_status_find(domain, 0x1b, 0x20, dc_ip, srv_name) ) { -- result = check_negative_conn_cache( domain, srv_name ); -- if ( NT_STATUS_IS_OK(result) ) -- goto done; -- } -- /* Didn't get name, remember not to talk to this DC. */ -- exclude_ip = dc_ip; -- } -- - /* get a list of all domain controllers */ - - if ( !get_sorted_dc_list(domain, &ip_list, &count, False) ) { -@@ -109,13 +88,6 @@ - - /* Remove the entry we've already failed with (should be the PDC). */ - -- if ( use_pdc_only ) { -- for (i = 0; i < count; i++) { -- if (ip_equal( exclude_ip, ip_list[i].ip)) -- zero_ip(&ip_list[i].ip); -- } -- } -- - for (i = 0; i < count; i++) { - if (is_zero_ip(ip_list[i].ip)) - continue; -Index: source/libsmb/cliconnect.c -=================================================================== ---- source/libsmb/cliconnect.c (Revision 13309) -+++ source/libsmb/cliconnect.c (Revision 13310) -@@ -865,14 +865,16 @@ - DEBUG(3, ("SPNEGO login failed: %s\n", ads_errstr(status))); - return False; - } -- return True; -+ } else { -+ /* otherwise do a NT1 style session setup */ -+ if ( !cli_session_setup_nt1(cli, user, pass, passlen, ntpass, ntpasslen, workgroup) ) { -+ DEBUG(3,("cli_session_setup: NT1 session setup failed!\n")); -+ return False; -+ } - } - -- /* otherwise do a NT1 style session setup */ -+ return True; - -- return cli_session_setup_nt1(cli, user, -- pass, passlen, ntpass, ntpasslen, -- workgroup); - } - - /**************************************************************************** -Index: source/passdb/secrets.c -=================================================================== ---- source/passdb/secrets.c (Revision 13309) -+++ source/passdb/secrets.c (Revision 13310) -@@ -821,35 +821,6 @@ - DEBUG(10,("secrets_named_mutex: released mutex for %s\n", name )); - } - --/********************************************************* -- Check to see if we must talk to the PDC to avoid sam -- sync delays -- ********************************************************/ -- --BOOL must_use_pdc( const char *domain ) --{ -- time_t now = time(NULL); -- time_t last_change_time; -- unsigned char passwd[16]; -- -- if ( !secrets_fetch_trust_account_password(domain, passwd, &last_change_time, NULL) ) -- return False; -- -- /* -- * If the time the machine password has changed -- * was less than about 15 minutes then we need to contact -- * the PDC only, as we cannot be sure domain replication -- * has yet taken place. Bug found by Gerald (way to go -- * Gerald !). JRA. -- */ -- -- if ( now - last_change_time < SAM_SYNC_WINDOW ) -- return True; -- -- return False; -- --} -- - /******************************************************************************* - Store a complete AFS keyfile into secrets.tdb. - *******************************************************************************/ -Index: source/include/smb.h -=================================================================== ---- source/include/smb.h (Revision 13309) -+++ source/include/smb.h (Revision 13310) -@@ -238,14 +238,6 @@ - - #define MAX_HOURS_LEN 32 - --/* -- * window during which we must talk to the PDC to avoid -- * sam sync delays; expressed in seconds (15 minutes is the -- * default period for SAM replication under Windows NT 4.0 -- */ --#define SAM_SYNC_WINDOW 900 -- -- - #ifndef MAXSUBAUTHS - #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ - #endif -Index: source/libads/ldap.c -=================================================================== ---- source/libads/ldap.c (Revision 13309) -+++ source/libads/ldap.c (Revision 13310) -@@ -136,6 +136,10 @@ - ads->ldap_port = port; - ads->ldap_ip = *interpret_addr2(srv); - free(srv); -+ -+ /* cache the successful connection */ -+ -+ saf_store( ads->server.workgroup, server ); - - return True; - } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/15904 new/patches/samba.org/15904 --- old/patches/samba.org/15904 2006-05-29 12:39:35.000000000 +0200 +++ new/patches/samba.org/15904 2006-05-30 12:48:03.000000000 +0200 @@ -68,7 +68,7 @@ if ((*cli)->protocol >= PROTOCOL_NT1 && (*cli)->capabilities & CAP_EXTENDED_SECURITY) { ADS_STATUS ads_status; -@@ -371,8 +371,6 @@ static NTSTATUS cm_prepare_connection(co +@@ -367,8 +367,6 @@ static NTSTATUS cm_prepare_connection(co if (NT_STATUS_IS_OK(result)) result = NT_STATUS_UNSUCCESSFUL; @@ -77,7 +77,7 @@ goto done; } -@@ -386,7 +384,6 @@ static NTSTATUS cm_prepare_connection(co +@@ -382,7 +380,6 @@ static NTSTATUS cm_prepare_connection(co } result = NT_STATUS_OK; @@ -85,7 +85,7 @@ done: if (got_mutex) { -@@ -400,8 +397,12 @@ static NTSTATUS cm_prepare_connection(co +@@ -396,8 +393,12 @@ static NTSTATUS cm_prepare_connection(co SAFE_FREE(ipc_domain); SAFE_FREE(ipc_password); @@ -99,7 +99,7 @@ } return result; -@@ -579,7 +580,7 @@ static BOOL receive_getdc_response(struc +@@ -575,7 +576,7 @@ static BOOL receive_getdc_response(struc convert an ip to a name *******************************************************************/ @@ -108,7 +108,7 @@ const DOM_SID *sid, struct in_addr ip, fstring name ) { -@@ -590,7 +591,7 @@ static void dcip_to_name( const char *do +@@ -586,7 +587,7 @@ static void dcip_to_name( const char *do smb_msleep(100); for (i=0; i<5; i++) { if (receive_getdc_response(ip, domainname, name)) @@ -117,7 +117,7 @@ smb_msleep(500); } } -@@ -598,11 +599,7 @@ static void dcip_to_name( const char *do +@@ -594,11 +595,7 @@ static void dcip_to_name( const char *do /* try node status request */ if ( name_status_find(domainname, 0x1c, 0x20, ip, name) ) @@ -130,7 +130,7 @@ #ifdef WITH_ADS /* for active directory servers, try to get the ldap server name. -@@ -618,22 +615,23 @@ static void dcip_to_name( const char *do +@@ -614,22 +611,23 @@ static void dcip_to_name( const char *do if ( !ads_try_connect( ads, inet_ntoa(ip), LDAP_PORT ) ) { ads_destroy( &ads ); @@ -157,7 +157,7 @@ } /******************************************************************* -@@ -703,6 +701,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ +@@ -707,6 +705,7 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ int i, fd_index; @@ -165,50 +165,27 @@ if (!get_dcs(mem_ctx, domain, &dcs, &num_dcs) || (num_dcs == 0)) return False; -@@ -733,15 +732,22 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ +@@ -740,11 +739,18 @@ static BOOL find_new_dc(TALLOC_CTX *mem_ + /* if we have no name on the server or just an IP address for + the name, now try to get the name */ - *addr = addrs[fd_index]; - -- /* if we have no name on the server or just an IP address for -- the name, now try to get the name */ -- - if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' ) - dcip_to_name( domain->name, domain->alt_name, &domain->sid, addr->sin_addr, dcname ); - else -+ if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) { -+ /* Ok, we've got a name for the DC */ - fstrcpy(dcname, dcnames[fd_index]); -+ return True; -+ } - -- return True; -+ /* Try to figure out the name */ -+ if (dcip_to_name( domain->name, domain->alt_name, &domain->sid, -+ addr->sin_addr, dcname )) { -+ return True; +- fstrcpy(dcname, dcnames[fd_index]); +- ++ if ( is_ipaddress(dcnames[fd_index]) || *dcnames[fd_index] == '\0' ) { ++ if (!dcip_to_name( domain->name, domain->alt_name, &domain->sid, ++ addr->sin_addr, dcname )) { ++ add_failed_connection_entry( ++ domain->name, dcs[i].name, ++ NT_STATUS_UNSUCCESSFUL); ++ return False; ++ } ++ } else { ++ fstrcpy(dcname, dcnames[fd_index]); + } -+ -+ /* We can not continue without the DC's name */ -+ add_failed_connection_entry(domain->name, dcs[fd_index].name, -+ NT_STATUS_UNSUCCESSFUL); -+ goto again; ++ + return True; } - static NTSTATUS cm_open_connection(struct winbindd_domain *domain, -@@ -767,8 +773,14 @@ static NTSTATUS cm_open_connection(struc - struct in_addr ip; - - ip = *interpret_addr2( saf_servername ); -- dcip_to_name( domain->name, domain->alt_name, &domain->sid, ip, saf_name ); -- fstrcpy( domain->dcname, saf_name ); -+ if (dcip_to_name( domain->name, domain->alt_name, -+ &domain->sid, ip, saf_name )) { -+ fstrcpy( domain->dcname, saf_name ); -+ } else { -+ add_failed_connection_entry( -+ domain->name, saf_name, -+ NT_STATUS_UNSUCCESSFUL); -+ } - } - else - { diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/series new/patches/series --- old/patches/series 2006-05-29 12:40:25.000000000 +0200 +++ new/patches/series 2006-05-30 17:39:51.000000000 +0200 @@ -9,7 +9,6 @@ samba.org/13212 -p0 samba.org/13214 -p0 samba.org/13284 -p0 -samba.org/13310 -p0 samba.org/13639 -p0 samba.org/13642 -p0 samba.org/13644 -p0 @@ -69,7 +68,3 @@ suse/man-pages.diff -p0 suse/samba3-rename_machine.diff -p0 suse/get_printing_ticket.diff -p0 -# needed if we build heimdal as part of the Samba build process -+heimdal suse/heimdal-0.7.1-light.diff -p0 -+heimdal suse/heimdal-configure-pthread.diff -p0 -+heimdal suse/samba3-exampleheimdal4.diff -p0 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/heimdal-0.7.1-light.diff new/patches/suse/heimdal-0.7.1-light.diff --- old/patches/suse/heimdal-0.7.1-light.diff 2006-04-23 13:39:14.000000000 +0200 +++ new/patches/suse/heimdal-0.7.1-light.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -Author: Björn JACKE <bj at SerNet dot de> -Subject: Limit build of heimdal to the required components - ---- heimdal-0.7.1/Makefile.in 2005-10-14 12:46:55.325879536 +0000 -+++ heimdal-0.7.1/Makefile.in 2005-10-14 12:47:53.383879902 +0000 -@@ -367,7 +367,7 @@ - @KRB5_TRUE@LIB_tsasl = $(top_builddir)/lib/tsasl/libtsasl.la - @DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la - @KCM_TRUE@kcm_dir = kcm --SUBDIRS = include lib kuser kdc admin kadmin kpasswd $(kcm_dir) appl doc tools -+SUBDIRS = include lib tools - ACLOCAL_AMFLAGS = -I cf - EXTRA_DIST = Makefile.am.common krb5.conf - all: all-recursive diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/heimdal-configure-pthread.diff new/patches/suse/heimdal-configure-pthread.diff --- old/patches/suse/heimdal-configure-pthread.diff 2006-04-23 13:39:14.000000000 +0200 +++ new/patches/suse/heimdal-configure-pthread.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -Author: Lars Mueller <lmuelle at samba dort org> -Subject: fix pthread libs command line option - -We only could patch configure as our autoconf in ul1/ sles8 and 9.0 is too -old. - -Index: heimdal-0.7.1/configure -=================================================================== ---- heimdal-0.7.1.orig/configure -+++ heimdal-0.7.1/configure -@@ -22578,7 +22578,7 @@ case "$host" in - 2.*) - native_pthread_support=yes - PTHREADS_CFLAGS=-pthread -- PTHREADS_LIBS=-pthread -+ PTHREADS_LIBS=-lpthread - ;; - esac - ;; diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/netusershare.diff new/patches/suse/netusershare.diff --- old/patches/suse/netusershare.diff 2006-05-29 12:54:01.000000000 +0200 +++ new/patches/suse/netusershare.diff 2006-05-30 12:57:09.000000000 +0200 @@ -2966,7 +2966,7 @@ =================================================================== --- source/include/smb.h.orig +++ source/include/smb.h -@@ -1783,4 +1783,19 @@ typedef struct uuid_flat { +@@ -1791,4 +1791,19 @@ typedef struct uuid_flat { /* map readonly options */ enum mapreadonly_options {MAP_READONLY_NO, MAP_READONLY_YES, MAP_READONLY_PERMISSIONS}; @@ -3008,7 +3008,7 @@ =================================================================== --- source/libsmb/cliconnect.c.orig +++ source/libsmb/cliconnect.c -@@ -1394,7 +1394,11 @@ again: +@@ -1392,7 +1392,11 @@ again: DEBUG(1,("cli_start_connection: failed to connect to %s (%s)\n", nmb_namestr(&called), inet_ntoa(ip))); cli_shutdown(cli); @@ -3021,7 +3021,7 @@ } if (retry) -@@ -1412,7 +1416,7 @@ again: +@@ -1410,7 +1414,7 @@ again: make_nmb_name(&called , "*SMBSERVER", 0x20); goto again; } @@ -3030,7 +3030,7 @@ } cli_setup_signing_state(cli, signing_state); -@@ -1424,7 +1428,10 @@ again: +@@ -1422,7 +1426,10 @@ again: if (!cli_negprot(cli)) { DEBUG(1,("failed negprot\n")); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/samba3-exampleheimdal4.diff new/patches/suse/samba3-exampleheimdal4.diff --- old/patches/suse/samba3-exampleheimdal4.diff 2006-04-23 13:39:14.000000000 +0200 +++ new/patches/suse/samba3-exampleheimdal4.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -Author: Björn JACKE <bj at SerNet dot de> -Subject: Use the heimdal version we just built - ---- examples/pdb/Makefile -+++ examples/pdb/Makefile 2005-01-25 13:30:14 -@@ -8,7 +8,7 @@ - SAMBA_INCL = ../../source/include - UBIQX_SRC = ../../source/ubiqx - SMBWR_SRC = ../../source/smbwrapper --CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I/usr/include/heimdal -fPIC -+CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -I../../heimdal/include/ -fPIC - PDB_OBJS = test.la - - # Default target diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/samba3-pam_winbind.diff new/patches/suse/samba3-pam_winbind.diff --- old/patches/suse/samba3-pam_winbind.diff 2006-05-29 12:50:19.000000000 +0200 +++ new/patches/suse/samba3-pam_winbind.diff 2006-06-01 09:44:25.000000000 +0200 @@ -358,7 +358,7 @@ + #define MAX_HOURS_LEN 32 - #ifndef MAXSUBAUTHS + /* Index: source/lib/pam_errors.c =================================================================== --- source/lib/pam_errors.c.orig @@ -2664,7 +2664,22 @@ NSS_STATUS_SUCCESS) return False; -@@ -577,6 +581,67 @@ static BOOL wbinfo_lookupname(char *name +@@ -296,6 +300,14 @@ static BOOL wbinfo_list_domains(void) + return True; + } + ++/* List own domain */ ++ ++static BOOL wbinfo_list_own_domain(void) ++{ ++ d_printf("%s\n", get_winbind_domain()); ++ ++ return True; ++} + + /* show sequence numbers */ + static BOOL wbinfo_show_sequence(const char *domain) +@@ -577,6 +589,67 @@ static BOOL wbinfo_lookupname(char *name /* Authenticate a user with a plaintext password */ @@ -2732,25 +2747,27 @@ static BOOL wbinfo_auth(char *username) { struct winbindd_request request; -@@ -968,7 +1033,8 @@ enum { +@@ -968,7 +1041,9 @@ enum { OPT_GETDCNAME, OPT_USERDOMGROUPS, OPT_USERSIDS, - OPT_SEPARATOR + OPT_SEPARATOR, -+ OPT_LIST_ALL_DOMAINS ++ OPT_LIST_ALL_DOMAINS, ++ OPT_LIST_OWN_DOMAIN }; int main(int argc, char **argv) -@@ -1000,6 +1066,7 @@ int main(int argc, char **argv) +@@ -1000,6 +1075,8 @@ int main(int argc, char **argv) { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, + { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, ++ { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, { "sequence", 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, "Show sequence numbers of all domains" }, { "domain-info", 'D', POPT_ARG_STRING, &string_arg, 'D', "Show most of the info we have about the domain" }, { "user-groups", 'r', POPT_ARG_STRING, &string_arg, 'r', "Get user groups", "USER" }, -@@ -1016,6 +1083,11 @@ int main(int argc, char **argv) +@@ -1016,6 +1093,11 @@ int main(int argc, char **argv) #ifdef WITH_FAKE_KASERVER { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, #endif @@ -2762,7 +2779,7 @@ { "separator", 0, POPT_ARG_NONE, 0, OPT_SEPARATOR, "Get the active winbind separator", NULL }, POPT_COMMON_VERSION POPT_TABLEEND -@@ -1133,7 +1205,7 @@ int main(int argc, char **argv) +@@ -1133,7 +1215,7 @@ int main(int argc, char **argv) } break; case 'm': @@ -2771,7 +2788,7 @@ d_fprintf(stderr, "Could not list trusted domains\n"); goto done; } -@@ -1190,6 +1262,38 @@ int main(int argc, char **argv) +@@ -1190,6 +1272,38 @@ int main(int argc, char **argv) goto done; break; } @@ -2810,7 +2827,7 @@ case 'k': if (!wbinfo_klog(string_arg)) { d_fprintf(stderr, "Could not klog user\n"); -@@ -1198,7 +1302,7 @@ int main(int argc, char **argv) +@@ -1198,7 +1312,7 @@ int main(int argc, char **argv) break; case 'p': if (!wbinfo_ping()) { @@ -2819,7 +2836,7 @@ goto done; } break; -@@ -1223,6 +1327,10 @@ int main(int argc, char **argv) +@@ -1223,6 +1337,16 @@ int main(int argc, char **argv) d_printf("%c\n", sep); break; } @@ -2827,6 +2844,12 @@ + if (!wbinfo_list_domains(True)) { + goto done; + } ++ break; ++ case OPT_LIST_OWN_DOMAIN: ++ if (!wbinfo_list_own_domain()) { ++ goto done; ++ } ++ break; /* generic configuration options */ case OPT_DOMAIN_NAME: break; @@ -3879,23 +3902,26 @@ =================================================================== --- source/nsswitch/winbindd_cm.c.orig +++ source/nsswitch/winbindd_cm.c -@@ -810,6 +810,7 @@ static NTSTATUS cm_open_connection(struc - add_sockaddr_to_array(mem_ctx, domain->dcaddr.sin_addr, 139, &addrs, &num_addrs); - - if (!open_any_socket_out(addrs, num_addrs, 10000, &dummy, &fd)) { +@@ -785,14 +785,17 @@ static NTSTATUS cm_open_connection(struc + addrs[1].sin_port = htons(139); + if (!open_any_socket_out(addrs, 2, 10000, + &dummy, &fd)) { + domain->online = False; fd = -1; } } -@@ -817,6 +818,7 @@ static NTSTATUS cm_open_connection(struc - if ((fd == -1) - && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd)) - { + + if ((fd == -1) && + !find_new_dc(mem_ctx, domain, domain->dcname, +- &domain->dcaddr, &fd)) ++ &domain->dcaddr, &fd)) { + domain->online = False; break; - } ++ } + + new_conn->cli = NULL; -@@ -829,6 +831,10 @@ static NTSTATUS cm_open_connection(struc +@@ -803,6 +806,10 @@ static NTSTATUS cm_open_connection(struc break; } @@ -3906,7 +3932,7 @@ talloc_destroy(mem_ctx); return result; } -@@ -1272,7 +1278,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_ +@@ -1246,7 +1253,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_ /* Fall back to schannel if it's a W2K pre-SP1 box. */ if (!cm_get_schannel_dcinfo(domain, &p_dcinfo)) { @@ -3915,7 +3941,7 @@ "for domain %s, trying anon\n", conn->cli->domain)); goto anonymous; } -@@ -1437,7 +1443,9 @@ NTSTATUS cm_connect_netlogon(struct winb +@@ -1411,7 +1418,9 @@ NTSTATUS cm_connect_netlogon(struct winb if (conn->netlogon_pipe == NULL) { DEBUG(3, ("Could not open schannel'ed NETLOGON pipe. Error " "was %s\n", nt_errstr(result))); @@ -5541,7 +5567,7 @@ =================================================================== --- source/nsswitch/winbindd_passdb.c.orig +++ source/nsswitch/winbindd_passdb.c -@@ -328,10 +328,35 @@ static NTSTATUS lookup_groupmem(struct w +@@ -328,7 +328,71 @@ static NTSTATUS lookup_groupmem(struct w /* find the sequence number for a domain */ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) { @@ -5556,12 +5582,12 @@ + + *seq = (int) seq_num; + /* *seq = 1; */ - return NT_STATUS_OK; - } - ++ return NT_STATUS_OK; ++} ++ +static NTSTATUS lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, -+ SAM_UNK_INFO_12 *lockout_policy) ++ SAM_UNK_INFO_12 *policy) +{ + /* actually we have that */ + return NT_STATUS_NOT_IMPLEMENTED; @@ -5569,16 +5595,52 @@ + +static NTSTATUS password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, -+ SAM_UNK_INFO_1 *password_policy) ++ SAM_UNK_INFO_1 *policy) +{ -+ /* actually we have that */ -+ return NT_STATUS_NOT_IMPLEMENTED; -+} ++ uint32 min_pass_len,pass_hist,password_properties; ++ time_t u_expire, u_min_age; ++ NTTIME nt_expire, nt_min_age; ++ uint32 account_policy_temp; + - /* get a list of trusted domains */ - static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, -@@ -391,5 +416,7 @@ struct winbindd_methods passdb_methods = ++ if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { ++ return NT_STATUS_NO_MEMORY; ++ } ++ ++ if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, &account_policy_temp)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ min_pass_len = account_policy_temp; ++ ++ if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, &account_policy_temp)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ pass_hist = account_policy_temp; ++ ++ if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, &account_policy_temp)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ password_properties = account_policy_temp; ++ ++ if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, &account_policy_temp)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ u_expire = account_policy_temp; ++ ++ if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, &account_policy_temp)) { ++ return NT_STATUS_ACCESS_DENIED; ++ } ++ u_min_age = account_policy_temp; ++ ++ unix_to_nt_time_abs(&nt_expire, u_expire); ++ unix_to_nt_time_abs(&nt_min_age, u_min_age); ++ ++ init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, ++ password_properties, nt_expire, nt_min_age); ++ + return NT_STATUS_OK; + } + +@@ -391,5 +455,7 @@ struct winbindd_methods passdb_methods = lookup_useraliases, lookup_groupmem, sequence_number, @@ -5755,7 +5817,7 @@ domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; domain->initialized = False; -+ domain->online = False; ++ domain->online = is_internal_domain(sid); if (sid) { sid_copy(&domain->sid, sid); } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/suse/winbind-offline.diff new/patches/suse/winbind-offline.diff --- old/patches/suse/winbind-offline.diff 2006-05-29 13:05:24.000000000 +0200 +++ new/patches/suse/winbind-offline.diff 2006-05-30 12:58:03.000000000 +0200 @@ -225,10 +225,10 @@ =================================================================== --- source/nsswitch/winbindd_cm.c.orig +++ source/nsswitch/winbindd_cm.c -@@ -818,6 +818,11 @@ static NTSTATUS cm_open_connection(struc - if ((fd == -1) - && !find_new_dc(mem_ctx, domain, domain->dcname, &domain->dcaddr, &fd)) - { +@@ -793,6 +793,11 @@ static NTSTATUS cm_open_connection(struc + if ((fd == -1) && + !find_new_dc(mem_ctx, domain, domain->dcname, + &domain->dcaddr, &fd)) { + /* This is the one place where we will + set the global winbindd offline state + to true, if a "WINBINDD_OFFLINE" entry @@ -237,7 +237,7 @@ domain->online = False; break; } -@@ -832,6 +837,10 @@ static NTSTATUS cm_open_connection(struc +@@ -807,6 +812,10 @@ static NTSTATUS cm_open_connection(struc } if (NT_STATUS_IS_OK(result)) { @@ -248,7 +248,7 @@ domain->online = True; } -@@ -839,7 +848,7 @@ static NTSTATUS cm_open_connection(struc +@@ -814,7 +823,7 @@ static NTSTATUS cm_open_connection(struc return result; } ++++++ vendor-files.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/config/smb.conf.vendor new/vendor-files/config/smb.conf.vendor --- old/vendor-files/config/smb.conf.vendor 2006-04-23 13:39:15.000000000 +0200 +++ new/vendor-files/config/smb.conf.vendor 2006-06-01 16:06:00.000000000 +0200 @@ -32,7 +32,7 @@ # performance settings (always test before using!) ; use sendfile = Yes ; large readwrite = Yes -; socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 SO_RCVBUF=8192 +; socket options = TCP_NODELAY SO_KEEPALIVE # utmp = Yes workgroup = TUX-NET ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org