Merge lp:~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 into lp:ubuntu/lucid/likewise-open
- Lucid (10.04)
- likewise-open.fix627272
- Merge into lucid
Status: | Needs review | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | lp:~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 | ||||||||||||||||||||||||||||
Merge into: | lp:ubuntu/lucid/likewise-open | ||||||||||||||||||||||||||||
Diff against target: |
1427 lines (+1234/-32) 14 files modified
debian/changelog (+49/-0) debian/control (+7/-6) debian/likewise-open.postinst (+34/-19) debian/likewise-open.preinst (+9/-7) debian/likewise-open.prerm (+9/-0) debian/patches/assume_default_domain.diff (+334/-0) debian/patches/disable_dcerpc_auto_start.diff (+26/-0) debian/patches/ignore_group_update_failure_on_leave.diff (+37/-0) debian/patches/lp-security-CVE-2010-0833.diff (+390/-0) debian/patches/lsass_turn_off_ncacn_ip_tcp.diff (+39/-0) debian/patches/lwupgrade_multi_sz.diff (+77/-0) debian/patches/offline_v2.diff (+201/-0) debian/patches/reg_import_multi_sz.diff (+14/-0) debian/patches/series (+8/-0) |
||||||||||||||||||||||||||||
To merge this branch: | bzr merge lp:~ssalley/ubuntu/lucid/likewise-open/likewise-open.fix627272 | ||||||||||||||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Dustin Kirkland | Needs Fixing | ||
Review via email: mp+42422@code.launchpad.net |
Commit message
Description of the change
These changes have been sitting in a PPA and tested by users and our QA team for a long while.
The changelog describes the changes in more detail but here is a short summary of fixed bugs:
lp:534629 AssumeDefaultDomain does not work
lp:575152 RequireMembershipOf Does Not Work
lp:591893 likewise-open depends on psmisc
lp:605326 Likewise open 5 or 6 conflicts with winbind
lp:572271 CacheEntryExpire setting ignored & default value of 4 hours is too
low
lp:574443 likewise-open5 upgrade mangles RequireMembershipOf settings
Additionally, many bugs dealing with installation and upgrading were corrected but matching them up to bug reports is difficult to do reproducibility.
Unmerged revisions
- 18. By Scott Salley
-
* patches/
ignore_ group_update_ failure_ on_leave. diff: Added upstream patch
to prevent "domainjoin-XXX leave" from failing if user/admin domain
groups could not be removed from the builtin user/admin groups
(LP BUG 575019)
* patches/assume_ default_ domain. diff: Fix regression in AssumeDefaultDomain
(LP BUG 534629)
* patches/offline_ v2.diff: Additional offline logon fixes (LP BUG 572271)
* patches/lwupgrade_ mulit_sz. diff: Make preservation of multi-string values
more robust (e.g. "RequireMembershipOf" LP BUG 574443)
* patches/reg_import_ multi_sz. diff: Fix importing REG_MULTI_SZ strings
that use the "\" character (LP BUG 575152)
* Added missing dependencies that prevent distribution and package upgrades
from succeeding:
- debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
- debian/control: Added psmisc (LP BUG 591893)
* Added statements to kill hung daemons that may prevent distribution and
package upgrades from succeeding (LP BUG 621980):
- debian/control: Added procps for pkill
- debian/likewise- open.postinst, debian/ likewise- open.preinst: Added
explict kill for daemons that may hang
* debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
like Scott Salley to handle likewise-open. - 17. By Gerald Carter <email address hidden>
-
Fix lsassd crash due to invalid hDirectory handle (LP: #610300).
- 16. By Scott Salley
-
* SECURITY UPDATE: local access restrictions bypass.
- Set the Administrator account as disabled when first provisioned.
- Explicitly mark lsassd local provider accounts accounts as disabled
if the account exists in its initial provisioned state
- Force pam password changes, when run under the context of root services,
to require the existing password for authentication
- Enforce the "user cannot change password" field on local provider
account in the provider interface as well as the RPC server interface
- CVE-2010-0833
* likewise-open.postinst
- Ensure that lsassd is properly restarted after upgrade
Preview Diff
1 | === modified file 'debian/changelog' | |||
2 | --- debian/changelog 2010-04-09 12:30:18 +0000 | |||
3 | +++ debian/changelog 2010-12-01 21:33:36 +0000 | |||
4 | @@ -1,3 +1,52 @@ | |||
5 | 1 | likewise-open (5.4.0.42111-2ubuntu2) lucid; urgency=low | ||
6 | 2 | |||
7 | 3 | * patches/ignore_group_update_failure_on_leave.diff: Added upstream patch | ||
8 | 4 | to prevent "domainjoin-XXX leave" from failing if user/admin domain | ||
9 | 5 | groups could not be removed from the builtin user/admin groups | ||
10 | 6 | (LP BUG 575019) | ||
11 | 7 | * patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain | ||
12 | 8 | (LP BUG 534629) | ||
13 | 9 | * patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271) | ||
14 | 10 | * patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values | ||
15 | 11 | more robust (e.g. "RequireMembershipOf" LP BUG 574443) | ||
16 | 12 | * patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings | ||
17 | 13 | that use the "\" character (LP BUG 575152) | ||
18 | 14 | * Added missing dependencies that prevent distribution and package upgrades | ||
19 | 15 | from succeeding: | ||
20 | 16 | - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105) | ||
21 | 17 | - debian/control: Added psmisc (LP BUG 591893) | ||
22 | 18 | * Added statements to kill hung daemons that may prevent distribution and | ||
23 | 19 | package upgrades from succeeding (LP BUG 621980): | ||
24 | 20 | - debian/control: Added procps for pkill | ||
25 | 21 | - debian/likewise-open.postinst, debian/likewise-open.preinst: Added | ||
26 | 22 | explict kill for daemons that may hang | ||
27 | 23 | * debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would | ||
28 | 24 | like Scott Salley to handle likewise-open. | ||
29 | 25 | |||
30 | 26 | -- Scott Salley <ssalley@likewise.com> Wed, 13 Oct 2010 17:24:08 -0700 | ||
31 | 27 | |||
32 | 28 | likewise-open (5.4.0.42111-2ubuntu1.2) lucid-security; urgency=low | ||
33 | 29 | |||
34 | 30 | * Fix lsassd crash due to invalid hDirectory handle (LP: #610300). | ||
35 | 31 | |||
36 | 32 | -- Gerald Carter <gcarter@likewise.com> Tue, 27 Jul 2010 17:35:01 -0500 | ||
37 | 33 | |||
38 | 34 | likewise-open (5.4.0.42111-2ubuntu1.1) lucid-security; urgency=low | ||
39 | 35 | |||
40 | 36 | * SECURITY UPDATE: local access restrictions bypass. | ||
41 | 37 | - Set the Administrator account as disabled when first provisioned. | ||
42 | 38 | - Explicitly mark lsassd local provider accounts accounts as disabled | ||
43 | 39 | if the account exists in its initial provisioned state | ||
44 | 40 | - Force pam password changes, when run under the context of root services, | ||
45 | 41 | to require the existing password for authentication | ||
46 | 42 | - Enforce the "user cannot change password" field on local provider | ||
47 | 43 | account in the provider interface as well as the RPC server interface | ||
48 | 44 | - CVE-2010-0833 | ||
49 | 45 | * likewise-open.postinst | ||
50 | 46 | - Ensure that lsassd is properly restarted after upgrade | ||
51 | 47 | |||
52 | 48 | -- Scott Salley <ssalley@likewise.com> Wed, 21 Jul 2010 13:54:00 -0700 | ||
53 | 49 | |||
54 | 1 | likewise-open (5.4.0.42111-2ubuntu1) lucid; urgency=low | 50 | likewise-open (5.4.0.42111-2ubuntu1) lucid; urgency=low |
55 | 2 | 51 | ||
56 | 3 | * Properly fix ARM FTBFS (LP: #517300) | 52 | * Properly fix ARM FTBFS (LP: #517300) |
57 | 4 | 53 | ||
58 | === modified file 'debian/control' | |||
59 | --- debian/control 2010-04-09 12:30:18 +0000 | |||
60 | +++ debian/control 2010-12-01 21:33:36 +0000 | |||
61 | @@ -2,7 +2,7 @@ | |||
62 | 2 | Section: net | 2 | Section: net |
63 | 3 | Priority: optional | 3 | Priority: optional |
64 | 4 | Maintainer: Chuck Short <zulcss@ubuntu.com> | 4 | Maintainer: Chuck Short <zulcss@ubuntu.com> |
66 | 5 | XSBC-Original-Maintainer: Gerald Carter <gcarter@likewise.com> | 5 | XSBC-Original-Maintainer: Scott Salley <ssalley@likewise.com> |
67 | 6 | Build-Depends: autoconf (>=2.53), automake, bison, debhelper (>= 7), | 6 | Build-Depends: autoconf (>=2.53), automake, bison, debhelper (>= 7), |
68 | 7 | libglade2-dev, libncurses5-dev, libpam0g-dev, libpam-runtime, | 7 | libglade2-dev, libncurses5-dev, libpam0g-dev, libpam-runtime, |
69 | 8 | libssl-dev, libtool, libsqlite3-dev, uuid-dev, quilt, rsync, libxml2, | 8 | libssl-dev, libtool, libsqlite3-dev, uuid-dev, quilt, rsync, libxml2, |
70 | @@ -40,7 +40,7 @@ | |||
71 | 40 | Depends: ${misc:Depends}, likewise-open | 40 | Depends: ${misc:Depends}, likewise-open |
72 | 41 | Architecture: all | 41 | Architecture: all |
73 | 42 | Description: transitional dummy package | 42 | Description: transitional dummy package |
75 | 43 | This is a dummy package to faciliate clean upgrades. You can savely remove | 43 | This is a dummy package to facilitate clean upgrades. You can safely remove |
76 | 44 | this package after the upgrade. | 44 | this package after the upgrade. |
77 | 45 | 45 | ||
78 | 46 | Package: likewise-open5-eventlog | 46 | Package: likewise-open5-eventlog |
79 | @@ -48,7 +48,7 @@ | |||
80 | 48 | Depends: ${misc:Depends}, likewise-open | 48 | Depends: ${misc:Depends}, likewise-open |
81 | 49 | Architecture: all | 49 | Architecture: all |
82 | 50 | Description: transitional dummy package | 50 | Description: transitional dummy package |
84 | 51 | This is a dummy package to faciliate clean upgrades. You can savely remove | 51 | This is a dummy package to facilitate clean upgrades. You can safely remove |
85 | 52 | this package after the upgrade. | 52 | this package after the upgrade. |
86 | 53 | 53 | ||
87 | 54 | Package: likewise-open5-netlogon | 54 | Package: likewise-open5-netlogon |
88 | @@ -56,7 +56,7 @@ | |||
89 | 56 | Depends: ${misc:Depends}, likewise-open | 56 | Depends: ${misc:Depends}, likewise-open |
90 | 57 | Architecture: all | 57 | Architecture: all |
91 | 58 | Description: transitional dummy package | 58 | Description: transitional dummy package |
93 | 59 | This is a dummy package to faciliate clean upgrades. You can savely remove | 59 | This is a dummy package to facilitate clean upgrades. You can safely remove |
94 | 60 | this package after the upgrade. | 60 | this package after the upgrade. |
95 | 61 | 61 | ||
96 | 62 | Package: likewise-open5-rpc | 62 | Package: likewise-open5-rpc |
97 | @@ -64,12 +64,13 @@ | |||
98 | 64 | Depends: ${misc:Depends}, likewise-open | 64 | Depends: ${misc:Depends}, likewise-open |
99 | 65 | Architecture: all | 65 | Architecture: all |
100 | 66 | Description: transitional dummy package | 66 | Description: transitional dummy package |
102 | 67 | This is a dummy package to faciliate clean upgrades. You can savely remove | 67 | This is a dummy package to facilitate clean upgrades. You can safely remove |
103 | 68 | this package after the upgrade. | 68 | this package after the upgrade. |
104 | 69 | 69 | ||
105 | 70 | Package: likewise-open | 70 | Package: likewise-open |
106 | 71 | Architecture: any | 71 | Architecture: any |
108 | 72 | Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user | 72 | Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user, psmisc, libpam-runtime, |
109 | 73 | procps | ||
110 | 73 | Suggests: likewise-open-gui | 74 | Suggests: likewise-open-gui |
111 | 74 | Provides: likewise-open, likewise-open5 | 75 | Provides: likewise-open, likewise-open5 |
112 | 75 | Conflicts: likewise-open, | 76 | Conflicts: likewise-open, |
113 | 76 | 77 | ||
114 | === modified file 'debian/likewise-open.postinst' | |||
115 | --- debian/likewise-open.postinst 2010-01-05 16:21:34 +0000 | |||
116 | +++ debian/likewise-open.postinst 2010-12-01 21:33:36 +0000 | |||
117 | @@ -20,7 +20,7 @@ | |||
118 | 20 | rm -rf "${UPGRADEDIR4}" | 20 | rm -rf "${UPGRADEDIR4}" |
119 | 21 | 21 | ||
120 | 22 | if [ -f /etc/likewise-open/lwiauthd.reg ]; then | 22 | if [ -f /etc/likewise-open/lwiauthd.reg ]; then |
122 | 23 | $REGSHELL import /etc/likewise-open/lwiauthd.reg | 23 | $REGSHELL upgrade /etc/likewise-open/lwiauthd.reg |
123 | 24 | 24 | ||
124 | 25 | $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1 | 25 | $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1 |
125 | 26 | $DOMAINJOIN configure --enable ssh > /dev/null 2>&1 | 26 | $DOMAINJOIN configure --enable ssh > /dev/null 2>&1 |
126 | @@ -40,7 +40,7 @@ | |||
127 | 40 | if [ -f $SOURCE ]; then | 40 | if [ -f $SOURCE ]; then |
128 | 41 | $CONVERT $COMMAND $SOURCE $DEST > /dev/null 2>&1 || true | 41 | $CONVERT $COMMAND $SOURCE $DEST > /dev/null 2>&1 || true |
129 | 42 | if [ -n "$DEST" -a -f "$DEST" ]; then | 42 | if [ -n "$DEST" -a -f "$DEST" ]; then |
131 | 43 | $REGSHELL import $DEST | 43 | $REGSHELL upgrade $DEST |
132 | 44 | fi | 44 | fi |
133 | 45 | fi | 45 | fi |
134 | 46 | } | 46 | } |
135 | @@ -63,8 +63,9 @@ | |||
136 | 63 | 63 | ||
137 | 64 | $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1 | 64 | $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1 |
138 | 65 | $DOMAINJOIN configure --enable ssh > /dev/null 2>&1 | 65 | $DOMAINJOIN configure --enable ssh > /dev/null 2>&1 |
141 | 66 | $DOMAINJOIN configure --long `hostname --long` --short `hostname --short` \ | 66 | $DOMAINJOIN configure --long `hostname --long` \ |
142 | 67 | --enable krb5 > /dev/null 2>&1 | 67 | --short `hostname --short` \ |
143 | 68 | --enable krb5 > /dev/null 2>&1 | ||
144 | 68 | } | 69 | } |
145 | 69 | 70 | ||
146 | 70 | case "$1" in | 71 | case "$1" in |
147 | @@ -79,18 +80,27 @@ | |||
148 | 79 | ;; | 80 | ;; |
149 | 80 | 81 | ||
150 | 81 | configure) | 82 | configure) |
163 | 82 | $LWSMD start | 83 | # All daemons should be gone -- but sometimes they hang. |
164 | 83 | 84 | pkill -KILL -x srvsvcd > /dev/null 2>&1 || true | |
165 | 84 | $REGSHELL import /etc/likewise-open/dcerpcd.reg | 85 | pkill -KILL -x lsassd > /dev/null 2>&1 || true |
166 | 85 | $REGSHELL import /etc/likewise-open/eventlogd.reg | 86 | pkill -KILL -x lwiod > /dev/null 2>&1 || true |
167 | 86 | $REGSHELL import /etc/likewise-open/lwreg.reg | 87 | pkill -KILL -x netlogond > /dev/null 2>&1 || true |
168 | 87 | $REGSHELL import /etc/likewise-open/lsassd.reg | 88 | pkill -KILL -x eventlogd > /dev/null 2>&1 || true |
169 | 88 | $REGSHELL import /etc/likewise-open/lwiod.reg | 89 | pkill -KILL -x dcerpcd > /dev/null 2>&1 || true |
170 | 89 | $REGSHELL import /etc/likewise-open/netlogond.reg | 90 | pkill -KILL -x netlogond > /dev/null 2>&1 || true |
171 | 90 | $REGSHELL import /etc/likewise-open/pstore.reg | 91 | pkill -KILL -x lwsmd > /dev/null 2>&1 || true |
172 | 91 | $REGSHELL import /etc/likewise-open/srvsvcd.reg | 92 | pkill -KILL -x lwregd > /dev/null 2>&1 || true |
173 | 92 | 93 | ||
174 | 93 | $LWSMD reload | 94 | /usr/sbin/lwsmd --start-as-daemon |
175 | 95 | |||
176 | 96 | $REGSHELL upgrade /etc/likewise-open/dcerpcd.reg | ||
177 | 97 | $REGSHELL upgrade /etc/likewise-open/eventlogd.reg | ||
178 | 98 | $REGSHELL upgrade /etc/likewise-open/lwreg.reg | ||
179 | 99 | $REGSHELL upgrade /etc/likewise-open/lsassd.reg | ||
180 | 100 | $REGSHELL upgrade /etc/likewise-open/lwiod.reg | ||
181 | 101 | $REGSHELL upgrade /etc/likewise-open/netlogond.reg | ||
182 | 102 | $REGSHELL upgrade /etc/likewise-open/pstore.reg | ||
183 | 103 | $REGSHELL upgrade /etc/likewise-open/srvsvcd.reg | ||
184 | 94 | 104 | ||
185 | 95 | if [ -n "$2" ]; then | 105 | if [ -n "$2" ]; then |
186 | 96 | if dpkg --compare-versions "$2" le "4.1.2982-0ubuntu3"; then | 106 | if dpkg --compare-versions "$2" le "4.1.2982-0ubuntu3"; then |
187 | @@ -103,11 +113,16 @@ | |||
188 | 103 | if [ -d "${UPGRADEDIR5}" ]; then | 113 | if [ -d "${UPGRADEDIR5}" ]; then |
189 | 104 | import_machine_account_5_0 | 114 | import_machine_account_5_0 |
190 | 105 | fi | 115 | fi |
194 | 106 | fi | 116 | fi |
195 | 107 | 117 | ||
196 | 108 | # This will start all the sevices and hook things up in /etc/rc[0-6].d | 118 | /etc/init.d/lwsmd stop |
197 | 119 | |||
198 | 120 | /etc/init.d/lwsmd start | ||
199 | 121 | |||
200 | 109 | $DOMAINJOIN query > /dev/null 2>&1 | 122 | $DOMAINJOIN query > /dev/null 2>&1 |
201 | 110 | 123 | ||
202 | 124 | /usr/bin/lwsm start lsass || true | ||
203 | 125 | |||
204 | 111 | pam-auth-update --package | 126 | pam-auth-update --package |
205 | 112 | ;; | 127 | ;; |
206 | 113 | esac | 128 | esac |
207 | 114 | 129 | ||
208 | === modified file 'debian/likewise-open.preinst' | |||
209 | --- debian/likewise-open.preinst 2010-01-05 16:21:34 +0000 | |||
210 | +++ debian/likewise-open.preinst 2010-12-01 21:33:36 +0000 | |||
211 | @@ -62,13 +62,15 @@ | |||
212 | 62 | 62 | ||
213 | 63 | # remove obsolete conffiles from previous versions | 63 | # remove obsolete conffiles from previous versions |
214 | 64 | if dpkg --compare-versions "$2" lt-nl "5.4.0"; then | 64 | if dpkg --compare-versions "$2" lt-nl "5.4.0"; then |
222 | 65 | # from 4.1 | 65 | |
223 | 66 | rm_conffile /etc/samba/lwiauthd.conf | 66 | # from 4.1 |
224 | 67 | rm_conffile /etc/security/pam_lwidentity.conf | 67 | rm_conffile /etc/samba/lwiauthd.conf |
225 | 68 | rm_conffile /etc/default/likewise-open | 68 | rm_conffile /etc/security/pam_lwidentity.conf |
226 | 69 | rm_conffile /etc/init.d/likewise-open | 69 | rm_conffile /etc/default/likewise-open |
227 | 70 | # from 5.0 | 70 | rm_conffile /etc/init.d/likewise-open |
228 | 71 | rm_conffile /etc/init.d/npcmuxd | 71 | |
229 | 72 | # from 5.0 | ||
230 | 73 | rm_conffile /etc/init.d/npcmuxd | ||
231 | 72 | fi | 74 | fi |
232 | 73 | ;; | 75 | ;; |
233 | 74 | 76 | ||
234 | 75 | 77 | ||
235 | === modified file 'debian/likewise-open.prerm' | |||
236 | --- debian/likewise-open.prerm 2010-01-05 16:21:34 +0000 | |||
237 | +++ debian/likewise-open.prerm 2010-12-01 21:33:36 +0000 | |||
238 | @@ -26,6 +26,15 @@ | |||
239 | 26 | $LWSMD stop | 26 | $LWSMD stop |
240 | 27 | fi | 27 | fi |
241 | 28 | 28 | ||
242 | 29 | pkill -KILL -x srvsvcd > /dev/null 2>&1 || true | ||
243 | 30 | pkill -KILL -x lsassd > /dev/null 2>&1 || true | ||
244 | 31 | pkill -KILL -x lwiod > /dev/null 2>&1 || true | ||
245 | 32 | pkill -KILL -x netlogond > /dev/null 2>&1 || true | ||
246 | 33 | pkill -KILL -x eventlogd > /dev/null 2>&1 || true | ||
247 | 34 | pkill -KILL -x dcerpcd > /dev/null 2>&1 || true | ||
248 | 35 | pkill -KILL -x lwsmd > /dev/null 2>&1 || true | ||
249 | 36 | pkill -KILL -x lwregd > /dev/null 2>&1 || true | ||
250 | 37 | |||
251 | 29 | ;; | 38 | ;; |
252 | 30 | 39 | ||
253 | 31 | failed-upgrade) | 40 | failed-upgrade) |
254 | 32 | 41 | ||
255 | === added file 'debian/patches/assume_default_domain.diff' | |||
256 | --- debian/patches/assume_default_domain.diff 1970-01-01 00:00:00 +0000 | |||
257 | +++ debian/patches/assume_default_domain.diff 2010-12-01 21:33:36 +0000 | |||
258 | @@ -0,0 +1,334 @@ | |||
259 | 1 | commit d1cba75403be0af010b5df5ba22a1d0704f29fc3 | ||
260 | 2 | Author: Brian Koropoff <bkoropoff@likewise.com> | ||
261 | 3 | Date: Wed May 5 22:21:47 2010 +0000 | ||
262 | 4 | |||
263 | 5 | svn merge -c 43891 /Platform/src/linux/lsass/server/auth-providers/ad-open-provider -> src/linux/lsass/server/auth-providers/ad-provider | ||
264 | 6 | |||
265 | 7 | (lsass: r43911) | ||
266 | 8 | |||
267 | 9 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c | ||
268 | 10 | =================================================================== | ||
269 | 11 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:00.000000000 +0200 | ||
270 | 12 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:03.000000000 +0200 | ||
271 | 13 | @@ -59,12 +59,17 @@ | ||
272 | 14 | PSTR pszResult = NULL; | ||
273 | 15 | |||
274 | 16 | if(pObject->type == LSA_OBJECT_TYPE_GROUP && | ||
275 | 17 | - !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName)) | ||
276 | 18 | + !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName)) | ||
277 | 19 | { | ||
278 | 20 | dwError = LwAllocateString( | ||
279 | 21 | pObject->groupInfo.pszAliasName, | ||
280 | 22 | &pszResult); | ||
281 | 23 | BAIL_ON_LSA_ERROR(dwError); | ||
282 | 24 | + | ||
283 | 25 | + LwStrCharReplace( | ||
284 | 26 | + pszResult, | ||
285 | 27 | + ' ', | ||
286 | 28 | + AD_GetSpaceReplacement()); | ||
287 | 29 | } | ||
288 | 30 | else if(pObject->type == LSA_OBJECT_TYPE_USER && | ||
289 | 31 | !LW_IS_NULL_OR_EMPTY_STR(pObject->userInfo.pszAliasName)) | ||
290 | 32 | @@ -73,6 +78,11 @@ | ||
291 | 33 | pObject->userInfo.pszAliasName, | ||
292 | 34 | &pszResult); | ||
293 | 35 | BAIL_ON_LSA_ERROR(dwError); | ||
294 | 36 | + | ||
295 | 37 | + LwStrCharReplace( | ||
296 | 38 | + pszResult, | ||
297 | 39 | + ' ', | ||
298 | 40 | + AD_GetSpaceReplacement()); | ||
299 | 41 | } | ||
300 | 42 | else | ||
301 | 43 | { | ||
302 | 44 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c | ||
303 | 45 | =================================================================== | ||
304 | 46 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:00.000000000 +0200 | ||
305 | 47 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:03.000000000 +0200 | ||
306 | 48 | @@ -580,6 +580,28 @@ | ||
307 | 49 | BAIL_ON_LSA_ERROR(dwError); | ||
308 | 50 | } | ||
309 | 51 | |||
310 | 52 | + /* Fix up alias fields when in AssumeDefaultDomain mode */ | ||
311 | 53 | + if (AD_ShouldAssumeDefaultDomain() && | ||
312 | 54 | + pObject->enabled && | ||
313 | 55 | + ((pObject->type == LSA_OBJECT_TYPE_USER && | ||
314 | 56 | + !pObject->userInfo.pszAliasName) || | ||
315 | 57 | + (pObject->type == LSA_OBJECT_TYPE_GROUP && | ||
316 | 58 | + !pObject->groupInfo.pszAliasName)) && | ||
317 | 59 | + !strcmp(pObject->pszNetbiosDomainName, gpADProviderData->szShortDomain)) | ||
318 | 60 | + { | ||
319 | 61 | + dwError = LwAllocateString( | ||
320 | 62 | + pObject->pszSamAccountName, | ||
321 | 63 | + pObject->type == LSA_OBJECT_TYPE_USER ? | ||
322 | 64 | + &pObject->userInfo.pszAliasName : &pObject->groupInfo.pszAliasName); | ||
323 | 65 | + BAIL_ON_LSA_ERROR(dwError); | ||
324 | 66 | + | ||
325 | 67 | + LwStrCharReplace( | ||
326 | 68 | + pObject->type == LSA_OBJECT_TYPE_USER ? | ||
327 | 69 | + pObject->userInfo.pszAliasName : pObject->groupInfo.pszAliasName, | ||
328 | 70 | + ' ', | ||
329 | 71 | + AD_GetSpaceReplacement()); | ||
330 | 72 | + } | ||
331 | 73 | + | ||
332 | 74 | cleanup: | ||
333 | 75 | *ppObject = pObject; | ||
334 | 76 | return dwError; | ||
335 | 77 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c | ||
336 | 78 | =================================================================== | ||
337 | 79 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:00.000000000 +0200 | ||
338 | 80 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:03.000000000 +0200 | ||
339 | 81 | @@ -4087,6 +4087,112 @@ | ||
340 | 82 | |||
341 | 83 | static | ||
342 | 84 | DWORD | ||
343 | 85 | +AD_OnlineFindObjectByName( | ||
344 | 86 | + IN HANDLE hProvider, | ||
345 | 87 | + IN LSA_FIND_FLAGS FindFlags, | ||
346 | 88 | + IN OPTIONAL LSA_OBJECT_TYPE ObjectType, | ||
347 | 89 | + IN LSA_QUERY_TYPE QueryType, | ||
348 | 90 | + IN PCSTR pszLoginName, | ||
349 | 91 | + IN PLSA_LOGIN_NAME_INFO pUserNameInfo, | ||
350 | 92 | + OUT PLSA_SECURITY_OBJECT* ppObject | ||
351 | 93 | + ) | ||
352 | 94 | +{ | ||
353 | 95 | + DWORD dwError = 0; | ||
354 | 96 | + PLSA_SECURITY_OBJECT pCachedUser = NULL; | ||
355 | 97 | + | ||
356 | 98 | + switch(ObjectType) | ||
357 | 99 | + { | ||
358 | 100 | + case LSA_OBJECT_TYPE_USER: | ||
359 | 101 | + dwError = ADCacheFindUserByName( | ||
360 | 102 | + gpLsaAdProviderState->hCacheConnection, | ||
361 | 103 | + pUserNameInfo, | ||
362 | 104 | + &pCachedUser); | ||
363 | 105 | + break; | ||
364 | 106 | + case LSA_OBJECT_TYPE_GROUP: | ||
365 | 107 | + dwError = ADCacheFindGroupByName( | ||
366 | 108 | + gpLsaAdProviderState->hCacheConnection, | ||
367 | 109 | + pUserNameInfo, | ||
368 | 110 | + &pCachedUser); | ||
369 | 111 | + break; | ||
370 | 112 | + default: | ||
371 | 113 | + dwError = ADCacheFindUserByName( | ||
372 | 114 | + gpLsaAdProviderState->hCacheConnection, | ||
373 | 115 | + pUserNameInfo, | ||
374 | 116 | + &pCachedUser); | ||
375 | 117 | + if (dwError == LW_ERROR_NO_SUCH_USER || | ||
376 | 118 | + dwError == LW_ERROR_NOT_HANDLED) | ||
377 | 119 | + { | ||
378 | 120 | + dwError = ADCacheFindGroupByName( | ||
379 | 121 | + gpLsaAdProviderState->hCacheConnection, | ||
380 | 122 | + pUserNameInfo, | ||
381 | 123 | + &pCachedUser); | ||
382 | 124 | + } | ||
383 | 125 | + break; | ||
384 | 126 | + } | ||
385 | 127 | + | ||
386 | 128 | + if (dwError == LW_ERROR_SUCCESS) | ||
387 | 129 | + { | ||
388 | 130 | + dwError = AD_CheckExpiredObject(&pCachedUser); | ||
389 | 131 | + } | ||
390 | 132 | + | ||
391 | 133 | + switch (dwError) | ||
392 | 134 | + { | ||
393 | 135 | + case LW_ERROR_SUCCESS: | ||
394 | 136 | + break; | ||
395 | 137 | + case LW_ERROR_NOT_HANDLED: | ||
396 | 138 | + case LW_ERROR_NO_SUCH_USER: | ||
397 | 139 | + case LW_ERROR_NO_SUCH_GROUP: | ||
398 | 140 | + case LW_ERROR_NO_SUCH_OBJECT: | ||
399 | 141 | + dwError = AD_FindObjectByNameTypeNoCache( | ||
400 | 142 | + hProvider, | ||
401 | 143 | + pszLoginName, | ||
402 | 144 | + pUserNameInfo->nameType, | ||
403 | 145 | + ObjectType, | ||
404 | 146 | + &pCachedUser); | ||
405 | 147 | + switch (dwError) | ||
406 | 148 | + { | ||
407 | 149 | + case LW_ERROR_SUCCESS: | ||
408 | 150 | + dwError = ADCacheStoreObjectEntry( | ||
409 | 151 | + gpLsaAdProviderState->hCacheConnection, | ||
410 | 152 | + pCachedUser); | ||
411 | 153 | + BAIL_ON_LSA_ERROR(dwError); | ||
412 | 154 | + | ||
413 | 155 | + break; | ||
414 | 156 | + case LW_ERROR_NO_SUCH_USER: | ||
415 | 157 | + case LW_ERROR_NO_SUCH_GROUP: | ||
416 | 158 | + case LW_ERROR_NO_SUCH_OBJECT: | ||
417 | 159 | + case LW_ERROR_DOMAIN_IS_OFFLINE: | ||
418 | 160 | + dwError = LW_ERROR_SUCCESS; | ||
419 | 161 | + break; | ||
420 | 162 | + default: | ||
421 | 163 | + BAIL_ON_LSA_ERROR(dwError); | ||
422 | 164 | + break; | ||
423 | 165 | + } | ||
424 | 166 | + break; | ||
425 | 167 | + default: | ||
426 | 168 | + BAIL_ON_LSA_ERROR(dwError); | ||
427 | 169 | + } | ||
428 | 170 | + | ||
429 | 171 | + *ppObject = pCachedUser; | ||
430 | 172 | + | ||
431 | 173 | +cleanup: | ||
432 | 174 | + | ||
433 | 175 | + return dwError; | ||
434 | 176 | + | ||
435 | 177 | +error: | ||
436 | 178 | + | ||
437 | 179 | + *ppObject = NULL; | ||
438 | 180 | + | ||
439 | 181 | + if (pCachedUser) | ||
440 | 182 | + { | ||
441 | 183 | + LsaUtilFreeSecurityObject(pCachedUser); | ||
442 | 184 | + } | ||
443 | 185 | + | ||
444 | 186 | + goto cleanup; | ||
445 | 187 | +} | ||
446 | 188 | + | ||
447 | 189 | +static | ||
448 | 190 | +DWORD | ||
449 | 191 | AD_OnlineFindObjectsByName( | ||
450 | 192 | IN HANDLE hProvider, | ||
451 | 193 | IN LSA_FIND_FLAGS FindFlags, | ||
452 | 194 | @@ -4100,7 +4206,6 @@ | ||
453 | 195 | DWORD dwError = 0; | ||
454 | 196 | PLSA_LOGIN_NAME_INFO pUserNameInfo = NULL; | ||
455 | 197 | PSTR pszLoginId_copy = NULL; | ||
456 | 198 | - PLSA_SECURITY_OBJECT pCachedUser = NULL; | ||
457 | 199 | DWORD dwIndex = 0; | ||
458 | 200 | PLSA_SECURITY_OBJECT* ppObjects = NULL; | ||
459 | 201 | LSA_QUERY_TYPE type = LSA_QUERY_TYPE_UNDEFINED; | ||
460 | 202 | @@ -4145,77 +4250,74 @@ | ||
461 | 203 | BAIL_ON_LSA_ERROR(dwError); | ||
462 | 204 | } | ||
463 | 205 | |||
464 | 206 | - switch(ObjectType) | ||
465 | 207 | - { | ||
466 | 208 | - case LSA_OBJECT_TYPE_USER: | ||
467 | 209 | - dwError = ADCacheFindUserByName( | ||
468 | 210 | - gpLsaAdProviderState->hCacheConnection, | ||
469 | 211 | - pUserNameInfo, | ||
470 | 212 | - &pCachedUser); | ||
471 | 213 | - break; | ||
472 | 214 | - case LSA_OBJECT_TYPE_GROUP: | ||
473 | 215 | - dwError = ADCacheFindGroupByName( | ||
474 | 216 | - gpLsaAdProviderState->hCacheConnection, | ||
475 | 217 | - pUserNameInfo, | ||
476 | 218 | - &pCachedUser); | ||
477 | 219 | - break; | ||
478 | 220 | - default: | ||
479 | 221 | - dwError = ADCacheFindUserByName( | ||
480 | 222 | - gpLsaAdProviderState->hCacheConnection, | ||
481 | 223 | - pUserNameInfo, | ||
482 | 224 | - &pCachedUser); | ||
483 | 225 | - if (dwError == LW_ERROR_NO_SUCH_USER || | ||
484 | 226 | - dwError == LW_ERROR_NOT_HANDLED) | ||
485 | 227 | - { | ||
486 | 228 | - dwError = ADCacheFindGroupByName( | ||
487 | 229 | - gpLsaAdProviderState->hCacheConnection, | ||
488 | 230 | - pUserNameInfo, | ||
489 | 231 | - &pCachedUser); | ||
490 | 232 | - } | ||
491 | 233 | - break; | ||
492 | 234 | - } | ||
493 | 235 | - | ||
494 | 236 | - if (dwError == LW_ERROR_SUCCESS) | ||
495 | 237 | - { | ||
496 | 238 | - dwError = AD_CheckExpiredObject(&pCachedUser); | ||
497 | 239 | - } | ||
498 | 240 | + dwError = AD_OnlineFindObjectByName( | ||
499 | 241 | + hProvider, | ||
500 | 242 | + FindFlags, | ||
501 | 243 | + ObjectType, | ||
502 | 244 | + QueryType, | ||
503 | 245 | + pszLoginId_copy, | ||
504 | 246 | + pUserNameInfo, | ||
505 | 247 | + &ppObjects[dwIndex]); | ||
506 | 248 | |||
507 | 249 | switch (dwError) | ||
508 | 250 | { | ||
509 | 251 | case LW_ERROR_SUCCESS: | ||
510 | 252 | - ppObjects[dwIndex] = pCachedUser; | ||
511 | 253 | - pCachedUser = NULL; | ||
512 | 254 | break; | ||
513 | 255 | case LW_ERROR_NOT_HANDLED: | ||
514 | 256 | case LW_ERROR_NO_SUCH_USER: | ||
515 | 257 | case LW_ERROR_NO_SUCH_GROUP: | ||
516 | 258 | case LW_ERROR_NO_SUCH_OBJECT: | ||
517 | 259 | - dwError = AD_FindObjectByNameTypeNoCache( | ||
518 | 260 | - hProvider, | ||
519 | 261 | - pszLoginId_copy, | ||
520 | 262 | - pUserNameInfo->nameType, | ||
521 | 263 | - ObjectType, | ||
522 | 264 | - &pCachedUser); | ||
523 | 265 | - switch (dwError) | ||
524 | 266 | + case LW_ERROR_NOT_SUPPORTED: | ||
525 | 267 | + ppObjects[dwIndex] = NULL; | ||
526 | 268 | + dwError = LW_ERROR_SUCCESS; | ||
527 | 269 | + | ||
528 | 270 | + if (QueryType == LSA_QUERY_TYPE_BY_ALIAS && | ||
529 | 271 | + AD_ShouldAssumeDefaultDomain()) | ||
530 | 272 | { | ||
531 | 273 | - case LW_ERROR_SUCCESS: | ||
532 | 274 | - dwError = ADCacheStoreObjectEntry( | ||
533 | 275 | - gpLsaAdProviderState->hCacheConnection, | ||
534 | 276 | - pCachedUser); | ||
535 | 277 | + LW_SAFE_FREE_STRING(pszLoginId_copy); | ||
536 | 278 | + LsaFreeNameInfo(pUserNameInfo); | ||
537 | 279 | + pUserNameInfo = NULL; | ||
538 | 280 | + | ||
539 | 281 | + dwError = LwAllocateStringPrintf( | ||
540 | 282 | + &pszLoginId_copy, | ||
541 | 283 | + "%s\\%s", | ||
542 | 284 | + gpADProviderData->szShortDomain, | ||
543 | 285 | + QueryList.ppszStrings[dwIndex]); | ||
544 | 286 | BAIL_ON_LSA_ERROR(dwError); | ||
545 | 287 | |||
546 | 288 | - ppObjects[dwIndex] = pCachedUser; | ||
547 | 289 | - pCachedUser = NULL; | ||
548 | 290 | - break; | ||
549 | 291 | - case LW_ERROR_NO_SUCH_USER: | ||
550 | 292 | - case LW_ERROR_NO_SUCH_GROUP: | ||
551 | 293 | - case LW_ERROR_NO_SUCH_OBJECT: | ||
552 | 294 | - case LW_ERROR_DOMAIN_IS_OFFLINE: | ||
553 | 295 | - dwError = LW_ERROR_SUCCESS; | ||
554 | 296 | - break; | ||
555 | 297 | - default: | ||
556 | 298 | + LwStrCharReplace( | ||
557 | 299 | + pszLoginId_copy, | ||
558 | 300 | + AD_GetSpaceReplacement(), | ||
559 | 301 | + ' '); | ||
560 | 302 | + | ||
561 | 303 | + dwError = LsaCrackDomainQualifiedName( | ||
562 | 304 | + pszLoginId_copy, | ||
563 | 305 | + gpADProviderData->szDomain, | ||
564 | 306 | + &pUserNameInfo); | ||
565 | 307 | BAIL_ON_LSA_ERROR(dwError); | ||
566 | 308 | - break; | ||
567 | 309 | + | ||
568 | 310 | + dwError = AD_OnlineFindObjectByName( | ||
569 | 311 | + hProvider, | ||
570 | 312 | + FindFlags, | ||
571 | 313 | + ObjectType, | ||
572 | 314 | + LSA_QUERY_TYPE_BY_NT4, | ||
573 | 315 | + pszLoginId_copy, | ||
574 | 316 | + pUserNameInfo, | ||
575 | 317 | + &ppObjects[dwIndex]); | ||
576 | 318 | + switch (dwError) | ||
577 | 319 | + { | ||
578 | 320 | + case LW_ERROR_SUCCESS: | ||
579 | 321 | + break; | ||
580 | 322 | + case LW_ERROR_NOT_HANDLED: | ||
581 | 323 | + case LW_ERROR_NO_SUCH_USER: | ||
582 | 324 | + case LW_ERROR_NO_SUCH_GROUP: | ||
583 | 325 | + case LW_ERROR_NO_SUCH_OBJECT: | ||
584 | 326 | + ppObjects[dwIndex] = NULL; | ||
585 | 327 | + dwError = LW_ERROR_SUCCESS; | ||
586 | 328 | + break; | ||
587 | 329 | + default: | ||
588 | 330 | + BAIL_ON_LSA_ERROR(dwError); | ||
589 | 331 | + } | ||
590 | 332 | } | ||
591 | 333 | break; | ||
592 | 334 | default: | ||
593 | 0 | 335 | ||
594 | === added file 'debian/patches/disable_dcerpc_auto_start.diff' | |||
595 | --- debian/patches/disable_dcerpc_auto_start.diff 1970-01-01 00:00:00 +0000 | |||
596 | +++ debian/patches/disable_dcerpc_auto_start.diff 2010-12-01 21:33:36 +0000 | |||
597 | @@ -0,0 +1,26 @@ | |||
598 | 1 | Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c | ||
599 | 2 | =================================================================== | ||
600 | 3 | --- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:54:32.000000000 -0500 | ||
601 | 4 | +++ likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:55:33.000000000 -0500 | ||
602 | 5 | @@ -801,7 +801,7 @@ | ||
603 | 6 | DWORD dwLogLevel; | ||
604 | 7 | BOOLEAN showHelp = FALSE; | ||
605 | 8 | BOOLEAN showInternalHelp = FALSE; | ||
606 | 9 | - BOOLEAN bEnableDcerpcd = TRUE; | ||
607 | 10 | + BOOLEAN bEnableDcerpcd = FALSE; | ||
608 | 11 | int remainingArgs = argc; | ||
609 | 12 | char **argPos = argv; | ||
610 | 13 | int i; | ||
611 | 14 | Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c | ||
612 | 15 | =================================================================== | ||
613 | 16 | --- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:54:32.000000000 -0500 | ||
614 | 17 | +++ likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:55:42.000000000 -0500 | ||
615 | 18 | @@ -589,7 +589,7 @@ | ||
616 | 19 | |||
617 | 20 | gtk_init(&argc, &argv); | ||
618 | 21 | |||
619 | 22 | - LW_TRY(&exc, DJNetInitialize(TRUE, &LW_EXC)); | ||
620 | 23 | + LW_TRY(&exc, DJNetInitialize(FALSE, &LW_EXC)); | ||
621 | 24 | |||
622 | 25 | do | ||
623 | 26 | { | ||
624 | 0 | 27 | ||
625 | === added file 'debian/patches/ignore_group_update_failure_on_leave.diff' | |||
626 | --- debian/patches/ignore_group_update_failure_on_leave.diff 1970-01-01 00:00:00 +0000 | |||
627 | +++ debian/patches/ignore_group_update_failure_on_leave.diff 2010-12-01 21:33:36 +0000 | |||
628 | @@ -0,0 +1,37 @@ | |||
629 | 1 | commit 69148891011976fa239773af570c123023ac27ab | ||
630 | 2 | Author: Gerald W. Carter <gcarter@likewiseopen.org> | ||
631 | 3 | Date: Thu Apr 8 21:05:23 2010 +0000 | ||
632 | 4 | |||
633 | 5 | lsass: Don't fail a "leave" if we cannot remove the domain groups from the builtin groups | ||
634 | 6 | |||
635 | 7 | Occurs in certain upgrade scenarios where "Domain {Admins,Users}" was not | ||
636 | 8 | added into the "Builtin\{Administrators,Users}" group | ||
637 | 9 | |||
638 | 10 | (lsass: r43096) | ||
639 | 11 | |||
640 | 12 | diff --git a/lsass/join/join.c b/lsass/join/join.c | ||
641 | 13 | index 0a694dc..ecafa4b 100644 | ||
642 | 14 | --- a/lsass/join/join.c | ||
643 | 15 | +++ b/lsass/join/join.c | ||
644 | 16 | @@ -725,13 +725,19 @@ LsaChangeDomainGroupMembership( | ||
645 | 17 | } | ||
646 | 18 | else | ||
647 | 19 | { | ||
648 | 20 | + // This should not cause the join to fail even if we cannot | ||
649 | 21 | + // remove the group members | ||
650 | 22 | + | ||
651 | 23 | ntStatus = SamrDeleteAliasMember(hSamrBinding, | ||
652 | 24 | hAlias, | ||
653 | 25 | (*ppSid)); | ||
654 | 26 | - if (ntStatus == STATUS_MEMBER_NOT_IN_ALIAS) | ||
655 | 27 | + if ((ntStatus != STATUS_SUCCESS) && | ||
656 | 28 | + (ntStatus != STATUS_NO_SUCH_MEMBER)) | ||
657 | 29 | { | ||
658 | 30 | - ntStatus = STATUS_SUCCESS; | ||
659 | 31 | + // Perhaps log an error here | ||
660 | 32 | + ; | ||
661 | 33 | } | ||
662 | 34 | + ntStatus = STATUS_SUCCESS; | ||
663 | 35 | } | ||
664 | 36 | BAIL_ON_NT_STATUS(ntStatus); | ||
665 | 37 | } | ||
666 | 0 | 38 | ||
667 | === added file 'debian/patches/lp-security-CVE-2010-0833.diff' | |||
668 | --- debian/patches/lp-security-CVE-2010-0833.diff 1970-01-01 00:00:00 +0000 | |||
669 | +++ debian/patches/lp-security-CVE-2010-0833.diff 2010-12-01 21:33:36 +0000 | |||
670 | @@ -0,0 +1,390 @@ | |||
671 | 1 | diff -Nurb likewise-open-5.4.0.42111/lsass/interop/auth/pam/pam-passwd.c likewise-open-5.4.0.42111.patched/lsass/interop/auth/pam/pam-passwd.c | ||
672 | 2 | --- likewise-open-5.4.0.42111/lsass/interop/auth/pam/pam-passwd.c 2010-03-12 20:33:45.000000000 -0800 | ||
673 | 3 | +++ likewise-open-5.4.0.42111.patched/lsass/interop/auth/pam/pam-passwd.c 2010-07-21 13:51:11.000000000 -0700 | ||
674 | 4 | @@ -293,7 +293,6 @@ | ||
675 | 5 | PSTR pszPassword = NULL; | ||
676 | 6 | PSTR pszLoginId = NULL; | ||
677 | 7 | HANDLE hLsaConnection = (HANDLE)NULL; | ||
678 | 8 | - BOOLEAN bCheckOldPassword = FALSE; | ||
679 | 9 | |||
680 | 10 | LSA_LOG_PAM_DEBUG("LsaPamUpdatePassword::begin"); | ||
681 | 11 | |||
682 | 12 | @@ -319,20 +318,11 @@ | ||
683 | 13 | dwError = LsaOpenServer(&hLsaConnection); | ||
684 | 14 | BAIL_ON_LSA_ERROR(dwError); | ||
685 | 15 | |||
686 | 16 | - dwError = LsaPamMustCheckCurrentPassword( | ||
687 | 17 | - hLsaConnection, | ||
688 | 18 | - pszLoginId, | ||
689 | 19 | - &bCheckOldPassword); | ||
690 | 20 | - BAIL_ON_LSA_ERROR(dwError); | ||
691 | 21 | - | ||
692 | 22 | - if (bCheckOldPassword) | ||
693 | 23 | - { | ||
694 | 24 | dwError = LsaPamGetOldPassword( | ||
695 | 25 | pamh, | ||
696 | 26 | pPamContext, | ||
697 | 27 | &pszOldPassword); | ||
698 | 28 | BAIL_ON_LSA_ERROR(dwError); | ||
699 | 29 | - } | ||
700 | 30 | |||
701 | 31 | dwError = LsaPamGetNewPassword( | ||
702 | 32 | pamh, | ||
703 | 33 | @@ -340,23 +330,12 @@ | ||
704 | 34 | &pszPassword); | ||
705 | 35 | BAIL_ON_LSA_ERROR(dwError); | ||
706 | 36 | |||
707 | 37 | - if (bCheckOldPassword) | ||
708 | 38 | - { | ||
709 | 39 | dwError = LsaChangePassword( | ||
710 | 40 | hLsaConnection, | ||
711 | 41 | pszLoginId, | ||
712 | 42 | pszPassword, | ||
713 | 43 | pszOldPassword); | ||
714 | 44 | BAIL_ON_LSA_ERROR(dwError); | ||
715 | 45 | - } | ||
716 | 46 | - else | ||
717 | 47 | - { | ||
718 | 48 | - dwError = LsaSetPassword( | ||
719 | 49 | - hLsaConnection, | ||
720 | 50 | - pszLoginId, | ||
721 | 51 | - pszPassword); | ||
722 | 52 | - BAIL_ON_LSA_ERROR(dwError); | ||
723 | 53 | - } | ||
724 | 54 | |||
725 | 55 | cleanup: | ||
726 | 56 | |||
727 | 57 | diff -Nurb likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/includes.h likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/includes.h | ||
728 | 58 | --- likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/includes.h 2010-03-12 20:33:45.000000000 -0800 | ||
729 | 59 | +++ likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/includes.h 2010-07-21 13:51:11.000000000 -0700 | ||
730 | 60 | @@ -89,6 +89,8 @@ | ||
731 | 61 | #include <lwrpc/LMcrypt.h> | ||
732 | 62 | #include <lwrpc/samr.h> | ||
733 | 63 | |||
734 | 64 | +#include <lwmapsecurity/lwmapsecurity.h> | ||
735 | 65 | + | ||
736 | 66 | #include <openssl/evp.h> | ||
737 | 67 | #include <openssl/md4.h> | ||
738 | 68 | #include <openssl/hmac.h> | ||
739 | 69 | diff -Nurb likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/lpdefs.h.in likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/lpdefs.h.in | ||
740 | 70 | --- likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/lpdefs.h.in 2010-03-12 20:33:45.000000000 -0800 | ||
741 | 71 | +++ likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/lpdefs.h.in 2010-07-21 13:51:11.000000000 -0700 | ||
742 | 72 | @@ -109,6 +109,8 @@ | ||
743 | 73 | {'O','b','j','e','c','t','C','l','a','s','s',0} | ||
744 | 74 | #define LOCAL_DIR_ATTR_OBJECT_SID \ | ||
745 | 75 | {'O','b','j','e','c','t','S','I','D',0} | ||
746 | 76 | +#define LOCAL_DIR_ATTR_SECURITY_DESCRIPTOR \ | ||
747 | 77 | + {'S','e','c','u','r','i','t','y','D','e','s','c','r','i','p','t','o','r',0} | ||
748 | 78 | #define LOCAL_DIR_ATTR_DISTINGUISHED_NAME \ | ||
749 | 79 | {'D','i','s','t','i','n','g','u','i','s','h','e','d','N','a','m','e',0} | ||
750 | 80 | #define LOCAL_DIR_ATTR_DOMAIN \ | ||
751 | 81 | diff -Nurb likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/lpuser.c likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/lpuser.c | ||
752 | 82 | --- likewise-open-5.4.0.42111/lsass/server/auth-providers/local-provider/lpuser.c 2010-03-12 20:33:45.000000000 -0800 | ||
753 | 83 | +++ likewise-open-5.4.0.42111.patched/lsass/server/auth-providers/local-provider/lpuser.c 2010-07-21 13:51:11.000000000 -0700 | ||
754 | 84 | @@ -1136,7 +1136,75 @@ | ||
755 | 85 | ) | ||
756 | 86 | { | ||
757 | 87 | DWORD dwError = 0; | ||
758 | 88 | + NTSTATUS ntStatus = STATUS_SUCCESS; | ||
759 | 89 | PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider; | ||
760 | 90 | + PLW_MAP_SECURITY_CONTEXT pSecCtx = NULL; | ||
761 | 91 | + PACCESS_TOKEN pUserToken = NULL; | ||
762 | 92 | + PWSTR pwszBase = NULL; | ||
763 | 93 | + DWORD dwScope = 0; | ||
764 | 94 | + PWSTR pwszFilter = NULL; | ||
765 | 95 | + WCHAR wszAttrSecurityDescriptor[] = LOCAL_DIR_ATTR_SECURITY_DESCRIPTOR; | ||
766 | 96 | + | ||
767 | 97 | + PWSTR wszAttributes[] = { | ||
768 | 98 | + wszAttrSecurityDescriptor, | ||
769 | 99 | + NULL | ||
770 | 100 | + }; | ||
771 | 101 | + | ||
772 | 102 | + PDIRECTORY_ENTRY pUserEntry = NULL; | ||
773 | 103 | + DWORD dwNumEntries = 0; | ||
774 | 104 | + PSECURITY_DESCRIPTOR_ABSOLUTE pSecDesc = NULL; | ||
775 | 105 | + GENERIC_MAPPING GenericMapping = {0}; | ||
776 | 106 | + DWORD dwAccessGranted = 0; | ||
777 | 107 | + | ||
778 | 108 | + /* | ||
779 | 109 | + * Check if user has right to change the password first | ||
780 | 110 | + */ | ||
781 | 111 | + ntStatus = LwMapSecurityCreateContext(&pSecCtx); | ||
782 | 112 | + BAIL_ON_NT_STATUS(ntStatus); | ||
783 | 113 | + | ||
784 | 114 | + ntStatus = LwMapSecurityCreateAccessTokenFromUidGid( | ||
785 | 115 | + pSecCtx, | ||
786 | 116 | + &pUserToken, | ||
787 | 117 | + pContext->uid, | ||
788 | 118 | + pContext->gid); | ||
789 | 119 | + BAIL_ON_NT_STATUS(ntStatus); | ||
790 | 120 | + | ||
791 | 121 | + dwError = DirectorySearch( | ||
792 | 122 | + pContext->hDirectory, | ||
793 | 123 | + pwszBase, | ||
794 | 124 | + dwScope, | ||
795 | 125 | + pwszFilter, | ||
796 | 126 | + wszAttributes, | ||
797 | 127 | + FALSE, | ||
798 | 128 | + &pUserEntry, | ||
799 | 129 | + &dwNumEntries); | ||
800 | 130 | + BAIL_ON_LSA_ERROR(dwError); | ||
801 | 131 | + | ||
802 | 132 | + if (dwNumEntries == 0) | ||
803 | 133 | + { | ||
804 | 134 | + dwError = LW_ERROR_NO_SUCH_USER; | ||
805 | 135 | + } | ||
806 | 136 | + else if (dwNumEntries != 1) | ||
807 | 137 | + { | ||
808 | 138 | + dwError = LW_ERROR_DATA_ERROR; | ||
809 | 139 | + } | ||
810 | 140 | + BAIL_ON_LSA_ERROR(dwError); | ||
811 | 141 | + | ||
812 | 142 | + dwError = DirectoryGetEntrySecurityDescriptor( | ||
813 | 143 | + pUserEntry, | ||
814 | 144 | + &pSecDesc); | ||
815 | 145 | + BAIL_ON_LSA_ERROR(dwError); | ||
816 | 146 | + | ||
817 | 147 | + if (!RtlAccessCheck(pSecDesc, | ||
818 | 148 | + pUserToken, | ||
819 | 149 | + USER_ACCESS_CHANGE_PASSWORD, | ||
820 | 150 | + 0, | ||
821 | 151 | + &GenericMapping, | ||
822 | 152 | + &dwAccessGranted, | ||
823 | 153 | + &ntStatus)) | ||
824 | 154 | + { | ||
825 | 155 | + BAIL_ON_NT_STATUS(ntStatus); | ||
826 | 156 | + } | ||
827 | 157 | |||
828 | 158 | dwError = DirectoryChangePassword( | ||
829 | 159 | pContext->hDirectory, | ||
830 | 160 | @@ -1145,9 +1213,29 @@ | ||
831 | 161 | pwszNewPassword); | ||
832 | 162 | BAIL_ON_LSA_ERROR(dwError); | ||
833 | 163 | |||
834 | 164 | -error: | ||
835 | 165 | +cleanup: | ||
836 | 166 | + if (pUserEntry) | ||
837 | 167 | + { | ||
838 | 168 | + DirectoryFreeEntries(pUserEntry, dwNumEntries); | ||
839 | 169 | + } | ||
840 | 170 | + | ||
841 | 171 | + LW_SAFE_FREE_MEMORY(pwszFilter); | ||
842 | 172 | + | ||
843 | 173 | + DirectoryFreeEntrySecurityDescriptor(&pSecDesc); | ||
844 | 174 | + | ||
845 | 175 | + RtlReleaseAccessToken(&pUserToken); | ||
846 | 176 | + LwMapSecurityFreeContext(&pSecCtx); | ||
847 | 177 | + | ||
848 | 178 | + if (dwError == ERROR_SUCCESS && | ||
849 | 179 | + ntStatus != STATUS_SUCCESS) | ||
850 | 180 | + { | ||
851 | 181 | + dwError = LwNtStatusToWin32Error(ntStatus); | ||
852 | 182 | + } | ||
853 | 183 | |||
854 | 184 | return dwError; | ||
855 | 185 | + | ||
856 | 186 | +error: | ||
857 | 187 | + goto cleanup; | ||
858 | 188 | } | ||
859 | 189 | |||
860 | 190 | DWORD | ||
861 | 191 | diff -Nurb likewise-open-5.4.0.42111/lsass/server/store/samdb/samdbinit.c likewise-open-5.4.0.42111.patched/lsass/server/store/samdb/samdbinit.c | ||
862 | 192 | --- likewise-open-5.4.0.42111/lsass/server/store/samdb/samdbinit.c 2010-03-12 20:33:45.000000000 -0800 | ||
863 | 193 | +++ likewise-open-5.4.0.42111.patched/lsass/server/store/samdb/samdbinit.c 2010-07-21 13:51:47.000000000 -0700 | ||
864 | 194 | @@ -125,6 +125,11 @@ | ||
865 | 195 | HANDLE hDirectory | ||
866 | 196 | ); | ||
867 | 197 | |||
868 | 198 | +static | ||
869 | 199 | +DWORD | ||
870 | 200 | +SamDbFixLocalAccounts( | ||
871 | 201 | + HANDLE hDirectory | ||
872 | 202 | + ); | ||
873 | 203 | |||
874 | 204 | DWORD | ||
875 | 205 | DirectoryInitializeProvider( | ||
876 | 206 | @@ -226,6 +231,7 @@ | ||
877 | 207 | ) | ||
878 | 208 | { | ||
879 | 209 | DWORD dwError = 0; | ||
880 | 210 | + HANDLE hDirectory1 = (HANDLE)NULL; | ||
881 | 211 | HANDLE hDirectory = (HANDLE)NULL; | ||
882 | 212 | PSAM_DIRECTORY_CONTEXT pDirectory = NULL; | ||
883 | 213 | PCSTR pszDbDirPath = SAM_DB_DIR; | ||
884 | 214 | @@ -240,6 +246,12 @@ | ||
885 | 215 | // TODO: Implement an upgrade scenario | ||
886 | 216 | if (bExists) | ||
887 | 217 | { | ||
888 | 218 | + dwError = SamDbOpen(&hDirectory1); | ||
889 | 219 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
890 | 220 | + | ||
891 | 221 | + dwError = SamDbFixLocalAccounts(hDirectory1); | ||
892 | 222 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
893 | 223 | + | ||
894 | 224 | goto cleanup; | ||
895 | 225 | } | ||
896 | 226 | |||
897 | 227 | @@ -284,6 +296,10 @@ | ||
898 | 228 | BAIL_ON_SAMDB_ERROR(dwError); | ||
899 | 229 | |||
900 | 230 | cleanup: | ||
901 | 231 | + if (hDirectory1) | ||
902 | 232 | + { | ||
903 | 233 | + SamDbClose(hDirectory1); | ||
904 | 234 | + } | ||
905 | 235 | |||
906 | 236 | if (hDirectory) | ||
907 | 237 | { | ||
908 | 238 | @@ -1193,7 +1209,7 @@ | ||
909 | 239 | "computer/domain", | ||
910 | 240 | .pszShell = SAM_DB_DEFAULT_ADMINISTRATOR_SHELL, | ||
911 | 241 | .pszHomedir = SAM_DB_DEFAULT_ADMINISTRATOR_HOMEDIR, | ||
912 | 242 | - .flags = SAMDB_ACB_NORMAL, | ||
913 | 243 | + .flags = SAMDB_ACB_NORMAL | SAMDB_ACB_DISABLED, | ||
914 | 244 | .objectClass = SAMDB_OBJECT_CLASS_USER | ||
915 | 245 | }, | ||
916 | 246 | { | ||
917 | 247 | @@ -1786,6 +1802,143 @@ | ||
918 | 248 | goto cleanup; | ||
919 | 249 | } | ||
920 | 250 | |||
921 | 251 | +static | ||
922 | 252 | +DWORD | ||
923 | 253 | +SamDbFixLocalAccounts( | ||
924 | 254 | + HANDLE hDirectory | ||
925 | 255 | + ) | ||
926 | 256 | +{ | ||
927 | 257 | + | ||
928 | 258 | + DWORD dwError = 0; | ||
929 | 259 | + const wchar_t wszUserObjectFilterFmt[] = L"%ws = %u"; | ||
930 | 260 | + const DWORD dwInt32StrSize = 10; | ||
931 | 261 | + WCHAR wszAttrObjectClass[] = SAM_DB_DIR_ATTR_OBJECT_CLASS; | ||
932 | 262 | + WCHAR wszAttrObjectDN[] = SAM_DB_DIR_ATTR_DISTINGUISHED_NAME; | ||
933 | 263 | + WCHAR wszAttrAccountFlags[] = SAM_DB_DIR_ATTR_ACCOUNT_FLAGS; | ||
934 | 264 | + WCHAR wszAttrNtHash[] = SAM_DB_DIR_ATTR_NT_HASH; | ||
935 | 265 | + DWORD dwUserObjectFilterLen = 0; | ||
936 | 266 | + PWSTR pwszUserObjectFilter = NULL; | ||
937 | 267 | + ULONG ulScope = 0; | ||
938 | 268 | + ULONG ulAttributesOnly = 0; | ||
939 | 269 | + PWSTR pwszBase = NULL; | ||
940 | 270 | + PWSTR wszAttributes[] = { | ||
941 | 271 | + &wszAttrObjectDN[0], | ||
942 | 272 | + &wszAttrAccountFlags[0], | ||
943 | 273 | + &wszAttrNtHash[0], | ||
944 | 274 | + NULL | ||
945 | 275 | + }; | ||
946 | 276 | + | ||
947 | 277 | + PDIRECTORY_ENTRY pUserEntries = NULL; | ||
948 | 278 | + DWORD dwNumUserEntries = 0; | ||
949 | 279 | + PDIRECTORY_ENTRY pUserEntry = NULL; | ||
950 | 280 | + DWORD iEntry = 0; | ||
951 | 281 | + PWSTR pwszUserObjectDN = NULL; | ||
952 | 282 | + DWORD dwAccountFlags = 0; | ||
953 | 283 | + POCTET_STRING pNtHash = NULL; | ||
954 | 284 | + DWORD iMod = 0; | ||
955 | 285 | + | ||
956 | 286 | + enum AttrValueIndex { | ||
957 | 287 | + ATTR_VAL_IDX_ACCOUNT_FLAGS = 0, | ||
958 | 288 | + ATTR_VAL_IDX_SENTINEL | ||
959 | 289 | + }; | ||
960 | 290 | + | ||
961 | 291 | + ATTRIBUTE_VALUE AttrValues[] = { | ||
962 | 292 | + { /* ATTR_VAL_IDX_ACCOUNT_FLAGS */ | ||
963 | 293 | + .Type = DIRECTORY_ATTR_TYPE_LARGE_INTEGER, | ||
964 | 294 | + .data.ulValue = 0 | ||
965 | 295 | + } | ||
966 | 296 | + }; | ||
967 | 297 | + | ||
968 | 298 | + DIRECTORY_MOD ModAccountFlags = { | ||
969 | 299 | + DIR_MOD_FLAGS_REPLACE, | ||
970 | 300 | + wszAttrAccountFlags, | ||
971 | 301 | + 1, | ||
972 | 302 | + &AttrValues[ATTR_VAL_IDX_ACCOUNT_FLAGS] | ||
973 | 303 | + }; | ||
974 | 304 | + | ||
975 | 305 | + DIRECTORY_MOD Mods[ATTR_VAL_IDX_SENTINEL + 1]; | ||
976 | 306 | + memset(&Mods, 0, sizeof(Mods)); | ||
977 | 307 | + | ||
978 | 308 | + dwUserObjectFilterLen = (sizeof(wszAttrObjectClass)/sizeof(wszAttrObjectClass[0]) + | ||
979 | 309 | + dwInt32StrSize + | ||
980 | 310 | + sizeof(wszUserObjectFilterFmt)); | ||
981 | 311 | + dwError = LwAllocateMemory(dwUserObjectFilterLen * sizeof(WCHAR), | ||
982 | 312 | + OUT_PPVOID(&pwszUserObjectFilter)); | ||
983 | 313 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
984 | 314 | + | ||
985 | 315 | + if (sw16printfw(pwszUserObjectFilter, dwUserObjectFilterLen, | ||
986 | 316 | + wszUserObjectFilterFmt, | ||
987 | 317 | + &wszAttrObjectClass[0], SAMDB_OBJECT_CLASS_USER) < 0) | ||
988 | 318 | + { | ||
989 | 319 | + dwError = LwErrnoToWin32Error(errno); | ||
990 | 320 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
991 | 321 | + } | ||
992 | 322 | + | ||
993 | 323 | + dwError = SamDbSearchObject(hDirectory, | ||
994 | 324 | + pwszBase, | ||
995 | 325 | + ulScope, | ||
996 | 326 | + pwszUserObjectFilter, | ||
997 | 327 | + wszAttributes, | ||
998 | 328 | + ulAttributesOnly, | ||
999 | 329 | + &pUserEntries, | ||
1000 | 330 | + &dwNumUserEntries); | ||
1001 | 331 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
1002 | 332 | + | ||
1003 | 333 | + for (iEntry = 0; iEntry < dwNumUserEntries; iEntry++) | ||
1004 | 334 | + { | ||
1005 | 335 | + pUserEntry = &(pUserEntries[iEntry]); | ||
1006 | 336 | + | ||
1007 | 337 | + dwError = DirectoryGetEntryAttrValueByName( | ||
1008 | 338 | + pUserEntry, | ||
1009 | 339 | + wszAttrObjectDN, | ||
1010 | 340 | + DIRECTORY_ATTR_TYPE_UNICODE_STRING, | ||
1011 | 341 | + &pwszUserObjectDN); | ||
1012 | 342 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
1013 | 343 | + | ||
1014 | 344 | + dwError = DirectoryGetEntryAttrValueByName( | ||
1015 | 345 | + pUserEntry, | ||
1016 | 346 | + wszAttrAccountFlags, | ||
1017 | 347 | + DIRECTORY_ATTR_TYPE_INTEGER, | ||
1018 | 348 | + &dwAccountFlags); | ||
1019 | 349 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
1020 | 350 | + | ||
1021 | 351 | + dwError = DirectoryGetEntryAttrValueByName( | ||
1022 | 352 | + pUserEntry, | ||
1023 | 353 | + wszAttrNtHash, | ||
1024 | 354 | + DIRECTORY_ATTR_TYPE_OCTET_STREAM, | ||
1025 | 355 | + &pNtHash); | ||
1026 | 356 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
1027 | 357 | + | ||
1028 | 358 | + if ((pNtHash == NULL || pNtHash->ulNumBytes == 0) && | ||
1029 | 359 | + !(dwAccountFlags & SAMDB_ACB_DISABLED)) | ||
1030 | 360 | + { | ||
1031 | 361 | + dwAccountFlags |= SAMDB_ACB_DISABLED; | ||
1032 | 362 | + | ||
1033 | 363 | + AttrValues[ATTR_VAL_IDX_ACCOUNT_FLAGS].data.ulValue = dwAccountFlags; | ||
1034 | 364 | + | ||
1035 | 365 | + Mods[iMod++] = ModAccountFlags; | ||
1036 | 366 | + | ||
1037 | 367 | + dwError = SamDbModifyObject(hDirectory, | ||
1038 | 368 | + pwszUserObjectDN, | ||
1039 | 369 | + Mods); | ||
1040 | 370 | + BAIL_ON_SAMDB_ERROR(dwError); | ||
1041 | 371 | + } | ||
1042 | 372 | + } | ||
1043 | 373 | + | ||
1044 | 374 | +cleanup: | ||
1045 | 375 | + if (pUserEntries) | ||
1046 | 376 | + { | ||
1047 | 377 | + DirectoryFreeEntries(pUserEntries, dwNumUserEntries); | ||
1048 | 378 | + } | ||
1049 | 379 | + | ||
1050 | 380 | + LW_SAFE_FREE_MEMORY(pwszUserObjectFilter); | ||
1051 | 381 | + | ||
1052 | 382 | + return dwError; | ||
1053 | 383 | + | ||
1054 | 384 | +error: | ||
1055 | 385 | + goto cleanup; | ||
1056 | 386 | +} | ||
1057 | 387 | + | ||
1058 | 388 | |||
1059 | 389 | /* | ||
1060 | 390 | local variables: | ||
1061 | 0 | 391 | ||
1062 | === added file 'debian/patches/lsass_turn_off_ncacn_ip_tcp.diff' | |||
1063 | --- debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 1970-01-01 00:00:00 +0000 | |||
1064 | +++ debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 2010-12-01 21:33:36 +0000 | |||
1065 | @@ -0,0 +1,39 @@ | |||
1066 | 1 | Index: likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c | ||
1067 | 2 | =================================================================== | ||
1068 | 3 | --- likewise-open-5.4.0.42111.orig/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:55:19.000000000 -0500 | ||
1069 | 4 | +++ likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:56:31.000000000 -0500 | ||
1070 | 5 | @@ -118,7 +118,7 @@ | ||
1071 | 6 | |||
1072 | 7 | ENDPOINT EndPoints[] = { | ||
1073 | 8 | { "ncacn_np", "\\\\pipe\\\\lsass" }, | ||
1074 | 9 | - { "ncacn_ip_tcp", NULL }, | ||
1075 | 10 | + // { "ncacn_ip_tcp", NULL }, | ||
1076 | 11 | { NULL, NULL } | ||
1077 | 12 | }; | ||
1078 | 13 | DWORD dwError = 0; | ||
1079 | 14 | Index: likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c | ||
1080 | 15 | =================================================================== | ||
1081 | 16 | --- likewise-open-5.4.0.42111.orig/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:55:19.000000000 -0500 | ||
1082 | 17 | +++ likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:56:06.000000000 -0500 | ||
1083 | 18 | @@ -119,7 +119,7 @@ | ||
1084 | 19 | ENDPOINT EndPoints[] = { | ||
1085 | 20 | { "ncacn_np", "\\\\pipe\\\\lsarpc" }, | ||
1086 | 21 | { "ncacn_np", "\\\\pipe\\\\lsass" }, | ||
1087 | 22 | - { "ncacn_ip_tcp", NULL }, | ||
1088 | 23 | + // { "ncacn_ip_tcp", NULL }, | ||
1089 | 24 | { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */ | ||
1090 | 25 | { NULL, NULL } | ||
1091 | 26 | }; | ||
1092 | 27 | Index: likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c | ||
1093 | 28 | =================================================================== | ||
1094 | 29 | --- likewise-open-5.4.0.42111.orig/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:19.000000000 -0500 | ||
1095 | 30 | +++ likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:51.000000000 -0500 | ||
1096 | 31 | @@ -121,7 +121,7 @@ | ||
1097 | 32 | PCSTR pszDescription = "Security Accounts Manager"; | ||
1098 | 33 | ENDPOINT EndPoints[] = { | ||
1099 | 34 | { "ncacn_np", "\\\\pipe\\\\samr" }, | ||
1100 | 35 | - { "ncacn_ip_tcp", NULL }, | ||
1101 | 36 | + // { "ncacn_ip_tcp", NULL }, | ||
1102 | 37 | { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */ | ||
1103 | 38 | { NULL, NULL } | ||
1104 | 39 | }; | ||
1105 | 0 | 40 | ||
1106 | === added file 'debian/patches/lwupgrade_multi_sz.diff' | |||
1107 | --- debian/patches/lwupgrade_multi_sz.diff 1970-01-01 00:00:00 +0000 | |||
1108 | +++ debian/patches/lwupgrade_multi_sz.diff 2010-12-01 21:33:36 +0000 | |||
1109 | @@ -0,0 +1,77 @@ | |||
1110 | 1 | commit a1812bb292173c1e7265b6ab523a0df78b1010d5 | ||
1111 | 2 | Author: Scott Salley <ssalley@likewise.com> | ||
1112 | 3 | Date: Mon May 3 23:14:34 2010 +0000 | ||
1113 | 4 | |||
1114 | 5 | Merge: -c 43867 ^/trunk/Platform -> ~/branches/lwidentity-5.4 | ||
1115 | 6 | |||
1116 | 7 | Multistring handling was extremely poor, now it is a bit better. | ||
1117 | 8 | |||
1118 | 9 | (lwupgrade: r43874) | ||
1119 | 10 | |||
1120 | 11 | diff --git a/lwupgrade/utils/convert.c b/lwupgrade/utils/convert.c | ||
1121 | 12 | index f399d93..381bb03 100644 | ||
1122 | 13 | --- a/lwupgrade/utils/convert.c | ||
1123 | 14 | +++ b/lwupgrade/utils/convert.c | ||
1124 | 15 | @@ -47,12 +47,18 @@ UpStringToMultiString( | ||
1125 | 16 | DWORD i = 0; | ||
1126 | 17 | DWORD j = 0; | ||
1127 | 18 | PSTR pszCompactIn = NULL; | ||
1128 | 19 | - DWORD dwLength = 0; | ||
1129 | 20 | |||
1130 | 21 | - // First, remove all whitespace from the string. | ||
1131 | 22 | - dwError = LwAllocateString(pszIn, &pszCompactIn); | ||
1132 | 23 | + // Make a copy of the string, reserving enough space for terminator. | ||
1133 | 24 | + dwError = LwAllocateMemory(strlen(pszIn) + 2, (PVOID*)&pszCompactIn); | ||
1134 | 25 | BAIL_ON_UP_ERROR(dwError); | ||
1135 | 26 | |||
1136 | 27 | + memcpy(pszCompactIn, pszIn, strlen(pszIn) + 1); | ||
1137 | 28 | + | ||
1138 | 29 | + // First, remove all whitespace from the string. | ||
1139 | 30 | + //dwError = LwAllocateString(pszIn, &pszCompactIn); | ||
1140 | 31 | + //BAIL_ON_UP_ERROR(dwError); | ||
1141 | 32 | + | ||
1142 | 33 | + | ||
1143 | 34 | i = 0; | ||
1144 | 35 | j = 0; | ||
1145 | 36 | while (pszCompactIn[i]) | ||
1146 | 37 | @@ -79,16 +85,20 @@ UpStringToMultiString( | ||
1147 | 38 | bCharacterIsDelimiter = TRUE; | ||
1148 | 39 | } | ||
1149 | 40 | |||
1150 | 41 | + // Don't want to delimiters in a row. | ||
1151 | 42 | if (!(bPreviousCharacterIsDelimiter && bCharacterIsDelimiter)) | ||
1152 | 43 | { | ||
1153 | 44 | pszCompactIn[j++] = pszCompactIn[i]; | ||
1154 | 45 | - bPreviousCharacterIsDelimiter = bCharacterIsDelimiter; | ||
1155 | 46 | } | ||
1156 | 47 | + | ||
1157 | 48 | + bPreviousCharacterIsDelimiter = bCharacterIsDelimiter; | ||
1158 | 49 | i++; | ||
1159 | 50 | } | ||
1160 | 51 | + pszCompactIn[j++] = '\0'; | ||
1161 | 52 | |||
1162 | 53 | |||
1163 | 54 | // Finally, replace all delmiters with '\0'. | ||
1164 | 55 | + i = 0; | ||
1165 | 56 | while (pszCompactIn[i]) | ||
1166 | 57 | { | ||
1167 | 58 | if (strchr(pszDelims, pszCompactIn[i])) | ||
1168 | 59 | @@ -97,17 +107,7 @@ UpStringToMultiString( | ||
1169 | 60 | } | ||
1170 | 61 | i++; | ||
1171 | 62 | } | ||
1172 | 63 | - | ||
1173 | 64 | - // Third, remove all 'empty' strings. | ||
1174 | 65 | - dwLength = i; | ||
1175 | 66 | - while (i < dwLength - 1) | ||
1176 | 67 | - { | ||
1177 | 68 | - if (!pszCompactIn[i] && !pszCompactIn[i + 1]) | ||
1178 | 69 | - { | ||
1179 | 70 | - pszCompactIn[j++] = pszCompactIn[i]; | ||
1180 | 71 | - } | ||
1181 | 72 | - i++; | ||
1182 | 73 | - } | ||
1183 | 74 | + pszCompactIn[i+1] = '\0'; | ||
1184 | 75 | |||
1185 | 76 | cleanup: | ||
1186 | 77 | |||
1187 | 0 | 78 | ||
1188 | === added file 'debian/patches/offline_v2.diff' | |||
1189 | --- debian/patches/offline_v2.diff 1970-01-01 00:00:00 +0000 | |||
1190 | +++ debian/patches/offline_v2.diff 2010-12-01 21:33:36 +0000 | |||
1191 | @@ -0,0 +1,201 @@ | |||
1192 | 1 | Index: likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c | ||
1193 | 2 | =================================================================== | ||
1194 | 3 | --- likewise-open-5.4.0.42111.orig/lsass/common/utils/lsalist.c 2010-06-17 22:17:40.000000000 -0700 | ||
1195 | 4 | +++ likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c 2010-06-17 22:20:26.000000000 -0700 | ||
1196 | 5 | @@ -106,6 +106,7 @@ | ||
1197 | 6 | { | ||
1198 | 7 | Element->Prev->Next = Element->Next; | ||
1199 | 8 | Element->Next->Prev = Element->Prev; | ||
1200 | 9 | + LsaListInit(Element); | ||
1201 | 10 | } | ||
1202 | 11 | |||
1203 | 12 | LSA_LIST_LINKS* | ||
1204 | 13 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c | ||
1205 | 14 | =================================================================== | ||
1206 | 15 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:17:40.000000000 -0700 | ||
1207 | 16 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:20:50.000000000 -0700 | ||
1208 | 17 | @@ -111,7 +111,7 @@ | ||
1209 | 18 | &pszNT4UserName, | ||
1210 | 19 | "%s\\%s", | ||
1211 | 20 | pUserInfo->pszNetbiosDomainName, | ||
1212 | 21 | - pUserInfo->userInfo.pszUPN); | ||
1213 | 22 | + pUserInfo->pszSamAccountName); | ||
1214 | 23 | BAIL_ON_LSA_ERROR(dwError); | ||
1215 | 24 | |||
1216 | 25 | dwError = LsaUmAddUser( | ||
1217 | 26 | @@ -592,11 +592,6 @@ | ||
1218 | 27 | break; | ||
1219 | 28 | } | ||
1220 | 29 | |||
1221 | 30 | - if (dwError == LW_ERROR_SUCCESS) | ||
1222 | 31 | - { | ||
1223 | 32 | - dwError = AD_CheckExpiredObject(&pCachedUser); | ||
1224 | 33 | - } | ||
1225 | 34 | - | ||
1226 | 35 | switch (dwError) | ||
1227 | 36 | { | ||
1228 | 37 | case LW_ERROR_SUCCESS: | ||
1229 | 38 | @@ -681,10 +676,6 @@ | ||
1230 | 39 | dwError = LW_ERROR_INVALID_PARAMETER; | ||
1231 | 40 | BAIL_ON_LSA_ERROR(dwError); | ||
1232 | 41 | } | ||
1233 | 42 | - if (dwError == LW_ERROR_SUCCESS) | ||
1234 | 43 | - { | ||
1235 | 44 | - dwError = AD_CheckExpiredObject(&pCachedUser); | ||
1236 | 45 | - } | ||
1237 | 46 | |||
1238 | 47 | switch (dwError) | ||
1239 | 48 | { | ||
1240 | 49 | @@ -834,10 +825,19 @@ | ||
1241 | 50 | PLSA_GROUP_MEMBERSHIP* ppMemberships = NULL; | ||
1242 | 51 | // Only free top level array, do not free string pointers. | ||
1243 | 52 | PSTR pszGroupSid = NULL; | ||
1244 | 53 | - PLSA_SECURITY_OBJECT pUserInfo = NULL; | ||
1245 | 54 | + PLSA_SECURITY_OBJECT* ppUserObject = NULL; | ||
1246 | 55 | DWORD dwIndex = 0; | ||
1247 | 56 | |||
1248 | 57 | - dwError = AD_FindObjectBySid(hProvider, pszSid, &pUserInfo); | ||
1249 | 58 | + dwError = AD_OfflineFindObjectsBySidList( | ||
1250 | 59 | + 1, | ||
1251 | 60 | + &pszSid, | ||
1252 | 61 | + &ppUserObject); | ||
1253 | 62 | + BAIL_ON_LSA_ERROR(dwError); | ||
1254 | 63 | + | ||
1255 | 64 | + if (!ppUserObject[0]) | ||
1256 | 65 | + { | ||
1257 | 66 | + dwError = LW_ERROR_NO_SUCH_USER; | ||
1258 | 67 | + } | ||
1259 | 68 | BAIL_ON_LSA_ERROR(dwError); | ||
1260 | 69 | |||
1261 | 70 | dwError = ADCacheGetGroupsForUser( | ||
1262 | 71 | @@ -874,7 +874,7 @@ | ||
1263 | 72 | cleanup: | ||
1264 | 73 | |||
1265 | 74 | LW_SAFE_FREE_MEMORY(pszGroupSid); | ||
1266 | 75 | - ADCacheSafeFreeObject(&pUserInfo); | ||
1267 | 76 | + ADCacheSafeFreeObjectList(1, &ppUserObject); | ||
1268 | 77 | ADCacheSafeFreeGroupMembershipList(sMembershipCount, &ppMemberships); | ||
1269 | 78 | |||
1270 | 79 | return dwError; | ||
1271 | 80 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c | ||
1272 | 81 | =================================================================== | ||
1273 | 82 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:17:40.000000000 -0700 | ||
1274 | 83 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:20:50.000000000 -0700 | ||
1275 | 84 | @@ -4161,7 +4161,6 @@ | ||
1276 | 85 | case LW_ERROR_NO_SUCH_USER: | ||
1277 | 86 | case LW_ERROR_NO_SUCH_GROUP: | ||
1278 | 87 | case LW_ERROR_NO_SUCH_OBJECT: | ||
1279 | 88 | - case LW_ERROR_DOMAIN_IS_OFFLINE: | ||
1280 | 89 | dwError = LW_ERROR_SUCCESS; | ||
1281 | 90 | break; | ||
1282 | 91 | default: | ||
1283 | 92 | @@ -4426,7 +4425,6 @@ | ||
1284 | 93 | case LW_ERROR_NO_SUCH_USER: | ||
1285 | 94 | case LW_ERROR_NO_SUCH_GROUP: | ||
1286 | 95 | case LW_ERROR_NO_SUCH_OBJECT: | ||
1287 | 96 | - case LW_ERROR_DOMAIN_IS_OFFLINE: | ||
1288 | 97 | dwError = LW_ERROR_SUCCESS; | ||
1289 | 98 | break; | ||
1290 | 99 | default: | ||
1291 | 100 | Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c | ||
1292 | 101 | =================================================================== | ||
1293 | 102 | --- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:17:40.000000000 -0700 | ||
1294 | 103 | +++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:20:50.000000000 -0700 | ||
1295 | 104 | @@ -3498,7 +3498,11 @@ | ||
1296 | 105 | |||
1297 | 106 | if (AD_IsOffline()) | ||
1298 | 107 | { | ||
1299 | 108 | - dwError = AD_OfflineFindObjects( | ||
1300 | 109 | + dwError = LW_ERROR_DOMAIN_IS_OFFLINE; | ||
1301 | 110 | + } | ||
1302 | 111 | + else | ||
1303 | 112 | + { | ||
1304 | 113 | + dwError = AD_OnlineFindObjects( | ||
1305 | 114 | hProvider, | ||
1306 | 115 | FindFlags, | ||
1307 | 116 | ObjectType, | ||
1308 | 117 | @@ -3506,11 +3510,11 @@ | ||
1309 | 118 | dwCount, | ||
1310 | 119 | QueryList, | ||
1311 | 120 | &ppObjects); | ||
1312 | 121 | - BAIL_ON_LSA_ERROR(dwError); | ||
1313 | 122 | } | ||
1314 | 123 | - else | ||
1315 | 124 | + | ||
1316 | 125 | + if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError) | ||
1317 | 126 | { | ||
1318 | 127 | - dwError = AD_OnlineFindObjects( | ||
1319 | 128 | + dwError = AD_OfflineFindObjects( | ||
1320 | 129 | hProvider, | ||
1321 | 130 | FindFlags, | ||
1322 | 131 | ObjectType, | ||
1323 | 132 | @@ -3518,8 +3522,8 @@ | ||
1324 | 133 | dwCount, | ||
1325 | 134 | QueryList, | ||
1326 | 135 | &ppObjects); | ||
1327 | 136 | - BAIL_ON_LSA_ERROR(dwError); | ||
1328 | 137 | } | ||
1329 | 138 | + BAIL_ON_LSA_ERROR(dwError); | ||
1330 | 139 | |||
1331 | 140 | if (ppObjects) | ||
1332 | 141 | { | ||
1333 | 142 | @@ -3704,24 +3708,28 @@ | ||
1334 | 143 | |||
1335 | 144 | if (AD_IsOffline()) | ||
1336 | 145 | { | ||
1337 | 146 | - dwError = AD_OfflineGetGroupMemberSids( | ||
1338 | 147 | + dwError = LW_ERROR_DOMAIN_IS_OFFLINE; | ||
1339 | 148 | + } | ||
1340 | 149 | + else | ||
1341 | 150 | + { | ||
1342 | 151 | + dwError = AD_OnlineGetGroupMemberSids( | ||
1343 | 152 | hProvider, | ||
1344 | 153 | FindFlags, | ||
1345 | 154 | pszSid, | ||
1346 | 155 | &pEnum->dwSidCount, | ||
1347 | 156 | &pEnum->ppszSids); | ||
1348 | 157 | - BAIL_ON_LSA_ERROR(dwError); | ||
1349 | 158 | } | ||
1350 | 159 | - else | ||
1351 | 160 | + | ||
1352 | 161 | + if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError) | ||
1353 | 162 | { | ||
1354 | 163 | - dwError = AD_OnlineGetGroupMemberSids( | ||
1355 | 164 | + dwError = AD_OfflineGetGroupMemberSids( | ||
1356 | 165 | hProvider, | ||
1357 | 166 | FindFlags, | ||
1358 | 167 | pszSid, | ||
1359 | 168 | &pEnum->dwSidCount, | ||
1360 | 169 | &pEnum->ppszSids); | ||
1361 | 170 | - BAIL_ON_LSA_ERROR(dwError); | ||
1362 | 171 | } | ||
1363 | 172 | + BAIL_ON_LSA_ERROR(dwError); | ||
1364 | 173 | |||
1365 | 174 | *phEnum = pEnum; | ||
1366 | 175 | |||
1367 | 176 | @@ -3817,7 +3825,11 @@ | ||
1368 | 177 | |||
1369 | 178 | if (AD_IsOffline()) | ||
1370 | 179 | { | ||
1371 | 180 | - dwError = AD_OfflineQueryMemberOf( | ||
1372 | 181 | + dwError = LW_ERROR_DOMAIN_IS_OFFLINE; | ||
1373 | 182 | + } | ||
1374 | 183 | + else | ||
1375 | 184 | + { | ||
1376 | 185 | + dwError = AD_OnlineQueryMemberOf( | ||
1377 | 186 | hProvider, | ||
1378 | 187 | FindFlags, | ||
1379 | 188 | dwSidCount, | ||
1380 | 189 | @@ -3825,9 +3837,10 @@ | ||
1381 | 190 | pdwGroupSidCount, | ||
1382 | 191 | pppszGroupSids); | ||
1383 | 192 | } | ||
1384 | 193 | - else | ||
1385 | 194 | + | ||
1386 | 195 | + if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError) | ||
1387 | 196 | { | ||
1388 | 197 | - dwError = AD_OnlineQueryMemberOf( | ||
1389 | 198 | + dwError = AD_OfflineQueryMemberOf( | ||
1390 | 199 | hProvider, | ||
1391 | 200 | FindFlags, | ||
1392 | 201 | dwSidCount, | ||
1393 | 0 | 202 | ||
1394 | === added file 'debian/patches/reg_import_multi_sz.diff' | |||
1395 | --- debian/patches/reg_import_multi_sz.diff 1970-01-01 00:00:00 +0000 | |||
1396 | +++ debian/patches/reg_import_multi_sz.diff 2010-12-01 21:33:36 +0000 | |||
1397 | @@ -0,0 +1,14 @@ | |||
1398 | 1 | diff --git a/lwreg/parse/reglex.c b/lwreg/parse/reglex.c | ||
1399 | 2 | index 8d01668..747c9c6 100644 | ||
1400 | 3 | --- a/lwreg/parse/reglex.c | ||
1401 | 4 | +++ b/lwreg/parse/reglex.c | ||
1402 | 5 | @@ -449,7 +449,8 @@ RegLexParseBackslash( | ||
1403 | 6 | dwError = RegIOUnGetChar(ioHandle, NULL); | ||
1404 | 7 | } | ||
1405 | 8 | } | ||
1406 | 9 | - else if (lexHandle->state == REGLEX_STATE_IN_QUOTE) | ||
1407 | 10 | + | ||
1408 | 11 | + if (lexHandle->state == REGLEX_STATE_IN_QUOTE) | ||
1409 | 12 | { | ||
1410 | 13 | /* | ||
1411 | 14 | * Treat sequence '\C' (C=any character) as | ||
1412 | 0 | 15 | ||
1413 | === modified file 'debian/patches/series' | |||
1414 | --- debian/patches/series 2010-04-09 12:30:18 +0000 | |||
1415 | +++ debian/patches/series 2010-12-01 21:33:36 +0000 | |||
1416 | @@ -14,3 +14,11 @@ | |||
1417 | 14 | autoreconf_dcerpc.diff | 14 | autoreconf_dcerpc.diff |
1418 | 15 | correct_lsass_configure_platform_detection.patch | 15 | correct_lsass_configure_platform_detection.patch |
1419 | 16 | autoreconf_lsass.conf | 16 | autoreconf_lsass.conf |
1420 | 17 | ignore_group_update_failure_on_leave.diff | ||
1421 | 18 | #lsass_turn_off_ncacn_ip_tcp.diff | ||
1422 | 19 | #disable_dcerpc_auto_start.diff | ||
1423 | 20 | lwupgrade_multi_sz.diff | ||
1424 | 21 | assume_default_domain.diff | ||
1425 | 22 | reg_import_multi_sz.diff | ||
1426 | 23 | offline_v2.diff | ||
1427 | 24 | lp-security-CVE-2010-0833.diff |
Hi there Scott,
Reviewing this merge proposal, a couple of comments... /wiki.ubuntu. com/StableRelea seUpdates
1) To note that a bug is fixed in the changelog, please use this syntax: "LP: #575019", rather than "LP BUG 575019"
2) Usually, SRUs are held to a pretty tight standard, typically fixing one or two issues; this merge fixes 9 bugs
3) Each of those 9 bugs are going to need an SRU statement in the main body, explaining a) the impact, b) an explanation of how the bug is fixed, c) a pointer to the commit or minimal patch that solves that one issue, d) detailed instructions on how to reproduce the bug, e) a description of the regression potential
- See: https:/
I'll be happy to sponsor this as soon as (1) is trivially fixed in your branch, and as soon as each bug is updated per (2). Then, the package will go into the -proposed queue, and we'll need you or someone else to go through each of those 9 bugs and work their way through the reproduce instructions, noting if the new package fixes the known bugs and does cause regression.
Thanks!
Dustin