Ubuntu
likewise-open package

Merge lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272 into lp:ubuntu/maverick/likewise-open

  1. Maverick (10.10)
  2. likewise-open.fix627272
  3. Merge into maverick
Proposed by Scott Salley
Status: Needs review
Proposed branch: lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272
Merge into: lp:ubuntu/maverick/likewise-open
Diff against target: 958 lines (+806/-26)
13 files modified
debian/changelog (+27/-0)
debian/control (+3/-2)
debian/likewise-open.postinst (+23/-17)
debian/likewise-open.preinst (+9/-7)
debian/likewise-open.prerm (+9/-0)
debian/patches/assume_default_domain.diff (+334/-0)
debian/patches/disable_dcerpc_auto_start.diff (+26/-0)
debian/patches/ignore_group_update_failure_on_leave.diff (+37/-0)
debian/patches/lsass_turn_off_ncacn_ip_tcp.diff (+39/-0)
debian/patches/lwupgrade_multi_sz.diff (+77/-0)
debian/patches/offline_v2.diff (+201/-0)
debian/patches/reg_import_multi_sz.diff (+14/-0)
debian/patches/series (+7/-0)
To merge this branch: bzr merge lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272
Reviewer Review Type Date Requested Status
Dustin Kirkland  Needs Fixing
Review via email: mp+38741@code.launchpad.net

Description of the change

These changes have been sitting in a PPA and tested by users and our QA team on Lucid for a long while and on Maverick for a little while. Unfortunately, no one created a branch and tried to get them merged, so I'm doing so now a day late and dollar short. These changes are good for both Lucid and Maverick.

The changelog describes the changes in more detail but here is a short summary of fixed bugs:
lp:534629 AssumeDefaultDomain does not work
lp:575152 RequireMembershipOf Does Not Work
lp:591893 likewise-open depends on psmisc
lp:605326 Likewise open 5 or 6 conflicts with winbind
lp:572271 CacheEntryExpire setting ignored & default value of 4 hours is too
low
lp:574443 likewise-open5 upgrade mangles RequireMembershipOf settings

Additionally, many bugs dealing with installation and upgrading were corrected but matching them up to bug reports is difficult to do reproducibility.

To post a comment you must log in.
lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272 updated
21. By Scott Salley

Forgot to add the patches -- clueless with bzr/git.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Hi there Scott,

Reviewing this merge proposal, a couple of comments...
 1) To note that a bug is fixed in the changelog, please use this syntax: "LP: #575019", rather than "LP BUG 575019"
 2) Usually, SRUs are held to a pretty tight standard, typically fixing one or two issues; this merge fixes 9 bugs
 3) Each of those 9 bugs are going to need an SRU statement in the main body, explaining a) the impact, b) an explanation of how the bug is fixed, c) a pointer to the commit or minimal patch that solves that one issue, d) detailed instructions on how to reproduce the bug, e) a description of the regression potential
   - See: https://wiki.ubuntu.com/StableReleaseUpdates

I'll be happy to sponsor this as soon as (1) is trivially fixed in your branch, and as soon as each bug is updated per (2). Then, the package will go into the -proposed queue, and we'll need you or someone else to go through each of those 9 bugs and work their way through the reproduce instructions, noting if the new package fixes the known bugs and does cause regression.

Thanks!
Dustin

review: Needs Fixing
Reply

Unmerged revisions

21. By Scott Salley

Forgot to add the patches -- clueless with bzr/git.

20. By Scott Salley

Linking bugs.

19. By Scott Salley

* patches/ignore_group_update_failure_on_leave.diff: Added upstream patch
  to prevent "domainjoin-XXX leave" from failing if user/admin domain
  groups could not be removed from the builtin user/admin groups
  (LP BUG 575019)
* patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain
  (LP BUG 534629)
* patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271)
* patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values
  more robust (e.g. "RequireMembershipOf" LP BUG 574443)
* patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings
  that use the "\" character (LP BUG 575152)
* Added missing dependencies that prevent distribution and package upgrades
  from succeeding:
  - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
  - debian/control: Added psmisc (LP BUG 591893)
* Added statements to kill hung daemons that may prevent distribution and
  package upgrades from succeeding (LP BUG 621980):
  - debian/control: Added procps for pkill
  - debian/likewise-open.postinst, debian/likewise-open.preinst: Added
    explict kill for daemons that may hang
* debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
  like Scott Salley to handle likewise-open.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2010-10-04 11:27:30 +0000
+++ debian/changelog 2010-10-21 19:02:54 +0000
@@ -1,3 +1,30 @@
1likewise-open (5.4.0.42111-2ubuntu3) maverick; urgency=low
2
3 * patches/ignore_group_update_failure_on_leave.diff: Added upstream patch
4 to prevent "domainjoin-XXX leave" from failing if user/admin domain
5 groups could not be removed from the builtin user/admin groups
6 (LP BUG 575019)
7 * patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain
8 (LP BUG 534629)
9 * patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271)
10 * patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values
11 more robust (e.g. "RequireMembershipOf" LP BUG 574443)
12 * patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings
13 that use the "\" character (LP BUG 575152)
14 * Added missing dependencies that prevent distribution and package upgrades
15 from succeeding:
16 - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
17 - debian/control: Added psmisc (LP BUG 591893)
18 * Added statements to kill hung daemons that may prevent distribution and
19 package upgrades from succeeding (LP BUG 621980):
20 - debian/control: Added procps for pkill
21 - debian/likewise-open.postinst, debian/likewise-open.preinst: Added
22 explict kill for daemons that may hang
23 * debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
24 like Scott Salley to handle likewise-open.
25
26 -- Scott Salley <ssalley@likewise.com> Wed, 13 Oct 2010 17:24:08 -0700
27
1likewise-open (5.4.0.42111-2ubuntu2) maverick; urgency=low28likewise-open (5.4.0.42111-2ubuntu2) maverick; urgency=low
229
3 * debian/patches/disable-mac-IP-to-fix-ftbfs.diff:30 * debian/patches/disable-mac-IP-to-fix-ftbfs.diff:
431
=== modified file 'debian/control'
--- debian/control 2010-04-09 12:30:18 +0000
+++ debian/control 2010-10-21 19:02:54 +0000
@@ -2,7 +2,7 @@
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Chuck Short <zulcss@ubuntu.com>4Maintainer: Chuck Short <zulcss@ubuntu.com>
5XSBC-Original-Maintainer: Gerald Carter <gcarter@likewise.com>5XSBC-Original-Maintainer: Scott Salley <ssalley@likewise.com>
6Build-Depends: autoconf (>=2.53), automake, bison, debhelper (>= 7),6Build-Depends: autoconf (>=2.53), automake, bison, debhelper (>= 7),
7 libglade2-dev, libncurses5-dev, libpam0g-dev, libpam-runtime,7 libglade2-dev, libncurses5-dev, libpam0g-dev, libpam-runtime,
8 libssl-dev, libtool, libsqlite3-dev, uuid-dev, quilt, rsync, libxml2,8 libssl-dev, libtool, libsqlite3-dev, uuid-dev, quilt, rsync, libxml2,
@@ -69,7 +69,8 @@
6969
70Package: likewise-open70Package: likewise-open
71Architecture: any71Architecture: any
72Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user72Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user, psmisc, libpam-runtime,
73 procps
73Suggests: likewise-open-gui74Suggests: likewise-open-gui
74Provides: likewise-open, likewise-open575Provides: likewise-open, likewise-open5
75Conflicts: likewise-open,76Conflicts: likewise-open,
7677
=== modified file 'debian/likewise-open.postinst'
--- debian/likewise-open.postinst 2010-07-21 13:54:00 +0000
+++ debian/likewise-open.postinst 2010-10-21 19:02:54 +0000
@@ -63,8 +63,9 @@
6363
64 $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&164 $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1
65 $DOMAINJOIN configure --enable ssh > /dev/null 2>&165 $DOMAINJOIN configure --enable ssh > /dev/null 2>&1
66 $DOMAINJOIN configure --long `hostname --long` --short `hostname --short` \66 $DOMAINJOIN configure --long `hostname --long` \
67 --enable krb5 > /dev/null 2>&167 --short `hostname --short` \
68 --enable krb5 > /dev/null 2>&1
68}69}
6970
70case "$1" in71case "$1" in
@@ -79,14 +80,18 @@
79 ;;80 ;;
8081
81 configure)82 configure)
82 if [ -z "`pidof lwsmd`" ]; then83 # All daemons should be gone -- but sometimes they hang.
83 $LWSMD start84 pkill -KILL -x srvsvcd > /dev/null 2>&1 || true
84 else85 pkill -KILL -x lsassd > /dev/null 2>&1 || true
85 $LWSM stop lwreg86 pkill -KILL -x lwiod > /dev/null 2>&1 || true
86 $LWSMD restart87 pkill -KILL -x netlogond > /dev/null 2>&1 || true
87 fi88 pkill -KILL -x eventlogd > /dev/null 2>&1 || true
88 ## Ensure lwregd is started89 pkill -KILL -x dcerpcd > /dev/null 2>&1 || true
89 $LWSM start lwreg90 pkill -KILL -x netlogond > /dev/null 2>&1 || true
91 pkill -KILL -x lwsmd > /dev/null 2>&1 || true
92 pkill -KILL -x lwregd > /dev/null 2>&1 || true
93
94 /usr/sbin/lwsmd --start-as-daemon
9095
91 $REGSHELL upgrade /etc/likewise-open/dcerpcd.reg96 $REGSHELL upgrade /etc/likewise-open/dcerpcd.reg
92 $REGSHELL upgrade /etc/likewise-open/eventlogd.reg97 $REGSHELL upgrade /etc/likewise-open/eventlogd.reg
@@ -97,8 +102,6 @@
97 $REGSHELL upgrade /etc/likewise-open/pstore.reg102 $REGSHELL upgrade /etc/likewise-open/pstore.reg
98 $REGSHELL upgrade /etc/likewise-open/srvsvcd.reg103 $REGSHELL upgrade /etc/likewise-open/srvsvcd.reg
99104
100 $LWSMD reload
101
102 if [ -n "$2" ]; then105 if [ -n "$2" ]; then
103 if dpkg --compare-versions "$2" le "4.1.2982-0ubuntu3"; then106 if dpkg --compare-versions "$2" le "4.1.2982-0ubuntu3"; then
104 if [ -f "${UPGRADEDIR4}/lwiauthd.conf" -a \107 if [ -f "${UPGRADEDIR4}/lwiauthd.conf" -a \
@@ -110,13 +113,16 @@
110 if [ -d "${UPGRADEDIR5}" ]; then113 if [ -d "${UPGRADEDIR5}" ]; then
111 import_machine_account_5_0114 import_machine_account_5_0
112 fi115 fi
113 fi116 fi
114117
115 $LWSM start lsass || true118 /etc/init.d/lwsmd stop
116119
117 # This will start all the sevices and hook things up in /etc/rc[0-6].d120 /etc/init.d/lwsmd start
121
118 $DOMAINJOIN query > /dev/null 2>&1122 $DOMAINJOIN query > /dev/null 2>&1
119123
124 /usr/bin/lwsm start lsass || true
125
120 pam-auth-update --package126 pam-auth-update --package
121 ;;127 ;;
122esac128esac
123129
=== modified file 'debian/likewise-open.preinst'
--- debian/likewise-open.preinst 2010-01-05 16:21:34 +0000
+++ debian/likewise-open.preinst 2010-10-21 19:02:54 +0000
@@ -62,13 +62,15 @@
6262
63 # remove obsolete conffiles from previous versions63 # remove obsolete conffiles from previous versions
64 if dpkg --compare-versions "$2" lt-nl "5.4.0"; then64 if dpkg --compare-versions "$2" lt-nl "5.4.0"; then
65 # from 4.165
66 rm_conffile /etc/samba/lwiauthd.conf66 # from 4.1
67 rm_conffile /etc/security/pam_lwidentity.conf67 rm_conffile /etc/samba/lwiauthd.conf
68 rm_conffile /etc/default/likewise-open68 rm_conffile /etc/security/pam_lwidentity.conf
69 rm_conffile /etc/init.d/likewise-open69 rm_conffile /etc/default/likewise-open
70 # from 5.070 rm_conffile /etc/init.d/likewise-open
71 rm_conffile /etc/init.d/npcmuxd71
72 # from 5.0
73 rm_conffile /etc/init.d/npcmuxd
72 fi74 fi
73 ;;75 ;;
7476
7577
=== modified file 'debian/likewise-open.prerm'
--- debian/likewise-open.prerm 2010-01-05 16:21:34 +0000
+++ debian/likewise-open.prerm 2010-10-21 19:02:54 +0000
@@ -26,6 +26,15 @@
26 $LWSMD stop26 $LWSMD stop
27 fi27 fi
2828
29 pkill -KILL -x srvsvcd > /dev/null 2>&1 || true
30 pkill -KILL -x lsassd > /dev/null 2>&1 || true
31 pkill -KILL -x lwiod > /dev/null 2>&1 || true
32 pkill -KILL -x netlogond > /dev/null 2>&1 || true
33 pkill -KILL -x eventlogd > /dev/null 2>&1 || true
34 pkill -KILL -x dcerpcd > /dev/null 2>&1 || true
35 pkill -KILL -x lwsmd > /dev/null 2>&1 || true
36 pkill -KILL -x lwregd > /dev/null 2>&1 || true
37
29 ;;38 ;;
3039
31 failed-upgrade)40 failed-upgrade)
3241
=== added file 'debian/patches/assume_default_domain.diff'
--- debian/patches/assume_default_domain.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/assume_default_domain.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,334 @@
1commit d1cba75403be0af010b5df5ba22a1d0704f29fc3
2Author: Brian Koropoff <bkoropoff@likewise.com>
3Date: Wed May 5 22:21:47 2010 +0000
4
5 svn merge -c 43891 /Platform/src/linux/lsass/server/auth-providers/ad-open-provider -> src/linux/lsass/server/auth-providers/ad-provider
6
7 (lsass: r43911)
8
9Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c
10===================================================================
11--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:00.000000000 +0200
12+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:03.000000000 +0200
13@@ -59,12 +59,17 @@
14 PSTR pszResult = NULL;
15
16 if(pObject->type == LSA_OBJECT_TYPE_GROUP &&
17- !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName))
18+ !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName))
19 {
20 dwError = LwAllocateString(
21 pObject->groupInfo.pszAliasName,
22 &pszResult);
23 BAIL_ON_LSA_ERROR(dwError);
24+
25+ LwStrCharReplace(
26+ pszResult,
27+ ' ',
28+ AD_GetSpaceReplacement());
29 }
30 else if(pObject->type == LSA_OBJECT_TYPE_USER &&
31 !LW_IS_NULL_OR_EMPTY_STR(pObject->userInfo.pszAliasName))
32@@ -73,6 +78,11 @@
33 pObject->userInfo.pszAliasName,
34 &pszResult);
35 BAIL_ON_LSA_ERROR(dwError);
36+
37+ LwStrCharReplace(
38+ pszResult,
39+ ' ',
40+ AD_GetSpaceReplacement());
41 }
42 else
43 {
44Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c
45===================================================================
46--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:00.000000000 +0200
47+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:03.000000000 +0200
48@@ -580,6 +580,28 @@
49 BAIL_ON_LSA_ERROR(dwError);
50 }
51
52+ /* Fix up alias fields when in AssumeDefaultDomain mode */
53+ if (AD_ShouldAssumeDefaultDomain() &&
54+ pObject->enabled &&
55+ ((pObject->type == LSA_OBJECT_TYPE_USER &&
56+ !pObject->userInfo.pszAliasName) ||
57+ (pObject->type == LSA_OBJECT_TYPE_GROUP &&
58+ !pObject->groupInfo.pszAliasName)) &&
59+ !strcmp(pObject->pszNetbiosDomainName, gpADProviderData->szShortDomain))
60+ {
61+ dwError = LwAllocateString(
62+ pObject->pszSamAccountName,
63+ pObject->type == LSA_OBJECT_TYPE_USER ?
64+ &pObject->userInfo.pszAliasName : &pObject->groupInfo.pszAliasName);
65+ BAIL_ON_LSA_ERROR(dwError);
66+
67+ LwStrCharReplace(
68+ pObject->type == LSA_OBJECT_TYPE_USER ?
69+ pObject->userInfo.pszAliasName : pObject->groupInfo.pszAliasName,
70+ ' ',
71+ AD_GetSpaceReplacement());
72+ }
73+
74 cleanup:
75 *ppObject = pObject;
76 return dwError;
77Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c
78===================================================================
79--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:00.000000000 +0200
80+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:03.000000000 +0200
81@@ -4087,6 +4087,112 @@
82
83 static
84 DWORD
85+AD_OnlineFindObjectByName(
86+ IN HANDLE hProvider,
87+ IN LSA_FIND_FLAGS FindFlags,
88+ IN OPTIONAL LSA_OBJECT_TYPE ObjectType,
89+ IN LSA_QUERY_TYPE QueryType,
90+ IN PCSTR pszLoginName,
91+ IN PLSA_LOGIN_NAME_INFO pUserNameInfo,
92+ OUT PLSA_SECURITY_OBJECT* ppObject
93+ )
94+{
95+ DWORD dwError = 0;
96+ PLSA_SECURITY_OBJECT pCachedUser = NULL;
97+
98+ switch(ObjectType)
99+ {
100+ case LSA_OBJECT_TYPE_USER:
101+ dwError = ADCacheFindUserByName(
102+ gpLsaAdProviderState->hCacheConnection,
103+ pUserNameInfo,
104+ &pCachedUser);
105+ break;
106+ case LSA_OBJECT_TYPE_GROUP:
107+ dwError = ADCacheFindGroupByName(
108+ gpLsaAdProviderState->hCacheConnection,
109+ pUserNameInfo,
110+ &pCachedUser);
111+ break;
112+ default:
113+ dwError = ADCacheFindUserByName(
114+ gpLsaAdProviderState->hCacheConnection,
115+ pUserNameInfo,
116+ &pCachedUser);
117+ if (dwError == LW_ERROR_NO_SUCH_USER ||
118+ dwError == LW_ERROR_NOT_HANDLED)
119+ {
120+ dwError = ADCacheFindGroupByName(
121+ gpLsaAdProviderState->hCacheConnection,
122+ pUserNameInfo,
123+ &pCachedUser);
124+ }
125+ break;
126+ }
127+
128+ if (dwError == LW_ERROR_SUCCESS)
129+ {
130+ dwError = AD_CheckExpiredObject(&pCachedUser);
131+ }
132+
133+ switch (dwError)
134+ {
135+ case LW_ERROR_SUCCESS:
136+ break;
137+ case LW_ERROR_NOT_HANDLED:
138+ case LW_ERROR_NO_SUCH_USER:
139+ case LW_ERROR_NO_SUCH_GROUP:
140+ case LW_ERROR_NO_SUCH_OBJECT:
141+ dwError = AD_FindObjectByNameTypeNoCache(
142+ hProvider,
143+ pszLoginName,
144+ pUserNameInfo->nameType,
145+ ObjectType,
146+ &pCachedUser);
147+ switch (dwError)
148+ {
149+ case LW_ERROR_SUCCESS:
150+ dwError = ADCacheStoreObjectEntry(
151+ gpLsaAdProviderState->hCacheConnection,
152+ pCachedUser);
153+ BAIL_ON_LSA_ERROR(dwError);
154+
155+ break;
156+ case LW_ERROR_NO_SUCH_USER:
157+ case LW_ERROR_NO_SUCH_GROUP:
158+ case LW_ERROR_NO_SUCH_OBJECT:
159+ case LW_ERROR_DOMAIN_IS_OFFLINE:
160+ dwError = LW_ERROR_SUCCESS;
161+ break;
162+ default:
163+ BAIL_ON_LSA_ERROR(dwError);
164+ break;
165+ }
166+ break;
167+ default:
168+ BAIL_ON_LSA_ERROR(dwError);
169+ }
170+
171+ *ppObject = pCachedUser;
172+
173+cleanup:
174+
175+ return dwError;
176+
177+error:
178+
179+ *ppObject = NULL;
180+
181+ if (pCachedUser)
182+ {
183+ LsaUtilFreeSecurityObject(pCachedUser);
184+ }
185+
186+ goto cleanup;
187+}
188+
189+static
190+DWORD
191 AD_OnlineFindObjectsByName(
192 IN HANDLE hProvider,
193 IN LSA_FIND_FLAGS FindFlags,
194@@ -4100,7 +4206,6 @@
195 DWORD dwError = 0;
196 PLSA_LOGIN_NAME_INFO pUserNameInfo = NULL;
197 PSTR pszLoginId_copy = NULL;
198- PLSA_SECURITY_OBJECT pCachedUser = NULL;
199 DWORD dwIndex = 0;
200 PLSA_SECURITY_OBJECT* ppObjects = NULL;
201 LSA_QUERY_TYPE type = LSA_QUERY_TYPE_UNDEFINED;
202@@ -4145,77 +4250,74 @@
203 BAIL_ON_LSA_ERROR(dwError);
204 }
205
206- switch(ObjectType)
207- {
208- case LSA_OBJECT_TYPE_USER:
209- dwError = ADCacheFindUserByName(
210- gpLsaAdProviderState->hCacheConnection,
211- pUserNameInfo,
212- &pCachedUser);
213- break;
214- case LSA_OBJECT_TYPE_GROUP:
215- dwError = ADCacheFindGroupByName(
216- gpLsaAdProviderState->hCacheConnection,
217- pUserNameInfo,
218- &pCachedUser);
219- break;
220- default:
221- dwError = ADCacheFindUserByName(
222- gpLsaAdProviderState->hCacheConnection,
223- pUserNameInfo,
224- &pCachedUser);
225- if (dwError == LW_ERROR_NO_SUCH_USER ||
226- dwError == LW_ERROR_NOT_HANDLED)
227- {
228- dwError = ADCacheFindGroupByName(
229- gpLsaAdProviderState->hCacheConnection,
230- pUserNameInfo,
231- &pCachedUser);
232- }
233- break;
234- }
235-
236- if (dwError == LW_ERROR_SUCCESS)
237- {
238- dwError = AD_CheckExpiredObject(&pCachedUser);
239- }
240+ dwError = AD_OnlineFindObjectByName(
241+ hProvider,
242+ FindFlags,
243+ ObjectType,
244+ QueryType,
245+ pszLoginId_copy,
246+ pUserNameInfo,
247+ &ppObjects[dwIndex]);
248
249 switch (dwError)
250 {
251 case LW_ERROR_SUCCESS:
252- ppObjects[dwIndex] = pCachedUser;
253- pCachedUser = NULL;
254 break;
255 case LW_ERROR_NOT_HANDLED:
256 case LW_ERROR_NO_SUCH_USER:
257 case LW_ERROR_NO_SUCH_GROUP:
258 case LW_ERROR_NO_SUCH_OBJECT:
259- dwError = AD_FindObjectByNameTypeNoCache(
260- hProvider,
261- pszLoginId_copy,
262- pUserNameInfo->nameType,
263- ObjectType,
264- &pCachedUser);
265- switch (dwError)
266+ case LW_ERROR_NOT_SUPPORTED:
267+ ppObjects[dwIndex] = NULL;
268+ dwError = LW_ERROR_SUCCESS;
269+
270+ if (QueryType == LSA_QUERY_TYPE_BY_ALIAS &&
271+ AD_ShouldAssumeDefaultDomain())
272 {
273- case LW_ERROR_SUCCESS:
274- dwError = ADCacheStoreObjectEntry(
275- gpLsaAdProviderState->hCacheConnection,
276- pCachedUser);
277+ LW_SAFE_FREE_STRING(pszLoginId_copy);
278+ LsaFreeNameInfo(pUserNameInfo);
279+ pUserNameInfo = NULL;
280+
281+ dwError = LwAllocateStringPrintf(
282+ &pszLoginId_copy,
283+ "%s\\%s",
284+ gpADProviderData->szShortDomain,
285+ QueryList.ppszStrings[dwIndex]);
286 BAIL_ON_LSA_ERROR(dwError);
287
288- ppObjects[dwIndex] = pCachedUser;
289- pCachedUser = NULL;
290- break;
291- case LW_ERROR_NO_SUCH_USER:
292- case LW_ERROR_NO_SUCH_GROUP:
293- case LW_ERROR_NO_SUCH_OBJECT:
294- case LW_ERROR_DOMAIN_IS_OFFLINE:
295- dwError = LW_ERROR_SUCCESS;
296- break;
297- default:
298+ LwStrCharReplace(
299+ pszLoginId_copy,
300+ AD_GetSpaceReplacement(),
301+ ' ');
302+
303+ dwError = LsaCrackDomainQualifiedName(
304+ pszLoginId_copy,
305+ gpADProviderData->szDomain,
306+ &pUserNameInfo);
307 BAIL_ON_LSA_ERROR(dwError);
308- break;
309+
310+ dwError = AD_OnlineFindObjectByName(
311+ hProvider,
312+ FindFlags,
313+ ObjectType,
314+ LSA_QUERY_TYPE_BY_NT4,
315+ pszLoginId_copy,
316+ pUserNameInfo,
317+ &ppObjects[dwIndex]);
318+ switch (dwError)
319+ {
320+ case LW_ERROR_SUCCESS:
321+ break;
322+ case LW_ERROR_NOT_HANDLED:
323+ case LW_ERROR_NO_SUCH_USER:
324+ case LW_ERROR_NO_SUCH_GROUP:
325+ case LW_ERROR_NO_SUCH_OBJECT:
326+ ppObjects[dwIndex] = NULL;
327+ dwError = LW_ERROR_SUCCESS;
328+ break;
329+ default:
330+ BAIL_ON_LSA_ERROR(dwError);
331+ }
332 }
333 break;
334 default:
0335
=== added file 'debian/patches/disable_dcerpc_auto_start.diff'
--- debian/patches/disable_dcerpc_auto_start.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/disable_dcerpc_auto_start.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,26 @@
1Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c
2===================================================================
3--- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:54:32.000000000 -0500
4+++ likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:55:33.000000000 -0500
5@@ -801,7 +801,7 @@
6 DWORD dwLogLevel;
7 BOOLEAN showHelp = FALSE;
8 BOOLEAN showInternalHelp = FALSE;
9- BOOLEAN bEnableDcerpcd = TRUE;
10+ BOOLEAN bEnableDcerpcd = FALSE;
11 int remainingArgs = argc;
12 char **argPos = argv;
13 int i;
14Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c
15===================================================================
16--- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:54:32.000000000 -0500
17+++ likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:55:42.000000000 -0500
18@@ -589,7 +589,7 @@
19
20 gtk_init(&argc, &argv);
21
22- LW_TRY(&exc, DJNetInitialize(TRUE, &LW_EXC));
23+ LW_TRY(&exc, DJNetInitialize(FALSE, &LW_EXC));
24
25 do
26 {
027
=== added file 'debian/patches/ignore_group_update_failure_on_leave.diff'
--- debian/patches/ignore_group_update_failure_on_leave.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/ignore_group_update_failure_on_leave.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,37 @@
1commit 69148891011976fa239773af570c123023ac27ab
2Author: Gerald W. Carter <gcarter@likewiseopen.org>
3Date: Thu Apr 8 21:05:23 2010 +0000
4
5 lsass: Don't fail a "leave" if we cannot remove the domain groups from the builtin groups
6
7 Occurs in certain upgrade scenarios where "Domain {Admins,Users}" was not
8 added into the "Builtin\{Administrators,Users}" group
9
10 (lsass: r43096)
11
12diff --git a/lsass/join/join.c b/lsass/join/join.c
13index 0a694dc..ecafa4b 100644
14--- a/lsass/join/join.c
15+++ b/lsass/join/join.c
16@@ -725,13 +725,19 @@ LsaChangeDomainGroupMembership(
17 }
18 else
19 {
20+ // This should not cause the join to fail even if we cannot
21+ // remove the group members
22+
23 ntStatus = SamrDeleteAliasMember(hSamrBinding,
24 hAlias,
25 (*ppSid));
26- if (ntStatus == STATUS_MEMBER_NOT_IN_ALIAS)
27+ if ((ntStatus != STATUS_SUCCESS) &&
28+ (ntStatus != STATUS_NO_SUCH_MEMBER))
29 {
30- ntStatus = STATUS_SUCCESS;
31+ // Perhaps log an error here
32+ ;
33 }
34+ ntStatus = STATUS_SUCCESS;
35 }
36 BAIL_ON_NT_STATUS(ntStatus);
37 }
038
=== added file 'debian/patches/lsass_turn_off_ncacn_ip_tcp.diff'
--- debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,39 @@
1Index: likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c
2===================================================================
3--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:55:19.000000000 -0500
4+++ likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:56:31.000000000 -0500
5@@ -118,7 +118,7 @@
6
7 ENDPOINT EndPoints[] = {
8 { "ncacn_np", "\\\\pipe\\\\lsass" },
9- { "ncacn_ip_tcp", NULL },
10+ // { "ncacn_ip_tcp", NULL },
11 { NULL, NULL }
12 };
13 DWORD dwError = 0;
14Index: likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c
15===================================================================
16--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:55:19.000000000 -0500
17+++ likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:56:06.000000000 -0500
18@@ -119,7 +119,7 @@
19 ENDPOINT EndPoints[] = {
20 { "ncacn_np", "\\\\pipe\\\\lsarpc" },
21 { "ncacn_np", "\\\\pipe\\\\lsass" },
22- { "ncacn_ip_tcp", NULL },
23+ // { "ncacn_ip_tcp", NULL },
24 { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */
25 { NULL, NULL }
26 };
27Index: likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c
28===================================================================
29--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:19.000000000 -0500
30+++ likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:51.000000000 -0500
31@@ -121,7 +121,7 @@
32 PCSTR pszDescription = "Security Accounts Manager";
33 ENDPOINT EndPoints[] = {
34 { "ncacn_np", "\\\\pipe\\\\samr" },
35- { "ncacn_ip_tcp", NULL },
36+ // { "ncacn_ip_tcp", NULL },
37 { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */
38 { NULL, NULL }
39 };
040
=== added file 'debian/patches/lwupgrade_multi_sz.diff'
--- debian/patches/lwupgrade_multi_sz.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/lwupgrade_multi_sz.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,77 @@
1commit a1812bb292173c1e7265b6ab523a0df78b1010d5
2Author: Scott Salley <ssalley@likewise.com>
3Date: Mon May 3 23:14:34 2010 +0000
4
5 Merge: -c 43867 ^/trunk/Platform -> ~/branches/lwidentity-5.4
6
7 Multistring handling was extremely poor, now it is a bit better.
8
9 (lwupgrade: r43874)
10
11diff --git a/lwupgrade/utils/convert.c b/lwupgrade/utils/convert.c
12index f399d93..381bb03 100644
13--- a/lwupgrade/utils/convert.c
14+++ b/lwupgrade/utils/convert.c
15@@ -47,12 +47,18 @@ UpStringToMultiString(
16 DWORD i = 0;
17 DWORD j = 0;
18 PSTR pszCompactIn = NULL;
19- DWORD dwLength = 0;
20
21- // First, remove all whitespace from the string.
22- dwError = LwAllocateString(pszIn, &pszCompactIn);
23+ // Make a copy of the string, reserving enough space for terminator.
24+ dwError = LwAllocateMemory(strlen(pszIn) + 2, (PVOID*)&pszCompactIn);
25 BAIL_ON_UP_ERROR(dwError);
26
27+ memcpy(pszCompactIn, pszIn, strlen(pszIn) + 1);
28+
29+ // First, remove all whitespace from the string.
30+ //dwError = LwAllocateString(pszIn, &pszCompactIn);
31+ //BAIL_ON_UP_ERROR(dwError);
32+
33+
34 i = 0;
35 j = 0;
36 while (pszCompactIn[i])
37@@ -79,16 +85,20 @@ UpStringToMultiString(
38 bCharacterIsDelimiter = TRUE;
39 }
40
41+ // Don't want to delimiters in a row.
42 if (!(bPreviousCharacterIsDelimiter && bCharacterIsDelimiter))
43 {
44 pszCompactIn[j++] = pszCompactIn[i];
45- bPreviousCharacterIsDelimiter = bCharacterIsDelimiter;
46 }
47+
48+ bPreviousCharacterIsDelimiter = bCharacterIsDelimiter;
49 i++;
50 }
51+ pszCompactIn[j++] = '\0';
52
53
54 // Finally, replace all delmiters with '\0'.
55+ i = 0;
56 while (pszCompactIn[i])
57 {
58 if (strchr(pszDelims, pszCompactIn[i]))
59@@ -97,17 +107,7 @@ UpStringToMultiString(
60 }
61 i++;
62 }
63-
64- // Third, remove all 'empty' strings.
65- dwLength = i;
66- while (i < dwLength - 1)
67- {
68- if (!pszCompactIn[i] && !pszCompactIn[i + 1])
69- {
70- pszCompactIn[j++] = pszCompactIn[i];
71- }
72- i++;
73- }
74+ pszCompactIn[i+1] = '\0';
75
76 cleanup:
77
078
=== added file 'debian/patches/offline_v2.diff'
--- debian/patches/offline_v2.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/offline_v2.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,201 @@
1Index: likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c
2===================================================================
3--- likewise-open-5.4.0.42111.orig/lsass/common/utils/lsalist.c 2010-06-17 22:17:40.000000000 -0700
4+++ likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c 2010-06-17 22:20:26.000000000 -0700
5@@ -106,6 +106,7 @@
6 {
7 Element->Prev->Next = Element->Next;
8 Element->Next->Prev = Element->Prev;
9+ LsaListInit(Element);
10 }
11
12 LSA_LIST_LINKS*
13Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c
14===================================================================
15--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:17:40.000000000 -0700
16+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:20:50.000000000 -0700
17@@ -111,7 +111,7 @@
18 &pszNT4UserName,
19 "%s\\%s",
20 pUserInfo->pszNetbiosDomainName,
21- pUserInfo->userInfo.pszUPN);
22+ pUserInfo->pszSamAccountName);
23 BAIL_ON_LSA_ERROR(dwError);
24
25 dwError = LsaUmAddUser(
26@@ -592,11 +592,6 @@
27 break;
28 }
29
30- if (dwError == LW_ERROR_SUCCESS)
31- {
32- dwError = AD_CheckExpiredObject(&pCachedUser);
33- }
34-
35 switch (dwError)
36 {
37 case LW_ERROR_SUCCESS:
38@@ -681,10 +676,6 @@
39 dwError = LW_ERROR_INVALID_PARAMETER;
40 BAIL_ON_LSA_ERROR(dwError);
41 }
42- if (dwError == LW_ERROR_SUCCESS)
43- {
44- dwError = AD_CheckExpiredObject(&pCachedUser);
45- }
46
47 switch (dwError)
48 {
49@@ -834,10 +825,19 @@
50 PLSA_GROUP_MEMBERSHIP* ppMemberships = NULL;
51 // Only free top level array, do not free string pointers.
52 PSTR pszGroupSid = NULL;
53- PLSA_SECURITY_OBJECT pUserInfo = NULL;
54+ PLSA_SECURITY_OBJECT* ppUserObject = NULL;
55 DWORD dwIndex = 0;
56
57- dwError = AD_FindObjectBySid(hProvider, pszSid, &pUserInfo);
58+ dwError = AD_OfflineFindObjectsBySidList(
59+ 1,
60+ &pszSid,
61+ &ppUserObject);
62+ BAIL_ON_LSA_ERROR(dwError);
63+
64+ if (!ppUserObject[0])
65+ {
66+ dwError = LW_ERROR_NO_SUCH_USER;
67+ }
68 BAIL_ON_LSA_ERROR(dwError);
69
70 dwError = ADCacheGetGroupsForUser(
71@@ -874,7 +874,7 @@
72 cleanup:
73
74 LW_SAFE_FREE_MEMORY(pszGroupSid);
75- ADCacheSafeFreeObject(&pUserInfo);
76+ ADCacheSafeFreeObjectList(1, &ppUserObject);
77 ADCacheSafeFreeGroupMembershipList(sMembershipCount, &ppMemberships);
78
79 return dwError;
80Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c
81===================================================================
82--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:17:40.000000000 -0700
83+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:20:50.000000000 -0700
84@@ -4161,7 +4161,6 @@
85 case LW_ERROR_NO_SUCH_USER:
86 case LW_ERROR_NO_SUCH_GROUP:
87 case LW_ERROR_NO_SUCH_OBJECT:
88- case LW_ERROR_DOMAIN_IS_OFFLINE:
89 dwError = LW_ERROR_SUCCESS;
90 break;
91 default:
92@@ -4426,7 +4425,6 @@
93 case LW_ERROR_NO_SUCH_USER:
94 case LW_ERROR_NO_SUCH_GROUP:
95 case LW_ERROR_NO_SUCH_OBJECT:
96- case LW_ERROR_DOMAIN_IS_OFFLINE:
97 dwError = LW_ERROR_SUCCESS;
98 break;
99 default:
100Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c
101===================================================================
102--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:17:40.000000000 -0700
103+++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:20:50.000000000 -0700
104@@ -3498,7 +3498,11 @@
105
106 if (AD_IsOffline())
107 {
108- dwError = AD_OfflineFindObjects(
109+ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
110+ }
111+ else
112+ {
113+ dwError = AD_OnlineFindObjects(
114 hProvider,
115 FindFlags,
116 ObjectType,
117@@ -3506,11 +3510,11 @@
118 dwCount,
119 QueryList,
120 &ppObjects);
121- BAIL_ON_LSA_ERROR(dwError);
122 }
123- else
124+
125+ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
126 {
127- dwError = AD_OnlineFindObjects(
128+ dwError = AD_OfflineFindObjects(
129 hProvider,
130 FindFlags,
131 ObjectType,
132@@ -3518,8 +3522,8 @@
133 dwCount,
134 QueryList,
135 &ppObjects);
136- BAIL_ON_LSA_ERROR(dwError);
137 }
138+ BAIL_ON_LSA_ERROR(dwError);
139
140 if (ppObjects)
141 {
142@@ -3704,24 +3708,28 @@
143
144 if (AD_IsOffline())
145 {
146- dwError = AD_OfflineGetGroupMemberSids(
147+ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
148+ }
149+ else
150+ {
151+ dwError = AD_OnlineGetGroupMemberSids(
152 hProvider,
153 FindFlags,
154 pszSid,
155 &pEnum->dwSidCount,
156 &pEnum->ppszSids);
157- BAIL_ON_LSA_ERROR(dwError);
158 }
159- else
160+
161+ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
162 {
163- dwError = AD_OnlineGetGroupMemberSids(
164+ dwError = AD_OfflineGetGroupMemberSids(
165 hProvider,
166 FindFlags,
167 pszSid,
168 &pEnum->dwSidCount,
169 &pEnum->ppszSids);
170- BAIL_ON_LSA_ERROR(dwError);
171 }
172+ BAIL_ON_LSA_ERROR(dwError);
173
174 *phEnum = pEnum;
175
176@@ -3817,7 +3825,11 @@
177
178 if (AD_IsOffline())
179 {
180- dwError = AD_OfflineQueryMemberOf(
181+ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
182+ }
183+ else
184+ {
185+ dwError = AD_OnlineQueryMemberOf(
186 hProvider,
187 FindFlags,
188 dwSidCount,
189@@ -3825,9 +3837,10 @@
190 pdwGroupSidCount,
191 pppszGroupSids);
192 }
193- else
194+
195+ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
196 {
197- dwError = AD_OnlineQueryMemberOf(
198+ dwError = AD_OfflineQueryMemberOf(
199 hProvider,
200 FindFlags,
201 dwSidCount,
0202
=== added file 'debian/patches/reg_import_multi_sz.diff'
--- debian/patches/reg_import_multi_sz.diff 1970-01-01 00:00:00 +0000
+++ debian/patches/reg_import_multi_sz.diff 2010-10-21 19:02:54 +0000
@@ -0,0 +1,14 @@
1diff --git a/lwreg/parse/reglex.c b/lwreg/parse/reglex.c
2index 8d01668..747c9c6 100644
3--- a/lwreg/parse/reglex.c
4+++ b/lwreg/parse/reglex.c
5@@ -449,7 +449,8 @@ RegLexParseBackslash(
6 dwError = RegIOUnGetChar(ioHandle, NULL);
7 }
8 }
9- else if (lexHandle->state == REGLEX_STATE_IN_QUOTE)
10+
11+ if (lexHandle->state == REGLEX_STATE_IN_QUOTE)
12 {
13 /*
14 * Treat sequence '\C' (C=any character) as
015
=== modified file 'debian/patches/series'
--- debian/patches/series 2010-10-04 11:27:30 +0000
+++ debian/patches/series 2010-10-21 19:02:54 +0000
@@ -14,5 +14,12 @@
14autoreconf_dcerpc.diff14autoreconf_dcerpc.diff
15correct_lsass_configure_platform_detection.patch15correct_lsass_configure_platform_detection.patch
16autoreconf_lsass.conf16autoreconf_lsass.conf
17ignore_group_update_failure_on_leave.diff
18#lsass_turn_off_ncacn_ip_tcp.diff
19#disable_dcerpc_auto_start.diff
20lwupgrade_multi_sz.diff
21assume_default_domain.diff
22reg_import_multi_sz.diff
23offline_v2.diff
17lp-security-CVE-2010-0833.diff24lp-security-CVE-2010-0833.diff
18disable-mac-IP-to-fix-ftbfs.diff25disable-mac-IP-to-fix-ftbfs.diff

Subscribers

People subscribed via source and target branches

to all changes: