Ubuntu
likewise-open package

Merge lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272 into lp:ubuntu/maverick/likewise-open

  1. Maverick (10.10)
  2. likewise-open.fix627272
  3. Merge into maverick
Proposed by Scott Salley
Status: Needs review
Proposed branch: lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272
Merge into: lp:ubuntu/maverick/likewise-open
Diff against target: 958 lines (+806/-26)
13 files modified
debian/changelog (+27/-0)
debian/control (+3/-2)
debian/likewise-open.postinst (+23/-17)
debian/likewise-open.preinst (+9/-7)
debian/likewise-open.prerm (+9/-0)
debian/patches/assume_default_domain.diff (+334/-0)
debian/patches/disable_dcerpc_auto_start.diff (+26/-0)
debian/patches/ignore_group_update_failure_on_leave.diff (+37/-0)
debian/patches/lsass_turn_off_ncacn_ip_tcp.diff (+39/-0)
debian/patches/lwupgrade_multi_sz.diff (+77/-0)
debian/patches/offline_v2.diff (+201/-0)
debian/patches/reg_import_multi_sz.diff (+14/-0)
debian/patches/series (+7/-0)
To merge this branch: bzr merge lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272
Reviewer Review Type Date Requested Status
Dustin Kirkland  Needs Fixing
Review via email: mp+38741@code.launchpad.net

Description of the change

These changes have been sitting in a PPA and tested by users and our QA team on Lucid for a long while and on Maverick for a little while. Unfortunately, no one created a branch and tried to get them merged, so I'm doing so now a day late and dollar short. These changes are good for both Lucid and Maverick.

The changelog describes the changes in more detail but here is a short summary of fixed bugs:
lp:534629 AssumeDefaultDomain does not work
lp:575152 RequireMembershipOf Does Not Work
lp:591893 likewise-open depends on psmisc
lp:605326 Likewise open 5 or 6 conflicts with winbind
lp:572271 CacheEntryExpire setting ignored & default value of 4 hours is too
low
lp:574443 likewise-open5 upgrade mangles RequireMembershipOf settings

Additionally, many bugs dealing with installation and upgrading were corrected but matching them up to bug reports is difficult to do reproducibility.

To post a comment you must log in.
lp:~ssalley/ubuntu/maverick/likewise-open/likewise-open.fix627272 updated
21. By Scott Salley

Forgot to add the patches -- clueless with bzr/git.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Hi there Scott,

Reviewing this merge proposal, a couple of comments...
 1) To note that a bug is fixed in the changelog, please use this syntax: "LP: #575019", rather than "LP BUG 575019"
 2) Usually, SRUs are held to a pretty tight standard, typically fixing one or two issues; this merge fixes 9 bugs
 3) Each of those 9 bugs are going to need an SRU statement in the main body, explaining a) the impact, b) an explanation of how the bug is fixed, c) a pointer to the commit or minimal patch that solves that one issue, d) detailed instructions on how to reproduce the bug, e) a description of the regression potential
   - See: https://wiki.ubuntu.com/StableReleaseUpdates

I'll be happy to sponsor this as soon as (1) is trivially fixed in your branch, and as soon as each bug is updated per (2). Then, the package will go into the -proposed queue, and we'll need you or someone else to go through each of those 9 bugs and work their way through the reproduce instructions, noting if the new package fixes the known bugs and does cause regression.

Thanks!
Dustin

review: Needs Fixing
Reply

Unmerged revisions

21. By Scott Salley

Forgot to add the patches -- clueless with bzr/git.

20. By Scott Salley

Linking bugs.

19. By Scott Salley

* patches/ignore_group_update_failure_on_leave.diff: Added upstream patch
  to prevent "domainjoin-XXX leave" from failing if user/admin domain
  groups could not be removed from the builtin user/admin groups
  (LP BUG 575019)
* patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain
  (LP BUG 534629)
* patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271)
* patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values
  more robust (e.g. "RequireMembershipOf" LP BUG 574443)
* patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings
  that use the "\" character (LP BUG 575152)
* Added missing dependencies that prevent distribution and package upgrades
  from succeeding:
  - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
  - debian/control: Added psmisc (LP BUG 591893)
* Added statements to kill hung daemons that may prevent distribution and
  package upgrades from succeeding (LP BUG 621980):
  - debian/control: Added procps for pkill
  - debian/likewise-open.postinst, debian/likewise-open.preinst: Added
    explict kill for daemons that may hang
* debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
  like Scott Salley to handle likewise-open.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-10-04 11:27:30 +0000
3+++ debian/changelog 2010-10-21 19:02:54 +0000
4@@ -1,3 +1,30 @@
5+likewise-open (5.4.0.42111-2ubuntu3) maverick; urgency=low
6+
7+ * patches/ignore_group_update_failure_on_leave.diff: Added upstream patch
8+ to prevent "domainjoin-XXX leave" from failing if user/admin domain
9+ groups could not be removed from the builtin user/admin groups
10+ (LP BUG 575019)
11+ * patches/assume_default_domain.diff: Fix regression in AssumeDefaultDomain
12+ (LP BUG 534629)
13+ * patches/offline_v2.diff: Additional offline logon fixes (LP BUG 572271)
14+ * patches/lwupgrade_mulit_sz.diff: Make preservation of multi-string values
15+ more robust (e.g. "RequireMembershipOf" LP BUG 574443)
16+ * patches/reg_import_multi_sz.diff: Fix importing REG_MULTI_SZ strings
17+ that use the "\" character (LP BUG 575152)
18+ * Added missing dependencies that prevent distribution and package upgrades
19+ from succeeding:
20+ - debian/control: Added libpam-runtime (LP BUG 627272, LP BUG 625105)
21+ - debian/control: Added psmisc (LP BUG 591893)
22+ * Added statements to kill hung daemons that may prevent distribution and
23+ package upgrades from succeeding (LP BUG 621980):
24+ - debian/control: Added procps for pkill
25+ - debian/likewise-open.postinst, debian/likewise-open.preinst: Added
26+ explict kill for daemons that may hang
27+ * debian/control: Modified XSBC-Original-Maintainer as Gerald Cater would
28+ like Scott Salley to handle likewise-open.
29+
30+ -- Scott Salley <ssalley@likewise.com> Wed, 13 Oct 2010 17:24:08 -0700
31+
32 likewise-open (5.4.0.42111-2ubuntu2) maverick; urgency=low
33
34 * debian/patches/disable-mac-IP-to-fix-ftbfs.diff:
35
36=== modified file 'debian/control'
37--- debian/control 2010-04-09 12:30:18 +0000
38+++ debian/control 2010-10-21 19:02:54 +0000
39@@ -2,7 +2,7 @@
40 Section: net
41 Priority: optional
42 Maintainer: Chuck Short <zulcss@ubuntu.com>
43-XSBC-Original-Maintainer: Gerald Carter <gcarter@likewise.com>
44+XSBC-Original-Maintainer: Scott Salley <ssalley@likewise.com>
45 Build-Depends: autoconf (>=2.53), automake, bison, debhelper (>= 7),
46 libglade2-dev, libncurses5-dev, libpam0g-dev, libpam-runtime,
47 libssl-dev, libtool, libsqlite3-dev, uuid-dev, quilt, rsync, libxml2,
48@@ -69,7 +69,8 @@
49
50 Package: likewise-open
51 Architecture: any
52-Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user
53+Depends: ${shlibs:Depends}, ${misc:Depends}, krb5-user, psmisc, libpam-runtime,
54+ procps
55 Suggests: likewise-open-gui
56 Provides: likewise-open, likewise-open5
57 Conflicts: likewise-open,
58
59=== modified file 'debian/likewise-open.postinst'
60--- debian/likewise-open.postinst 2010-07-21 13:54:00 +0000
61+++ debian/likewise-open.postinst 2010-10-21 19:02:54 +0000
62@@ -63,8 +63,9 @@
63
64 $DOMAINJOIN configure --enable nsswitch > /dev/null 2>&1
65 $DOMAINJOIN configure --enable ssh > /dev/null 2>&1
66- $DOMAINJOIN configure --long `hostname --long` --short `hostname --short` \
67- --enable krb5 > /dev/null 2>&1
68+ $DOMAINJOIN configure --long `hostname --long` \
69+ --short `hostname --short` \
70+ --enable krb5 > /dev/null 2>&1
71 }
72
73 case "$1" in
74@@ -79,14 +80,18 @@
75 ;;
76
77 configure)
78- if [ -z "`pidof lwsmd`" ]; then
79- $LWSMD start
80- else
81- $LWSM stop lwreg
82- $LWSMD restart
83- fi
84- ## Ensure lwregd is started
85- $LWSM start lwreg
86+ # All daemons should be gone -- but sometimes they hang.
87+ pkill -KILL -x srvsvcd > /dev/null 2>&1 || true
88+ pkill -KILL -x lsassd > /dev/null 2>&1 || true
89+ pkill -KILL -x lwiod > /dev/null 2>&1 || true
90+ pkill -KILL -x netlogond > /dev/null 2>&1 || true
91+ pkill -KILL -x eventlogd > /dev/null 2>&1 || true
92+ pkill -KILL -x dcerpcd > /dev/null 2>&1 || true
93+ pkill -KILL -x netlogond > /dev/null 2>&1 || true
94+ pkill -KILL -x lwsmd > /dev/null 2>&1 || true
95+ pkill -KILL -x lwregd > /dev/null 2>&1 || true
96+
97+ /usr/sbin/lwsmd --start-as-daemon
98
99 $REGSHELL upgrade /etc/likewise-open/dcerpcd.reg
100 $REGSHELL upgrade /etc/likewise-open/eventlogd.reg
101@@ -97,8 +102,6 @@
102 $REGSHELL upgrade /etc/likewise-open/pstore.reg
103 $REGSHELL upgrade /etc/likewise-open/srvsvcd.reg
104
105- $LWSMD reload
106-
107 if [ -n "$2" ]; then
108 if dpkg --compare-versions "$2" le "4.1.2982-0ubuntu3"; then
109 if [ -f "${UPGRADEDIR4}/lwiauthd.conf" -a \
110@@ -110,13 +113,16 @@
111 if [ -d "${UPGRADEDIR5}" ]; then
112 import_machine_account_5_0
113 fi
114- fi
115-
116- $LWSM start lsass || true
117-
118- # This will start all the sevices and hook things up in /etc/rc[0-6].d
119+ fi
120+
121+ /etc/init.d/lwsmd stop
122+
123+ /etc/init.d/lwsmd start
124+
125 $DOMAINJOIN query > /dev/null 2>&1
126
127+ /usr/bin/lwsm start lsass || true
128+
129 pam-auth-update --package
130 ;;
131 esac
132
133=== modified file 'debian/likewise-open.preinst'
134--- debian/likewise-open.preinst 2010-01-05 16:21:34 +0000
135+++ debian/likewise-open.preinst 2010-10-21 19:02:54 +0000
136@@ -62,13 +62,15 @@
137
138 # remove obsolete conffiles from previous versions
139 if dpkg --compare-versions "$2" lt-nl "5.4.0"; then
140- # from 4.1
141- rm_conffile /etc/samba/lwiauthd.conf
142- rm_conffile /etc/security/pam_lwidentity.conf
143- rm_conffile /etc/default/likewise-open
144- rm_conffile /etc/init.d/likewise-open
145- # from 5.0
146- rm_conffile /etc/init.d/npcmuxd
147+
148+ # from 4.1
149+ rm_conffile /etc/samba/lwiauthd.conf
150+ rm_conffile /etc/security/pam_lwidentity.conf
151+ rm_conffile /etc/default/likewise-open
152+ rm_conffile /etc/init.d/likewise-open
153+
154+ # from 5.0
155+ rm_conffile /etc/init.d/npcmuxd
156 fi
157 ;;
158
159
160=== modified file 'debian/likewise-open.prerm'
161--- debian/likewise-open.prerm 2010-01-05 16:21:34 +0000
162+++ debian/likewise-open.prerm 2010-10-21 19:02:54 +0000
163@@ -26,6 +26,15 @@
164 $LWSMD stop
165 fi
166
167+ pkill -KILL -x srvsvcd > /dev/null 2>&1 || true
168+ pkill -KILL -x lsassd > /dev/null 2>&1 || true
169+ pkill -KILL -x lwiod > /dev/null 2>&1 || true
170+ pkill -KILL -x netlogond > /dev/null 2>&1 || true
171+ pkill -KILL -x eventlogd > /dev/null 2>&1 || true
172+ pkill -KILL -x dcerpcd > /dev/null 2>&1 || true
173+ pkill -KILL -x lwsmd > /dev/null 2>&1 || true
174+ pkill -KILL -x lwregd > /dev/null 2>&1 || true
175+
176 ;;
177
178 failed-upgrade)
179
180=== added file 'debian/patches/assume_default_domain.diff'
181--- debian/patches/assume_default_domain.diff 1970-01-01 00:00:00 +0000
182+++ debian/patches/assume_default_domain.diff 2010-10-21 19:02:54 +0000
183@@ -0,0 +1,334 @@
184+commit d1cba75403be0af010b5df5ba22a1d0704f29fc3
185+Author: Brian Koropoff <bkoropoff@likewise.com>
186+Date: Wed May 5 22:21:47 2010 +0000
187+
188+ svn merge -c 43891 /Platform/src/linux/lsass/server/auth-providers/ad-open-provider -> src/linux/lsass/server/auth-providers/ad-provider
189+
190+ (lsass: r43911)
191+
192+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c
193+===================================================================
194+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:00.000000000 +0200
195++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/ad_marshal_group.c 2010-05-07 08:37:03.000000000 +0200
196+@@ -59,12 +59,17 @@
197+ PSTR pszResult = NULL;
198+
199+ if(pObject->type == LSA_OBJECT_TYPE_GROUP &&
200+- !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName))
201++ !LW_IS_NULL_OR_EMPTY_STR(pObject->groupInfo.pszAliasName))
202+ {
203+ dwError = LwAllocateString(
204+ pObject->groupInfo.pszAliasName,
205+ &pszResult);
206+ BAIL_ON_LSA_ERROR(dwError);
207++
208++ LwStrCharReplace(
209++ pszResult,
210++ ' ',
211++ AD_GetSpaceReplacement());
212+ }
213+ else if(pObject->type == LSA_OBJECT_TYPE_USER &&
214+ !LW_IS_NULL_OR_EMPTY_STR(pObject->userInfo.pszAliasName))
215+@@ -73,6 +78,11 @@
216+ pObject->userInfo.pszAliasName,
217+ &pszResult);
218+ BAIL_ON_LSA_ERROR(dwError);
219++
220++ LwStrCharReplace(
221++ pszResult,
222++ ' ',
223++ AD_GetSpaceReplacement());
224+ }
225+ else
226+ {
227+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c
228+===================================================================
229+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:00.000000000 +0200
230++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/batch_marshal.c 2010-05-07 08:37:03.000000000 +0200
231+@@ -580,6 +580,28 @@
232+ BAIL_ON_LSA_ERROR(dwError);
233+ }
234+
235++ /* Fix up alias fields when in AssumeDefaultDomain mode */
236++ if (AD_ShouldAssumeDefaultDomain() &&
237++ pObject->enabled &&
238++ ((pObject->type == LSA_OBJECT_TYPE_USER &&
239++ !pObject->userInfo.pszAliasName) ||
240++ (pObject->type == LSA_OBJECT_TYPE_GROUP &&
241++ !pObject->groupInfo.pszAliasName)) &&
242++ !strcmp(pObject->pszNetbiosDomainName, gpADProviderData->szShortDomain))
243++ {
244++ dwError = LwAllocateString(
245++ pObject->pszSamAccountName,
246++ pObject->type == LSA_OBJECT_TYPE_USER ?
247++ &pObject->userInfo.pszAliasName : &pObject->groupInfo.pszAliasName);
248++ BAIL_ON_LSA_ERROR(dwError);
249++
250++ LwStrCharReplace(
251++ pObject->type == LSA_OBJECT_TYPE_USER ?
252++ pObject->userInfo.pszAliasName : pObject->groupInfo.pszAliasName,
253++ ' ',
254++ AD_GetSpaceReplacement());
255++ }
256++
257+ cleanup:
258+ *ppObject = pObject;
259+ return dwError;
260+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c
261+===================================================================
262+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:00.000000000 +0200
263++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-05-07 08:37:03.000000000 +0200
264+@@ -4087,6 +4087,112 @@
265+
266+ static
267+ DWORD
268++AD_OnlineFindObjectByName(
269++ IN HANDLE hProvider,
270++ IN LSA_FIND_FLAGS FindFlags,
271++ IN OPTIONAL LSA_OBJECT_TYPE ObjectType,
272++ IN LSA_QUERY_TYPE QueryType,
273++ IN PCSTR pszLoginName,
274++ IN PLSA_LOGIN_NAME_INFO pUserNameInfo,
275++ OUT PLSA_SECURITY_OBJECT* ppObject
276++ )
277++{
278++ DWORD dwError = 0;
279++ PLSA_SECURITY_OBJECT pCachedUser = NULL;
280++
281++ switch(ObjectType)
282++ {
283++ case LSA_OBJECT_TYPE_USER:
284++ dwError = ADCacheFindUserByName(
285++ gpLsaAdProviderState->hCacheConnection,
286++ pUserNameInfo,
287++ &pCachedUser);
288++ break;
289++ case LSA_OBJECT_TYPE_GROUP:
290++ dwError = ADCacheFindGroupByName(
291++ gpLsaAdProviderState->hCacheConnection,
292++ pUserNameInfo,
293++ &pCachedUser);
294++ break;
295++ default:
296++ dwError = ADCacheFindUserByName(
297++ gpLsaAdProviderState->hCacheConnection,
298++ pUserNameInfo,
299++ &pCachedUser);
300++ if (dwError == LW_ERROR_NO_SUCH_USER ||
301++ dwError == LW_ERROR_NOT_HANDLED)
302++ {
303++ dwError = ADCacheFindGroupByName(
304++ gpLsaAdProviderState->hCacheConnection,
305++ pUserNameInfo,
306++ &pCachedUser);
307++ }
308++ break;
309++ }
310++
311++ if (dwError == LW_ERROR_SUCCESS)
312++ {
313++ dwError = AD_CheckExpiredObject(&pCachedUser);
314++ }
315++
316++ switch (dwError)
317++ {
318++ case LW_ERROR_SUCCESS:
319++ break;
320++ case LW_ERROR_NOT_HANDLED:
321++ case LW_ERROR_NO_SUCH_USER:
322++ case LW_ERROR_NO_SUCH_GROUP:
323++ case LW_ERROR_NO_SUCH_OBJECT:
324++ dwError = AD_FindObjectByNameTypeNoCache(
325++ hProvider,
326++ pszLoginName,
327++ pUserNameInfo->nameType,
328++ ObjectType,
329++ &pCachedUser);
330++ switch (dwError)
331++ {
332++ case LW_ERROR_SUCCESS:
333++ dwError = ADCacheStoreObjectEntry(
334++ gpLsaAdProviderState->hCacheConnection,
335++ pCachedUser);
336++ BAIL_ON_LSA_ERROR(dwError);
337++
338++ break;
339++ case LW_ERROR_NO_SUCH_USER:
340++ case LW_ERROR_NO_SUCH_GROUP:
341++ case LW_ERROR_NO_SUCH_OBJECT:
342++ case LW_ERROR_DOMAIN_IS_OFFLINE:
343++ dwError = LW_ERROR_SUCCESS;
344++ break;
345++ default:
346++ BAIL_ON_LSA_ERROR(dwError);
347++ break;
348++ }
349++ break;
350++ default:
351++ BAIL_ON_LSA_ERROR(dwError);
352++ }
353++
354++ *ppObject = pCachedUser;
355++
356++cleanup:
357++
358++ return dwError;
359++
360++error:
361++
362++ *ppObject = NULL;
363++
364++ if (pCachedUser)
365++ {
366++ LsaUtilFreeSecurityObject(pCachedUser);
367++ }
368++
369++ goto cleanup;
370++}
371++
372++static
373++DWORD
374+ AD_OnlineFindObjectsByName(
375+ IN HANDLE hProvider,
376+ IN LSA_FIND_FLAGS FindFlags,
377+@@ -4100,7 +4206,6 @@
378+ DWORD dwError = 0;
379+ PLSA_LOGIN_NAME_INFO pUserNameInfo = NULL;
380+ PSTR pszLoginId_copy = NULL;
381+- PLSA_SECURITY_OBJECT pCachedUser = NULL;
382+ DWORD dwIndex = 0;
383+ PLSA_SECURITY_OBJECT* ppObjects = NULL;
384+ LSA_QUERY_TYPE type = LSA_QUERY_TYPE_UNDEFINED;
385+@@ -4145,77 +4250,74 @@
386+ BAIL_ON_LSA_ERROR(dwError);
387+ }
388+
389+- switch(ObjectType)
390+- {
391+- case LSA_OBJECT_TYPE_USER:
392+- dwError = ADCacheFindUserByName(
393+- gpLsaAdProviderState->hCacheConnection,
394+- pUserNameInfo,
395+- &pCachedUser);
396+- break;
397+- case LSA_OBJECT_TYPE_GROUP:
398+- dwError = ADCacheFindGroupByName(
399+- gpLsaAdProviderState->hCacheConnection,
400+- pUserNameInfo,
401+- &pCachedUser);
402+- break;
403+- default:
404+- dwError = ADCacheFindUserByName(
405+- gpLsaAdProviderState->hCacheConnection,
406+- pUserNameInfo,
407+- &pCachedUser);
408+- if (dwError == LW_ERROR_NO_SUCH_USER ||
409+- dwError == LW_ERROR_NOT_HANDLED)
410+- {
411+- dwError = ADCacheFindGroupByName(
412+- gpLsaAdProviderState->hCacheConnection,
413+- pUserNameInfo,
414+- &pCachedUser);
415+- }
416+- break;
417+- }
418+-
419+- if (dwError == LW_ERROR_SUCCESS)
420+- {
421+- dwError = AD_CheckExpiredObject(&pCachedUser);
422+- }
423++ dwError = AD_OnlineFindObjectByName(
424++ hProvider,
425++ FindFlags,
426++ ObjectType,
427++ QueryType,
428++ pszLoginId_copy,
429++ pUserNameInfo,
430++ &ppObjects[dwIndex]);
431+
432+ switch (dwError)
433+ {
434+ case LW_ERROR_SUCCESS:
435+- ppObjects[dwIndex] = pCachedUser;
436+- pCachedUser = NULL;
437+ break;
438+ case LW_ERROR_NOT_HANDLED:
439+ case LW_ERROR_NO_SUCH_USER:
440+ case LW_ERROR_NO_SUCH_GROUP:
441+ case LW_ERROR_NO_SUCH_OBJECT:
442+- dwError = AD_FindObjectByNameTypeNoCache(
443+- hProvider,
444+- pszLoginId_copy,
445+- pUserNameInfo->nameType,
446+- ObjectType,
447+- &pCachedUser);
448+- switch (dwError)
449++ case LW_ERROR_NOT_SUPPORTED:
450++ ppObjects[dwIndex] = NULL;
451++ dwError = LW_ERROR_SUCCESS;
452++
453++ if (QueryType == LSA_QUERY_TYPE_BY_ALIAS &&
454++ AD_ShouldAssumeDefaultDomain())
455+ {
456+- case LW_ERROR_SUCCESS:
457+- dwError = ADCacheStoreObjectEntry(
458+- gpLsaAdProviderState->hCacheConnection,
459+- pCachedUser);
460++ LW_SAFE_FREE_STRING(pszLoginId_copy);
461++ LsaFreeNameInfo(pUserNameInfo);
462++ pUserNameInfo = NULL;
463++
464++ dwError = LwAllocateStringPrintf(
465++ &pszLoginId_copy,
466++ "%s\\%s",
467++ gpADProviderData->szShortDomain,
468++ QueryList.ppszStrings[dwIndex]);
469+ BAIL_ON_LSA_ERROR(dwError);
470+
471+- ppObjects[dwIndex] = pCachedUser;
472+- pCachedUser = NULL;
473+- break;
474+- case LW_ERROR_NO_SUCH_USER:
475+- case LW_ERROR_NO_SUCH_GROUP:
476+- case LW_ERROR_NO_SUCH_OBJECT:
477+- case LW_ERROR_DOMAIN_IS_OFFLINE:
478+- dwError = LW_ERROR_SUCCESS;
479+- break;
480+- default:
481++ LwStrCharReplace(
482++ pszLoginId_copy,
483++ AD_GetSpaceReplacement(),
484++ ' ');
485++
486++ dwError = LsaCrackDomainQualifiedName(
487++ pszLoginId_copy,
488++ gpADProviderData->szDomain,
489++ &pUserNameInfo);
490+ BAIL_ON_LSA_ERROR(dwError);
491+- break;
492++
493++ dwError = AD_OnlineFindObjectByName(
494++ hProvider,
495++ FindFlags,
496++ ObjectType,
497++ LSA_QUERY_TYPE_BY_NT4,
498++ pszLoginId_copy,
499++ pUserNameInfo,
500++ &ppObjects[dwIndex]);
501++ switch (dwError)
502++ {
503++ case LW_ERROR_SUCCESS:
504++ break;
505++ case LW_ERROR_NOT_HANDLED:
506++ case LW_ERROR_NO_SUCH_USER:
507++ case LW_ERROR_NO_SUCH_GROUP:
508++ case LW_ERROR_NO_SUCH_OBJECT:
509++ ppObjects[dwIndex] = NULL;
510++ dwError = LW_ERROR_SUCCESS;
511++ break;
512++ default:
513++ BAIL_ON_LSA_ERROR(dwError);
514++ }
515+ }
516+ break;
517+ default:
518
519=== added file 'debian/patches/disable_dcerpc_auto_start.diff'
520--- debian/patches/disable_dcerpc_auto_start.diff 1970-01-01 00:00:00 +0000
521+++ debian/patches/disable_dcerpc_auto_start.diff 2010-10-21 19:02:54 +0000
522@@ -0,0 +1,26 @@
523+Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c
524+===================================================================
525+--- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:54:32.000000000 -0500
526++++ likewise-open-5.4.0.42111/domainjoin/domainjoin-cli/src/main.c 2010-04-18 07:55:33.000000000 -0500
527+@@ -801,7 +801,7 @@
528+ DWORD dwLogLevel;
529+ BOOLEAN showHelp = FALSE;
530+ BOOLEAN showInternalHelp = FALSE;
531+- BOOLEAN bEnableDcerpcd = TRUE;
532++ BOOLEAN bEnableDcerpcd = FALSE;
533+ int remainingArgs = argc;
534+ char **argPos = argv;
535+ int i;
536+Index: likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c
537+===================================================================
538+--- likewise-open-5.4.0.42111.orig/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:54:32.000000000 -0500
539++++ likewise-open-5.4.0.42111/domainjoin/domainjoin-gui/gtk/main.c 2010-04-18 07:55:42.000000000 -0500
540+@@ -589,7 +589,7 @@
541+
542+ gtk_init(&argc, &argv);
543+
544+- LW_TRY(&exc, DJNetInitialize(TRUE, &LW_EXC));
545++ LW_TRY(&exc, DJNetInitialize(FALSE, &LW_EXC));
546+
547+ do
548+ {
549
550=== added file 'debian/patches/ignore_group_update_failure_on_leave.diff'
551--- debian/patches/ignore_group_update_failure_on_leave.diff 1970-01-01 00:00:00 +0000
552+++ debian/patches/ignore_group_update_failure_on_leave.diff 2010-10-21 19:02:54 +0000
553@@ -0,0 +1,37 @@
554+commit 69148891011976fa239773af570c123023ac27ab
555+Author: Gerald W. Carter <gcarter@likewiseopen.org>
556+Date: Thu Apr 8 21:05:23 2010 +0000
557+
558+ lsass: Don't fail a "leave" if we cannot remove the domain groups from the builtin groups
559+
560+ Occurs in certain upgrade scenarios where "Domain {Admins,Users}" was not
561+ added into the "Builtin\{Administrators,Users}" group
562+
563+ (lsass: r43096)
564+
565+diff --git a/lsass/join/join.c b/lsass/join/join.c
566+index 0a694dc..ecafa4b 100644
567+--- a/lsass/join/join.c
568++++ b/lsass/join/join.c
569+@@ -725,13 +725,19 @@ LsaChangeDomainGroupMembership(
570+ }
571+ else
572+ {
573++ // This should not cause the join to fail even if we cannot
574++ // remove the group members
575++
576+ ntStatus = SamrDeleteAliasMember(hSamrBinding,
577+ hAlias,
578+ (*ppSid));
579+- if (ntStatus == STATUS_MEMBER_NOT_IN_ALIAS)
580++ if ((ntStatus != STATUS_SUCCESS) &&
581++ (ntStatus != STATUS_NO_SUCH_MEMBER))
582+ {
583+- ntStatus = STATUS_SUCCESS;
584++ // Perhaps log an error here
585++ ;
586+ }
587++ ntStatus = STATUS_SUCCESS;
588+ }
589+ BAIL_ON_NT_STATUS(ntStatus);
590+ }
591
592=== added file 'debian/patches/lsass_turn_off_ncacn_ip_tcp.diff'
593--- debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 1970-01-01 00:00:00 +0000
594+++ debian/patches/lsass_turn_off_ncacn_ip_tcp.diff 2010-10-21 19:02:54 +0000
595@@ -0,0 +1,39 @@
596+Index: likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c
597+===================================================================
598+--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:55:19.000000000 -0500
599++++ likewise-open-5.4.0.42111/lsass/server/rpc/dssetup/dssetup_srv.c 2010-04-17 14:56:31.000000000 -0500
600+@@ -118,7 +118,7 @@
601+
602+ ENDPOINT EndPoints[] = {
603+ { "ncacn_np", "\\\\pipe\\\\lsass" },
604+- { "ncacn_ip_tcp", NULL },
605++ // { "ncacn_ip_tcp", NULL },
606+ { NULL, NULL }
607+ };
608+ DWORD dwError = 0;
609+Index: likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c
610+===================================================================
611+--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:55:19.000000000 -0500
612++++ likewise-open-5.4.0.42111/lsass/server/rpc/lsa/lsa_srv.c 2010-04-17 14:56:06.000000000 -0500
613+@@ -119,7 +119,7 @@
614+ ENDPOINT EndPoints[] = {
615+ { "ncacn_np", "\\\\pipe\\\\lsarpc" },
616+ { "ncacn_np", "\\\\pipe\\\\lsass" },
617+- { "ncacn_ip_tcp", NULL },
618++ // { "ncacn_ip_tcp", NULL },
619+ { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */
620+ { NULL, NULL }
621+ };
622+Index: likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c
623+===================================================================
624+--- likewise-open-5.4.0.42111.orig/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:19.000000000 -0500
625++++ likewise-open-5.4.0.42111/lsass/server/rpc/samr/samr_srv.c 2010-04-17 14:55:51.000000000 -0500
626+@@ -121,7 +121,7 @@
627+ PCSTR pszDescription = "Security Accounts Manager";
628+ ENDPOINT EndPoints[] = {
629+ { "ncacn_np", "\\\\pipe\\\\samr" },
630+- { "ncacn_ip_tcp", NULL },
631++ // { "ncacn_ip_tcp", NULL },
632+ { "ncalrpc", NULL }, /* endpoint is fetched from config parameter */
633+ { NULL, NULL }
634+ };
635
636=== added file 'debian/patches/lwupgrade_multi_sz.diff'
637--- debian/patches/lwupgrade_multi_sz.diff 1970-01-01 00:00:00 +0000
638+++ debian/patches/lwupgrade_multi_sz.diff 2010-10-21 19:02:54 +0000
639@@ -0,0 +1,77 @@
640+commit a1812bb292173c1e7265b6ab523a0df78b1010d5
641+Author: Scott Salley <ssalley@likewise.com>
642+Date: Mon May 3 23:14:34 2010 +0000
643+
644+ Merge: -c 43867 ^/trunk/Platform -> ~/branches/lwidentity-5.4
645+
646+ Multistring handling was extremely poor, now it is a bit better.
647+
648+ (lwupgrade: r43874)
649+
650+diff --git a/lwupgrade/utils/convert.c b/lwupgrade/utils/convert.c
651+index f399d93..381bb03 100644
652+--- a/lwupgrade/utils/convert.c
653++++ b/lwupgrade/utils/convert.c
654+@@ -47,12 +47,18 @@ UpStringToMultiString(
655+ DWORD i = 0;
656+ DWORD j = 0;
657+ PSTR pszCompactIn = NULL;
658+- DWORD dwLength = 0;
659+
660+- // First, remove all whitespace from the string.
661+- dwError = LwAllocateString(pszIn, &pszCompactIn);
662++ // Make a copy of the string, reserving enough space for terminator.
663++ dwError = LwAllocateMemory(strlen(pszIn) + 2, (PVOID*)&pszCompactIn);
664+ BAIL_ON_UP_ERROR(dwError);
665+
666++ memcpy(pszCompactIn, pszIn, strlen(pszIn) + 1);
667++
668++ // First, remove all whitespace from the string.
669++ //dwError = LwAllocateString(pszIn, &pszCompactIn);
670++ //BAIL_ON_UP_ERROR(dwError);
671++
672++
673+ i = 0;
674+ j = 0;
675+ while (pszCompactIn[i])
676+@@ -79,16 +85,20 @@ UpStringToMultiString(
677+ bCharacterIsDelimiter = TRUE;
678+ }
679+
680++ // Don't want to delimiters in a row.
681+ if (!(bPreviousCharacterIsDelimiter && bCharacterIsDelimiter))
682+ {
683+ pszCompactIn[j++] = pszCompactIn[i];
684+- bPreviousCharacterIsDelimiter = bCharacterIsDelimiter;
685+ }
686++
687++ bPreviousCharacterIsDelimiter = bCharacterIsDelimiter;
688+ i++;
689+ }
690++ pszCompactIn[j++] = '\0';
691+
692+
693+ // Finally, replace all delmiters with '\0'.
694++ i = 0;
695+ while (pszCompactIn[i])
696+ {
697+ if (strchr(pszDelims, pszCompactIn[i]))
698+@@ -97,17 +107,7 @@ UpStringToMultiString(
699+ }
700+ i++;
701+ }
702+-
703+- // Third, remove all 'empty' strings.
704+- dwLength = i;
705+- while (i < dwLength - 1)
706+- {
707+- if (!pszCompactIn[i] && !pszCompactIn[i + 1])
708+- {
709+- pszCompactIn[j++] = pszCompactIn[i];
710+- }
711+- i++;
712+- }
713++ pszCompactIn[i+1] = '\0';
714+
715+ cleanup:
716+
717
718=== added file 'debian/patches/offline_v2.diff'
719--- debian/patches/offline_v2.diff 1970-01-01 00:00:00 +0000
720+++ debian/patches/offline_v2.diff 2010-10-21 19:02:54 +0000
721@@ -0,0 +1,201 @@
722+Index: likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c
723+===================================================================
724+--- likewise-open-5.4.0.42111.orig/lsass/common/utils/lsalist.c 2010-06-17 22:17:40.000000000 -0700
725++++ likewise-open-5.4.0.42111/lsass/common/utils/lsalist.c 2010-06-17 22:20:26.000000000 -0700
726+@@ -106,6 +106,7 @@
727+ {
728+ Element->Prev->Next = Element->Next;
729+ Element->Next->Prev = Element->Prev;
730++ LsaListInit(Element);
731+ }
732+
733+ LSA_LIST_LINKS*
734+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c
735+===================================================================
736+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:17:40.000000000 -0700
737++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/offline.c 2010-06-17 22:20:50.000000000 -0700
738+@@ -111,7 +111,7 @@
739+ &pszNT4UserName,
740+ "%s\\%s",
741+ pUserInfo->pszNetbiosDomainName,
742+- pUserInfo->userInfo.pszUPN);
743++ pUserInfo->pszSamAccountName);
744+ BAIL_ON_LSA_ERROR(dwError);
745+
746+ dwError = LsaUmAddUser(
747+@@ -592,11 +592,6 @@
748+ break;
749+ }
750+
751+- if (dwError == LW_ERROR_SUCCESS)
752+- {
753+- dwError = AD_CheckExpiredObject(&pCachedUser);
754+- }
755+-
756+ switch (dwError)
757+ {
758+ case LW_ERROR_SUCCESS:
759+@@ -681,10 +676,6 @@
760+ dwError = LW_ERROR_INVALID_PARAMETER;
761+ BAIL_ON_LSA_ERROR(dwError);
762+ }
763+- if (dwError == LW_ERROR_SUCCESS)
764+- {
765+- dwError = AD_CheckExpiredObject(&pCachedUser);
766+- }
767+
768+ switch (dwError)
769+ {
770+@@ -834,10 +825,19 @@
771+ PLSA_GROUP_MEMBERSHIP* ppMemberships = NULL;
772+ // Only free top level array, do not free string pointers.
773+ PSTR pszGroupSid = NULL;
774+- PLSA_SECURITY_OBJECT pUserInfo = NULL;
775++ PLSA_SECURITY_OBJECT* ppUserObject = NULL;
776+ DWORD dwIndex = 0;
777+
778+- dwError = AD_FindObjectBySid(hProvider, pszSid, &pUserInfo);
779++ dwError = AD_OfflineFindObjectsBySidList(
780++ 1,
781++ &pszSid,
782++ &ppUserObject);
783++ BAIL_ON_LSA_ERROR(dwError);
784++
785++ if (!ppUserObject[0])
786++ {
787++ dwError = LW_ERROR_NO_SUCH_USER;
788++ }
789+ BAIL_ON_LSA_ERROR(dwError);
790+
791+ dwError = ADCacheGetGroupsForUser(
792+@@ -874,7 +874,7 @@
793+ cleanup:
794+
795+ LW_SAFE_FREE_MEMORY(pszGroupSid);
796+- ADCacheSafeFreeObject(&pUserInfo);
797++ ADCacheSafeFreeObjectList(1, &ppUserObject);
798+ ADCacheSafeFreeGroupMembershipList(sMembershipCount, &ppMemberships);
799+
800+ return dwError;
801+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c
802+===================================================================
803+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:17:40.000000000 -0700
804++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/online.c 2010-06-17 22:20:50.000000000 -0700
805+@@ -4161,7 +4161,6 @@
806+ case LW_ERROR_NO_SUCH_USER:
807+ case LW_ERROR_NO_SUCH_GROUP:
808+ case LW_ERROR_NO_SUCH_OBJECT:
809+- case LW_ERROR_DOMAIN_IS_OFFLINE:
810+ dwError = LW_ERROR_SUCCESS;
811+ break;
812+ default:
813+@@ -4426,7 +4425,6 @@
814+ case LW_ERROR_NO_SUCH_USER:
815+ case LW_ERROR_NO_SUCH_GROUP:
816+ case LW_ERROR_NO_SUCH_OBJECT:
817+- case LW_ERROR_DOMAIN_IS_OFFLINE:
818+ dwError = LW_ERROR_SUCCESS;
819+ break;
820+ default:
821+Index: likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c
822+===================================================================
823+--- likewise-open-5.4.0.42111.orig/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:17:40.000000000 -0700
824++++ likewise-open-5.4.0.42111/lsass/server/auth-providers/ad-provider/provider-main.c 2010-06-17 22:20:50.000000000 -0700
825+@@ -3498,7 +3498,11 @@
826+
827+ if (AD_IsOffline())
828+ {
829+- dwError = AD_OfflineFindObjects(
830++ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
831++ }
832++ else
833++ {
834++ dwError = AD_OnlineFindObjects(
835+ hProvider,
836+ FindFlags,
837+ ObjectType,
838+@@ -3506,11 +3510,11 @@
839+ dwCount,
840+ QueryList,
841+ &ppObjects);
842+- BAIL_ON_LSA_ERROR(dwError);
843+ }
844+- else
845++
846++ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
847+ {
848+- dwError = AD_OnlineFindObjects(
849++ dwError = AD_OfflineFindObjects(
850+ hProvider,
851+ FindFlags,
852+ ObjectType,
853+@@ -3518,8 +3522,8 @@
854+ dwCount,
855+ QueryList,
856+ &ppObjects);
857+- BAIL_ON_LSA_ERROR(dwError);
858+ }
859++ BAIL_ON_LSA_ERROR(dwError);
860+
861+ if (ppObjects)
862+ {
863+@@ -3704,24 +3708,28 @@
864+
865+ if (AD_IsOffline())
866+ {
867+- dwError = AD_OfflineGetGroupMemberSids(
868++ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
869++ }
870++ else
871++ {
872++ dwError = AD_OnlineGetGroupMemberSids(
873+ hProvider,
874+ FindFlags,
875+ pszSid,
876+ &pEnum->dwSidCount,
877+ &pEnum->ppszSids);
878+- BAIL_ON_LSA_ERROR(dwError);
879+ }
880+- else
881++
882++ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
883+ {
884+- dwError = AD_OnlineGetGroupMemberSids(
885++ dwError = AD_OfflineGetGroupMemberSids(
886+ hProvider,
887+ FindFlags,
888+ pszSid,
889+ &pEnum->dwSidCount,
890+ &pEnum->ppszSids);
891+- BAIL_ON_LSA_ERROR(dwError);
892+ }
893++ BAIL_ON_LSA_ERROR(dwError);
894+
895+ *phEnum = pEnum;
896+
897+@@ -3817,7 +3825,11 @@
898+
899+ if (AD_IsOffline())
900+ {
901+- dwError = AD_OfflineQueryMemberOf(
902++ dwError = LW_ERROR_DOMAIN_IS_OFFLINE;
903++ }
904++ else
905++ {
906++ dwError = AD_OnlineQueryMemberOf(
907+ hProvider,
908+ FindFlags,
909+ dwSidCount,
910+@@ -3825,9 +3837,10 @@
911+ pdwGroupSidCount,
912+ pppszGroupSids);
913+ }
914+- else
915++
916++ if (LW_ERROR_DOMAIN_IS_OFFLINE == dwError)
917+ {
918+- dwError = AD_OnlineQueryMemberOf(
919++ dwError = AD_OfflineQueryMemberOf(
920+ hProvider,
921+ FindFlags,
922+ dwSidCount,
923
924=== added file 'debian/patches/reg_import_multi_sz.diff'
925--- debian/patches/reg_import_multi_sz.diff 1970-01-01 00:00:00 +0000
926+++ debian/patches/reg_import_multi_sz.diff 2010-10-21 19:02:54 +0000
927@@ -0,0 +1,14 @@
928+diff --git a/lwreg/parse/reglex.c b/lwreg/parse/reglex.c
929+index 8d01668..747c9c6 100644
930+--- a/lwreg/parse/reglex.c
931++++ b/lwreg/parse/reglex.c
932+@@ -449,7 +449,8 @@ RegLexParseBackslash(
933+ dwError = RegIOUnGetChar(ioHandle, NULL);
934+ }
935+ }
936+- else if (lexHandle->state == REGLEX_STATE_IN_QUOTE)
937++
938++ if (lexHandle->state == REGLEX_STATE_IN_QUOTE)
939+ {
940+ /*
941+ * Treat sequence '\C' (C=any character) as
942
943=== modified file 'debian/patches/series'
944--- debian/patches/series 2010-10-04 11:27:30 +0000
945+++ debian/patches/series 2010-10-21 19:02:54 +0000
946@@ -14,5 +14,12 @@
947 autoreconf_dcerpc.diff
948 correct_lsass_configure_platform_detection.patch
949 autoreconf_lsass.conf
950+ignore_group_update_failure_on_leave.diff
951+#lsass_turn_off_ncacn_ip_tcp.diff
952+#disable_dcerpc_auto_start.diff
953+lwupgrade_multi_sz.diff
954+assume_default_domain.diff
955+reg_import_multi_sz.diff
956+offline_v2.diff
957 lp-security-CVE-2010-0833.diff
958 disable-mac-IP-to-fix-ftbfs.diff

Subscribers

People subscribed via source and target branches

to all changes: