Andrew Bartlett [Tue, 27 Jan 2004 10:19:11 +0000 (10:19 +0000)]
(merge from 3.0)
Clarify comment on set_effective_uid()
Andrew Bartlett
(This used to be commit
0a9afefb55e9071fd21ea280095555f423571853)
Andrew Bartlett [Mon, 26 Jan 2004 09:11:09 +0000 (09:11 +0000)]
(merge from 3.0)
Revise our server-side password change code to cope with the various
different feilds that different clients send. (For example, not all clients
send both password types).
This also cleans up the code to make it clearer what is really going on,
and to make better use of common functions.
Andrew Bartlett
(This used to be commit
e5b5cd5966f2894c283383abe5d99fda524cbb9f)
Andrew Bartlett [Mon, 26 Jan 2004 08:51:58 +0000 (08:51 +0000)]
(merge from 3.0)
This adds client-side support for the unicode/SAMR password change scheme.
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit
8063b8b6c2eb30cb116988e265fb289109d7c348)
Andrew Bartlett [Mon, 26 Jan 2004 02:22:49 +0000 (02:22 +0000)]
(merge from 3.0)
Patch by Luca Bolcioni <Luca.Bolcioni@yacme.com>. Ensure we always
initialise the session key. Fixes segfaults with security=server, and
encrypt passwords = no.
Andrew Bartlett
(This used to be commit
b5b6a5937ccb8126876e9ecf9b17cd95f6eec19d)
Andrew Bartlett [Sun, 25 Jan 2004 01:35:31 +0000 (01:35 +0000)]
(merge from 3.0)
Fix the initialisation vectors for NTLM2, so that they at least make sense,
even if they don't work yet.
Andrew Bartlett
(This used to be commit
40cc86d4b31efdee519cf2e2c9b62c4fdc885724)
Andrew Bartlett [Sun, 25 Jan 2004 01:34:08 +0000 (01:34 +0000)]
(merge from 3.0)
If we are providing strndup(), ensure we provide a prototype too.
Andrew Bartlett
(This used to be commit
5536c7448e88caa95b13c01956c37deee899dd92)
Andrew Bartlett [Sun, 25 Jan 2004 01:32:37 +0000 (01:32 +0000)]
(merge from 3.0)
Fix removal of attributes in LDAP - we would not actually remove the old
value in the previous code.
Andrew Bartlett
(This used to be commit
971dd33244918cde6bf49a2f9c650da856d31cd6)
Andrew Bartlett [Sat, 24 Jan 2004 10:56:36 +0000 (10:56 +0000)]
(merge from 3.0)
A Samba DC is nothing special these days - so every domain controller
location packet from the client is not a DEBUG(1) event anymore...
(Yes, we printed this for each of these UDP packets...)
Andrew Bartlett
(This used to be commit
c84e8e91e4d4786ece6288a177f66f260d6e7945)
Volker Lendecke [Fri, 23 Jan 2004 12:58:07 +0000 (12:58 +0000)]
Volker Lendecke [Fri, 23 Jan 2004 12:07:28 +0000 (12:07 +0000)]
Fix decoding of base64. We got the length wrong when the result was not
an exact multiple of 3.
I also wrote a torture test and it survived some minutes of random stuff
coded/decoded up to 16 MB data. But that would be a bit too embarassing to
commit... :-)
Volker
(This used to be commit
3fda2a0432a1dc7a0d28d83e35f6329bc30378e0)
Simo Sorce [Thu, 22 Jan 2004 14:44:45 +0000 (14:44 +0000)]
fix previously committed old version by mistake
(This used to be commit
4840b25dbd4d2eafc010389a711d42862d5fb0f0)
Simo Sorce [Thu, 22 Jan 2004 10:57:16 +0000 (10:57 +0000)]
sorry for the conflict markers committed in by mistake :-(
(This used to be commit
c5634e0b713e594a32522df7a76c36639f772ed5)
Andrew Bartlett [Thu, 22 Jan 2004 10:22:47 +0000 (10:22 +0000)]
(merge from 3.0)
Fix for debian Bug#225328 by LaMont Jones <lamont@debian.org>, where
the failure of our LFS test on ia64 caused the _GNU_SOURCE define not to be
added, causeing strndup() not to be defined...
This was due to strdup() bein implicitly declared, and casting
pointer->int->pointer.
I'll look into when we really should define _GNU_SOURCE shortly, but the
fix is correct anyway.
Andrew Bartlett
(This used to be commit
ba9bc99d3df5098864513e73b0086e42cfab2a19)
Stefan Metzmacher [Thu, 22 Jan 2004 01:53:04 +0000 (01:53 +0000)]
merge:
* Add SIGABRT to fault handling
so we now got a backtrace, if we crash
in libldap with SIGABRT
metze
(This used to be commit
7f7b86e4b3815b112fe6881af6c261381f35286f)
Volker Lendecke [Wed, 21 Jan 2004 14:49:34 +0000 (14:49 +0000)]
Fix compiler warning
(This used to be commit
3ec0d3abe9c838ad78fb8fd6a390ea3d8d2b9fcf)
Volker Lendecke [Wed, 21 Jan 2004 14:38:11 +0000 (14:38 +0000)]
Display some nicer error messages for login via 'net'. I don't
see a reason why we have so many special cases and not simply use
nt_errstr(nt_status).
Comments?
Volker
(This used to be commit
18fa3ee649102f4bd36f9b03702fe72d234b6a3a)
Simo Sorce [Mon, 19 Jan 2004 08:52:53 +0000 (08:52 +0000)]
1. The most part of this patch changed the unknown_3 flag to the now known
meaning of fields_present bit mask. Also avoid it being saved in backends (0
is saved where removing the unit32 would have produced a format change).
Also add support in samr functions to correctly interpret the flags.
Flags still not set properly (eg. still set all flags 0xffffff as previous
code), need a tool to test this properly (I',ve done preliminary tests with
samba4 rpc torture and it seem to work properly against w2k).
2. Patch for handlig the flag user must change password at next logon
in usrmgr based on Jianliang Lu <j.lu@tiesse.com> patch
(This used to be commit
78975e9483e64412e436c5dbfe2b71e20b79de29)
Jeremy Allison [Sat, 17 Jan 2004 00:30:28 +0000 (00:30 +0000)]
Fix for a signing bug when the mid wraps.
Found by Fran Fabrizio <fran@cis.uab.edu>.
Add to the *start* of the list not the end of the list.
This ensures that the *last* send sequence with this mid
is returned by preference.
This can happen if the mid wraps and one of the early
mid numbers didn't get a reply and is still lurking on
the list.
Jeremy.
(This used to be commit
b84d249e67315c153e0aa3c5c9adfcf6ca008f97)
Gerald Carter [Fri, 16 Jan 2004 22:16:24 +0000 (22:16 +0000)]
fix another bug caused by cli_lsa_query_info_policy() changes
(This used to be commit
f9664523282f3e92ff4d7641aded46fdf794aa5b)
Jim McDonough [Fri, 16 Jan 2004 15:09:20 +0000 (15:09 +0000)]
Fix another join problem. Don't use a TALLOC_CTX before it has been
initialized.
Also split out the oldstyle join into a new fn, allowing us to call it
with no failure message from net rpc join, but displaying a failure message
when used with net rpc oldjoin.
(This used to be commit
cab0a4c4d5c7bf9d89697bf1d351eafbd00d7fd2)
Volker Lendecke [Fri, 16 Jan 2004 15:02:30 +0000 (15:02 +0000)]
Patch from "Stoian Ivanov" <sdr@bultra.com>: Add -g (greppable..) to
smbclient -L to make the output usable in pipes.
Volker
(This used to be commit
190beff495742d8e45f5e3621ece74c33570d31a)
Gerald Carter [Thu, 15 Jan 2004 20:51:31 +0000 (20:51 +0000)]
Bug 381: check builtin (not local) group SID. Patch from Jianliang Lu <j.lu@tiesse.com>
(This used to be commit
59cabc5b940990352ebd0ceef8b6e85ac04669c4)
Jim McDonough [Thu, 15 Jan 2004 19:49:57 +0000 (19:49 +0000)]
Fix net rpc join (at least newstyle) after it was broken by changing
the parms to cli_lsa_query_info_policy without changing them here...
(This used to be commit
97d6f4752572cc10894e6e80379c25f5da143ad1)
Gerald Carter [Thu, 15 Jan 2004 19:08:45 +0000 (19:08 +0000)]
* BUG 446
- setup_logging() in smbclient to be interactive (remove the timestamps)
- Fix bad return value in pull_ucs2( needs more testing to make sure this
didn't break something else) that caused clistr_pull() to always read
the same string from the buffer (pull_usc2() could return -1 if the original
source length was given as -1)
- increment some debugging messages to avoid printing them out so often
(This used to be commit
f452585073fbeeae3e3a0db644e381f94cb918f3)
Gerald Carter [Thu, 15 Jan 2004 17:23:49 +0000 (17:23 +0000)]
BUG 958; don't use the -N option when invoking smbclient from the smbtar script
(This used to be commit
cb463b8fc9476695507fa996b508d98f1cf1e3ac)
Volker Lendecke [Thu, 15 Jan 2004 17:19:20 +0000 (17:19 +0000)]
reply_spnego_kerberos did not set the domain of the user handed to
register_vuid correctly. We ended up with the local netbios name in
substitutions for %D later.
Volker
P.S: Tridge, I can *really* see why you want to get rid of global variables
:-)
(This used to be commit
05bfaa858f8253b02fe0f78f97fb665e6847585d)
Rafal Szczesniak [Thu, 15 Jan 2004 09:52:29 +0000 (09:52 +0000)]
Remove unused variables.
rafal
(This used to be commit
a284082716bf63569e5921eb33b1ecd1a9b4810d)
Rafal Szczesniak [Thu, 15 Jan 2004 09:50:47 +0000 (09:50 +0000)]
Remove unused function.
rafal
(This used to be commit
2d2c36cc3f691f31506fbd97e74cf225a2ef85c5)
Stefan Metzmacher [Thu, 15 Jan 2004 09:08:38 +0000 (09:08 +0000)]
merge:
* Fix sys_chown() when no chown() is presend
metze
(This used to be commit
ecf5b78248e551f3586967046d8b1da9bbe11e7b)
Stefan Metzmacher [Thu, 15 Jan 2004 08:56:08 +0000 (08:56 +0000)]
merge:
* Fix XFS quotas: XFS_USER_QUOTA -> USRQUOTA
XFS_GROUP_QUOTA -> GRPQUOTA
* Fix disk_free calculation with group quotas.
* Add debug class 'quota' and a lot of DEBUG()'s
to the quota code.
metze
(This used to be commit
33c6ca3b4bc0898893b5d95ea2485b7694b9d198)
Tim Potter [Thu, 15 Jan 2004 07:19:12 +0000 (07:19 +0000)]
Merge of POBAD_CC removal from 3.0
(This used to be commit
835a28337f97da143d5b9201a5080fde06bbedf1)
Gerald Carter [Thu, 15 Jan 2004 06:56:00 +0000 (06:56 +0000)]
BUG 936: fix bind credentials for schannel binds in smbd (and add a comment to winbindd_cm about this
(This used to be commit
c1174cf57b1b6fad03de23f6a4ff952671dc87d7)
Gerald Carter [Thu, 15 Jan 2004 05:17:40 +0000 (05:17 +0000)]
BUG 972; check pointer in cli_ds_getprimarydominfo() before trying to copy a structure
(This used to be commit
a1aed0b517f7476301d8fe4dfebac3db178ba1cd)
Herb Lewis [Wed, 14 Jan 2004 23:00:06 +0000 (23:00 +0000)]
source/rpc_parse/parse_prs.c ZERO_STRUCTP(ps) not needed as it is done
in prs_init now
testsuite/printing/psec.c cannot do a prs_mem_free() when tdb_prs_fetch fails
as the prs structure has not been initialized
(This used to be commit
6289d7b842819fb31bec93119f15b3823e02b49e)
Rafal Szczesniak [Wed, 14 Jan 2004 22:02:16 +0000 (22:02 +0000)]
Initial design of some of the functions to operate on trust passwords
from passdb backend level (tdbsam, in this case).
It is written as wrapper for secrets_ calls that use secrets.tdb file
and is not treated as eventual solution. Trust passwords are being
handled uniformly, SAM_TRUST_PASSWD structure, and so they should be
stored as well.
Note, this code is disabled ie. not used anywhere yet. I'm working
on next routines in line.
rafal
(This used to be commit
02ac9332ab1d34f47667b40ce23b2b5d04c4dff1)
Rafal Szczesniak [Wed, 14 Jan 2004 21:50:25 +0000 (21:50 +0000)]
Comment and formatting fix.
rafal
(This used to be commit
336720416abd1f6d62f9a6748ae6a0454976c9d4)
Rafal Szczesniak [Wed, 14 Jan 2004 21:46:29 +0000 (21:46 +0000)]
Trust passwords types for use with SAM_TRUST_PASSWD structure.
rafal
(This used to be commit
ea15c148fd6393512f2fd95d88db6546d40cf14c)
Gerald Carter [Wed, 14 Jan 2004 21:22:44 +0000 (21:22 +0000)]
Fix initgroups() call nss_winbind on solaris; patch from John Klinger <john.klinger@lmco.com>
(This used to be commit
c4d58ec5d5c2b8947824d78639a7e9e615e2a400)
Gerald Carter [Wed, 14 Jan 2004 20:57:31 +0000 (20:57 +0000)]
bug 770; correct fix this time; Make sure that we send the SMBjobid for unix jobs back to the client. Allows windows client to remove print jobs submitted from lpr
(This used to be commit
6a7f9ebccd6a40455cb5446551f3d68ea9a7a824)
Gerald Carter [Wed, 14 Jan 2004 19:12:54 +0000 (19:12 +0000)]
bug 660; using byte order safe macros (or tdb_unpack) when reading 2 or 4 byte values from a tdb buffer; also recognize smbjobs if the jobid < UNIX_JOB_START
(This used to be commit
ae6feb54a09a69e3a870b1a0d707b23eb8ca356a)
Gerald Carter [Wed, 14 Jan 2004 17:56:05 +0000 (17:56 +0000)]
syncing abartlet's cracklib tests from 3.0
(This used to be commit
64c1db9bce27bbe5bc28acb631b265419d6d6286)
Gerald Carter [Wed, 14 Jan 2004 16:26:14 +0000 (16:26 +0000)]
* Revert to using rpc for mixed mode AD domains.
The reason for this are:
(a) the set_dc_type_and_flags() cannot tell the different
between connecting to an NT4 domain and an NT4 BDC
of a mixed mode domain.
(b) the connection management for the rpc backend only
provides on named pipe per cli_state. So it is possible
to connect to an NT4 BDC for netlogon and an AD mixed mode
DC for lsarpc. RPC is the lowest common demonimator here.
(c) Issue with the sequence number value between the
highestCommittedUSN LDAP attribute and the seq_num returned
via RPC.
We will revisit this later, but the changes need to make this
work right now are too broad and risky.
(This used to be commit
86f24908c395cc832ae87b04c9da3d32449acad3)
Jeremy Allison [Wed, 14 Jan 2004 06:44:15 +0000 (06:44 +0000)]
Remove duplicate extern.
Jeremy.
(This used to be commit
72d8eea25dbb54d7ef78264cd6f419220dc85fb6)
Jeremy Allison [Wed, 14 Jan 2004 06:41:46 +0000 (06:41 +0000)]
Remove references to 'jn' which gcc-3.4 with precompiled headers
doesn't like.
Jeremy.
(This used to be commit
bf3d06a2e483d043c89a6b11ceb283a5b392859b)
Stefan Metzmacher [Wed, 14 Jan 2004 02:55:07 +0000 (02:55 +0000)]
merge:
fix XFS quotas the macro changed from HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS
metze
(This used to be commit
ae20cf0810b9bef3d460994d5bf5e820c01296f0)
Gerald Carter [Tue, 13 Jan 2004 19:43:50 +0000 (19:43 +0000)]
* allow dns lookups to be disabled for DOMAIN#1c (and #1b)
names
* fix some a mispelled variable name
(This used to be commit
93fed3074f4384dc658cd0ec81ba2afbe8192417)
Gerald Carter [Tue, 13 Jan 2004 17:55:43 +0000 (17:55 +0000)]
sync HEAD with recent changes in 3.0
(This used to be commit
c98399e3c9d74e19b7c9d806ca8028b48866931e)
Jelmer Vernooij [Sun, 11 Jan 2004 13:40:48 +0000 (13:40 +0000)]
Fix --with-fhs for swatdir
(This used to be commit
69a9cfdad809a9b3fc7f6dc4ad5a708b6559b714)
Stefan Metzmacher [Sun, 11 Jan 2004 13:21:03 +0000 (13:21 +0000)]
update copyright to -2004
metze
(This used to be commit
fcb3c9c61ecd787b8d3e5a53ee8f9e04daae76fe)
Gerald Carter [Fri, 9 Jan 2004 15:36:07 +0000 (15:36 +0000)]
fix some warnings from the Sun compiler; also merge some of abartlet's error code changes form 3.0
(This used to be commit
2279e98cb81faaf8a4e971fec339955f14c23858)
Gerald Carter [Thu, 8 Jan 2004 22:21:39 +0000 (22:21 +0000)]
fix segfault when sid_ptr == 0 in DsEnumDomainTrusts() reply
(This used to be commit
36d985a75faa5ebda1c8c7de1e3ab5d7a51a9c10)
Jeremy Allison [Wed, 7 Jan 2004 23:21:25 +0000 (23:21 +0000)]
Fix for bug #922. Fast path not called for strlower_m() and strupper_m().
From ab@samba.org (Alexander Bokovoy).
Jeremy.
(This used to be commit
88c51454327533f8bc06ce1cd479370aabefdf81)
Rafal Szczesniak [Wed, 7 Jan 2004 21:53:19 +0000 (21:53 +0000)]
This was cut-n-paste mistake, I guess... :)
rafal
(This used to be commit
f912d8c3403071582f776886f9793e3289b285b6)
Rafal Szczesniak [Wed, 7 Jan 2004 21:50:30 +0000 (21:50 +0000)]
Typo fix.
rafal
(This used to be commit
4a2bd4de3f5a99bc19013a2878659e8686606e30)
Rafal Szczesniak [Wed, 7 Jan 2004 21:47:36 +0000 (21:47 +0000)]
Fixes to doxygen comment.
(This used to be commit
4f92db99be8feaccebe654103dd6c227c66e5bdc)
Rafal Szczesniak [Wed, 7 Jan 2004 21:41:48 +0000 (21:41 +0000)]
Prototype version of trust passwords moved to SAM/pdb. This is
backend-independent part ie. interface - does build and (it seems)
doesn't break anything else.
rafal
(This used to be commit
9ce6dc6476202d9db6ea1c2deab93e454e4db546)
Gerald Carter [Wed, 7 Jan 2004 19:58:14 +0000 (19:58 +0000)]
commiting jra's fix for Exchange clear test auth
(This used to be commit
05dd3383010ba6f44370fc302ee00b7680937176)
Jeremy Allison [Wed, 7 Jan 2004 19:55:03 +0000 (19:55 +0000)]
Fix from Luke Howard <lukeh@PADL.COM> for incorrect early free().
Jeremy.
(This used to be commit
e763a220f492bb8a9cacf31c07809c4866379bb6)
Volker Lendecke [Wed, 7 Jan 2004 10:02:42 +0000 (10:02 +0000)]
Merge Translation fixes
Volker
(This used to be commit
70b0fcdeec4810944a4e0d9bbaf6a979b2fb914a)
Andrew Bartlett [Wed, 7 Jan 2004 00:06:45 +0000 (00:06 +0000)]
(merge from 3.0)
Fix segfualt caused by incorrect configuration. If lp_realm() was not set,
but security=ADS, we would attempt to free the principal name that krb5
never allocated.
Also fix the dump_data() of the session key, now that we use a data_blob to
store that.
Andrew Bartlett
(This used to be commit
24d7eed6cae8015e020ad34c13130ee8afc9052e)
Jeremy Allison [Tue, 6 Jan 2004 22:34:04 +0000 (22:34 +0000)]
Patch penguin. Cleaning out old mbp patch.
Jeremy.
(This used to be commit
a0dc10bed68ef961609c0a4a456b6a132e2e347b)
Gerald Carter [Tue, 6 Jan 2004 19:57:50 +0000 (19:57 +0000)]
remove unused seek_file(); don't hardcode '\' when printing the auth-user
(This used to be commit
175c5c9faa8c1cb3577eb96598434e6097d408c7)
Gerald Carter [Tue, 6 Jan 2004 18:26:53 +0000 (18:26 +0000)]
isolate ldap debug messages to the common smbldap_XXX() functions
(This used to be commit
4c877ccc16bcb69490c4d34d2ef5f727bf98438e)
Volker Lendecke [Tue, 6 Jan 2004 15:42:48 +0000 (15:42 +0000)]
Correctly detect AFS headers on SuSE in /usr/include/afs/afs/
Volker
(This used to be commit
9f0292091b37cac637ba86cab6c8fd1800faef5c)
Gerald Carter [Tue, 6 Jan 2004 14:45:56 +0000 (14:45 +0000)]
merging from 3.0
(This used to be commit
694052f8a9cc703d4e4ec8075c623ab7122a169b)
Andrew Bartlett [Tue, 6 Jan 2004 08:25:03 +0000 (08:25 +0000)]
merge torture changes from Samba 3.0 -> HEAD
(This used to be commit
6e9c68217bec1e4138b5eb9a9ed85807b31bbdb8)
Andrew Bartlett [Tue, 6 Jan 2004 08:12:35 +0000 (08:12 +0000)]
Merge NTLMSSP fixes from 3.0 to HEAD.
Andrew Bartlett
(This used to be commit
f7d39c787771616ddb015bd77e3e6cd33f0c7a15)
Andrew Bartlett [Tue, 6 Jan 2004 08:11:19 +0000 (08:11 +0000)]
GUID is struct uuid in HEAD.
Andrew Bartlett
(This used to be commit
ec24c7f42ac344d14c0e29d4b49c07d8ce213448)
Andrew Bartlett [Tue, 6 Jan 2004 02:29:29 +0000 (02:29 +0000)]
(merge from 3.0)
Fixes bug 924
Andrew Bartlett
(This used to be commit
ee18f897f9452a84a6b11c077ff706beb49441ff)
Andrew Bartlett [Tue, 6 Jan 2004 01:59:20 +0000 (01:59 +0000)]
Merge winbind from Samba 3.0 onto HEAD.
Changes include:
- header changes for better pre-compiled headers (tridge)
- get a list of sids for a given user (tridge)
- fix function prototype
and a few other minor things
Andrew Bartlett
(This used to be commit
60107efdc61247034424d008c6f1eb4d46a19881)
Jeremy Allison [Tue, 6 Jan 2004 01:21:59 +0000 (01:21 +0000)]
Patch based on work from James Peach <jpeach@sgi.com> to convert over to
using pread/pwrite. Modified a little to ensure fsp->pos is correct.
Fix for #889.
Jeremy.
(This used to be commit
3a24dc868d95c9bcc2ac3a0dbd50e6e226ac0841)
Andrew Bartlett [Tue, 6 Jan 2004 01:20:01 +0000 (01:20 +0000)]
(merge from 3.0)
I think this was tpot's originally:
Fix format types for 64 bit systems.
Andrew Bartlett
(This used to be commit
256b2da7c96e8313f4f98ce700fc7634eaccb72b)
Andrew Bartlett [Tue, 6 Jan 2004 01:15:13 +0000 (01:15 +0000)]
(merge from 3.0)
Always call the auto-init funciton - this avoids tdb segfaulting under
us if we failed to open it earlier.
Andrew Bartlett
(This used to be commit
34f16eaeaa81a0cc6ae564f4be8a02752ee5624d)
Andrew Bartlett [Tue, 6 Jan 2004 00:41:13 +0000 (00:41 +0000)]
(merge from 3.0)
Ensure that for wbinfo --set-auth-user, we actually use the domain.
Andrew Bartlett
(This used to be commit
8a63bed29315acb3fe9cc2973426ef8392987c8c)
Andrew Bartlett [Tue, 6 Jan 2004 00:27:34 +0000 (00:27 +0000)]
(merge from 3.0)
Try to keep vl happy - shorten some of these lines.
--
Grumble... grumble... fix the build...
--
Show the sid type in name->sid translatons in a way that can be easily
understood by humans.
Andrew Bartlett
(This used to be commit
c5d1e2112baa7d87cd6b9f0855c2fd8b006af01d)
Andrew Bartlett [Tue, 6 Jan 2004 00:13:56 +0000 (00:13 +0000)]
(merge from 3.0)
Change our Domain controller lookup routines to more carefully seperate
DNS names (realms) from NetBIOS domain names.
Until now, we would experience delays as we broadcast lookups for DNS names
onto the local network segments.
Now if DNS comes back negative, we fall straight back to looking up the
short name.
Andrew Bartlett
(This used to be commit
4c3bd0a99e464198d243da302ff1868189b4dcff)
Andrew Bartlett [Tue, 6 Jan 2004 00:08:53 +0000 (00:08 +0000)]
(merge from 3.0)
Add const.
Andrew Bartlett
(This used to be commit
b08502a8fb1083cc49fd2976880b7bef3f14a72a)
Andrew Bartlett [Tue, 6 Jan 2004 00:06:49 +0000 (00:06 +0000)]
(merge from 3.0)
There is some memory corruption hidden somewhere in our winbind code. If I
could reproduce it, I would fix it, but for now just make sure we always
SAFE_FREE() and set our starting pointers to NULL.
Andrew Bartlett
(This used to be commit
a00f29624d10df7f31fa978b79bc71b40d696359)
Andrew Bartlett [Tue, 6 Jan 2004 00:05:31 +0000 (00:05 +0000)]
(merge from 3.0)
Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.
Andrew Bartlett
(This used to be commit
3c02aad8b3a4b28ca492ca1abbbd594ba75975e4)
Andrew Bartlett [Mon, 5 Jan 2004 23:54:37 +0000 (23:54 +0000)]
rpc_client/cli_lsarpc.c:
rpc_parse/parse_lsa.c:
nsswitch/winbindd_rpc.c:
nsswitch/winbindd.h:
- Add const
libads/ads_ldap.c:
- Add ads_sid_to_dn utility function
nsswitch/winbindd_ads.c:
- Use new utility function ads_sid_to_dn
- Don't search for 'dn=', rather call the ads_search_retry_dn()
nsswitch/winbindd_ads.c:
include/rpc_ds.h:
rpc_client/cli_ds.c:
- Fixup braindamage in cli_ds_enum_domain_trusts():
- This function was returning a UNISTR2 up to the caller, and
was doing nasty (invalid, per valgrind) things with memcpy()
- Create a new structure that represents this informaiton in a useful way
and use talloc.
Andrew Bartlett
(This used to be commit
627d33d1667f0d4b1070f988494885b74c4c04dd)
Andrew Bartlett [Mon, 5 Jan 2004 23:51:34 +0000 (23:51 +0000)]
(merge from 3.0)
Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.
VL rewrote most of Güther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.
I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was
atomic.
In particular, the range retrieval is now generic, for strings. It
could easily be made generic for any attribute type, if need be.
Andrew Bartlett
(This used to be commit
08e851c7417d52a86e31982fcfce695c8a6360b7)
Andrew Bartlett [Mon, 5 Jan 2004 23:48:04 +0000 (23:48 +0000)]
(merge from 3.0)
Even if the 'device type' is always an ascii string, use push_string to get
it out onto the wire. Avoids valgrind warnings because the fstrcpy() causes
part of the wire buffer to be 'marked'.
Andrew Bartlett
(This used to be commit
326becbde23c8039e1f0f00930bcab094bf91ed2)
Andrew Bartlett [Mon, 5 Jan 2004 23:45:14 +0000 (23:45 +0000)]
(merge from 3.0)
Match Win2k, and return NT_STATUS_INVALID_PARAMETER
if this parameter is not an account type
Andrew Bartlett
(This used to be commit
43ee2e0b6a6f95ce2864befeb08b5de2ace41c7c)
Andrew Bartlett [Mon, 5 Jan 2004 23:43:07 +0000 (23:43 +0000)]
(merge from 3.0)
Having no members of a group is a perfectly valid (if unusual) situation.
Andrew Bartlett
(This used to be commit
bc77b586be6992a662422304dbefbd4b833818fb)
Andrew Bartlett [Mon, 5 Jan 2004 23:41:50 +0000 (23:41 +0000)]
(merge from 3.0)
JHT came up with a nasty (broken) torture case in preparing examples for
his book.
This prompted me to look at the code that reads the unix group list. This
code did a lot of name -> uid -> name -> sid translations, which caused
problems. Instead, we now do just name -> sid
I also cleaned up some interfaces, and client tools.
Andrew Bartlett
(This used to be commit
cc535a6c70d8dcf677322e31b24dec58b23d80f0)
Andrew Bartlett [Mon, 5 Jan 2004 23:38:49 +0000 (23:38 +0000)]
(merge from 3.0)
Changes to our PAM code to cope with the fact that we can't handle some
domains (in particular, the domain of the current machine, if it is not a PDC)
By changing the error codes, we now return values that PAM can correctly
use for better stacking of PAM modules - in particular of the password change
module.
This allows pam_winbind to co-exist with other pam modules for password changes.
Andrew Bartlett
(This used to be commit
06b4eb4b9f867998c8faf9a91830ba3181cdf605)
Andrew Bartlett [Mon, 5 Jan 2004 23:37:07 +0000 (23:37 +0000)]
(merge from 3.0)
auth/auth_util.c:
- Fill in the 'backup' idea of a domain, if the DC didn't supply one. This
doesn't seem to occour in reality, hence why we missed the typo.
lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
- all the callers to pull_utf8_allocate() pass a char ** as the first
parammeter, so don't make them all cast it to a void **
nsswitch/winbind_util.c:
- Allow for a more 'correct' view of when usernames should be qualified
in winbindd. If we are a PDC, or have 'winbind trusted domains only',
then for the authentication returns stip the domain portion.
- Fix valgrind warning about use of free()ed name when looking up our
local domain. lp_workgroup() is maniplated inside a procedure that
uses it's former value. Instead, use the fact that our local domain is
always the first in the list.
--
Jerry rightly complained that we can't assume that the first domain is
our primary domain - new domains are added to the front of the list. :-(
Use a much more reliable 'flag test' instead. (note: changes winbind
structures, make clean).
--
Forgot to commit this for the 'get our primary domain' change.
Andrew Bartlett
(This used to be commit
acacd27ba25f7ebfec40bfa66d34ece543569e23)
Andrew Bartlett [Mon, 5 Jan 2004 23:28:50 +0000 (23:28 +0000)]
(merge from 3.0)
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.
This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.
--
Get the DOMAIN\username around the right way (I had username\domain...)
Push the unix username into utf8 for it's trip across the socket.
Andrew Bartlett
(This used to be commit
4c2e1189ff84d254f19b604999d011fdb17e538d)
Andrew Bartlett [Mon, 5 Jan 2004 23:25:56 +0000 (23:25 +0000)]
(merge from 3.0)
Remove testing hack
Make the name of the NTLMSSP client more consistant before we lock it in stone.
Andrew Bartlett
(This used to be commit
273dcda9ce62eb04c9cce673bb49b41982b26d98)
Andrew Bartlett [Mon, 5 Jan 2004 23:23:59 +0000 (23:23 +0000)]
(merge from 3.0)
Move our basic password checking code from inside the authentication
subsystem into a seperate file - ntlm_check.c.
This allows us to call these routines from ntlm_auth. The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind. This should allow for easier debugging.
ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's
work)
Andrew Bartlett
(This used to be commit
2f196bb31ac83cf7922583063c74a5f679ca5be7)
Andrew Bartlett [Mon, 5 Jan 2004 23:22:00 +0000 (23:22 +0000)]
(merge from 3.0)
Refactor our authentication and authentication testing code.
The next move will be to remove our password checking code from the SAM
authentication backend, and into a file where other parts of samba can use
it.
The ntlm_auth changes provide for better use of common code.
Andrew Bartlett
(This used to be commit
0d97b10248347398fbee66767baac0c7adf6889d)
Andrew Bartlett [Mon, 5 Jan 2004 23:20:59 +0000 (23:20 +0000)]
(merge from 3.0)
Add the alignment required before all 2-byte quantities in NDR. Allows us
to correctly parse plaintext netlogon calls with odd-length passwords
Andrew Bartlett
(This used to be commit
39d8a9e488eb31796e8e7eca42fe27f8218ce5d6)
Andrew Bartlett [Mon, 5 Jan 2004 23:19:49 +0000 (23:19 +0000)]
(merge from 3.0)
Shutting down the connection closes outstanding sessions, so we don't need
to do it twice...
Amdrew Bartlett
(This used to be commit
77b3515981ebe972a4c78e14b205d0c70a34b69f)
Andrew Bartlett [Mon, 5 Jan 2004 23:18:06 +0000 (23:18 +0000)]
(merge from 3.0)
Check the return value of string_to_sid in a few more places. (But
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)
Andrew Bartlett
(This used to be commit
74ea8682e4b5c78f456cc9284e953e35e4146a8b)
Andrew Bartlett [Mon, 5 Jan 2004 23:16:47 +0000 (23:16 +0000)]
(merge from 3.0)
Show the error message for failure to set the ldap password.
(For 'ldap password sync = yes')
Andrew Bartlett
(This used to be commit
ef5d2309c2252c9d6111738075f863b69b616722)
Andrew Bartlett [Mon, 5 Jan 2004 23:15:33 +0000 (23:15 +0000)]
(merge from 3.0)
Based on patch by Petri Asikainen <paca@sci.fi> fix bug #387 and #330.
This patch will change order how attributes are modified
from: add, delete
to: delete, add
This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit
e925cae0f3846ea95633d38afd652e0f3d8acfb9)
Jeremy Allison [Mon, 5 Jan 2004 21:01:06 +0000 (21:01 +0000)]
Fix from James Flemer <jflemer@uvm.edu> to make HAVE_ATTR_LIST linked to
HAVE_SYS_ATTRIBUTES_H to fix AIX compile.
Jeremy.
(This used to be commit
1d90cc2034c023755981a07a49c3d9958b60fb74)
Gerald Carter [Mon, 5 Jan 2004 20:24:21 +0000 (20:24 +0000)]
fix inverted check using krb5_kt_resolve() and HAVE_MEMORY_KEYTAB; bug 912
(This used to be commit
cca2afecd505881412df65c21c0389a0079cf023)
Jelmer Vernooij [Mon, 5 Jan 2004 00:57:53 +0000 (00:57 +0000)]
Merge commit to 3_0: add pdb_pgsql
(This used to be commit
61cbd5c9be1962d0c33c28ff472a2f82d3aa2a80)
Volker Lendecke [Sun, 4 Jan 2004 11:59:11 +0000 (11:59 +0000)]
Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.
Jerry: This is a change in behaviour, but I think it is necessary.
Volker
(This used to be commit
d32f47fedcff3fdf46f42926d1cd84433e7ab487)