Jelmer Vernooij [Thu, 10 Jul 2003 22:40:56 +0000 (22:40 +0000)]
Fix typo
Gerald Carter [Thu, 10 Jul 2003 20:37:01 +0000 (20:37 +0000)]
i guess i'm the only one this ever annyoed...
fix the confusion when we tdb_lock_bystring() but
we retrieve an entry using tdb_fetch_by_string.
It's now always tdb.*bystring()
Richard Sharpe [Thu, 10 Jul 2003 17:39:05 +0000 (17:39 +0000)]
Final piece of support needed to find iconv libraries on FreeBSD.
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.
We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
Richard Sharpe [Thu, 10 Jul 2003 15:23:09 +0000 (15:23 +0000)]
Fix a small problem I seem to have introduced into aclocal.m4
Volker Lendecke [Thu, 10 Jul 2003 14:21:43 +0000 (14:21 +0000)]
pdbedit should not call idmap anymore. Otherwise pdbedit -L would
allocate id's.
Volker
Volker Lendecke [Thu, 10 Jul 2003 14:12:37 +0000 (14:12 +0000)]
Add const
Tim Potter [Thu, 10 Jul 2003 08:27:55 +0000 (08:27 +0000)]
Fix shadow parameter warning.
Richard Sharpe [Wed, 9 Jul 2003 23:01:08 +0000 (23:01 +0000)]
Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...
It works on Linux and FreeBSD ...
Jelmer Vernooij [Wed, 9 Jul 2003 19:11:38 +0000 (19:11 +0000)]
Don't print status message for every smb.conf option processed - it makes tracking down errors difficult
Jelmer Vernooij [Wed, 9 Jul 2003 19:07:06 +0000 (19:07 +0000)]
First results of 'make undocumented' - fix some typos and remove obsolete option
Jelmer Vernooij [Wed, 9 Jul 2003 18:51:18 +0000 (18:51 +0000)]
Move find_missing_doc.pl to the docs system
Jelmer Vernooij [Wed, 9 Jul 2003 18:50:17 +0000 (18:50 +0000)]
Add make target 'undocumented'
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:43 +0000 (18:31 +0000)]
Be less verbose, support outputting all types of variables(both G and S)
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:03 +0000 (18:31 +0000)]
Update for docbook XML
Gerald Carter [Wed, 9 Jul 2003 16:44:47 +0000 (16:44 +0000)]
Large set of changes to add UNIX account/group management
to winbindd. See README.idmap-and-winbind-changes for details.
Gerald Carter [Wed, 9 Jul 2003 03:32:07 +0000 (03:32 +0000)]
more compile fixes for become/unbecome_root()
Gerald Carter [Wed, 9 Jul 2003 03:25:39 +0000 (03:25 +0000)]
fix linking issues in winbindd with become/unbecome_root() in passdb.c
Jeremy Allison [Wed, 9 Jul 2003 00:23:42 +0000 (00:23 +0000)]
Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
Jeremy Allison [Wed, 9 Jul 2003 00:20:43 +0000 (00:20 +0000)]
Fix up become_root/unbecome_root pairs needed around local passdb
lookups.
Jeremy.
Jeremy Allison [Wed, 9 Jul 2003 00:01:40 +0000 (00:01 +0000)]
Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
Jeremy Allison [Tue, 8 Jul 2003 21:58:29 +0000 (21:58 +0000)]
Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
Gerald Carter [Tue, 8 Jul 2003 17:19:37 +0000 (17:19 +0000)]
standlone servers don't have any trusted domains
Gerald Carter [Tue, 8 Jul 2003 17:04:11 +0000 (17:04 +0000)]
fix bone head mistake when setting the uid in the server_info struct.
Tim Potter [Tue, 8 Jul 2003 05:37:13 +0000 (05:37 +0000)]
Initialise the uid and gid values to a safe default in make_server_info()
Gerald Carter [Tue, 8 Jul 2003 03:16:28 +0000 (03:16 +0000)]
fix some formatting
Gerald Carter [Tue, 8 Jul 2003 02:19:16 +0000 (02:19 +0000)]
fix temporary bug so people can test 3.0 again; make sure to initialize the uid for the server_info struct
Tim Potter [Tue, 8 Jul 2003 01:04:06 +0000 (01:04 +0000)]
Spelling.
Jeremy Allison [Mon, 7 Jul 2003 22:29:40 +0000 (22:29 +0000)]
Fix spotted by Nadav Danieli <nadavd@exanet.com> - ensure dev and inode
to fix open mode race condition.
Jeremy.
Jeremy Allison [Mon, 7 Jul 2003 21:00:33 +0000 (21:00 +0000)]
Fix the build...
Jeremy.
Jeremy Allison [Mon, 7 Jul 2003 20:22:35 +0000 (20:22 +0000)]
Fix from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp> for new MB statcache
code. Bug #185.
Jeremy.
Gerald Carter [Mon, 7 Jul 2003 20:13:59 +0000 (20:13 +0000)]
another compile fix
Gerald Carter [Mon, 7 Jul 2003 20:11:53 +0000 (20:11 +0000)]
fix some compile problems. Can't get IDMAP_OBJ our of proto.h
just yet.
`
Gerald Carter [Mon, 7 Jul 2003 20:00:29 +0000 (20:00 +0000)]
Cleaning up linking issues. sam/idmap*.c only links in
winbindd now. Also removing an unused file.
Jeremy Allison [Mon, 7 Jul 2003 17:04:48 +0000 (17:04 +0000)]
Fixed a couple of const issues with the new code.
Jeremy.
Gerald Carter [Mon, 7 Jul 2003 05:28:51 +0000 (05:28 +0000)]
temporarily disable a sanity check to prevent winbindd from deadlocking
on a Samba PDC. Will be re-enabled after winbind_passdb is done.
Gerald Carter [Mon, 7 Jul 2003 05:11:10 +0000 (05:11 +0000)]
and so it begins....
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
Tim Potter [Mon, 7 Jul 2003 02:50:09 +0000 (02:50 +0000)]
Call the synchronous version of the ldap delete function otherwise we end up
treating the returned message id as an error code.
John Terpstra [Sun, 6 Jul 2003 06:56:58 +0000 (06:56 +0000)]
Adding profile acls man entry for smb.conf.5
Andrew Bartlett [Sun, 6 Jul 2003 06:18:54 +0000 (06:18 +0000)]
Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
is no such user...
Thanks to jerry for spotting this.
Also clean up the function a bit, to avoid this happening again...
Andrew Bartlett
Andrew Bartlett [Sun, 6 Jul 2003 05:51:20 +0000 (05:51 +0000)]
This changes our Unix primary GID behaviour back to what most people expect:
Samba will now use the user's UNIX primary group, as the primary group when
dealing with the filesystem. The NT primary group is ignored in unix.
For the NT_TOKEN, the primary group is the NT priamry group, and the unix
primary group is added to the NT_TOKEN as a supplementary group.
This should fix bug #109, but will need to be revisited when we get a full
NT group database.
Also in this commit:
- Fix debug statements in service.c
- Make idmap_ldap show if it's adding, or modifying an existing DN
- Make idmap_ldap show both the error message and error string
Andrew Bartlett [Sat, 5 Jul 2003 13:51:54 +0000 (13:51 +0000)]
This parameter is unused.
Andrew Bartlett
Andrew Bartlett [Sat, 5 Jul 2003 11:04:09 +0000 (11:04 +0000)]
Fix comment
Andrew Bartlett [Sat, 5 Jul 2003 10:39:41 +0000 (10:39 +0000)]
Add some debug statments to our vampire code - try to make it easier to track
down failures.
Add a 'auto-add on modify' feature to guestsam
Fix some segfault bugs on no-op idmap modifications, and on new idmappings that
do not have a DN to tack onto.
Make the 'private data' a bit more robust.
Andrew Bartlett
Andrew Bartlett [Sat, 5 Jul 2003 09:46:12 +0000 (09:46 +0000)]
Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
on Get_Pwnam()
- Look for previous users (lookup by SID) and correctly modify the existing
entry in that case
- Map the root user to the Admin SID as a 'well known user'
- Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
call on that user. This means that VL's very nice work on atomic LDAP
updates now really gets used properly!
- This also means that we know the right DN to update, without the extra
round-trips to the server.
Andrew Bartlett
Andrew Bartlett [Sat, 5 Jul 2003 08:05:06 +0000 (08:05 +0000)]
PAM should operate on the Unix username, not the NT username (which might not
have the domain\ qualification).
Andrew Bartlett
Andrew Bartlett [Sat, 5 Jul 2003 05:19:28 +0000 (05:19 +0000)]
Allow modification of an existing entry.
We still have a lot of work to do to allow this in quite the same way as we
have in the TDB, but it certainly is getting closer.
Andrew Bartlett
Jelmer Vernooij [Sat, 5 Jul 2003 01:52:55 +0000 (01:52 +0000)]
Fix typos
Jelmer Vernooij [Sat, 5 Jul 2003 01:50:16 +0000 (01:50 +0000)]
Update from Andrew Bartlett with documentation for
'client lanman auth' and 'client ntlmv2 auth'
Andrew Bartlett [Sat, 5 Jul 2003 01:25:10 +0000 (01:25 +0000)]
Clear up the difference between 'smb signing' and 'sign&seal' - which has to
this point referred to schannel.
Andrew Bartlett
Jelmer Vernooij [Fri, 4 Jul 2003 21:24:31 +0000 (21:24 +0000)]
Add smb_event_id to list of return types (patch from metze)
Jeremy Allison [Fri, 4 Jul 2003 18:52:31 +0000 (18:52 +0000)]
More conversions I missed. Thanks metze.
Jeremy.
Jeremy Allison [Fri, 4 Jul 2003 18:50:21 +0000 (18:50 +0000)]
Fixed strlower changes I missed. Pointed out by metze.
Jeremy
Andrew Bartlett [Fri, 4 Jul 2003 14:03:29 +0000 (14:03 +0000)]
Don't allow RIDs (in our domain) below 1000 (or algorithmic rid base) to be
mapped with the rid algorithm.
Instead, a uid/gid from the UID/GID range will be allocated for this RID.
Andrew Bartlett
Andrew Bartlett [Fri, 4 Jul 2003 13:35:35 +0000 (13:35 +0000)]
Update WHATSNEW with the further LDAP schema changes in previous commit.
Andrew Bartlett
Andrew Bartlett [Fri, 4 Jul 2003 13:29:42 +0000 (13:29 +0000)]
This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
Alexander Bokovoy [Fri, 4 Jul 2003 09:56:50 +0000 (09:56 +0000)]
Fix memleak in groupdb. Spotted by Metze
Tim Potter [Fri, 4 Jul 2003 03:03:47 +0000 (03:03 +0000)]
Display libraries detected by configure but before configure
summary as suggested by abartlet.
Eloy Paris [Fri, 4 Jul 2003 01:51:06 +0000 (01:51 +0000)]
Debian updates.
Jeremy Allison [Thu, 3 Jul 2003 19:11:31 +0000 (19:11 +0000)]
Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
Gerald Carter [Thu, 3 Jul 2003 17:18:07 +0000 (17:18 +0000)]
Fix for bug #199 (xp driver uploads). Needed to support
the "OSVersion" print server data value.
Gerald Carter [Thu, 3 Jul 2003 16:23:11 +0000 (16:23 +0000)]
fix for bug #200. flush connections if the machine trsut account
changed underneath us.
Andrew Bartlett [Thu, 3 Jul 2003 14:56:04 +0000 (14:56 +0000)]
Missed this in the previous patch - we now have a seperate idea of the
'unix username' from the NT username, in the auth subsystem at least.
Andrew Bartlett
Andrew Bartlett [Thu, 3 Jul 2003 14:36:42 +0000 (14:36 +0000)]
This patch takes the work the jerry did for beta2, and generalises it:
- The 'not implmented' checks are now done by all auth modules
- the ntdomain/trustdomain/winbind modules are more presise as to
what domain names they can and cannot handle
- The become_root() calls are now around the winbind pipe opening only,
not the entire auth call
- The unix username is kept seperate from the NT username, removing the
need for 'clean off the domain\' in parse_net.c
- All sid->uid translations are now validated with getpwuid() to put a very
basic stop to logins with 'half deleted' accounts.
Andrew Bartlett
Tim Potter [Thu, 3 Jul 2003 05:58:55 +0000 (05:58 +0000)]
Some fixes for ads printer publish:
- check error return for cli_full_connection() when trying to obtain
printer data
- check error return on ads_find_machine_acct()
- Minor reformatting to separate fetching printer data from publishing it
Tim Potter [Thu, 3 Jul 2003 05:08:51 +0000 (05:08 +0000)]
Implemented 'net ads printer search' which searches the directory for
published printers.
At the moment we don't search using any parameters but this can be
fixed by changing the LDAP search string. Also we should contact
the global catalog at SRV _gc._tcp instead of the ldap server we
get back from ads_startup().
Gerald Carter [Thu, 3 Jul 2003 04:54:49 +0000 (04:54 +0000)]
fix bug #190; WINS server was getting marked as dead when it was not.
Tim Potter [Thu, 3 Jul 2003 04:12:54 +0000 (04:12 +0000)]
Fix bug in doxygen comments for ads search functions.
Eloy Paris [Thu, 3 Jul 2003 04:06:28 +0000 (04:06 +0000)]
More Debian updates.
Gerald Carter [Thu, 3 Jul 2003 03:56:16 +0000 (03:56 +0000)]
well this was easy...
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user
has a username of DOMAIN\user. Make sure to trim the domain part
from the username when filling in the net_sam_logon reply.
This fixes the browsing issues i was seen across domain trusts.
Eloy Paris [Thu, 3 Jul 2003 02:43:49 +0000 (02:43 +0000)]
Debian updates.
Jeremy Allison [Wed, 2 Jul 2003 22:32:05 +0000 (22:32 +0000)]
Fix for idmap startup bug with remote ldap backend.
Jeremy.
Richard Sharpe [Wed, 2 Jul 2003 21:15:59 +0000 (21:15 +0000)]
Fixing problems in the iconv discovery stuff in configure.in.
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
Jeremy Allison [Wed, 2 Jul 2003 20:01:51 +0000 (20:01 +0000)]
Added fix for Japanese case names in statcache - these can change
size on upper casing. Based on patch from monyo@home.monyo.com.
Jeremy.
Alexander Bokovoy [Wed, 2 Jul 2003 04:37:48 +0000 (04:37 +0000)]
Propagate changes to WHATSNEW.txt from release tree so that they would not be out of sync with reality.
Gerald Carter [Wed, 2 Jul 2003 03:40:06 +0000 (03:40 +0000)]
SAMBA_3_0 will now become beta3
beta2 is captured in the release branch
Tim Potter [Wed, 2 Jul 2003 03:07:20 +0000 (03:07 +0000)]
The default_realm parameter needs to be set in a minimal krb5.conf.
Tim Potter [Wed, 2 Jul 2003 03:04:15 +0000 (03:04 +0000)]
Fix poptOption definition for --no-pass and --kerberos options. The 'value'
field for an option should be set to an identifier to use in a switch
statement or zero if the the arg field is to be updated only.
This fixes smbclient -k always prompting for a password which we don't need.
Tim Potter [Wed, 2 Jul 2003 03:01:27 +0000 (03:01 +0000)]
Suggest the user runs kinit if smbclient -k returns NT_STATUS_MORE_PROCESSING_REQUIRED.
Tim Potter [Wed, 2 Jul 2003 01:37:18 +0000 (01:37 +0000)]
Update my email address.
Tim Potter [Wed, 2 Jul 2003 01:23:13 +0000 (01:23 +0000)]
Uppercase first letter of debug level 0 statements.
Tim Potter [Wed, 2 Jul 2003 01:09:17 +0000 (01:09 +0000)]
#ifdef out apparently unused function.
Jelmer Vernooij [Wed, 2 Jul 2003 00:57:34 +0000 (00:57 +0000)]
Regenerate manpages
Jeremy Allison [Wed, 2 Jul 2003 00:08:29 +0000 (00:08 +0000)]
Whitespace reformat before applying a patch.
Jeremy.
Jelmer Vernooij [Tue, 1 Jul 2003 22:58:52 +0000 (22:58 +0000)]
regenerate docs
Jeremy Allison [Tue, 1 Jul 2003 22:07:27 +0000 (22:07 +0000)]
Fix for bug 189 from MORIYAMA Masayuki <msyk@mtg.biglobe.ne.jp>. Incorrect
call for Japanese characters.
Jeremy.
Jeremy Allison [Tue, 1 Jul 2003 21:47:13 +0000 (21:47 +0000)]
Adding jcmd's share ACL on XP patch. Thanks Jim !
Jeremy.
Jelmer Vernooij [Tue, 1 Jul 2003 21:46:11 +0000 (21:46 +0000)]
Generate docs.
Jelmer Vernooij [Tue, 1 Jul 2003 21:23:13 +0000 (21:23 +0000)]
Use entities
Jelmer Vernooij [Tue, 1 Jul 2003 21:21:03 +0000 (21:21 +0000)]
Fix some syntax errors and typo's
John Terpstra [Tue, 1 Jul 2003 21:10:25 +0000 (21:10 +0000)]
Adding idmap uid/gid smb.conf man page entries. Marking winbind uid/gid as deprecated.
Jelmer Vernooij [Tue, 1 Jul 2003 21:00:50 +0000 (21:00 +0000)]
Fix a typo
Jelmer Vernooij [Tue, 1 Jul 2003 20:58:55 +0000 (20:58 +0000)]
Document "client use spnego"
Gerald Carter [Tue, 1 Jul 2003 20:41:50 +0000 (20:41 +0000)]
sync with release branch
John Terpstra [Tue, 1 Jul 2003 20:33:52 +0000 (20:33 +0000)]
JMCD's fixes also.
John Terpstra [Tue, 1 Jul 2003 20:29:38 +0000 (20:29 +0000)]
Fix typos, add a little clarification.
Gerald Carter [Tue, 1 Jul 2003 18:34:31 +0000 (18:34 +0000)]
being a responsible developer for a change. Make sure to
update the docs wrt to the recent code changes.
Can someone regenerate these in the SAMBA_3_0 tree please?
Thanks.
Gerald Carter [Tue, 1 Jul 2003 18:09:29 +0000 (18:09 +0000)]
syncing newer files to SAMBA_3_0
Gerald Carter [Tue, 1 Jul 2003 18:08:11 +0000 (18:08 +0000)]
removing nisplussam
Gerald Carter [Tue, 1 Jul 2003 17:51:52 +0000 (17:51 +0000)]
* fixed volker's wbinfo -a lockup again. This one was my fault.
It was caused by the winbind_ping() call in is_trusted_domain()
o if we are a DC then we check our own direct trust relationships
we have to rely on winbindd to update the truatdom_cache
o if we are a domain member, then we can update the trustdom_cache
ourselves if winbindd is not there
Gerald Carter [Tue, 1 Jul 2003 16:57:38 +0000 (16:57 +0000)]
initial draft of changeset