Jeremy Allison [Thu, 17 Jul 2003 00:48:21 +0000 (00:48 +0000)]
Putting the framework for server signing in place. Ensure we don't use
sendfile when signing (I need to add this for readbraw/writebraw too...).
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 22:57:56 +0000 (22:57 +0000)]
Refactor signing code to remove most dependencies on 'struct cli'.
Ensure a server can't do a downgrade attack if client signing is mandatory.
Add a lp_server_signing() function and a 'server signing' parameter that
will act as the client one does.
Jeremy
Eloy Paris [Wed, 16 Jul 2003 21:30:02 +0000 (21:30 +0000)]
Further Debian fixes.
Jeremy Allison [Wed, 16 Jul 2003 21:06:21 +0000 (21:06 +0000)]
Add API framework for server SMB signing.
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 19:17:33 +0000 (19:17 +0000)]
Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed.
Jeremy.
Jeremy Allison [Wed, 16 Jul 2003 18:06:27 +0000 (18:06 +0000)]
Reformatting fixes to bring in line with the rest of the source.
Jeremy.
Gerald Carter [Wed, 16 Jul 2003 16:51:51 +0000 (16:51 +0000)]
adding command for moving a record from one tdb to another
Gerald Carter [Wed, 16 Jul 2003 16:26:40 +0000 (16:26 +0000)]
make tdbtool deal with NULL and non-NULL terminated keys
Gerald Carter [Wed, 16 Jul 2003 15:01:26 +0000 (15:01 +0000)]
sync with release tree
Volker Lendecke [Wed, 16 Jul 2003 13:57:53 +0000 (13:57 +0000)]
Fix memleak
Volker Lendecke [Wed, 16 Jul 2003 13:35:23 +0000 (13:35 +0000)]
typo
Tim Potter [Wed, 16 Jul 2003 05:51:10 +0000 (05:51 +0000)]
Spelling.
John Terpstra [Wed, 16 Jul 2003 05:42:10 +0000 (05:42 +0000)]
Documentation Update for Beta3.
Gerald Carter [Wed, 16 Jul 2003 04:53:57 +0000 (04:53 +0000)]
removing outdated scripts
Gerald Carter [Wed, 16 Jul 2003 04:50:45 +0000 (04:50 +0000)]
remove outdated doc
Gerald Carter [Wed, 16 Jul 2003 03:54:08 +0000 (03:54 +0000)]
adding another missing doc
Gerald Carter [Wed, 16 Jul 2003 03:51:25 +0000 (03:51 +0000)]
updating WHATSNEW
removing old readme (not part of WHATSNEW)
Andrew Bartlett [Wed, 16 Jul 2003 03:22:43 +0000 (03:22 +0000)]
Fix up our auth_pipe code to always cope with fragmented datagrams,
in both SCHANNEL and NTLMSSP.
(Try not to deal with a general case as individual special cases...)
Andrew Bartlett
Gerald Carter [Wed, 16 Jul 2003 02:51:28 +0000 (02:51 +0000)]
fix typo in debug log
Gerald Carter [Wed, 16 Jul 2003 02:20:53 +0000 (02:20 +0000)]
fixes for 'net rpc vampire'. I can now take a blank Samba host
and migrate an NT4 domain and still logon from domain members
(tested logon scripts, system policies, profiles, & home directories)
(passdb backend = tdbsam)
removed call to idmap_init_wellknown_sids() from winbindd.c
since the local domain should be handled by the guest passdb backend
(and you don't really always want the Administrator account to be root)
...and we didn't pay attention to this anyways now.
Gerald Carter [Wed, 16 Jul 2003 02:17:55 +0000 (02:17 +0000)]
Volker's patch for open_socket_out() to speed up connections
Tim Potter [Wed, 16 Jul 2003 00:13:40 +0000 (00:13 +0000)]
Fix from Dragan Krnic for handling files in tar archives > 8GB.
Fixes bug 102.
Jeremy Allison [Tue, 15 Jul 2003 23:05:57 +0000 (23:05 +0000)]
Added the "required" keyword to the "client signing" parameter to force it
on. Fail if missmatch. Small format tidyups in smbd/sesssetup.c. Preparing
to add signing on server side.
Jeremy.
Jeremy Allison [Tue, 15 Jul 2003 22:26:47 +0000 (22:26 +0000)]
Add a cli_ prefix to a few functions to ensure everything that takes a struct cli_state
is so marked.
Jeremy
Gerald Carter [Tue, 15 Jul 2003 21:33:28 +0000 (21:33 +0000)]
fix schannel processing on fragmented PDUs. 'net rpc vampire' works again.
Volker Lendecke [Tue, 15 Jul 2003 17:27:39 +0000 (17:27 +0000)]
Fix memleak
Volker Lendecke [Tue, 15 Jul 2003 17:23:36 +0000 (17:23 +0000)]
We should report if a group mapping fails. This should fix bug#225.
Jerry, this is assigned to you. Do you want to answer it?
However, we have to decide what to do if a mapping is to be done for a
unix group not in LDAP....
Volker
Eloy Paris [Tue, 15 Jul 2003 17:22:38 +0000 (17:22 +0000)]
Debian updates. Brings files in packaging/Debian on par with the
latest Debian official packages for Debian unstable. Also fixes
patches that got out of date in the beta2->beta3 development process.
Alexander Bokovoy [Tue, 15 Jul 2003 17:21:21 +0000 (17:21 +0000)]
Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
Volker Lendecke [Tue, 15 Jul 2003 17:00:11 +0000 (17:00 +0000)]
Fix memleaks
Volker Lendecke [Tue, 15 Jul 2003 16:46:20 +0000 (16:46 +0000)]
Fix memleak
Volker Lendecke [Tue, 15 Jul 2003 16:07:50 +0000 (16:07 +0000)]
Jim, could you please look at this? smbpasswd -a <username> was broken
for me without this patch. I'm not sure if I interpreted your patch to
this code right.
Thanks,
Volker
Gerald Carter [Tue, 15 Jul 2003 16:02:51 +0000 (16:02 +0000)]
Mandrake packaging updates from Buchan
Alexander Bokovoy [Tue, 15 Jul 2003 13:00:20 +0000 (13:00 +0000)]
Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
Alexander Bokovoy [Tue, 15 Jul 2003 12:12:15 +0000 (12:12 +0000)]
Fix cut&paste bug in strdup() usage example. Found by Metze
Alexander Bokovoy [Tue, 15 Jul 2003 09:50:44 +0000 (09:50 +0000)]
Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
Gerald Carter [Tue, 15 Jul 2003 04:38:20 +0000 (04:38 +0000)]
odding some more docs
Gerald Carter [Tue, 15 Jul 2003 04:33:37 +0000 (04:33 +0000)]
adding docs on hew parameters I added.
Gerald Carter [Tue, 15 Jul 2003 04:24:37 +0000 (04:24 +0000)]
update docs to reflect the change in default behavior for winbindd
Gerald Carter [Tue, 15 Jul 2003 04:19:57 +0000 (04:19 +0000)]
remove -B and default to dual-daemon mode (-Y to run as a single process)
Gerald Carter [Tue, 15 Jul 2003 02:27:00 +0000 (02:27 +0000)]
make sure to fallback to rid algoruthm for users not in smbpasswd (e.g. force user = foo)
Andrew Bartlett [Tue, 15 Jul 2003 01:07:12 +0000 (01:07 +0000)]
SPNEGO SMB signing is now fixed for NTLMSSP, with kerberos to follow shortly.
Andrew Bartlett
Gerald Carter [Mon, 14 Jul 2003 19:51:34 +0000 (19:51 +0000)]
fix cache coherency bug in print handle print_info_2 cache.
Needs to be rewritten to use a reference counter, but this
will work for now.
also the memory allocation in the printing code needs to be cleaned
up to use talloc exclusively.
Alexander Bokovoy [Mon, 14 Jul 2003 15:03:19 +0000 (15:03 +0000)]
Small documentation fixes from Metze
Andrew Bartlett [Mon, 14 Jul 2003 12:56:30 +0000 (12:56 +0000)]
Fix compile error noticed by Ken Cross, use the utility function instead
of an inline replacement...
Andrew Bartlett
Andrew Bartlett [Mon, 14 Jul 2003 10:38:23 +0000 (10:38 +0000)]
Fix SMB signing when using NTLMSSP...
It's so simple now I know how it works - and it has nothing to do with
NTLMSSP (it's just a slightly different use of the old algorithm). :-).
Note: This is actually less secure then the non-NTLMSSP code, as there is
no per-session random data included for NTLM logins. (NTLMv2 is better,
fortunetly).
Andrew Bartlett
Andrew Bartlett [Mon, 14 Jul 2003 08:46:32 +0000 (08:46 +0000)]
Jeremy requested that I get my NTLMSSP patch into CVS. He didn't request
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
John Terpstra [Mon, 14 Jul 2003 05:17:52 +0000 (05:17 +0000)]
Typo fixes from Vorlon.
Tim Potter [Mon, 14 Jul 2003 05:13:30 +0000 (05:13 +0000)]
Don't bomb out when trying to unmarshall a zero length printerdata value.
Fixes remote printer publishing of shared printers from a Samba server.
Tim Potter [Mon, 14 Jul 2003 01:49:07 +0000 (01:49 +0000)]
Delete obsolete comment.
Tim Potter [Mon, 14 Jul 2003 01:18:43 +0000 (01:18 +0000)]
Undo 'Fix compiler warning'. It didn't work because the value of inbuf changes so
we end up freeing a pointer we didn't mallocate.
Also, calling strdup() in a frequently called function just to clear up a
const compiler warning seems inelegant and inefficient.
Simo Sorce [Sun, 13 Jul 2003 21:41:23 +0000 (21:41 +0000)]
use the specific funtion we have to check if a SID belong to our domain
Rafal Szczesniak [Sun, 13 Jul 2003 16:25:55 +0000 (16:25 +0000)]
Fix compiler warning.
Volker Lendecke [Sun, 13 Jul 2003 09:43:58 +0000 (09:43 +0000)]
Argl. Thinking twice and looking at the rest of callers of sid_compare_domain
proved the last patch wrong.
Sorry.
Volker
Volker Lendecke [Sun, 13 Jul 2003 09:38:55 +0000 (09:38 +0000)]
We have an API to compare the domain parts of two SIDs, so use it.
Volker
Jeremy Allison [Sat, 12 Jul 2003 00:27:22 +0000 (00:27 +0000)]
Fixed memory leaks, added krb5 replay cache. Now I need to add code to check
the incoming addresses....
Jeremy.
Gerald Carter [Fri, 11 Jul 2003 18:12:24 +0000 (18:12 +0000)]
patch for domain groups with no members (rpc only) from Ken Cross
Richard Sharpe [Fri, 11 Jul 2003 17:50:59 +0000 (17:50 +0000)]
Fix a small typo in a comment and pretty it up a bit.
Gerald Carter [Fri, 11 Jul 2003 16:37:23 +0000 (16:37 +0000)]
fix sid_to_[uid|gid] (spotted by Volker).
Still testing this, but I'm checking it in
so Volker can test it as well. Should be right.
Gerald Carter [Fri, 11 Jul 2003 15:17:06 +0000 (15:17 +0000)]
fix unitialised variable
Gerald Carter [Fri, 11 Jul 2003 15:09:57 +0000 (15:09 +0000)]
fix winbindd init sctipt
Herb Lewis [Fri, 11 Jul 2003 14:33:13 +0000 (14:33 +0000)]
use names from enumerated type to get rid of compiler warnings
Jim McDonough [Fri, 11 Jul 2003 14:33:03 +0000 (14:33 +0000)]
Doesn't re-prompt for password when it is specified on the cmdline
Herb Lewis [Fri, 11 Jul 2003 14:20:12 +0000 (14:20 +0000)]
get rid of CFLAGS from LDSHFLAGS and WINBIND_NSS_LDSHFLAGS and instead
define it in SHLD for those systems the use CC for SHLD.
Gerald Carter [Fri, 11 Jul 2003 05:33:40 +0000 (05:33 +0000)]
moving more code around.
* move rid allocation into IDMAP. See comments in _api_samr_create_user()
* add winbind delete user/group functions
I'm checking this in to sync up with everyone. But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow.
Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.
going to bed now.
Tim Potter [Fri, 11 Jul 2003 05:05:08 +0000 (05:05 +0000)]
Fix yet another place where we store a Samba version number. )-:
Tim Potter [Fri, 11 Jul 2003 04:51:52 +0000 (04:51 +0000)]
Ignore autogenerated files.
Tim Potter [Fri, 11 Jul 2003 04:48:08 +0000 (04:48 +0000)]
Remove references to obsolete codepage binaries, codepages and unicode
map files.
Other part of fix for bug 218.
Tim Potter [Fri, 11 Jul 2003 04:45:33 +0000 (04:45 +0000)]
Fix references to plain password registry files pointing at an old
location. These files are now in docs/Registry. For some reason only
the PlainPassword files are included in the packaging, not some of the
other useful Samba related registry mods such as sign or seal and
terminal server.
I also removed the reference to checkinstall as it doesn't seem to
exist on the Solaris system in the build farm and I can't figure out
what it is supposed to do (always a good reason to delete something).
docs.solaris.com says "The checkinstall script is only available with
the Solaris(TM) 2.5 and compatible releases" so maybe this file is
obsolete.
Part of fix for bug 218.
Tim Potter [Fri, 11 Jul 2003 03:32:11 +0000 (03:32 +0000)]
Fix for bug 203. Avoid using an autoconf expanded variable preceeded by a backslash
in case the variable is empty. This apparently confuses some makes.
Tim Potter [Fri, 11 Jul 2003 03:30:18 +0000 (03:30 +0000)]
Ignore *.po
Rafal Szczesniak [Thu, 10 Jul 2003 23:22:09 +0000 (23:22 +0000)]
Just a few formatting fixed caught while testing.
rafal
Jelmer Vernooij [Thu, 10 Jul 2003 23:12:00 +0000 (23:12 +0000)]
Document 'security = ads'
Jelmer Vernooij [Thu, 10 Jul 2003 22:40:56 +0000 (22:40 +0000)]
Fix typo
Gerald Carter [Thu, 10 Jul 2003 20:37:01 +0000 (20:37 +0000)]
i guess i'm the only one this ever annyoed...
fix the confusion when we tdb_lock_bystring() but
we retrieve an entry using tdb_fetch_by_string.
It's now always tdb.*bystring()
Richard Sharpe [Thu, 10 Jul 2003 17:39:05 +0000 (17:39 +0000)]
Final piece of support needed to find iconv libraries on FreeBSD.
This has been tested on RedHat 9.0 with libiconv built in as well as
FreeBSD 4.6.2 with iconv-2.0.3 and biconv.g/libbiconv.
We should perhaps also check for other conversions that just ASCII<-->UCS-2LE
especially because those two names do not appear in charset.aliases for
iconv-2.0.3.
Richard Sharpe [Thu, 10 Jul 2003 15:23:09 +0000 (15:23 +0000)]
Fix a small problem I seem to have introduced into aclocal.m4
Volker Lendecke [Thu, 10 Jul 2003 14:21:43 +0000 (14:21 +0000)]
pdbedit should not call idmap anymore. Otherwise pdbedit -L would
allocate id's.
Volker
Volker Lendecke [Thu, 10 Jul 2003 14:12:37 +0000 (14:12 +0000)]
Add const
Tim Potter [Thu, 10 Jul 2003 08:27:55 +0000 (08:27 +0000)]
Fix shadow parameter warning.
Richard Sharpe [Wed, 9 Jul 2003 23:01:08 +0000 (23:01 +0000)]
Fix a small spelling mistake and push out the new version of aclocal.m4 to
properly handle iconv on FreeBSD ...
It works on Linux and FreeBSD ...
Jelmer Vernooij [Wed, 9 Jul 2003 19:11:38 +0000 (19:11 +0000)]
Don't print status message for every smb.conf option processed - it makes tracking down errors difficult
Jelmer Vernooij [Wed, 9 Jul 2003 19:07:06 +0000 (19:07 +0000)]
First results of 'make undocumented' - fix some typos and remove obsolete option
Jelmer Vernooij [Wed, 9 Jul 2003 18:51:18 +0000 (18:51 +0000)]
Move find_missing_doc.pl to the docs system
Jelmer Vernooij [Wed, 9 Jul 2003 18:50:17 +0000 (18:50 +0000)]
Add make target 'undocumented'
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:43 +0000 (18:31 +0000)]
Be less verbose, support outputting all types of variables(both G and S)
Jelmer Vernooij [Wed, 9 Jul 2003 18:31:03 +0000 (18:31 +0000)]
Update for docbook XML
Gerald Carter [Wed, 9 Jul 2003 16:44:47 +0000 (16:44 +0000)]
Large set of changes to add UNIX account/group management
to winbindd. See README.idmap-and-winbind-changes for details.
Gerald Carter [Wed, 9 Jul 2003 03:32:07 +0000 (03:32 +0000)]
more compile fixes for become/unbecome_root()
Gerald Carter [Wed, 9 Jul 2003 03:25:39 +0000 (03:25 +0000)]
fix linking issues in winbindd with become/unbecome_root() in passdb.c
Jeremy Allison [Wed, 9 Jul 2003 00:23:42 +0000 (00:23 +0000)]
Get rid of DISP_USER_INFO/DISP_GROUP_INFO as they serve no useful
purpose. Replace with an array of SAM_ACCOUNT/DOMAIN_GRP entries.
ZERO struct's in smbd/uid.c stops core dumps when sid_to_XX
functions fail. Getting ready to add caching.
Jeremy.
Jeremy Allison [Wed, 9 Jul 2003 00:20:43 +0000 (00:20 +0000)]
Fix up become_root/unbecome_root pairs needed around local passdb
lookups.
Jeremy.
Jeremy Allison [Wed, 9 Jul 2003 00:01:40 +0000 (00:01 +0000)]
Ensure we correctly test for errors in uid/gid_to sid.
Jeremy.
Jeremy Allison [Tue, 8 Jul 2003 21:58:29 +0000 (21:58 +0000)]
Moved SAM_ACCOUNT marshall/unmarshall functions to make them externally
available. Removed extra auth_init (thanks metze).
Jeremy.
Gerald Carter [Tue, 8 Jul 2003 17:19:37 +0000 (17:19 +0000)]
standlone servers don't have any trusted domains
Gerald Carter [Tue, 8 Jul 2003 17:04:11 +0000 (17:04 +0000)]
fix bone head mistake when setting the uid in the server_info struct.
Tim Potter [Tue, 8 Jul 2003 05:37:13 +0000 (05:37 +0000)]
Initialise the uid and gid values to a safe default in make_server_info()
Gerald Carter [Tue, 8 Jul 2003 03:16:28 +0000 (03:16 +0000)]
fix some formatting
Gerald Carter [Tue, 8 Jul 2003 02:19:16 +0000 (02:19 +0000)]
fix temporary bug so people can test 3.0 again; make sure to initialize the uid for the server_info struct
Tim Potter [Tue, 8 Jul 2003 01:04:06 +0000 (01:04 +0000)]
Spelling.