20 years agomake sam_account_ok static.
Andrew Bartlett [Sun, 11 Nov 2001 11:15:28 +0000 (11:15 +0000)]
make sam_account_ok static.

remove rudundent  not null checks

fix indenting
(This used to be commit 3eada888fddb1f0cb7c0ed7037eb1c60e7988ad9)

20 years agoThis extra check isn't needed, we can only get here if secuirty=domain
Andrew Bartlett [Sun, 11 Nov 2001 11:11:56 +0000 (11:11 +0000)]
This extra check isn't needed, we can only get here if secuirty=domain
(This used to be commit 600d83e43f61eb138115731ce089ba42d63e0924)

20 years agoMinor updates. A small dose of const.
Andrew Bartlett [Sun, 11 Nov 2001 11:00:38 +0000 (11:00 +0000)]
Minor updates.  A small dose of const.
(This used to be commit 80667cb0dd1a2cdef17711c8580af9f524971cea)

20 years agoautoconf
Andrew Bartlett [Sun, 11 Nov 2001 10:42:41 +0000 (10:42 +0000)]
(This used to be commit 1a60305f7a368bce16c9d6d989942670186dec72)

20 years agoRemove built-in support for clear-text kerberos authentication.
Andrew Bartlett [Sun, 11 Nov 2001 10:42:07 +0000 (10:42 +0000)]
Remove built-in support for clear-text kerberos authentication.

This should remove some confusion from the ./configure, but does not affect the
'real' kerberos support currently residing in smbd/sesssetup.c.

This code is vunerable to a spoofed KDC, and is best replaced by --with-pam and
the pam_krb5 module.  This module includes measures to prevent such spoofing.

Andrew Bartlett
(This used to be commit 3235880b41ee5dd5ef171195489fb9254f5d89b0)

20 years agofixed, moved and added some functions
Simo Sorce [Sat, 10 Nov 2001 15:21:54 +0000 (15:21 +0000)]
fixed, moved and added some functions
note the useful acnv_uxu2 and acnv_u2ux functions in charcnv.c
(This used to be commit 64dde3b64fc091cda95fc4ed145595b5d79b2e01)

20 years agoUse defined constants not integers.
Jeremy Allison [Sat, 10 Nov 2001 01:49:50 +0000 (01:49 +0000)]
Use defined constants not integers.
(This used to be commit d20949fe509c1496bc434f0fbf403f0b69ab9954)

20 years agoAs pdb_ldap.c does not compile in HEAD anyway, a not-compiled merge
Volker Lendecke [Fri, 9 Nov 2001 22:15:33 +0000 (22:15 +0000)]
As pdb_ldap.c does not compile in HEAD anyway, a not-compiled merge
from 2_2.

(This used to be commit 7d70b30dbdf06de126b78879fc89708ca335f91e)

20 years agoFixed a few typos and added the opnum for ADDPRINTERDRIVEREX to the
Gerald Carter [Fri, 9 Nov 2001 20:59:18 +0000 (20:59 +0000)]
Fixed a few typos and added the opnum for ADDPRINTERDRIVEREX to the
rpc_spoolss.h header file.
(This used to be commit d4cafc076be99a66d0660f695995801b4f1d7bfd)

20 years agoFixup __LPID -> _LPID.
Jeremy Allison [Fri, 9 Nov 2001 20:34:12 +0000 (20:34 +0000)]
Fixup __LPID -> _LPID.
(This used to be commit ab607cdf153d9187fe50af3377ece5a9fafde1b1)

20 years agoThis change updates lp_guestaccount() to be a *global* paramater, rather than
Andrew Bartlett [Fri, 9 Nov 2001 11:16:06 +0000 (11:16 +0000)]
This change updates lp_guestaccount() to be a *global* paramater, rather than
per-share.  I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.

Almost all the user's of this paramater used it as a global anyway...

While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security

This already removes an absolute truckload of extra attempted password lookups
on the guest account.

Andrew Bartlett
(This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)

20 years agofix the tree so it compiles again
Andrew Tridgell [Fri, 9 Nov 2001 02:44:49 +0000 (02:44 +0000)]
fix the tree so it compiles again

  grumble, mumble, ...
(This used to be commit 72c1af6f8d9893dd5b8b4d105b301d8c621749c6)

20 years agoRemoved #ifdef TDB_DEBUG around tdb_dump_all() and tdb_printfreelist()
Tim Potter [Fri, 9 Nov 2001 01:26:13 +0000 (01:26 +0000)]
Removed #ifdef TDB_DEBUG around tdb_dump_all() and tdb_printfreelist()
so that tdbtool can be compiled without having to make clean.
(This used to be commit dad688d8c6b3c98173a846ad833599a4016d2e1a)

20 years agoChange to guest logon code.
Andrew Bartlett [Thu, 8 Nov 2001 22:19:01 +0000 (22:19 +0000)]
Change to guest logon code.

This changes the way we process guest logons - we now treat them as normal
logons, but set the 'guest' flag.  In particular this is needed becouse Win2k
will do an NTLMSSP login with username "", therefore missing our previous guest
connection code - this is getting a pain to do as a special case all over the

Tridge:  We don't seem to be setting a guest bit for NTLMSSP, in either the
anonymous or authenticated case, can you take a look at this?

Also some cleanups in the check_password() code that should make some of the
debugs clearer.

Various other minor cleanups:

 - change the session code to just take a vuser, rather than having to do a
   vuid lookup on vuser.vuid

 - Change some of the global_client_caps linking

 - Better debug in authorise_login(): show the vuid.

Andrew Bartlett
(This used to be commit 62f4e4bd0aef9ade653b3f8d575d2864c166ab4d)

20 years agoFixed incorrect debug message. )-:
Tim Potter [Thu, 8 Nov 2001 04:41:13 +0000 (04:41 +0000)]
Fixed incorrect debug message.  )-:
(This used to be commit a99d9cec7e090736ab49c91720cfd2b43e2a6f00)

20 years agospoolss_io_devmode private data is binary and should be shown in hex,
Martin Pool [Thu, 8 Nov 2001 03:12:22 +0000 (03:12 +0000)]
spoolss_io_devmode private data is binary and should be shown in hex,
not ascii.
(This used to be commit be5d32eb9c58bb1911299d095efcf230d50ed590)

20 years agoOnly 1mb allocate slop.
Jeremy Allison [Thu, 8 Nov 2001 02:17:03 +0000 (02:17 +0000)]
Only 1mb allocate slop.
(This used to be commit c339a99a891c9e4bbad59ee1243908c91f048834)

20 years agoMerge overdue changes from 2.2. Fix <4gb write problem.
Jeremy Allison [Thu, 8 Nov 2001 01:49:57 +0000 (01:49 +0000)]
Merge overdue changes from 2.2. Fix <4gb write problem.
(This used to be commit 36ea09d3a041fab0854dfdc20f6ea8db7ccbec2e)

20 years agoAdded more define bits. Fixed error in vol attributes.
Jeremy Allison [Thu, 8 Nov 2001 00:21:26 +0000 (00:21 +0000)]
Added more define bits. Fixed error in vol attributes.
(This used to be commit eba8204bfadb176fafb686a35295a09f0f35b894)

20 years agoAdded debug in truncate, fixed warning with gcc3.
Jeremy Allison [Wed, 7 Nov 2001 23:47:20 +0000 (23:47 +0000)]
Added debug in truncate, fixed warning with gcc3.
(This used to be commit 970ec14b4ba1ccf66820384ced8442e1878c09cd)

20 years agoAdd function to add those hosts who have added msbrowse (domain master browsers)
Steve French [Wed, 7 Nov 2001 23:01:44 +0000 (23:01 +0000)]
Add function to add those hosts who have added msbrowse (domain master browsers)
(This used to be commit 3fd96a47543c268fd2828793df4006cc47a9e95b)

20 years agoAdded delheaders as a dependency for clean.
Tim Potter [Wed, 7 Nov 2001 22:38:03 +0000 (22:38 +0000)]
Added delheaders as a dependency for clean.
(This used to be commit cd9334bd57cd7f544aba0b642c8190d608add7b9)

20 years agoadd convert_string_allocate() function
Simo Sorce [Wed, 7 Nov 2001 18:14:46 +0000 (18:14 +0000)]
add convert_string_allocate() function
(This used to be commit 8b494b0be323c983b7ea3d1dcf1f61216396caec)

20 years agoUGLY HACK to get machines to join tdbsam domains again.
Andrew Bartlett [Wed, 7 Nov 2001 08:15:45 +0000 (08:15 +0000)]
UGLY HACK to get machines to join tdbsam domains again.

The problem is that we don't use the bitmap field, and so have to guess what
feilds to change.  NT4 sets the RID to NULL in its reply, (as a no-change
value) and we were attempting to set that as a RID.

jfm:  Can you get me the info on that bitmap, so I can construct a proper fix
to all this?

(This used to be commit 39f9c78d07d7af6abc71b33a6018ac0237608b6a)

20 years agoInitilising these variables before appending the domain groups to them
Andrew Bartlett [Wed, 7 Nov 2001 02:16:22 +0000 (02:16 +0000)]
Initilising these variables before appending the domain groups to them
(This used to be commit 8004cfea19e10ad942c59f2f6a6bd992791017ba)

20 years agoFixed unsigned / long unsigned format missmatch.
Jeremy Allison [Tue, 6 Nov 2001 22:07:04 +0000 (22:07 +0000)]
Fixed unsigned / long unsigned format missmatch.
(This used to be commit 86c2f9636635283beb8e496315a7bfac881355dd)

20 years agoInternationalization enbalement for net utility - replace printf with d_printf
Jim McDonough [Tue, 6 Nov 2001 16:28:50 +0000 (16:28 +0000)]
Internationalization enbalement for net utility - replace printf with d_printf
(This used to be commit b83b21e9ca364a097455c119815074f23324111d)

20 years agoFixed looking up domain (winbind) users ahead of local users in
Tim Potter [Mon, 5 Nov 2001 23:00:46 +0000 (23:00 +0000)]
Fixed looking up domain (winbind) users ahead of local users in
(This used to be commit df0db8edb12dc8b8d290e5ac599fa7b517e9d263)

20 years agoRemoved totally annoying verbose debug in sid_to_string()
Tim Potter [Mon, 5 Nov 2001 22:57:14 +0000 (22:57 +0000)]
Removed totally annoying verbose debug in sid_to_string()
(This used to be commit 4f21ddb8737d3f72a84465d3384351ccd2b07d15)

20 years agofree the negTokenInit structure
Andrew Tridgell [Mon, 5 Nov 2001 15:18:17 +0000 (15:18 +0000)]
free the negTokenInit structure
(This used to be commit 5b1c942a5cab828ebfcf2e8f5decb754c4cdb70e)

20 years agoChanged MAX_OPEN_PIPES to 2048.
Jeremy Allison [Mon, 5 Nov 2001 07:42:55 +0000 (07:42 +0000)]
Changed MAX_OPEN_PIPES to 2048.
(This used to be commit 591d217ed49b6beca4a87f6b89a81f0c913003dc)

20 years agoWrote some stubs for new win2k only spoolss rpc commands:
Tim Potter [Mon, 5 Nov 2001 06:15:02 +0000 (06:15 +0000)]
Wrote some stubs for new win2k only spoolss rpc commands:
GetPrinterDataEx() and SetPrinterDataEx().  Not sure what the command
number is for the latter is - I haven't seen it on the wire yet.
(This used to be commit 87614c74b3d66cf2ca706b33e6cf0a32b4166e7a)

20 years agomerge from 2.2. Why is STR_CONVERT missing when comparing
Gerald Carter [Mon, 5 Nov 2001 05:41:32 +0000 (05:41 +0000)]
merge from 2.2.  Why is STR_CONVERT missing when comparing
2.2 to HEAD?
(This used to be commit 4f47daf97b9e74ec75287f46e2c4aeddc944779e)

20 years agoold merge from 2.2
Gerald Carter [Mon, 5 Nov 2001 05:28:03 +0000 (05:28 +0000)]
old merge from 2.2
(This used to be commit 292a0265a9de7f5fa06140768ecf27056d59f6c1)

20 years agoFixed some compiler warnings.
Tim Potter [Mon, 5 Nov 2001 01:41:16 +0000 (01:41 +0000)]
Fixed some compiler warnings.
(This used to be commit 7c3090fb2017eb08b8785f0b6e4eb98ab9246bbc)

20 years agoRenamed make_user_info_for_winbindd() to be more consistent with the
Tim Potter [Mon, 5 Nov 2001 01:04:45 +0000 (01:04 +0000)]
Renamed make_user_info_for_winbindd() to be more consistent with the
names of the other functions in this file.
(This used to be commit 4880f37e4ee08b6363314a3fb67051a6708988d0)

20 years agoFixed compiler warnings.
Tim Potter [Mon, 5 Nov 2001 00:42:33 +0000 (00:42 +0000)]
Fixed compiler warnings.
(This used to be commit 54e40b270208774ed71eff32f3c3b1d3b86b5aca)

20 years agoUse cli_nt_login_network() instead of domain_client_validate() to perform
Tim Potter [Mon, 5 Nov 2001 00:21:17 +0000 (00:21 +0000)]
Use cli_nt_login_network() instead of domain_client_validate() to perform
pam authentication.  This allows us to link in less other crap.

Authenticating with a challenge/response doesn't seem to work though - we
(This used to be commit d85aa1ce83327dda6aa3dcd9bbab9cf6979dda1e)

20 years agoRemoved duplicate debug.
Tim Potter [Mon, 5 Nov 2001 00:12:23 +0000 (00:12 +0000)]
Removed duplicate debug.
(This used to be commit 5c3521c937f9ba3c4c586495f54dc69a664c392a)

20 years agoDon't put a \n on the end of the arg to exit_server()
Tim Potter [Mon, 5 Nov 2001 00:02:38 +0000 (00:02 +0000)]
Don't put a \n on the end of the arg to exit_server()
(This used to be commit dfb8566220c3e90ca2b757ea124f53aed103269e)

20 years agoAdded missing strchr_wa.
Jeremy Allison [Sun, 4 Nov 2001 21:10:17 +0000 (21:10 +0000)]
Added missing strchr_wa.
(This used to be commit 16c5d279b97250ceb84ee6de6e5e801350c816c4)

20 years agoFix for broken-as-shipped RedHat 7.2 system headers. Now we have
Jeremy Allison [Sun, 4 Nov 2001 20:50:30 +0000 (20:50 +0000)]
Fix for broken-as-shipped RedHat 7.2 system headers. Now we have
to detect this in configure.
(This used to be commit 44fb1992c98e7cca5663b17ea9a4833fcf0a8478)

20 years agoa big one:
Simo Sorce [Sun, 4 Nov 2001 18:26:53 +0000 (18:26 +0000)]
a big one:
 - old mangle code has gone, the new one based on tdb seem resonably ok
   probably the valid.dat table need to be updated to treat wild chars as
   invalid ones (work ok without it)
 - a LOT of new string manipulation function for unicode, they are somewhat
   tested but a review would not be bad
 - some new function I will need for the new unix_convert function I'm writing,
   this will be renamed filename_convert and use only unicode strings.
 - charconv, I attached a comment, if someone wnat to look if I'm right or
   just was hacking to late in the night to make a sane one :)

of course any bug is my responsibility an will be pleased to see patches if
you find any. :-)

(This used to be commit ee19f7efb6ea9216fc91cf112ac1afa691983e9d)

20 years agoget the string lengths right in domain logons
Andrew Tridgell [Sun, 4 Nov 2001 18:13:33 +0000 (18:13 +0000)]
get the string lengths right in domain logons

Andrew, this fixes domain logons in head. Please look at the change,
as I think you may have misunderstood the max_str_len field (which is
badly named)
(This used to be commit fd3a657b440a61c0c146947bb62d2b83c1689b87)

20 years agoremove {} from default valid char list
Andrew Tridgell [Sun, 4 Nov 2001 18:10:31 +0000 (18:10 +0000)]
remove {} from default valid char list
(This used to be commit 5dd3c7b3fb8aac7fb3a256ae40c882fb8983537f)

20 years agoFix segfault. sup_tok might not always be with us.
Andrew Bartlett [Sun, 4 Nov 2001 04:58:17 +0000 (04:58 +0000)]
Fix segfault. sup_tok might not always be with us.
(This used to be commit 1f409a1f3fb0906f1ff985b96bb7a65f56253046)

20 years agoFix up authenticated pipes in line with vuser changes. This ensures that global
Andrew Bartlett [Sun, 4 Nov 2001 01:14:15 +0000 (01:14 +0000)]
Fix up authenticated pipes in line with vuser changes.  This ensures that global
groups obtained via a domain logon are respected in the attached NT_USER_TOKEN.

This functionality is only available in HEAD, becosue of the way authenticaion
has been abstracted.

Both vuid logins and authenticated pipes need to use the same code for this in

Can sombody with the correct facilties check this please?\


Andrew Bartlett
(This used to be commit caae69fcd096f20aa4c6879b95ec2c275afea041)

20 years agoFixup for accounts without a local /etc/passwd entry.
Andrew Bartlett [Sun, 4 Nov 2001 01:10:21 +0000 (01:10 +0000)]
Fixup for accounts without a local /etc/passwd entry.
 - Now perfectly valid.
(This used to be commit be04aad90da341fb1b4ef472f2279aefab972258)

20 years agoFix up pdbedit so that it at least compiles without warnings.
Andrew Bartlett [Sun, 4 Nov 2001 01:09:04 +0000 (01:09 +0000)]
Fix up pdbedit so that it at least compiles without warnings.
 - Basic functionality intact
 - Now adds machine accounts without a uid.  (using the machine uid range to
   avoid conflict with real uid based accounts)
(This used to be commit 09d2e05d26f71b10ccabe4c6fa168a4923697bae)

20 years agoGot serious about const again.
Jeremy Allison [Sun, 4 Nov 2001 00:14:08 +0000 (00:14 +0000)]
Got serious about const again.
REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in....
They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure
it's not being used correctly....
(This used to be commit b1930abb35dee74f858a3f7190276c418af2322b)

20 years agoAdded NT_USER_TOKEN into server_info to fix extra groups problem.
Jeremy Allison [Sat, 3 Nov 2001 23:34:24 +0000 (23:34 +0000)]
Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)

20 years agoAdded many more defines in service category, user category and others
Steve French [Sat, 3 Nov 2001 21:13:42 +0000 (21:13 +0000)]
Added many more defines in service category, user category and others
(This used to be commit 3bfb828cf70489165b46281bf03ea7074d3ba07d)

20 years agoAdded support for UserListGroups, ServiceEnum
Steve French [Sat, 3 Nov 2001 21:12:44 +0000 (21:12 +0000)]
Added support for UserListGroups, ServiceEnum
(This used to be commit 4e882289b0e291bb57d48fc2b2120919632daa5f)

20 years agoAdding support for net password, net service, net user info, fixing net helps
Steve French [Sat, 3 Nov 2001 21:11:28 +0000 (21:11 +0000)]
Adding support for net password, net service, net user info, fixing net helps
(This used to be commit a1f3930637a6ccadd4dba90dcd713cf1e4b5a536)

20 years agoanonymous logins are guest logins, so mark them as such. (Otherwise they can
Andrew Bartlett [Sat, 3 Nov 2001 00:59:57 +0000 (00:59 +0000)]
anonymous logins are guest logins, so mark them as such. (Otherwise they can
browse non-guest shares).
(This used to be commit 7131fe3be4eb2c652f3afe2f3cd99d3f82e09654)

20 years agoMinor cleanups/fixes in the NTLMv2 code
Andrew Bartlett [Sat, 3 Nov 2001 00:20:31 +0000 (00:20 +0000)]
Minor cleanups/fixes in the NTLMv2 code
(This used to be commit 253790f6d71653b572c0174113b8559820de6bdd)

20 years agoMove the test for non-SPNEGO session setups when using SPNEGO, becouse its a
Andrew Bartlett [Sat, 3 Nov 2001 00:19:56 +0000 (00:19 +0000)]
Move the test for non-SPNEGO session setups when using SPNEGO, becouse its a
perfectly vailid behaviour for guest logins.
(This used to be commit 4db8d70ad74cdbd74c0578e66377fd0233195aaa)

20 years agoReturn 1 (rather than 0) on failure. This may well help get the build farm
Andrew Bartlett [Fri, 2 Nov 2001 11:31:49 +0000 (11:31 +0000)]
Return 1 (rather than 0) on failure.  This may well help get the build farm
back into order, becouse its the inverse tests that are 'failing' - they get
error 0 back and think that we just let sombody in without a password and the

Andrew Bartlett
(This used to be commit 83c2d7977445b511989b449959141aeed4bcf0b7)

20 years agoVarious post AuthRewrite cleanups, fixups and tidyups.
Andrew Bartlett [Thu, 1 Nov 2001 05:02:41 +0000 (05:02 +0000)]
Various post AuthRewrite cleanups, fixups and tidyups.

Zero out some of the plaintext passwords for paranoia

Fix up some of the other passdb backends with the change to *uid_t rather than

Make some of the code in srv_netlog_nt.c clearer, is passing an array around,
so pass its lenght in is definition, not as a seperate paramater.

Use sizeof() rather than magic numbers, it makes things easier to read.

Cope with a PAM authenticated user who is not in /etc/passwd - currently by
saying NO_SUCH_USER, but this can change in future.

Andrew Bartlett
(This used to be commit 514c91b16baca639bb04638042bf9894d881172a)

20 years agozero the data, not a pointer to the data ...
Andrew Tridgell [Thu, 1 Nov 2001 03:54:52 +0000 (03:54 +0000)]
zero the data, not a pointer to the data ...
(This used to be commit eeaa80aa09736dc1c5f5f72a1437eb9d9c0d4ae7)

20 years agoRemoved unneeded extern.
Tim Potter [Wed, 31 Oct 2001 12:45:50 +0000 (12:45 +0000)]
Removed unneeded extern.
(This used to be commit c80641b6f335aa706a2e384b7cfe7912be4a41b1)

20 years agoThis should fix up the compile with krb5.
Andrew Bartlett [Wed, 31 Oct 2001 12:37:56 +0000 (12:37 +0000)]
This should fix up the compile with krb5.

This needs to use the auth interface at some stage, but for now this will do.
(This used to be commit 8dc4f2e44b150cdcdecd2f6028bf06907ff90cad)

20 years agoWhen you make a data_blob() then you probably need to free it too...
Andrew Bartlett [Wed, 31 Oct 2001 12:28:40 +0000 (12:28 +0000)]
When you make a data_blob() then you probably need to free it too...
(This used to be commit 531e24973227ca4f1ae65ffb2454aedd5871de96)

20 years agoFix up domain logons. Tested with NT4.
Andrew Bartlett [Wed, 31 Oct 2001 12:07:59 +0000 (12:07 +0000)]
Fix up domain logons.  Tested with NT4.
(This used to be commit c8b2718adfe114b74a155116c5e74f014d6df887)

20 years ago... and clean up the unused variables.
Andrew Bartlett [Wed, 31 Oct 2001 11:10:29 +0000 (11:10 +0000)]
... and clean up the unused variables.
(This used to be commit e0b56a31480906b39f37761eed20d3cad0d53973)

20 years agoSmall changes for guest authenticated pipes.
Andrew Bartlett [Wed, 31 Oct 2001 11:09:21 +0000 (11:09 +0000)]
Small changes for guest authenticated pipes.
(This used to be commit 813bf962ae6f29ddcaee4bc8b67d8017f04172b1)

20 years agoThis is a farily large patch (3300 lines) and reworks most of the AuthRewrite
Andrew Bartlett [Wed, 31 Oct 2001 10:46:25 +0000 (10:46 +0000)]
This is a farily large patch (3300 lines) and reworks most of the AuthRewrite

In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.

Major Changes:
- Fully malloc'ed structures.
  - Massive rework of the code so that all structures are made and destroyed
    using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
   to be declared 'invalid' without the chance that people might get ROOT by

- kill off some of the "DOMAIN\user" lookups.  These can be readded at a more
  appropriate place (probably domain_client_validate.c) in the future. They
  don't belong in session setups.

- Massive introduction of DATA_BLOB structures, particularly for passwords.

- Use NTLMSSP flags to tell the backend what its getting, rather than magic

- Fix winbind back up again, but tpot is redoing this soon anyway.

- Abstract much of the work in srv_netlog_nt back into auth helper functions.

This is a LARGE change, and any assistance is testing it is appriciated.

Domain logons are still broken (as far as I can tell) but other functionality

Needs testing with a wide variety of MS clients.

Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)

20 years agoMore const.
Andrew Bartlett [Wed, 31 Oct 2001 06:57:28 +0000 (06:57 +0000)]
More const.
(This used to be commit ceba373aa30e09be948bd0980040cba204d12084)

20 years agoSPNEGO works perfectly well with security=domain, so don't exclude it.
Andrew Bartlett [Wed, 31 Oct 2001 06:24:25 +0000 (06:24 +0000)]
SPNEGO works perfectly well with security=domain, so don't exclude it.
(This used to be commit 26a9479ad450a5135e54b45d659bf3558892d9e6)

20 years agoSmall 'const' updates ahead of some AuthRewrite merging.
Andrew Bartlett [Wed, 31 Oct 2001 06:22:19 +0000 (06:22 +0000)]
Small 'const' updates ahead of some AuthRewrite merging.
(This used to be commit 3b5e72bda3263c6bdf81dfface4fae4f06b71032)

20 years agoAdded some extra fields to the auth_serversupplied_info structure.
Tim Potter [Wed, 31 Oct 2001 06:20:58 +0000 (06:20 +0000)]
Added some extra fields to the auth_serversupplied_info structure.
To obtain the full group membership of a user (i.e nested groups on a
win2k native mode server) it is necessary to merge this list of groups
with the groups returned by winbindd when creating an nt access token.

This breaks winbindd linking while AB and I sync up our changes to the
authentication subsystem.
(This used to be commit 4eeb7bcd783d7cfb3ac232f1faa035773007401d)

20 years agoThis one's a doozy. A cut&paste bug incorrectly sets the max string length
Tim Potter [Wed, 31 Oct 2001 04:55:43 +0000 (04:55 +0000)]
This one's a doozy.  A cut&paste bug incorrectly sets the max string length
of the lm challenge/response header in the NET_ID_INFO_2 structure included
in a network logon request.  It seems Windows 2000 is the only OS that
cares about this.
(This used to be commit 0f6207f45567a8af0a125a838a5ed68ea6c22283)

20 years agoDon't accidentally return success when sending a broken NET_SAMLOGON
Tim Potter [Wed, 31 Oct 2001 04:42:16 +0000 (04:42 +0000)]
Don't accidentally return success when sending a broken NET_SAMLOGON
request.  This exposes a domain authentication bug with win2k where a rpc
fault is returned but not propagated up as an error.
(This used to be commit 27cd7ac85779bbc1e9488ee06e87b0c743c5b29c)

20 years agoSome tweaking to make the samlogon function look more like NT on the wire.
Tim Potter [Wed, 31 Oct 2001 04:26:36 +0000 (04:26 +0000)]
Some tweaking to make the samlogon function look more like NT on the wire.
(This used to be commit b30232e2b7ddb5eab419d4e6237176f695a534ad)

20 years agoParionia to ensure people don't install libsmb based programs setuid root.
Andrew Bartlett [Wed, 31 Oct 2001 01:52:34 +0000 (01:52 +0000)]
Parionia to ensure people don't install libsmb based programs setuid root.

libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.

Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)

20 years agoSpnego on the 'server' end of security=server just does not work, so set the
Andrew Bartlett [Tue, 30 Oct 2001 13:54:54 +0000 (13:54 +0000)]
Spnego on the 'server' end of security=server just does not work, so set the
flags so we just do a 'normal' session setup.

Also add some parinoia code to detect when sombody attempts to do a 'normal'
session setup when spnego had been negoitiated.

Andrew Bartlett
(This used to be commit 190898586fa218c952fbd5bea56155d04e6f248b)

20 years agoFix debug in domain_client_validate() when password server = *.
Tim Potter [Tue, 30 Oct 2001 05:54:38 +0000 (05:54 +0000)]
Fix debug in domain_client_validate() when password server = *.
(This used to be commit c78fec86c97075bb5726fcb7ed197bc75dd88ac0)

20 years agoAllow the logon level to be passed to cli_netlogon_sam_logon() rather than
Tim Potter [Tue, 30 Oct 2001 05:41:07 +0000 (05:41 +0000)]
Allow the logon level to be passed to cli_netlogon_sam_logon() rather than
the validation level.
(This used to be commit c79e94ea27aab31423b1bdc34e9cff25688dbe5f)

20 years agoAllow the logon level to be passed to cli_netlogon_sam_logon() rather than
Tim Potter [Tue, 30 Oct 2001 05:38:41 +0000 (05:38 +0000)]
Allow the logon level to be passed to cli_netlogon_sam_logon() rather than
the validation level.  This allows us to test interactive or network logons.

Interestingly enough a win2k native mode server generates a rpc fault when
presented with a network logon!
(This used to be commit 0758c0ea845dd0b552e4dab3ce05f0811fa9658e)

20 years agoRemoved confusing comment.
Tim Potter [Tue, 30 Oct 2001 05:29:37 +0000 (05:29 +0000)]
Removed confusing comment.
(This used to be commit b496936634a4b676aa2df973e64c91aa0da5d7d5)

20 years agoFix up smbpasswd -e/-d so that it doesn't change the password under you any
Andrew Bartlett [Tue, 30 Oct 2001 05:21:16 +0000 (05:21 +0000)]
Fix up smbpasswd -e/-d  so that it doesn't change the password under you any

(Previously it set them to 'XXXX' or similar when only the flags were being
changed - a bug I must have introduced when I reworked the passdb end of things
a few weeks back.)

Adds a new local flag:  LOCAL_SET_PASSWORD to specify that the password is
actually to be changed.

Andrew Bartlett
(This used to be commit cea6b6cb228c7e1f0c2d45951590e0d8fb8b315c)

20 years agoDisplay some errors if the initial connection to the server could not be
Tim Potter [Tue, 30 Oct 2001 04:21:53 +0000 (04:21 +0000)]
Display some errors if the initial connection to the server could not be
(This used to be commit c3f5df8d6743bb7b48118b378f23268008e74145)

20 years agoAdded samlogon command to test against win2k native mode server. I think
Tim Potter [Tue, 30 Oct 2001 01:49:44 +0000 (01:49 +0000)]
Added samlogon command to test against win2k native mode server.  I think
there's a bug in the marshalling of net_sam_logon.
(This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)

20 years agoFixed typo in debug message.
Tim Potter [Tue, 30 Oct 2001 00:19:43 +0000 (00:19 +0000)]
Fixed typo in debug message.
(This used to be commit 26fa0374bb5894ece460899ca37cf512c4424b2f)

20 years agoFix up auth_smbpasswd.c to use the password interface, rather than the
Andrew Bartlett [Mon, 29 Oct 2001 22:28:21 +0000 (22:28 +0000)]
Fix up auth_smbpasswd.c to use the password interface, rather than the
structures directly.

Andrew Bartlett
(This used to be commit c2dc24ab6370236437b72b929e2a56e174163d78)

20 years agoAdd a bit of 'const' for the data_blob code.
Andrew Bartlett [Mon, 29 Oct 2001 22:14:17 +0000 (22:14 +0000)]
Add a bit of 'const' for the data_blob code.

Add a new data_blob_clear_free() function - that zero's out the buffer
when its done.
(This used to be commit b02ed7ee195ebd9060f91e117c002d661b6cc9d6)

20 years agoDon't force winbind to use non-local DC's.
Volker Lendecke [Mon, 29 Oct 2001 15:00:45 +0000 (15:00 +0000)]
Don't force winbind to use non-local DC's.

(This used to be commit fd1d0064b3a4fe834c5d8e810a12a8077f9d2a66)

20 years agoclear errno before a call, tdbsam will not update it.
Simo Sorce [Mon, 29 Oct 2001 13:31:01 +0000 (13:31 +0000)]
clear errno before a call, tdbsam will not update it.
just a hack to make things work.
(This used to be commit fd1bc3557a7ba57a983a29d36ce0461085fb6682)

20 years agoanother few changes to the new mangle code
Simo Sorce [Mon, 29 Oct 2001 13:21:29 +0000 (13:21 +0000)]
another few changes to the new mangle code
(This used to be commit 92f953c156a39b54230c52c6102a319a4a5ca798)

20 years agochange some more functions to the new mangle interface.
Simo Sorce [Mon, 29 Oct 2001 13:19:22 +0000 (13:19 +0000)]
change some more functions to the new mangle interface.
(This used to be commit 06a7c28ea1be81c4a53f9a5b885c37fdde31f75c)

20 years ago- fix string len for an ucs2_to_dos function as any ucs2 char may be up to 4 dos...
Simo Sorce [Mon, 29 Oct 2001 11:37:42 +0000 (11:37 +0000)]
- fix string len for an ucs2_to_dos function as any ucs2 char may be up to 4 dos hars...
- addedd ascii compatibility functions
(This used to be commit 8b9302b7078f1dd5459051500ed19a696dc09ae0)

20 years agoMore spelling and grammer from Vance. <>
Andrew Bartlett [Mon, 29 Oct 2001 08:26:45 +0000 (08:26 +0000)]
More spelling and grammer from Vance. <>


Andrew Bartlett
(This used to be commit f019bed7663b4a20c1b5ab6b59fcadda17b89acd)

20 years agoThis patch applied, except without the structure changes to nmblib.c
Andrew Bartlett [Mon, 29 Oct 2001 08:12:44 +0000 (08:12 +0000)]
This patch applied, except without the structure changes to nmblib.c

Andrew Bartlett.

From Mon Oct 29 18:50:42 2001
Date: Fri, 19 Oct 2001 17:26:06 +0300
From: Andrew V. Samoilov <>
Subject: [patch]: makes some arrays const to be shared between processes


This patch makes some arrays const. So these arrays go to text/rodata
segment and are shared between all of the processes which use shared
library with these arrays.

Andrew V. Samoilov.

P.S. Please cc your answer to,
I don't subscribed to this list.

* cliconnect.c (prots): Make const.
* clierror.c (rap_errmap): Likewise.
* nmblib.c (nmb_header_opcode_names): Likewise.
(lookup_opcode_name): Make opcode_namep const. Eliminate i.
* nterr.c (nt_err_code_struct): Typedef const.
* smberr.c (err_code_struct): Make const.
(err_classes): Likewise.
(This used to be commit cb84485a2b0e1fdcb6fa90e0bfb97e125ae1b3dd)

20 years agoThis commit is number 4 of 4.
Andrew Bartlett [Mon, 29 Oct 2001 07:35:11 +0000 (07:35 +0000)]
This commit is number 4 of 4.

In particular this commit focuses on:

Actually adding the 'const' to the passdb interface, and the flow-on changes.

Also kill off the 'disp_info' stuff, as its no longer used.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.


These changes introduces a large dose of 'const' to the Samba tree.
There are a number of good reasons to do this:

- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to  allocated strings.  We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings

- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its  pretty bad, even in 2.2
where is compiles at all.

- Tridge assures me that he no longer opposes 'const religion'
based on the ability to  #define const the problem away.

- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and

- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather  than the modified username


This finishes this line of commits off, your tree should now compile again :-)

Andrew Bartlett
(This used to be commit c95f5aeb9327347674589ae313b75bee3bf8e317)

20 years agoThis commit is number 3 of 4.
Andrew Bartlett [Mon, 29 Oct 2001 07:28:32 +0000 (07:28 +0000)]
This commit is number 3 of 4.

In particular this commit focuses on:

Changing the Get_Pwnam code so that it can work in a const-enforced

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.


These changes allow for 'const' in the Samba tree.

There are a number of good reasons to do this:

- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to  allocated strings.  We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings

- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its  pretty bad, even in 2.2
where is compiles at all.

- Tridge assures me that he no longer opposes 'const religion'
based on the ability to  #define const the problem away.

- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and

- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather  than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)

20 years agoThis commit is number 2 of 4.
Andrew Bartlett [Mon, 29 Oct 2001 07:24:49 +0000 (07:24 +0000)]
This commit is number 2 of 4.

In particular this commit focuses on:

The guts of the moving about inside passdb.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.


These changes allow for the introduction of  a large dose of 'const' to
the Samba tree.

There are a number of good reasons to do this:

- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to  allocated strings.  We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings

- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its  pretty bad, even in 2.2
where is compiles at all.

- Tridge assures me that he no longer opposes 'const religion'
based on the ability to  #define const the problem away.

- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and

- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather  than the modified username


- Kill off disp_info stuff, it isn't used any more - Kill off
support for writing to the old smbpasswd format, it isn't relevent
to Samba 3.0

- Move around and modify the pdb_...() helper functions, adding
one that sets the last changed  time to 'now' and that sets the
must change time appropriately.

- Remove the ugly forced update of the LCT- value in
pdb_smbpasswd.  - Remove the implicit modification of the ACB
flags when both NT and LM passwords are set.

- Removed substation in pdb_getsampwnam output, as a single
password change will render them  inoperable in any case (they
will be substituted and stored)

- Added a default RID to the init_sam_from_pw() function, based on
our rid algorithm.

- Added checks that an smbpasswd stored user has a uid-based RID.

- Fail to store tdb based users without a RID

    - Change the substituion code to use global_myname if there is
      no connection (and therefore no called name) at the present time.
(This used to be commit 8f607810eb24ed1157bbd2e896c2c167bc34d986)

20 years agoThis commit is number 1 of 4.
Andrew Bartlett [Mon, 29 Oct 2001 07:15:51 +0000 (07:15 +0000)]
This commit is number 1 of 4.

In particular this commit focusses on:

Adding the new 'pass changed now' helper function.

While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
(This used to be commit a8971a5448cf6d203b379c3ed01e331d5263c9ee)

20 years agoConverted a bunch of functions to use sscanf %i instead of atoi to
Tim Potter [Mon, 29 Oct 2001 05:38:02 +0000 (05:38 +0000)]
Converted a bunch of functions to use sscanf %i instead of atoi to
allow hex or decimal rids to be specified.
(This used to be commit d93488b953337890a17de124f88cf2066f733c40)

20 years agoHey where did those 4 character tabs come from?
Tim Potter [Mon, 29 Oct 2001 04:57:20 +0000 (04:57 +0000)]
Hey where did those 4 character tabs come from?
(This used to be commit 49d47238267c3a2e0fc466178b779a692a7809ff)

20 years agoDon't reference tallocated memory that has already been disposed of. The
Tim Potter [Mon, 29 Oct 2001 04:50:17 +0000 (04:50 +0000)]
Don't reference tallocated memory that has already been disposed of.  The
cli_samr_query_userinfo function used to do this.
(This used to be commit da2c167660ec12360354f96dc672d935f58dd9c0)