17 years agoFix typo in RW2 torture test. Closes bugzilla bug #924.
Tim Potter [Mon, 5 Jan 2004 02:57:33 +0000 (02:57 +0000)]
Fix typo in RW2 torture test.  Closes bugzilla bug #924.
(This used to be commit d22313998abff680d38b208588824a1981fe2aa7)

17 years agoAdd const.
Andrew Bartlett [Mon, 5 Jan 2004 02:16:51 +0000 (02:16 +0000)]
Add const.
(This used to be commit aacb817e89d17349003159e1b7c28546babc8559)

17 years agoThere is some memory corruption hidden somewhere in our winbind code. If I
Andrew Bartlett [Mon, 5 Jan 2004 02:12:38 +0000 (02:12 +0000)]
There is some memory corruption hidden somewhere in our winbind code.  If I
could reproduce it, I would fix it, but for now just make sure we always
SAFE_FREE() and set our starting pointers to NULL.

Andrew Bartlett
(This used to be commit c279e178bc122e1e2aa519f7a373a3d93672a3ac)

17 years agoChange (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.
Andrew Bartlett [Mon, 5 Jan 2004 02:05:19 +0000 (02:05 +0000)]
Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.
(This used to be commit 6e5b084c20b59a86e86445bf6d101cada45da602)

17 years agorpc_client/cli_lsarpc.c:
Andrew Bartlett [Mon, 5 Jan 2004 02:04:37 +0000 (02:04 +0000)]
 - Add const

 - Cleanup function for use

 - Use new utility function ads_sid_to_dn
 - Don't search for 'dn=', rather call the ads_search_retry_dn()

 - Fixup braindamage in cli_ds_enum_domain_trusts():
    - This function was returning a UNISTR2 up to the caller, and
      was doing nasty (invalid, per valgrind) things with memcpy()
    - Create a new structure that represents this informaiton in a useful way
      and use talloc.

Andrew Bartlett
(This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)

17 years agoFix for bug 707, getent group for huge ads groups (>1500 members)
Andrew Bartlett [Mon, 5 Jan 2004 01:48:21 +0000 (01:48 +0000)]
Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

VL rewrote most of Günther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was

In particular, the range retrieval is now generic, for strings.  It
could easily be made generic for any attribute type, if need be.

Andrew Bartlett
(This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)

17 years agoI'm not quite sure what happened here - but replace the ads_sid_to_dn
Andrew Bartlett [Mon, 5 Jan 2004 01:06:56 +0000 (01:06 +0000)]
I'm not quite sure what happened here - but replace the ads_sid_to_dn
function with one that compiles.

Andrew Bartlett
(This used to be commit 0d5b0345a60741ae50f6770d9cecf698864cd209)

17 years agoWe can't possilby get 'ok' here, as the if statement above just checked for it.
Andrew Bartlett [Mon, 5 Jan 2004 00:15:34 +0000 (00:15 +0000)]
We can't possilby get 'ok' here, as the if statement above just checked for it.
(This used to be commit cf4454969434d3026c57ac11c0528dc4cea9c77a)

17 years agoMake arbitary binary data unsigned char.
Andrew Bartlett [Mon, 5 Jan 2004 00:14:12 +0000 (00:14 +0000)]
Make arbitary binary data unsigned char.
(This used to be commit a78b0205622f10e0acfdf54915df6864608ab928)

17 years agoAdd a utilty function for converting a sid to a DN.
Andrew Bartlett [Mon, 5 Jan 2004 00:13:00 +0000 (00:13 +0000)]
Add a utilty function for converting a sid to a DN.

Andrew Bartlett
(This used to be commit 49a7a3fd17cfeef439e2049a51dbfcbc037f1a93)

17 years agoMake it clear that we cannot sign if we don't have a session key.
Andrew Bartlett [Mon, 5 Jan 2004 00:11:35 +0000 (00:11 +0000)]
Make it clear that we cannot sign if we don't have a session key.
(This used to be commit a2f6dec05b3b30292ec3e42808dc89f1bf5c7ab4)

17 years agoAutomaticly initialise the signing engine, if we have a session key.
Andrew Bartlett [Mon, 5 Jan 2004 00:11:02 +0000 (00:11 +0000)]
Automaticly initialise the signing engine, if we have a session key.
(This used to be commit cb063c1b6949a2a9637689537c6ab8dc881bc568)

17 years ago- Put functions for generating SQL queries in pdb_sql.c
Jelmer Vernooij [Sun, 4 Jan 2004 21:09:42 +0000 (21:09 +0000)]
- Put functions for generating SQL queries in pdb_sql.c
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd2bf36d535c279ad290ab81e39f6816)

17 years agoCommit the translation of the realm to the netbios domain name in the kerberos
Volker Lendecke [Sun, 4 Jan 2004 11:51:31 +0000 (11:51 +0000)]
Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.

Jerry: This is a change in behaviour, but I think it is necessary.

(This used to be commit 3ce6c9f27368cfb278007fe660a0e44a84d67f8f)

17 years agoEven if the 'device type' is always an ascii string, use push_string to get
Andrew Bartlett [Sun, 4 Jan 2004 11:05:30 +0000 (11:05 +0000)]
Even if the 'device type' is always an ascii string, use push_string to get
it out onto the wire.  Avoids valgrind warnings because the fstrcpy() causes
part of the wire buffer to be 'marked'.

Andrew Bartlett
(This used to be commit 53d802c72aa712e099dc8de666ab66a21e18fae1)

17 years agoAnd yet another const
Volker Lendecke [Sat, 3 Jan 2004 20:20:59 +0000 (20:20 +0000)]
And yet another const

(This used to be commit dafa4d202b65382c365f10365208d9de4eef5586)

17 years agoThere is not a particularly good excuse for complaining to the *client* that
Andrew Bartlett [Sat, 3 Jan 2004 01:12:56 +0000 (01:12 +0000)]
There is not a particularly good excuse for complaining to the *client* that
it sent 'INVALID_PARAMETER', when it was us as the server that could not
come up with a session key.  Instead, allow normal authentication to take
place, but do not setup a session key.

Andrew Bartlett
(This used to be commit e5abd93d799e5f86839560feca448743c13a9055)

17 years agoMatch Win2k, and return NT_STATUS_INVALID_PARAMETER
Andrew Bartlett [Fri, 2 Jan 2004 23:55:44 +0000 (23:55 +0000)]
if this parameter is not an account type

Andrew Bartlett
(This used to be commit faddf5d8f9821176f4367caaf61844980df9f79c)

17 years agoUnder certain error conditions (a talloc() failure above) this would cause
Andrew Bartlett [Fri, 2 Jan 2004 11:39:07 +0000 (11:39 +0000)]
Under certain error conditions (a talloc() failure above) this would cause
a double-free(), and the resultant malloc heap corruption.

This may be one of our lurking winbind segfaults.

Andrew Bartlett
(This used to be commit 903263a1bdb755f86dac3a9a92a4af39c8b102c4)

17 years agoHaving no members of a group is a perfectly valid (if unusual) situation.
Andrew Bartlett [Fri, 2 Jan 2004 05:33:14 +0000 (05:33 +0000)]
Having no members of a group is a perfectly valid (if unusual) situation.

Andrew Bartlett
(This used to be commit 3f6d0cd3a83bc75922cb125ffe2b0127c8aa417b)

17 years agoJHT came up with a nasty (broken) torture case in preparing examples for
Andrew Bartlett [Fri, 2 Jan 2004 05:32:07 +0000 (05:32 +0000)]
JHT came up with a nasty (broken) torture case in preparing examples for
his book.

This prompted me to look at the code that reads the unix group list.  This
code did a lot of name -> uid -> name -> sid translations, which caused
problems.  Instead, we now do just name->sid

I also cleaned up some interfaces, and client tools.

Andrew Bartlett
(This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)

17 years agoAfter talking with abartlet remove the fix for bug 707 again.
Volker Lendecke [Thu, 1 Jan 2004 21:10:35 +0000 (21:10 +0000)]
After talking with abartlet remove the fix for bug 707 again.

(This used to be commit 0c8ee04c78543b1da3b675df4cf85ee5496c3fbf)

17 years agoFix for bug 707, getent group for huge ads groups (>1500 members)
Volker Lendecke [Thu, 1 Jan 2004 20:30:50 +0000 (20:30 +0000)]
Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

I've rewritten most of Günther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

Andrew, you told me that you would like to see a check whether the AD sequence
number is the same before and after the retrieval to achieve atomicity. This
would be trivial to add, but I'm not sure that we want this, as this adds two
roundtrips to every membership query. We can not know before the first query
whether we get additional range values, and at that point it's too late to ask
for the USN.

Tested with a group of 4000 members along with lots of small groups.

(This used to be commit 9d8235bf413f931e40bca0c27a25ed62b4f3d226)

17 years agoChanges to our PAM code to cope with the fact that we can't handle some
Andrew Bartlett [Wed, 31 Dec 2003 08:45:03 +0000 (08:45 +0000)]
Changes to our PAM code to cope with the fact that we can't handle some
domains (in particular, the domain of the current machine, if it is not a PDC)

By changing the error codes, we now return values that PAM can correctly
use for better stacking of PAM modules - in particular of the password change

This allows pam_winbind to co-exist with other pam modules for password changes.

Andrew Bartlett
(This used to be commit 6a8cc7f0122ac4dd5b10ff1160735ef1a177d448)

17 years agoForgot to commit this for the 'get our primary domain' change.
Andrew Bartlett [Wed, 31 Dec 2003 08:42:22 +0000 (08:42 +0000)]
Forgot to commit this for the 'get our primary domain' change.
(This used to be commit 6f3cd9e2af7f1b4bdd7cb0e487987de159bb0dd8)

17 years agoJerry rightly complained that we can't assume that the first domain is
Andrew Bartlett [Wed, 31 Dec 2003 05:26:29 +0000 (05:26 +0000)]
Jerry rightly complained that we can't assume that the first domain is
our primary domain - new domains are added to the front of the list. :-(

Use a much more reliable 'flag test' instead.  (note:  changes winbind structures, make clean).

Andrew Bartlett
(This used to be commit cc050e01370633a985c9878bdce297f9175fdbf7)

17 years agoauth/auth_util.c:
Andrew Bartlett [Wed, 31 Dec 2003 00:31:43 +0000 (00:31 +0000)]
 - Fill in the 'backup' idea of a domain, if the DC didn't supply one.  This
   doesn't seem to occour in reality, hence why we missed the typo.

 - all the callers to pull_utf8_allocate() pass a char ** as the first
   parammeter, so don't make them all cast it to a void **

 - Allow for a more 'correct' view of when usernames should be qualified
   in winbindd.  If we are a PDC, or have 'winbind trusted domains only',
   then for the authentication returns stip the domain portion.
 - Fix valgrind warning about use of free()ed name when looking up our
   local domain.  lp_workgroup() is maniplated inside a procedure that
   uses it's former value.  Instead, use the fact that our local domain is
   always the first in the list.

Andrew Bartlett
(This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)

17 years agoGet the DOMAIN\username around the right way (I had username\domain...)
Andrew Bartlett [Tue, 30 Dec 2003 22:27:33 +0000 (22:27 +0000)]
Get the DOMAIN\username around the right way (I had username\domain...)

Push the unix username into utf8 for it's trip across the socket.

Andrew Bartlett
(This used to be commit 3225f262b18bdcf326d3bfd031dac169bd9347c9)

17 years agoMove to short lived TALLOC_CTX* for allocating printer
Gerald Carter [Tue, 30 Dec 2003 22:17:14 +0000 (22:17 +0000)]
Move to short lived TALLOC_CTX* for allocating printer
objects from the print handle cache.   Fixes bug that
caused smbd to consume large amounts of RAM when

(a) a printer handle was kept open over an extended
    period of time, and
(b) the client issued frequent requests that resulted
    in a call to get_a_printer()
(This used to be commit 10b9976e0ab961dc34c9426f0a497e0f81a5e17f)

17 years agoAnother little one: Make pdb_test.c at least compile, although its way out of
Volker Lendecke [Tue, 30 Dec 2003 21:12:36 +0000 (21:12 +0000)]
Another little one: Make pdb_test.c at least compile, although its way out of

(This used to be commit 5d7a14166af3daf04b570fd5f66469d5db5a3500)

17 years agoThe AFS pts command always generates completely lower-case user names. As case
Volker Lendecke [Tue, 30 Dec 2003 16:00:56 +0000 (16:00 +0000)]
The AFS pts command always generates completely lower-case user names. As case
is not significant in windows user names we should not lose information by
lower-casing the name before handing it to AFS.

(This used to be commit 6d2285b6d1599648661be47abaaa888419700d22)

17 years agoFix Bug # 924
Volker Lendecke [Tue, 30 Dec 2003 15:18:25 +0000 (15:18 +0000)]
Fix Bug # 924

(This used to be commit 3663ed2b964cc306cfe6b4060b51d991405e720d)

17 years agoTry to gain a bit more consistancy in the output of usernames from ntlm_auth:
Andrew Bartlett [Tue, 30 Dec 2003 13:20:39 +0000 (13:20 +0000)]
Try to gain a bit more consistancy in the output of usernames from ntlm_auth:

Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.

This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.

Andrew Bartlett
(This used to be commit 7a3a5a63612b2698a39f784859496c395505a79b)

17 years agoMake the name of the NTLMSSP client more consistant before we lock it in stone.
Andrew Bartlett [Tue, 30 Dec 2003 08:52:46 +0000 (08:52 +0000)]
Make the name of the NTLMSSP client more consistant before we lock it in stone.
(This used to be commit 0fa268863b7352343eb7f211181a02f60848bd0c)

17 years agoRemove testing hack
Andrew Bartlett [Tue, 30 Dec 2003 07:38:32 +0000 (07:38 +0000)]
Remove testing hack
(This used to be commit 96f3beb462a6d4a489e894c1f05c528107135b3a)

17 years agoMove our basic password checking code from inside the authentication
Andrew Bartlett [Tue, 30 Dec 2003 07:33:58 +0000 (07:33 +0000)]
Move our basic password checking code from inside the authentication
subsystem into a seperate file - ntlm_check.c.

This allows us to call these routines from ntlm_auth.  The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind.  This should allow for easier debugging.

ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes.  A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's

Andrew Bartlett
(This used to be commit 48315e8fd227978e0161be293ad4411b45e3ea5b)

17 years agoRefactor our authentication and authentication testing code.
Andrew Bartlett [Tue, 30 Dec 2003 05:02:32 +0000 (05:02 +0000)]
Refactor our authentication and authentication testing code.

The next move will be to remove our password checking code from the SAM
authentication backend, and into a file where other parts of samba can use

The ntlm_auth changes provide for better use of common code.

Andrew Bartlett
(This used to be commit 2375abfa0077a884248c84614d5109f57dfdf5b1)

17 years agoAdd the alignment required before all 2-byte quantities in NDR. Allows us
Andrew Bartlett [Mon, 29 Dec 2003 04:21:32 +0000 (04:21 +0000)]
Add the alignment required before all 2-byte quantities in NDR.  Allows us
to correctly parse plaintext netlogon calls with odd-length passwords

Andrew Bartlett
(This used to be commit de3c3cbeeb8b674ffc0dd8fe16913f15edcf9022)

17 years agoShutting down the connection closes outstanding sessions, so we don't need
Andrew Bartlett [Sun, 28 Dec 2003 09:57:29 +0000 (09:57 +0000)]
Shutting down the connection closes outstanding sessions, so we don't need
to do it twice...

Amdrew Bartlett
(This used to be commit 8f9a069c59cbd357cbef8814764c10f6d8b6e6e8)

17 years agoThis patch corrects some errors in the NTLMSSP implementation, that
Andrew Bartlett [Sat, 27 Dec 2003 11:33:24 +0000 (11:33 +0000)]
This patch corrects some errors in the NTLMSSP implementation, that
would incorrectly return INVALID_PARAMETER, instead of allowing a

Andrew Bartlett
(This used to be commit 76c59469a340209959c420bd5c2e947d3347bdb1)

17 years agoPreliminary fix for our signing problem with failed NTLMSSP logins. This patch
Volker Lendecke [Sat, 27 Dec 2003 10:11:26 +0000 (10:11 +0000)]
Preliminary fix for our signing problem with failed NTLMSSP logins. This patch
solves the problem for me here, I can still successfully set up signing using
NTLMSSP against w2k3 and it does not show a signing error anymoe when the
password was wrong.

Jeremy, you might want to take a further look at it as this is not
particularly elegant.

(This used to be commit f5afaafd61dc7bd191225ffa8eee184125dd97c3)

17 years agoCollecting another little patch from
Volker Lendecke [Fri, 26 Dec 2003 21:33:53 +0000 (21:33 +0000)]
Collecting another little patch from

As broken as it might be, should be put into the
libdir and not bindir.

(This used to be commit d74137d227cfb7b09294f4429fa09b10d3d01229)

17 years agoCollecting some minor patches...
Volker Lendecke [Fri, 26 Dec 2003 19:38:36 +0000 (19:38 +0000)]
Collecting some minor patches...

This adds the ability to specify the new user password for 'net ads password'
on the command line. As this needs the admin password on the command line, the
information leak is minimally more.

Patch from

(This used to be commit e6b4b956f68bfea69b2de3608b4c829250d24a7a)

17 years agoCheck the return value of string_to_sid in a few more places. (But
Andrew Bartlett [Fri, 26 Dec 2003 03:14:31 +0000 (03:14 +0000)]
Check the return value of string_to_sid in a few more places.  (But
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)

Andrew Bartlett
(This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)

17 years agoShow the error message for failure to set the ldap password.
Andrew Bartlett [Fri, 26 Dec 2003 00:43:48 +0000 (00:43 +0000)]
Show the error message for failure to set the ldap password.
(For 'ldap password sync = yes')

Andrew Bartlett
(This used to be commit 5b682aef678cc9ee135852d7ee6b8c159902fab7)

17 years agoBased on patch by Petri Asikainen <> fix bug #387 and #330.
Andrew Bartlett [Fri, 26 Dec 2003 00:38:12 +0000 (00:38 +0000)]
Based on patch by Petri Asikainen <> fix bug #387 and #330.

This patch will change order how attributes are modified
from: add, delete
to:   delete, add

This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit fabf80169079483a1378aa0177d8d8335bd98bb3)

17 years agoldap rebind sleep -> ldap replication sleep
Andrew Bartlett [Thu, 25 Dec 2003 23:11:07 +0000 (23:11 +0000)]
ldap rebind sleep -> ldap replication sleep

While writing documentation for metze's patch, it became clear that this is a
better name.

Andrew Bartlett
(This used to be commit 6f828ff3d3622c56ee732b976e7ab90b7897a8d3)

17 years agoThis is metze's LDAP rebind sleep patch:
Volker Lendecke [Thu, 25 Dec 2003 22:42:15 +0000 (22:42 +0000)]
This is metze's LDAP rebind sleep patch:

When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.

Metze, thanks for your patience.

(This used to be commit 63ffa770b67d700f138d19b4982da152f57674fc)

17 years agoFix our parsing of the LDAP url. We get around it as all decent systems seem
Volker Lendecke [Thu, 25 Dec 2003 22:29:38 +0000 (22:29 +0000)]
Fix our parsing of the LDAP url. We get around it as all decent systems seem
to have ldap_initialize.

Thanks to abartlet for the fix (and the bug in the first place ;-))

(This used to be commit 17473a65eb119ca2240b40a8c029d9a499cde177)

17 years agoabartlet pointed me at the fact that the order and flags in loadparm.c are
Volker Lendecke [Thu, 25 Dec 2003 10:08:31 +0000 (10:08 +0000)]
abartlet pointed me at the fact that the order and flags in loadparm.c are
actually used.... 'afs username map' should not show up in the swat basic
view. :-)

Maybe I should use swat from time to time....

(This used to be commit d4e071d14b8ae622c1edbb33bb5677713df1f961)

17 years agoFix bug 916 - do not perform a + -> space substitution for squid URL encoded
Andrew Bartlett [Thu, 25 Dec 2003 09:37:41 +0000 (09:37 +0000)]
Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
strings, only form input in SWAT.

Andrew Bartlett
(This used to be commit 8d54f5fe0c5689660f37788916b37014754ce23e)

17 years agoThanks to Serassio Guido for noticing issues in our Squid NTLMSSP
Andrew Bartlett [Wed, 24 Dec 2003 09:56:51 +0000 (09:56 +0000)]
Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP
implementation.  We were not resetting the NTLMSSP state for new
negotiate packets.

Andrew Bartlett
(This used to be commit e0a026c9b561893e5534923b18ca748e6177090e)

17 years agoFix typo.
John Terpstra [Tue, 23 Dec 2003 20:25:21 +0000 (20:25 +0000)]
Fix typo.
(This used to be commit 46b2fb4db5c7e273a9b43c59340a0a47ade5bd5e)

17 years agoFix for special files being hidden from admins by Dmitry Butskoj <>
Jeremy Allison [Tue, 23 Dec 2003 07:33:42 +0000 (07:33 +0000)]
Fix for special files being hidden from admins by Dmitry Butskoj <>
(This used to be commit bee4b3348e5052cc927c837c2a21b4c90db980fc)

17 years agoadd well known rid for pre win2k compatible access group; bug 897
Gerald Carter [Mon, 22 Dec 2003 21:48:06 +0000 (21:48 +0000)]
add well known rid for pre win2k compatible access group; bug 897
(This used to be commit 33a1a374ebb44c839d995d11e1229767fc679678)

17 years agocorrect typo in delete user script; bug 887
Gerald Carter [Mon, 22 Dec 2003 21:32:33 +0000 (21:32 +0000)]
correct typo in delete user script; bug 887
(This used to be commit 6060afb98949a39eb4386d35481eaa5caae0fd97)

17 years agoPatch from Jianliang Lu to manage Power Users
Jeremy Allison [Mon, 22 Dec 2003 11:12:15 +0000 (11:12 +0000)]
Patch from Jianliang Lu to manage Power Users
(This used to be commit 72252fb0b207205d41a2ec50f6d364bf0bb21747)

17 years agoA small fix to torture.c to cleanup the error handling and prevent crashes.
Richard Sharpe [Fri, 19 Dec 2003 01:43:44 +0000 (01:43 +0000)]
A small fix to torture.c to cleanup the error handling and prevent crashes.

I really should clean up the comment as well.
(This used to be commit 34351e457a0d9c494653179429fb71453d1d838e)

17 years ago* add a few useful debug lines
Gerald Carter [Fri, 19 Dec 2003 00:33:09 +0000 (00:33 +0000)]
* add a few useful debug lines
* fix bug involving Win9x clients.  Make sure we
  save the right case for the located username
  in fill_sam_account()
(This used to be commit 850e4be29e185ebe890f094372aa8c2cc86de76a)

17 years agoAdd in comments explaining NTLMv2 selection. Use lm session key if that's
Jeremy Allison [Wed, 17 Dec 2003 21:57:26 +0000 (21:57 +0000)]
Add in comments explaining NTLMv2 selection. Use lm session key if that's
all there is.
(This used to be commit b611f8d170743f1f4d71b1def83bb757d9f467af)

17 years agoTidyup debug message in ntlmssp code. Add brackets around dodgy if statement.
Jeremy Allison [Wed, 17 Dec 2003 20:11:39 +0000 (20:11 +0000)]
Tidyup debug message in ntlmssp code. Add brackets around dodgy if statement.
(This used to be commit 5aab4b976c0aced68d71c1e71e85287072a6f3c7)

17 years agoMake sure we correctly generate the lm session key.
Gerald Carter [Wed, 17 Dec 2003 06:18:13 +0000 (06:18 +0000)]
Make sure we correctly generate the lm session key.
This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the

Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit ef4ab8d7c497e4229d0c1deeb20d05c95bd8feb9)

17 years agomake sure we delete the group mapping before calling the delete group script; patch...
Gerald Carter [Tue, 16 Dec 2003 18:35:23 +0000 (18:35 +0000)]
make sure we delete the group mapping before calling the delete group script; patch from Jianliang Lu <>
(This used to be commit 19a8dd523a4ee50ba9066efd60a29cf3ba9ae419)

17 years agoSmall fix from Jérôme Tournier <>
Jeremy Allison [Tue, 16 Dec 2003 18:14:10 +0000 (18:14 +0000)]
Small fix from Jérôme Tournier <>
(This used to be commit 6ce7932520c0e5417e3b8a214a97244d10bdf4ad)

17 years agocorrect problem with pam config install
Gerald Carter [Mon, 15 Dec 2003 16:42:42 +0000 (16:42 +0000)]
correct problem with pam config install
(This used to be commit c368defc05f80c255ceb51229ea7a2ef16ee6aee)

17 years agomore fixes after moving /var/cache/samba -> /var/lib/samba
Gerald Carter [Mon, 15 Dec 2003 06:52:26 +0000 (06:52 +0000)]
more fixes after moving /var/cache/samba -> /var/lib/samba
(This used to be commit 1742780dd67bec7fd30522b47d57035f51f330ad)

17 years agoWhen parsing 'param = value', don't split 'value' at spaces.
Volker Lendecke [Sun, 14 Dec 2003 17:47:15 +0000 (17:47 +0000)]
When parsing 'param = value', don't split 'value' at spaces.

Thanks to Ralf Spenneberg for the fix.

(This used to be commit bc383582b248518e39225405d0def411d552aa7d)

17 years agoFix from to allow an existing LDAP machine account to be
Jeremy Allison [Sat, 13 Dec 2003 01:43:54 +0000 (01:43 +0000)]
Fix from to allow an existing LDAP machine account to be
re-used, rather than created from scratch.
(This used to be commit 6d46e66ac2048352ca60f92fc384f60406024d4b)

17 years agoFix for bug #815. Make plaintext unicode passwords work with NT4.x
Jeremy Allison [Fri, 12 Dec 2003 22:54:43 +0000 (22:54 +0000)]
Fix for bug #815. Make plaintext unicode passwords work with NT4.x
(This used to be commit ba0b5b8c9be9bfeba5e0b3f930ca0463d1e78c9c)

17 years agoFix detection of elements in in-memory keytab code.
Jeremy Allison [Fri, 12 Dec 2003 20:16:03 +0000 (20:16 +0000)]
Fix detection of elements in in-memory keytab code.
(This used to be commit 05afc340862c3c7caeb9ede74ea1e9a57ee937ae)

17 years agofixing upgrade bug; fixing PAM config file install bug
Gerald Carter [Fri, 12 Dec 2003 17:48:19 +0000 (17:48 +0000)]
fixing upgrade bug; fixing PAM config file install bug
(This used to be commit 46f8fe6848bddd5dfc4d8ee55f036d8e8ca620a4)

17 years agofix bug that prevent --mandir from overriding the defaults given in the --with-fhs...
Gerald Carter [Thu, 11 Dec 2003 22:27:49 +0000 (22:27 +0000)]
fix bug that prevent --mandir from overriding the defaults given in the --with-fhs macro
(This used to be commit 58b97b91da409a299bf7dd97bc375479f65dba18)

17 years agoCorrectly detect in-memory krb5 keytab support. Fix for bug #863 from
Jeremy Allison [Thu, 11 Dec 2003 20:54:57 +0000 (20:54 +0000)]
Correctly detect in-memory krb5 keytab support. Fix for bug #863 from (Greg Schafer).
(This used to be commit 583b96e867d2c2cafbfa9d03f33402d6d9d44191)

17 years agoPatch from James Peach <>. Remove the MAX_CONNECTIONS limit
Jeremy Allison [Thu, 11 Dec 2003 20:00:16 +0000 (20:00 +0000)]
Patch from James Peach <>. Remove the MAX_CONNECTIONS limit
by increasing bitmap size. Limited by "max connections" parameter.
Bug #716.
(This used to be commit fbbeb55b230ffc477f5563af66ab65eb6598e025)

17 years agomount.cifs failed to mount to directory owned by user when run setuid
Steve French [Thu, 11 Dec 2003 19:47:52 +0000 (19:47 +0000)]
mount.cifs failed to mount to directory owned by user when run setuid
(This used to be commit 18c0315c3cb1a28fd870f8dd5d92f2e9117a29fc)

17 years agofixed bad formal parameter type in get_static(); patch Andy Polyakov
Gerald Carter [Thu, 11 Dec 2003 15:35:11 +0000 (15:35 +0000)]
fixed bad formal parameter type in get_static(); patch Andy Polyakov
(This used to be commit 9c70e4b44e0dda8f2af4172b928437bd9d3e8b7c)

17 years agoFix uninitialized variable in passdb code. Reported by Andy Polyakov <appro@fy.chalme...
Alexander Bokovoy [Thu, 11 Dec 2003 10:24:43 +0000 (10:24 +0000)]
Fix uninitialized variable in passdb code. Reported by Andy Polyakov <>
(This used to be commit ac7a60abf2c465b518a3eb7502fa8eee767c8b22)

17 years agofix bug when installing pam config file on RedHat; remove references to /var/cache...
Gerald Carter [Thu, 11 Dec 2003 06:08:04 +0000 (06:08 +0000)]
fix bug when installing pam config file on RedHat; remove references to /var/cache/samba in Fedora specfile
(This used to be commit 91a540079796dd64283a6ebdb3c69b0a7975ffff)

17 years agoFix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail on local...
Gerald Carter [Wed, 10 Dec 2003 21:13:44 +0000 (21:13 +0000)]
Fix UNISTR2 length bug in LsaQueryInfo(3) that cause SID resolution to fail on local files on on domain members; bug 875
(This used to be commit c6594e35573186966a4d57404f1c06b98670db06)

17 years agomore group lookup access fixes on the neverending bug 281
Gerald Carter [Wed, 10 Dec 2003 16:40:17 +0000 (16:40 +0000)]
more group lookup access fixes on the neverending bug 281
(This used to be commit 9359a6ea80d1228e87ea825a100a2d289c37162d)

17 years agoFix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
Alexander Bokovoy [Wed, 10 Dec 2003 15:59:28 +0000 (15:59 +0000)]
Fix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
(This used to be commit ba95fe56d2db8243191d5dd6b75c6b65e0f5fbe9)

17 years agosetting version to 3.0.2pre1
Gerald Carter [Wed, 10 Dec 2003 14:44:48 +0000 (14:44 +0000)]
setting version to 3.0.2pre1
(This used to be commit f0ac8ea48533357733c85f0ce4db3f8bc9ef362b)

17 years agopatch from TAKEDA yasuma to bypass any missing language files
Gerald Carter [Wed, 10 Dec 2003 14:10:26 +0000 (14:10 +0000)]
patch from TAKEDA yasuma to bypass any missing language files
(This used to be commit a3b0cc9f5b230cc4b9a017c9566b2ef83fb54030)

17 years agofinal touches on Fedora Core 1 specfile
Gerald Carter [Wed, 10 Dec 2003 00:47:31 +0000 (00:47 +0000)]
final touches on Fedora Core 1 specfile
(This used to be commit ebae93f4b997ed627c9531259dd061a4713d86e2)

17 years agoIRIX spinlock patch from James Peach <>.
Jeremy Allison [Tue, 9 Dec 2003 22:41:26 +0000 (22:41 +0000)]
IRIX spinlock patch from James Peach <>.
(This used to be commit 1ae1987a002716e8aa0d4bc0dd68f580ad762e47)

17 years agoworking on packaging; also fixed some path issues in &
Gerald Carter [Tue, 9 Dec 2003 21:29:25 +0000 (21:29 +0000)]
working on packaging; also fixed some path issues in &
(This used to be commit 8f6cd36fa03edf75e8e3a806ab178d8563dea081)

17 years agoFinal part of fix for #445. Don't add user for machine accounts.
Jeremy Allison [Tue, 9 Dec 2003 18:34:29 +0000 (18:34 +0000)]
Final part of fix for #445. Don't add user for machine accounts.
(This used to be commit 3684cffbd269389d14b37edd5959e29912c13a60)

17 years agofix bug in get_peer_name() caused by --enable-developer and using the same src &...
Gerald Carter [Tue, 9 Dec 2003 18:20:27 +0000 (18:20 +0000)]
fix bug in get_peer_name() caused by --enable-developer and using the same src & dest strings to alpha_strcpy(); reported by Michael Young
(This used to be commit b7df6849c9368aa2e5960de54a03be269ab89fef)

17 years agostarting on Fedora packaging; reference point to begin with taken from RH 3.0.0-15...
Gerald Carter [Tue, 9 Dec 2003 17:36:11 +0000 (17:36 +0000)]
starting on Fedora packaging; reference point to begin with taken from RH 3.0.0-15 packaging files
(This used to be commit 4062cc38fde129056ea7ff796f7d00cfb6abf263)

17 years agostarting on Fedora packaging
Gerald Carter [Tue, 9 Dec 2003 15:48:40 +0000 (15:48 +0000)]
starting on Fedora packaging
(This used to be commit a78079286ec2a73ca26f9706d063d6b30553486d)

17 years agoMake intent to return only one address clear.
Jeremy Allison [Tue, 9 Dec 2003 02:29:27 +0000 (02:29 +0000)]
Make intent to return only one address clear.
(This used to be commit d3d0353baeba580d8a7a4688f847463b1b2e750c)

17 years agoworking on bug 687; protect against null src strings in alloc_sub_basic()
Gerald Carter [Mon, 8 Dec 2003 17:40:44 +0000 (17:40 +0000)]
working on bug 687; protect against null src strings in alloc_sub_basic()
(This used to be commit 6cf91bce40f85879de00b9ce89ad9b5e04a50b35)

17 years agomake sure we use a real network address in case there are extra non-zero octets in...
Gerald Carter [Mon, 8 Dec 2003 17:40:15 +0000 (17:40 +0000)]
make sure we use a real network address in case there are extra non-zero octets in hosts allow/deny
(This used to be commit 0348e85177ae90c350659451424ab521a4fc335a)

17 years agoFix comment.
Tim Potter [Sun, 7 Dec 2003 10:48:31 +0000 (10:48 +0000)]
Fix comment.
(This used to be commit a999f7f23fc68e51dd04f1c5a2c84f19d5c4a0a5)

17 years agoFix for bug #445 (missing unix user on kerberos auth doesn't call add user
Jeremy Allison [Sat, 6 Dec 2003 02:34:02 +0000 (02:34 +0000)]
Fix for bug #445 (missing unix user on kerberos auth doesn't call add user
(This used to be commit 5d9f06bdae4e7b878a87fb97367cf10afbc5f6b2)

17 years agofix %a variable for Windows 2003 -> Win2K3
Gerald Carter [Fri, 5 Dec 2003 21:51:51 +0000 (21:51 +0000)]
fix %a variable for Windows 2003 -> Win2K3
(This used to be commit 2f43a1c166dfc8679a9d03bd0f3cf9303aafcf74)

17 years agopackaging updates from Buchan
Gerald Carter [Fri, 5 Dec 2003 17:14:16 +0000 (17:14 +0000)]
packaging updates from Buchan
(This used to be commit b67929cc3e2339e0865f2924b930f1d834c20ed9)

17 years agocreate libdir for installclientlib; patch from Bill Knox
Gerald Carter [Fri, 5 Dec 2003 15:23:21 +0000 (15:23 +0000)]
create libdir for installclientlib; patch from Bill Knox
(This used to be commit b19472e108508935e6c80f61fd1394e852cb0902)

17 years agoremoving RCS tags
Gerald Carter [Fri, 5 Dec 2003 14:06:55 +0000 (14:06 +0000)]
removing RCS tags
(This used to be commit 9a7774306dfa29f0b343343844a2c08650d5ba1a)

17 years ago* removing extra file
Gerald Carter [Fri, 5 Dec 2003 13:57:02 +0000 (13:57 +0000)]
* removing extra file
* updating version in Makefile
(This used to be commit 3249e69274c00922c6d8710019c19d8c8add8255)