ira/wip.git
18 years agoGrr, the order of these arguments matters
Andrew Bartlett [Tue, 1 Jul 2003 09:27:02 +0000 (09:27 +0000)]
Grr, the order of these arguments matters
(This used to be commit 6babc35ef9c62a48a56ef63945d09e7e06229666)

18 years agoMake smbpasswd use the higher log level for the second run - this should
Andrew Bartlett [Tue, 1 Jul 2003 07:29:23 +0000 (07:29 +0000)]
Make smbpasswd use the higher log level for the second run - this should
help us debug failures in smbpasswd.

Andrew Bartlett
(This used to be commit dcdbd530a6c74ecf09a96067c40be5813dd646c8)

18 years agofix typos in log messages and comments.
Gerald Carter [Tue, 1 Jul 2003 05:45:16 +0000 (05:45 +0000)]
fix typos in log messages and comments.
(This used to be commit fd24183ec30688f3699e466bd4d908b24918e328)

18 years ago* revert change to get_global_sam_name()
Gerald Carter [Tue, 1 Jul 2003 04:11:42 +0000 (04:11 +0000)]
* revert change to get_global_sam_name()
* add get_default_sam_name() to be used by make_user_info_map()
* add comments describing get_*_sam_name()
(This used to be commit 90470366ea4bdb8021a3453c4bbeb29f009668c1)

18 years ago* fix the trustdom_cache to work when winbindd is not running.
Gerald Carter [Tue, 1 Jul 2003 03:49:41 +0000 (03:49 +0000)]
* fix the trustdom_cache to work when winbindd is not running.
  smbd will update the trustdom_cache periodically after locking
  the timestamp key
(This used to be commit 7bc4b65b91f98271089335cc301146d5f0c76c3a)

18 years agoFixed the latest complaint from jcmd :-). We were storing -1 for the
Jeremy Allison [Tue, 1 Jul 2003 00:35:11 +0000 (00:35 +0000)]
Fixed the latest complaint from jcmd :-). We were storing -1 for the
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
(This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)

18 years agoMerge of Volkers patch to make the logic clearer (with my mod).
Jeremy Allison [Mon, 30 Jun 2003 22:07:47 +0000 (22:07 +0000)]
Merge ... Volkers patch to make the logic clearer (with my mod).
Jeremy.
(This used to be commit 1714eb6bef627ebcfb6db03e58fdd02ea502c6e1)

18 years agoFix missing ret = found by Volker.
Jeremy Allison [Mon, 30 Jun 2003 21:04:12 +0000 (21:04 +0000)]
Fix missing ret = found by Volker.
Jeremy.
(This used to be commit ba112bb3fdb4e81d8f6ab1ccc4a68960f71ccb23)

18 years ago* cleanup more DC name resolution issues in check_*domain_security()
Gerald Carter [Mon, 30 Jun 2003 20:45:14 +0000 (20:45 +0000)]
* cleanup more DC name resolution issues in check_*domain_security()
* is_trusted_domain() is broken without winbind.  Still working on this.
* get_global_sam_name() should return the workgroup name unless we
  are a standalone server (verified by volker)
* Get_Pwnam() should always fall back to the username (minus domain name)
  even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
  if 'user' exists in the local list of accounts (on domain members w/o
  winbind)

Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0
domain member not running winbindd.

notes: make_user_info_map() is slightly broken now due to the
fact that is_trusted_domain() only works with winbindd.  disabled
checks temporarily until I can sort this out.
(This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)

18 years agoValgrind found a bug (subtracting a pointer from a length rather than the
Jeremy Allison [Mon, 30 Jun 2003 20:41:40 +0000 (20:41 +0000)]
Valgrind found a bug (subtracting a pointer from a length rather than the
length of what the pointer points to).
Jeremy.
(This used to be commit 492a96e9922c1ef96b967f2965f8bba1f5bc8f23)

18 years agoFinally ! Fixed the ACL ordering bug reported by jcmd. I realised we were
Jeremy Allison [Mon, 30 Jun 2003 18:53:48 +0000 (18:53 +0000)]
Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we were
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
(This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)

18 years agoremoving old code
Gerald Carter [Mon, 30 Jun 2003 17:26:45 +0000 (17:26 +0000)]
removing old code
(This used to be commit 80df684b72f273f9efc0c00646f26d17f1b4bc70)

18 years ago* rename samstrict auth method to sam
Gerald Carter [Mon, 30 Jun 2003 17:24:59 +0000 (17:24 +0000)]
* rename samstrict auth method to sam
* rename original sam auth method to sam_ignoredomain
* remove samstrict_dc auth method (now covered by 'sam')
* fix wbinfo -a '...' and getent passwd bugs when running
  winbindd on a samba PDC (reported by Volker)
(This used to be commit 52166faee793d337e045d64f7cb27ea7ac895f60)

18 years agofix for platforms that don't have unsetenv().
Gerald Carter [Mon, 30 Jun 2003 16:18:29 +0000 (16:18 +0000)]
fix for platforms that don't have unsetenv().
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390)

18 years agoAdd the 'guest' passdb backend automatically if
Volker Lendecke [Mon, 30 Jun 2003 14:55:45 +0000 (14:55 +0000)]
Add the 'guest' passdb backend automatically if
guest account != ""

Volker
(This used to be commit 21d330af107f744af9569b5577afc6e7ba6a269c)

18 years agoYet more shadow variable warnings.
Tim Potter [Mon, 30 Jun 2003 05:45:27 +0000 (05:45 +0000)]
Yet more shadow variable warnings.
(This used to be commit b401e78b6eb7efa2af74a7e645c3b34091041769)

18 years agoFix more shadow variable warnings.
Tim Potter [Mon, 30 Jun 2003 05:44:05 +0000 (05:44 +0000)]
Fix more shadow variable warnings.
(This used to be commit 10c51bbef83dabd99f129fc7ff0e3fe47c393c67)

18 years agoFix shadow variable warnings.
Tim Potter [Mon, 30 Jun 2003 05:42:15 +0000 (05:42 +0000)]
Fix shadow variable warnings.
(This used to be commit 5ffb8e0920be2da19ac3f442b9bf56c159011822)

18 years ago- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)
Andrew Tridgell [Mon, 30 Jun 2003 02:11:13 +0000 (02:11 +0000)]
- added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)

- changed --enable-developer debug to use -gstabs as it makes the
  samba binaries about 10x smaller and is still quite functional for
  samba debugging
(This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)

18 years agoHere's the code to make winbindd work on a Samba DC
Gerald Carter [Sun, 29 Jun 2003 03:39:50 +0000 (03:39 +0000)]
Here's the code to make winbindd work on a Samba DC
to handle domain trusts.  Jeremy and I talked about this
and it's going in as working code.  It keeps winbind clean
and solves the trust problem with minimal changes.

To summarize, there are 2 basic cases where the deadlock would
occur.  (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.

o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
  the username includes the 'winbind separator'.

o Case #2 is handled by adding checks in winbindd to return failure
  if we are a DC and the domain matches our own.

This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain').  The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.

Other misc fixes:

  * we need to fix check_ntlm_password() to be able to determine
    if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
    etc...).  I worked around my specific situation, but this needs to be
    fixed.  the winbindd auth module was causing delays.
  * fix named server mutex deadlock between trust domain auth module
    and winbindd looking up a uid
  * make sure SAM_ACCOUNT gets stored in the server_info struct for the
    _net_sam_logon() reply.

Configuration details:

The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.

  * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
  * create domain trusts like normal
  * join winbind on the pdc to the Samba domain using 'net rpc join'
  * add normal parameters to smb.conf for winbind
  * set 'auth method = guest sam winbind'
  * start smbd, nmbd, & winbindd

Problems that remain:

  * join a Windows 2k/XP box to a Samba domain.
  * create a 2-way trust between the Samba domain
    and an NT domain
  * logon to the windows client as a user from theh trusted
    domain
  * try to browse server in the trusted domain (or other
    workstations).  an NT client seems to work ok, but 2k
    and XP either prompt for passwords or fail with errors.

apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)

18 years agoadd check for NT_STATUS_NOT_IMPLEMENTED in auth check so that
Gerald Carter [Sat, 28 Jun 2003 08:29:42 +0000 (08:29 +0000)]
add check for NT_STATUS_NOT_IMPLEMENTED in auth check so that
map to guest = bad user works again when "trustdomain" is listed
as last auth method.

Also clean up some more DC location calls.
(This used to be commit 77a5b1032f39b8d20925721b719fdcfff910cb06)

18 years agocleaning up after the s/in_addr/ip_service/ switch for the get_dc_list() patch
Gerald Carter [Sat, 28 Jun 2003 08:24:32 +0000 (08:24 +0000)]
cleaning up after the s/in_addr/ip_service/ switch for the get_dc_list() patch
(This used to be commit 303fdc516c79b170d7c12fe2f6264d9636673347)

18 years agoSome const correctness. Stop tdb being used as a remote backend. If an
Jeremy Allison [Fri, 27 Jun 2003 20:55:48 +0000 (20:55 +0000)]
Some const correctness. Stop tdb being used as a remote backend. If an
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)

18 years agoAdd include guards around idmap.h, change ID_NOMAP to ID_QUERY_ONLY
Jeremy Allison [Thu, 26 Jun 2003 23:48:46 +0000 (23:48 +0000)]
Add include guards around idmap.h, change ID_NOMAP to ID_QUERY_ONLY
and ID_CACHE to ID_CACHE_SAVE. Added locking around tdb writes & deletes
for multi-process access.
Jeremy.
(This used to be commit 5b998cdc1d552234236862f6a2bbae703b0c146e)

18 years agoAs has been pointed out, ordering here doesn't matter so use normal
Jeremy Allison [Thu, 26 Jun 2003 18:26:52 +0000 (18:26 +0000)]
As has been pointed out, ordering here doesn't matter so use normal
add.
Jeremy.
(This used to be commit 030b35ca0fc9fe49610084c6c1be95241157564b)

18 years agoRemove the MODULES_CLEAN variable. It's no longer necessary since
Jelmer Vernooij [Thu, 26 Jun 2003 17:33:58 +0000 (17:33 +0000)]
Remove the MODULES_CLEAN variable. It's no longer necessary since
object files for modules are in .po files, while object files for
static use are in .o files. Pointed out by metze.

This reduces the number of files that have to be recompiled after the Makefile
changes. Preventing unnecessary recompiling of the other few is high
on my todo list.
(This used to be commit b9b46d43c7c39d6738c254c4a148bdb93cae02e3)

18 years agoMove up intialisation of logging, so we catch errors in handling 'preload modules'
Jelmer Vernooij [Thu, 26 Jun 2003 17:29:09 +0000 (17:29 +0000)]
Move up intialisation of logging, so we catch errors in handling 'preload modules'
(This used to be commit 13b81d0d92b9e28eaab18f5437060e79f6075f9e)

18 years agoDocument name resolve order suggested settings for security=ads as mentioned by Jerry
Alexander Bokovoy [Thu, 26 Jun 2003 08:12:47 +0000 (08:12 +0000)]
Document name resolve order suggested settings for security=ads as mentioned by Jerry
(This used to be commit 0413385feb71e15c9b2f331417ce24c985f1fe8d)

18 years agocleaning up more build issues. Tested
Gerald Carter [Thu, 26 Jun 2003 05:26:20 +0000 (05:26 +0000)]
cleaning up more build issues.  Tested
"--with-ads=no --with-ldap=yes" and "--with-ads=yes && make everything"
(This used to be commit 3e9e4bb7d1a2f5a95539f415aa101f033b67932a)

18 years agoFix immediate bug where the idmap can't tell the difference between an entry
Jeremy Allison [Thu, 26 Jun 2003 00:19:57 +0000 (00:19 +0000)]
Fix immediate bug where the idmap can't tell the difference between an entry
not being present (and so allocate another) and an entry that is present but
of the wrong type. This code still has major problems...
Jeremy.
(This used to be commit a304bc5ff134df118754d9e8d2b2680b4101e438)

18 years agoAdd netlogon debug registry key info
Jelmer Vernooij [Wed, 25 Jun 2003 20:58:33 +0000 (20:58 +0000)]
Add netlogon debug registry key info
(This used to be commit ffaddd8202aeb7a442aa565e19a76a5f407c9f91)

18 years agofix linking of some things that are not built by default
Gerald Carter [Wed, 25 Jun 2003 20:16:53 +0000 (20:16 +0000)]
fix linking of some things that are not built by default
(This used to be commit 42133092a40e7979b29c8cc82c662d54bc399e6e)

18 years agoifdef out some functions that are not used when HAVE_ADS is not defined
Gerald Carter [Wed, 25 Jun 2003 19:49:27 +0000 (19:49 +0000)]
ifdef out some functions that are not used when HAVE_ADS is not defined
(This used to be commit 2d192e0431c7b754cf9db2306acb01fbe4068a14)

18 years agofix build on non-ldap platforms
Gerald Carter [Wed, 25 Jun 2003 19:39:16 +0000 (19:39 +0000)]
fix build on non-ldap platforms
(This used to be commit a59ea1d6d32337226f6099eefd19681fb28279c0)

18 years agoEnsure idmap backends are added in the correct order (DLIST_ADD puts
Jeremy Allison [Wed, 25 Jun 2003 19:01:17 +0000 (19:01 +0000)]
Ensure idmap backends are added in the correct order (DLIST_ADD puts
things at the *front* of the list). Add more debug. Still broken.. :-(.
Jeremy.
(This used to be commit dd9251e6f51f229ca1fab23d9b06f5bb68644fab)

18 years ago* fix typos in a few debug statements
Gerald Carter [Wed, 25 Jun 2003 19:00:15 +0000 (19:00 +0000)]
* fix typos in a few debug statements
* check negative connection cache before ads_try_connect()
  in ads_find_dc()
(This used to be commit 2a76101a3a31f5fca2f444b25e3f0486f7ef406f)

18 years agoforgot one file
Gerald Carter [Wed, 25 Jun 2003 18:08:00 +0000 (18:08 +0000)]
forgot one file
(This used to be commit ef978bd851431da373e005177504dbef2611cf4f)

18 years agolarge change:
Gerald Carter [Wed, 25 Jun 2003 17:41:05 +0000 (17:41 +0000)]
large change:

*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda425bef380441509734eca33da943c091)

18 years agoPatch to move functions directly from pdb_ldap.c into lib/smbldap.c
Andrew Bartlett [Wed, 25 Jun 2003 12:51:58 +0000 (12:51 +0000)]
Patch to move functions directly from pdb_ldap.c into lib/smbldap.c

The functions are unchanged.  Next step is to make idmap_ldap use them.

Andrew Bartlett
(This used to be commit 57617a0f8c84f9ced4df2901811ce5a5a5ae005e)

18 years agoMetze assures me that this will fix Heimdal et al.
Tim Potter [Wed, 25 Jun 2003 12:20:29 +0000 (12:20 +0000)]
Metze assures me that this will fix Heimdal et al.

I think the lesson to take away here is that refactoring configure.in
is a hazardous task and should only be attempted if you have a lot
of time and patience!
(This used to be commit 5ba121ac9d75de72261521cb1066ed585b68c307)

18 years agoFix a warning in a DEBUG
Volker Lendecke [Wed, 25 Jun 2003 10:18:22 +0000 (10:18 +0000)]
Fix a warning in a DEBUG

Clean up the init a little bit, less nested if-statements.

Agreed upon with Simo.

Volker
(This used to be commit fdcfefd7f1be55307ccd59290efd249981198e1e)

18 years agoTought I already done.
Simo Sorce [Wed, 25 Jun 2003 08:15:51 +0000 (08:15 +0000)]
Tought I already done.
Set back 3.0 to use only winbindd_idmap.tdb as idmap database as told on
samba-technical.
Tested and working so far.
(This used to be commit e154e50fed8968567f75fcd581de2b41914ea2c1)

18 years agoOnly append to KRB5_LIBS when doing AC_CHECK_LIB for libkrb5.
Tim Potter [Wed, 25 Jun 2003 02:24:48 +0000 (02:24 +0000)]
Only append to KRB5_LIBS when doing AC_CHECK_LIB for libkrb5.

I think we are done with MIT Kerberos for the moment.  The Heimdal detection
looks like it has been broken for ages so it's next on the list.
(This used to be commit 7690a722f99485f717215787db168f6878422f2f)

18 years agoDon't trash the values of CFLAGS and LIBS while engaged in Kerberos
Tim Potter [Wed, 25 Jun 2003 01:33:27 +0000 (01:33 +0000)]
Don't trash the values of CFLAGS and LIBS while engaged in Kerberos
detection.  On Solaris 9 extra libraries -lber and -lresolv are
required for Kerberos tests.  We used to have an extra check for
-lresolv only but I think the correct solution is not to forget about it
in the first place.

This should fix bug #125 although I don't have access to a
system to test it out on.
(This used to be commit 4ddfab4a572782cd83588eff4fbb599f6c4e770c)

18 years agoMore debugs for this... (these should have been here already !).
Jeremy Allison [Wed, 25 Jun 2003 00:28:46 +0000 (00:28 +0000)]
More debugs for this... (these should have been here already !).
Jeremy.
(This used to be commit a118648d9505d54850ffad1e9ce7a2c3d279df9f)

18 years agoMore instrumentation tracking down this bug...
Jeremy Allison [Wed, 25 Jun 2003 00:11:38 +0000 (00:11 +0000)]
More instrumentation tracking down this bug...
Jeremy.
(This used to be commit 705915d9f71504f8ae04444352c80811c5a6f1ac)

18 years agoStart to instrument this code as I try and track down a nasty bug that
Jeremy Allison [Wed, 25 Jun 2003 00:02:17 +0000 (00:02 +0000)]
Start to instrument this code as I try and track down a nasty bug that
causes mapping to dissapear...
Jeremy.
(This used to be commit bdffc81c9d1eeab26e4dba017a99bb9cc9131493)

18 years agoSequence number was not getting updated with ldap hack. Only a bug in this
Jeremy Allison [Tue, 24 Jun 2003 23:07:26 +0000 (23:07 +0000)]
Sequence number was not getting updated with ldap hack. Only a bug in this
branch.
Jeremy.
(This used to be commit 19629b41cb9b5e5f9e0d4a6d52af983a4d05c8cb)

18 years agoExplain why winbindd is exiting.
Jeremy Allison [Tue, 24 Jun 2003 20:54:32 +0000 (20:54 +0000)]
Explain why winbindd is exiting.
Jeremy.
(This used to be commit a411923aa2eba9dac49efb68ed31650c11b5c33d)

18 years agoFix pdb_ldap segfaults, and wrong default values for ldapsam_compat.
Andrew Bartlett [Tue, 24 Jun 2003 14:23:34 +0000 (14:23 +0000)]
Fix pdb_ldap segfaults, and wrong default values for ldapsam_compat.

Reviewed by vl, metze.

Andrew Bartlett
(This used to be commit 9804ad458ad35c9ea7de3e2e86bf8b2f85ae6533)

18 years agodo not forget the include file :-)
Simo Sorce [Tue, 24 Jun 2003 14:02:57 +0000 (14:02 +0000)]
do not forget the include file :-)
(This used to be commit 73e13b9bafa070a1dceaf21a0e098dda207ba7fd)

18 years agoadd tdb backup function separation and winbind idmap upgrade code form
Simo Sorce [Tue, 24 Jun 2003 14:02:21 +0000 (14:02 +0000)]
add tdb backup function separation and winbind idmap upgrade code form
pre-2.2.4 tdb database format.

tx volker for your work on this
(This used to be commit 2bdbeb9e97a59ecd16f74fbb04ab5ca57b28a757)

18 years agoMore tuning of Kerberos detection - don't fall through to detect kerberos libs
Tim Potter [Tue, 24 Jun 2003 07:46:26 +0000 (07:46 +0000)]
More tuning of Kerberos detection - don't fall through to detect kerberos libs
when we have already decided that we can't do it.
(This used to be commit db792ed530da4e040084d4b42b716ffdcdd13bd3)

18 years agoMore sensible behaviour for bug 152. If we don't have krb5.h and were explicitly
Tim Potter [Tue, 24 Jun 2003 05:31:08 +0000 (05:31 +0000)]
More sensible behaviour for bug 152.  If we don't have krb5.h and were explicitly
configured using --with-ads then give an error, otherwise fall back to compiling
without ADS.

Tested on redhat 8.0 with and without MIT kerberos packages installed.  Metze,
let me know if this is working OK for you now!
(This used to be commit 7ea81535b8180314acbf0873104a8c942ce4ec14)

18 years agoFixes from Martin Dorey <mdorey@bluearc.com> to only ask for and change
Jeremy Allison [Tue, 24 Jun 2003 01:09:36 +0000 (01:09 +0000)]
Fixes from Martin Dorey <mdorey@bluearc.com> to only ask for and change
the requested parts of the ACL.
Jeremy.
(This used to be commit c35a88201c619f0ebbaf38adbd0ec2af77e23981)

18 years agoMove the map acl inherit parameter into the protocol section.
Jeremy Allison [Tue, 24 Jun 2003 00:58:54 +0000 (00:58 +0000)]
Move the map acl inherit parameter into the protocol section.
Jeremy.
(This used to be commit 076d9a3c9bc264d9456a67da9366bd73d3ce69d5)

18 years agoAdd documentation for "map acl inherit" parameter.
Jeremy Allison [Mon, 23 Jun 2003 23:02:49 +0000 (23:02 +0000)]
Add documentation for "map acl inherit" parameter.
Jeremy.
(This used to be commit a97f25c78591db3f6326610ea62b183fa3b9434d)

18 years agoFixed the merge_default_aces() code to work correctly with inheritance.
Jeremy Allison [Mon, 23 Jun 2003 20:24:08 +0000 (20:24 +0000)]
Fixed the merge_default_aces() code to work correctly with inheritance.
Hopefully will fix jcmd bugs :-).
Jeremy.
(This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)

18 years ago* s/get_dc_name/rpc_dc_name/g (revert a previous change)
Gerald Carter [Mon, 23 Jun 2003 19:05:23 +0000 (19:05 +0000)]
* s/get_dc_name/rpc_dc_name/g  (revert a previous change)

* move back to qsort() for sorting IP address in get_dc_list()

* remove dc_name_cache in cm_get_dc_name() since it slowed
  things down more than it helped.  I've made a note of where
  to add in the negative connection cache in the ads code.
  Will come back to that.

* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
  of MAX_ALLOWED)

* only enumerate domain local groups in our domain

* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b02b205b4031279cedd804c1fb22c5b)

18 years agowrap group enuemration in brcome/unbecome_root() (bug #110)
Gerald Carter [Mon, 23 Jun 2003 18:29:09 +0000 (18:29 +0000)]
wrap group enuemration in brcome/unbecome_root() (bug #110)
(This used to be commit 3918fffc7f07202f4c0b940f877184eea7561135)

18 years agofix typo (bug #170)
Gerald Carter [Mon, 23 Jun 2003 18:27:59 +0000 (18:27 +0000)]
fix typo (bug #170)
(This used to be commit d376b67de9ff7a43c9c03c8640d9fe1671d223cb)

18 years agofix bug #178; available space in devmode should be int
Gerald Carter [Mon, 23 Jun 2003 17:47:25 +0000 (17:47 +0000)]
fix bug #178; available space in devmode should be int
(This used to be commit 944480b89a829f159cabff100d83a72400aa6b6c)

18 years agolp_security() is a function not an integer
Andrew Tridgell [Mon, 23 Jun 2003 06:38:19 +0000 (06:38 +0000)]
lp_security() is a function not an integer
(This used to be commit 71907f32ba9c8700ba185b565a50c55a3a451758)

18 years agoChange AC_MSG_ERROR() in krb5.h detection code to AC_MSG_WARN()
Tim Potter [Mon, 23 Jun 2003 05:32:16 +0000 (05:32 +0000)]
Change AC_MSG_ERROR() in krb5.h detection code to AC_MSG_WARN()
until I repair my destroyed development system and check in a proper
fix for this.
(This used to be commit efad5dab522c466ae9e6bc114d0a0e6d1a7ed06d)

18 years ago* set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() failure
Gerald Carter [Mon, 23 Jun 2003 05:10:07 +0000 (05:10 +0000)]
* set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() failure
* Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains
  ( does no one ever test this? )
* add in LDAP code to get the sequence number for rpc based seqnum update.
  ( this is needed if the DC is upgraded and samba is not reconfigured
    to use security = ads; it's not pretty but it works (from app_head) )
* fix bug that caused us to enumerate domain local groups in domains
  other than our own
(This used to be commit 14f2cd139a22454571cea8475d3b7c5c2787d378)

18 years agoProduce an error if Active Directory support is requested and we don't
Tim Potter [Mon, 23 Jun 2003 01:27:17 +0000 (01:27 +0000)]
Produce an error if Active Directory support is requested and we don't
have krb5.h

Should fix bug 152.
(This used to be commit 82d3dd757be5c56fdeb97e66f64ec25d5e202614)

18 years agoRepair indentation in autoconf Kerberos detection code. This should
Tim Potter [Mon, 23 Jun 2003 01:05:31 +0000 (01:05 +0000)]
Repair indentation in autoconf Kerberos detection code.  This should
make it easier to understand/debug.
(This used to be commit 86b6ff134c2631be1346cea1cd7a17ae815a3759)

18 years agoFound out a good number of NT_STATUS_IS_ERR used the wrong way.
Simo Sorce [Sun, 22 Jun 2003 10:09:52 +0000 (10:09 +0000)]
Found out a good number of NT_STATUS_IS_ERR used the wrong way.
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK

This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.

Simo.
(This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)

18 years ago(fixing bug in my last commit)
Andrew Bartlett [Sat, 21 Jun 2003 23:35:12 +0000 (23:35 +0000)]
(fixing bug in my last commit)
This isn't C++ - start your code *after* all the variables are declared...

Andrew Bartlett
(This used to be commit b7760faedc2181538ffc325e727808e6df8f943f)

18 years agoFix memory leak. secrets_fetch allocates memory.
Volker Lendecke [Sat, 21 Jun 2003 14:28:18 +0000 (14:28 +0000)]
Fix memory leak. secrets_fetch allocates memory.

Volker
(This used to be commit 2ec8d1ff88d3984a317a4a53ca3a299e8a68a9d7)

18 years agoThis removes the StrCaseCmp() stuff from 'net idmap' and 'net
Andrew Bartlett [Sat, 21 Jun 2003 08:35:30 +0000 (08:35 +0000)]
This removes the StrCaseCmp() stuff from 'net idmap' and 'net
groupmap'.  The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.

This also moves the idmap code into a new file.  Volker, is this your
code?  You might want to put your name on it.

Andrew Bartlett
(This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)

18 years agoThis patch fixes some issues with idmap_tdb as raised by bug #181
Andrew Bartlett [Sat, 21 Jun 2003 08:31:18 +0000 (08:31 +0000)]
This patch fixes some issues with idmap_tdb as raised by bug #181

The idea here is to eliminate the need to *set* the 'HWM' (High Water
Mark) in the tdb.  Instead, each caller wanting to add an item to the
TDB uses the fact that an insert will *fail* if entry already exists.

More importantly, this means that we don't need to know the value of the
idmap uid/gid values when setting arbitrary entries, which can occur on
an smb.conf without such values specified.

Then all we need to do is loop until we get an id that will insert.
This means that the HWM does not need to be accurate, and we can have
IDs allocates safely above the HWM.

Setting the HWM to an arbitrary value was racy in the past - now we
don't even do it.

This patch also adds paranoia in reading the tdb - both the entry, and
it's reverse entry must be present.  This means that we don't need to
'clean up' after an abnormal failure (which would probably fail too),
instead we rely on readers to ignore the half-completed entry.  The way
this is done will allow SIDs to then allocated an ID when things are
normal again.

Andrew Bartlett
(This used to be commit 74709e159cdcd4dbcf138428a85067b38c4ebe64)

18 years agoAlways initialize.
Andrew Bartlett [Sat, 21 Jun 2003 07:54:03 +0000 (07:54 +0000)]
Always initialize.
(This used to be commit 75081860af5ace873f53c361ec34d029b7864ff7)

18 years agomerge of the netsamlogon caching code from APPLIANCE_HEAD
Gerald Carter [Sat, 21 Jun 2003 04:05:01 +0000 (04:05 +0000)]
Merge ... the netsamlogon caching code from APPLIANCE_HEAD
This replaces the universal group caching code (was originally
based on that code).  Only applies to the the RPC code.

One comment: domain local groups don't show up in 'getent group'
that's easy to fix.

Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.

netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)

18 years agoThis patch works towards to goal of common code shared between idmap_ldap
Andrew Bartlett [Sat, 21 Jun 2003 00:45:03 +0000 (00:45 +0000)]
This patch works towards to goal of common code shared between idmap_ldap
and pdb_ldap.

So far, it's just a function rename, so that the next patch can be a very
simple matter of copying functions, without worrying about what changed
in the process.

Also removes the 'static' pointers for the rebind procedures, replacing them
with a linked list of value/key lookups.  (Only needed on older LDAP client
libs)

Andrew Bartlett
(This used to be commit f93167a7e1c56157481a934d2225fe19786a3bff)

18 years agoFixed sorting algorithm to prevent problems with W2K clients.
Jeremy Allison [Fri, 20 Jun 2003 20:07:13 +0000 (20:07 +0000)]
Fixed sorting algorithm to prevent problems with W2K clients.
Jeremy.
(This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)

18 years agoFix bug #136. Add message about erroneous empty "passdb backend" parameter.
Jim McDonough [Fri, 20 Jun 2003 17:41:04 +0000 (17:41 +0000)]
Fix bug #136.  Add message about erroneous empty "passdb backend" parameter.
(This used to be commit 897125a9dbbd3f921d944e7bb7c5694a130c5173)

18 years agoFix bug #136: "passdb backend = " caused smbd to segfault.
Jim McDonough [Fri, 20 Jun 2003 17:39:53 +0000 (17:39 +0000)]
Fix bug #136: "passdb backend = " caused smbd to segfault.
Instead, spit out an error message.
(This used to be commit 22f083b227a6f03ae42b985e45e9c384982c6ed2)

18 years agoFix mount options for ro, dir_mode, file_mode
Steve French [Fri, 20 Jun 2003 16:41:41 +0000 (16:41 +0000)]
Fix mount options for ro, dir_mode, file_mode
(This used to be commit 7e7cf0dd98ec8e28c02cb9e36064eaf098339801)

18 years agofixed a bug found by volker
Andrew Tridgell [Fri, 20 Jun 2003 14:48:36 +0000 (14:48 +0000)]
fixed a bug found by volker

when we are traversing a readonly dababase we should not try to
cleanup the pending-delete records
(This used to be commit f327c06108cd1a9146f4c24aa4274997be0b4fb4)

18 years agoUpdating change from "winbind uid/gid" to "idmap uid/gid"
John Terpstra [Fri, 20 Jun 2003 07:25:35 +0000 (07:25 +0000)]
Updating change from "winbind uid/gid" to "idmap uid/gid"
(This used to be commit 81abfec7faf8675391d017c2e4160cd77a1ab157)

18 years agoApplied Vance Lankhaar's spelling fixes.
John Terpstra [Fri, 20 Jun 2003 06:49:48 +0000 (06:49 +0000)]
Applied Vance Lankhaar's spelling fixes.
(This used to be commit 7eea35ba9f02f465403c21f5c33461035ad56176)

18 years agoThe default action for AC_CHECK_LIB is to add the library to $LIBS so
Tim Potter [Fri, 20 Jun 2003 06:41:56 +0000 (06:41 +0000)]
The default action for AC_CHECK_LIB is to add the library to $LIBS so
this doesn't need to be done explicitly in the Kerberos checks.

Also there was a duplicate AC_CHECK_LIB(resolv, dn_expand) which is done
early on in the configure process.
(This used to be commit fa66e2e1e1186d8c8965e1a13d49f4af2e71a442)

18 years agoBack out some of the changes to nsstest. I've kept the NULL pointer
Tim Potter [Fri, 20 Jun 2003 02:31:15 +0000 (02:31 +0000)]
Back out some of the changes to nsstest.  I've kept the NULL pointer
dereference bugfixes but left out the gethostbyname (wins) tests pending
a nicer way to integrate it.
(This used to be commit a7e67aaffe13b2828861046013b51d62aa1db057)

18 years agoMissed initial param, typo.
Jeremy Allison [Fri, 20 Jun 2003 01:42:13 +0000 (01:42 +0000)]
Missed initial param, typo.
Jeremy.
(This used to be commit 036a551b10f1cb436ea36acbb40983249de8310d)

18 years agoMapping of Windows ACL inheritance and protected bits onto extended attributes
Jeremy Allison [Fri, 20 Jun 2003 01:12:20 +0000 (01:12 +0000)]
Mapping of Windows ACL inheritance and protected bits onto extended attributes
if available. Adds new parameter "map acl inheritance" (docs coming soon)
off by default. Allows W2K acl inheritance dialogs to work correctly on
POSIX acls.
Jeremy.
(This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)

18 years agoMinor Debian updates.
Eloy Paris [Thu, 19 Jun 2003 17:22:43 +0000 (17:22 +0000)]
Minor Debian updates.
(This used to be commit f9f5211d79feb07f20f6aad9e8829d19eaf096fd)

18 years agoFix typo
Jelmer Vernooij [Wed, 18 Jun 2003 23:13:17 +0000 (23:13 +0000)]
Fix typo
(This used to be commit 598a7596f233d63974196ca00fc68c2f71f6e219)

18 years agoVFS modules are located in the subdirectory vfs of $LIBDIR
Jelmer Vernooij [Wed, 18 Jun 2003 19:03:30 +0000 (19:03 +0000)]
VFS modules are located in the subdirectory vfs of $LIBDIR
(This used to be commit 76182f47386a58d27901c0628dcd298bd111c634)

18 years agoRemove short -A option, but still leave in the --set-auth-user option.
Jim McDonough [Wed, 18 Jun 2003 16:11:13 +0000 (16:11 +0000)]
Remove short -A option, but still leave in the --set-auth-user option.
This reflects a change made in wbinfo as a result of bug 158.
(This used to be commit 2628259c2051dd1f0802bced82bfb5ffaed2a12d)

18 years agoAdd installmodules to install
Jelmer Vernooij [Wed, 18 Jun 2003 15:54:21 +0000 (15:54 +0000)]
Add installmodules to install
(This used to be commit 33e8dd88434710427fcf43048477ab072606d634)

18 years agoOk, this patch removes the privilege stuff we had in, unused, for some time.
Simo Sorce [Wed, 18 Jun 2003 15:24:10 +0000 (15:24 +0000)]
Ok, this patch removes the privilege stuff we had in, unused, for some time.

The code was nice, but put in the wrong place (group mapping) and not
supported by most of the code, thus useless.

We will put back most of the code when our infrastructure will be changed
so that privileges actually really make sense to be set.

This is a first patch of a set to enhance all our mapping code cleaness and
stability towards a sane next beta for 3.0 code base

Simo.
(This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)

18 years agoUpdated Debian patches so they apply cleanly and without warnings at
Eloy Paris [Wed, 18 Jun 2003 15:17:32 +0000 (15:17 +0000)]
Updated Debian patches so they apply cleanly and without warnings at
build time.
(This used to be commit 37acf55b609e90d4ae1a4b6bafb6067487352cee)

18 years agoRemove the -A option of wbinfo, leaving only the long version,
Jim McDonough [Wed, 18 Jun 2003 14:20:23 +0000 (14:20 +0000)]
Remove the -A option of wbinfo, leaving only the long version,
--set-auth-user.  There was enough confusion, as in bug #158,
when a user accidentally typed -A instead of -a, and would get themselves
stuck with a non-working winbind.

I've made the changes to docs/docbook/manpages/wbinfo.xml, but I'm not
sure what to do beyond that.  Is checking that in enough?
(This used to be commit 70fe85e4698ce2c26372b050417986bf4a96680b)

18 years agoThere's nothing particularly secret in idmap.tdb, so create it with
Volker Lendecke [Wed, 18 Jun 2003 13:28:37 +0000 (13:28 +0000)]
There's nothing particularly secret in idmap.tdb, so create it with
0644 as the other databases.

Volker
(This used to be commit 5849053930474b1e735f3232995813ef5126ad00)

18 years agoAnd some more memory leaks in mapping.c and pdb_tdb.c. tdb_nextkey
Volker Lendecke [Wed, 18 Jun 2003 12:00:52 +0000 (12:00 +0000)]
And some more memory leaks in mapping.c and pdb_tdb.c. tdb_nextkey
mallocs its key, so we should free it after use.

Volker
(This used to be commit 9750799ba2e1aaa59fa255f23880c9c618195c3d)

18 years agoBetter panic cleanly than segfault later when no sid can be found and created.
Volker Lendecke [Wed, 18 Jun 2003 08:42:04 +0000 (08:42 +0000)]
Better panic cleanly than segfault later when no sid can be found and created.
Everybody who calls get_global_sam_sid expects this to return non-NULL, and
there are way too many places where this is called.

Volker
(This used to be commit 2dfa896e6fdd52aa0eebe7d811c7b4072fe98be3)

18 years agoAnd more other memory leaks. One new (idmap) and one ancient (groupdb).
Volker Lendecke [Tue, 17 Jun 2003 12:31:02 +0000 (12:31 +0000)]
And more other memory leaks. One new (idmap) and one ancient (groupdb).

Volker
(This used to be commit 2392f460aeb11f32759e84faf1e7ace73c5db281)

18 years agoFix a memory leak in pdb_tdb.c.
Volker Lendecke [Tue, 17 Jun 2003 12:03:48 +0000 (12:03 +0000)]
Fix a memory leak in pdb_tdb.c.

Simo, I remember you complaining about a memleak there, could it be
this one, or did you resolve it at that time?

Volker
(This used to be commit c660595deda2ce836c0a191da0236f850004ba0d)

18 years agoMake static (patch from metze)
Jelmer Vernooij [Tue, 17 Jun 2003 10:48:06 +0000 (10:48 +0000)]
Make static (patch from metze)
(This used to be commit 908b16cc2a8b6c5c67aae0e1af9d51f57fe31212)