19 years agodon't use /dev/null for a smbpasswd file
Andrew Tridgell [Tue, 27 Nov 2001 22:47:09 +0000 (22:47 +0000)]
don't use /dev/null for a smbpasswd file
(This used to be commit 067a4f87ac5dc2b5cf902c42f56923d0c5e29bc2)

19 years agoAdded negative caching to group lookups.
Jeremy Allison [Tue, 27 Nov 2001 22:39:57 +0000 (22:39 +0000)]
Added negative caching to group lookups.
(This used to be commit fceba7dea5b09ac9ce509c5252a46be8e4d3de85)

19 years agoadded test for krb5.h
Andrew Tridgell [Tue, 27 Nov 2001 22:37:25 +0000 (22:37 +0000)]
added test for krb5.h

this was causing the kerberos stuff to fail compilation on several
(This used to be commit 17e2f3897374c76dd66b21fdcd93c3a04671f4ce)

19 years agoAdded negative caching to the user pw lookup by name and by uid.
Jeremy Allison [Tue, 27 Nov 2001 20:57:14 +0000 (20:57 +0000)]
Added negative caching to the user pw lookup by name and by uid.
(This used to be commit 4013ae87a1c73ceba346de2a0b905e7c8df355c4)

19 years agoAdded PRINTER_ALREADY_EXISTS error check from Gerry.
Jeremy Allison [Tue, 27 Nov 2001 20:01:23 +0000 (20:01 +0000)]
Added PRINTER_ALREADY_EXISTS error check from Gerry.
(This used to be commit c7f1d3d6f776da8619f1221d38619d084ffb990b)

19 years agoallow printing of NULL pointers with internal snprintf
Andrew Tridgell [Tue, 27 Nov 2001 13:31:02 +0000 (13:31 +0000)]
allow printing of NULL pointers with internal snprintf
(This used to be commit 91bc14f430f798c6be3cb21cb5199ec56308d4f2)

19 years agofixed the panics on basicsmb-sharelist on sun1
Andrew Tridgell [Tue, 27 Nov 2001 13:29:14 +0000 (13:29 +0000)]
fixed the panics on basicsmb-sharelist on sun1
(This used to be commit 1bd3235744bebefa6ba09795438400b4674c165c)

19 years agoFix another memory leak spotted by Tom Jansen.
Richard Sharpe [Tue, 27 Nov 2001 10:42:39 +0000 (10:42 +0000)]
Fix another memory leak spotted by Tom Jansen.
(This used to be commit 6e2c06a6e6173e68a75fd1adfaa73fe9a9210fef)

19 years agosigh.
Andrew Tridgell [Tue, 27 Nov 2001 07:09:06 +0000 (07:09 +0000)]

some systems have libkrb5 but not krb5.h
(This used to be commit 4b89fdecfcf384e7434470a9dcc963f9d96498d1)

19 years agonsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.
Jeremy Allison [Tue, 27 Nov 2001 06:28:06 +0000 (06:28 +0000)]
nsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.
smbd/open.c: Fix "delete on close" for directories.
(This used to be commit 014b0973a3b3b9eb22cce3053171fa55f5c16a63)

19 years agoreverted incorrect patch
Andrew Tridgell [Tue, 27 Nov 2001 05:00:55 +0000 (05:00 +0000)]
reverted incorrect patch
(This used to be commit 96224fe2d40d0ce79d1215bb6f0d17291cace7b9)

19 years agofixed leak in free_user_info()
Andrew Tridgell [Tue, 27 Nov 2001 04:07:57 +0000 (04:07 +0000)]
fixed leak in free_user_info()
(This used to be commit 8eb4277b12b600cdbf8a5205ebc76d1d9d52f1aa)

19 years agoanother memory leak bites the dust
Andrew Tridgell [Tue, 27 Nov 2001 04:05:28 +0000 (04:05 +0000)]
another memory leak bites the dust
(This used to be commit 982d6d447add2d4079c28c0b8ecb0e499f391a2a)

19 years agofixed another memory leak
Andrew Tridgell [Tue, 27 Nov 2001 03:54:15 +0000 (03:54 +0000)]
fixed another memory leak
(This used to be commit 37aa2873e5f476a587316893b0ea3a6fbdfe746f)

19 years agoprevent a bogus insure wild ptr message
Andrew Tridgell [Tue, 27 Nov 2001 03:50:53 +0000 (03:50 +0000)]
prevent a bogus insure wild ptr message
(This used to be commit 1976a8f87544140363449a361f7c7347ef2c44f5)

19 years agoadded -i option to nmbd, giving interactive mode (like winbindd)
Andrew Tridgell [Tue, 27 Nov 2001 03:40:06 +0000 (03:40 +0000)]
added -i option to nmbd, giving interactive mode (like winbindd)
(This used to be commit 1a30efdc2c7e5b385197bbfbcebac6a7305929b8)

19 years agomore memory leak fixes
Andrew Tridgell [Tue, 27 Nov 2001 03:34:56 +0000 (03:34 +0000)]
more memory leak fixes
(This used to be commit 5abf8442033587b79651301d39260abd44b1c3fa)

19 years agounable to open smbpasswd on initial create should only be a warning
Andrew Tridgell [Tue, 27 Nov 2001 03:34:25 +0000 (03:34 +0000)]
unable to open smbpasswd on initial create should only be a warning
(This used to be commit 8712ac84995f8454619245ca111575d4b9769b43)

19 years agoprevent a memory leak of cli structures
Andrew Tridgell [Tue, 27 Nov 2001 03:29:20 +0000 (03:29 +0000)]
prevent a memory leak of cli structures
(This used to be commit 911c57403bd116405876e73913ad73efd15f659b)

19 years agofix sense of lp_allow_trusted_domains()
Andrew Tridgell [Tue, 27 Nov 2001 03:25:31 +0000 (03:25 +0000)]
fix sense of lp_allow_trusted_domains()
fix a memory leak
(This used to be commit 1421f2fbcb296a894cb4e7548e0275e35e055b98)

19 years agodon't try to auto-change the trust password unless we are in domain
Andrew Tridgell [Tue, 27 Nov 2001 01:51:10 +0000 (01:51 +0000)]
don't try to auto-change the trust password unless we are in domain
(This used to be commit 00e4f0c803c6376387c31efd01cf3437c589da9d)

19 years agoautomatically look for /usr/kerberos to make redhat happy
Andrew Tridgell [Tue, 27 Nov 2001 01:45:08 +0000 (01:45 +0000)]
automatically look for /usr/kerberos to make redhat happy
(This used to be commit 0120dea7f0a799ed5cf43179462973e7a9a01bd3)

19 years agodon't die with a FPE if there are no DCs
Andrew Tridgell [Mon, 26 Nov 2001 09:28:27 +0000 (09:28 +0000)]
don't die with a FPE if there are no DCs
(This used to be commit b5999473482475ef64212f4f7204c7895cf8fdf3)

19 years agoincrement the value not the pointer
Andrew Tridgell [Mon, 26 Nov 2001 09:28:00 +0000 (09:28 +0000)]
increment the value not the pointer
(This used to be commit e3698259afa79fcd318592b1d628803695406337)

19 years agoFix --enable-developer shadow warning
Andrew Bartlett [Mon, 26 Nov 2001 07:53:33 +0000 (07:53 +0000)]
Fix --enable-developer shadow warning
(This used to be commit 6a919bcf3d5848e09ddba1e8946f985661af8f67)

19 years agoFix debug
Andrew Bartlett [Mon, 26 Nov 2001 07:23:51 +0000 (07:23 +0000)]
Fix debug
(This used to be commit 44224ae156394dac1055c68764c84f758cea6540)

19 years agobasic ADS HOWTO
Andrew Tridgell [Mon, 26 Nov 2001 06:52:33 +0000 (06:52 +0000)]
(This used to be commit 9ee13fecb1b623e760789d1df7178b085f820700)

19 years agoA number of things to clean up the auth subsytem a bit...
Andrew Bartlett [Mon, 26 Nov 2001 06:47:04 +0000 (06:47 +0000)]
A number of things to clean up the auth subsytem a bit...

We now default encrypt passwords = yes

We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.

(this kills off the 'local' backed.  The sam backend may be renamed in its

The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.

Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.

The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.

Andrew Bartlett
(This used to be commit e89b47f65e7eaf5eb288a3d6ba2d3d115c628e7e)

19 years agoadd SEC_ADS auth method
Andrew Tridgell [Mon, 26 Nov 2001 06:21:24 +0000 (06:21 +0000)]
add SEC_ADS auth method
(This used to be commit b175c42080b15f27589cb6b6d61af5cbbedf5d02)

19 years agoupdated server_role for ADS
Andrew Tridgell [Mon, 26 Nov 2001 06:18:09 +0000 (06:18 +0000)]
updated server_role for ADS
(This used to be commit 48df0d2b5dee3c010c88587352554220f8b92b0f)

19 years agoprevent proto from picking up this as a defintion for 'main()' becoue it conflicts...
Andrew Bartlett [Mon, 26 Nov 2001 05:59:43 +0000 (05:59 +0000)]
prevent proto from picking up this as a defintion for 'main()' becoue it conflicts with nmbd's definition.
(This used to be commit 70e9c2efaada4be609ff053d216d554cb036df4e)

19 years agoMore compiler warnings fixed. Some minor reformatting.
Tim Potter [Mon, 26 Nov 2001 04:53:08 +0000 (04:53 +0000)]
More compiler warnings fixed.  Some minor reformatting.
(This used to be commit 8227f6909cca67fcc1a8455f4b386df7778ef2e7)

19 years agowe can safely give NO_SUCH_USER if the ticket decodes but the local
Andrew Tridgell [Mon, 26 Nov 2001 04:37:24 +0000 (04:37 +0000)]
we can safely give NO_SUCH_USER if the ticket decodes but the local
account doesn't exist
(This used to be commit 477b6d27fd7281418739bc8ba0b984a53430ecda)

19 years agoAnother merge from appliance-head: in [ug]id_to_sid don't call the
Tim Potter [Mon, 26 Nov 2001 04:27:51 +0000 (04:27 +0000)]
Another merge from appliance-head: in [ug]id_to_sid don't call the
winbind function if the id is obviously going to be local.  Cleanup
of winbind [ug]id parameter handling.
(This used to be commit 4ab9ca31a02b3388aa89a00e0390ea9e4c76283a)

19 years agochallange -> challenge
Tim Potter [Mon, 26 Nov 2001 04:05:28 +0000 (04:05 +0000)]
challange -> challenge
(This used to be commit d6318add27f6bca5be00cbedf2226b642341297a)

19 years agoMerge from appliance-head: when creating a default security descriptor
Tim Potter [Mon, 26 Nov 2001 03:39:16 +0000 (03:39 +0000)]
Merge from appliance-head: when creating a default security descriptor
for a printer, save it in ntprinters.tdb instead of recreating it
every time it is required.  This can save at least one winbind lookup
per secdesc creation.  Opening a port monitor and viewing the security
tab in the properties dialog required the security descriptor to be
returned 25 times!
(This used to be commit f85c976acc08a16bce6cb4053708485ccdea0d77)

19 years agoGot medieval on another pointless extern. Removed extern struct ipzero
Tim Potter [Mon, 26 Nov 2001 03:11:44 +0000 (03:11 +0000)]
Got medieval on another pointless extern.  Removed extern struct ipzero
and replaced with two functions:

void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
(This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)

19 years agoFix up the build farm again.
Andrew Bartlett [Mon, 26 Nov 2001 02:10:59 +0000 (02:10 +0000)]
Fix up the build farm again.

This should get us 'green' for once...

Andrew Bartlett
(This used to be commit 042b9e3a6332473dc88c36dd7f99428644324ac4)

19 years agodyn_CONFIGFILE fixups.
Tim Potter [Mon, 26 Nov 2001 02:01:00 +0000 (02:01 +0000)]
dyn_CONFIGFILE fixups.
(This used to be commit 7d10fa208248e201946876168743025866e011fc)

19 years agoFixed compiler warnings and dyn_CONFIGFILE related breakage.
Tim Potter [Mon, 26 Nov 2001 01:59:33 +0000 (01:59 +0000)]
Fixed compiler warnings and dyn_CONFIGFILE related breakage.
(This used to be commit bf491d2aa2e99156b4e80bc9d89ab34cfb3c4cf4)

19 years agoAnd delete domain_client_validate.c...
Andrew Bartlett [Mon, 26 Nov 2001 01:37:44 +0000 (01:37 +0000)]
And delete domain_client_validate.c...

Andrew Bartlett
(This used to be commit 6caca4301ba88d026ce1989cefd3e9eeb65df376)

19 years agoThis compleats the of the authenticaion subystem into the new 'auth'
Andrew Bartlett [Mon, 26 Nov 2001 01:37:01 +0000 (01:37 +0000)]
This compleats the of the authenticaion subystem into the new 'auth'

(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).

This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.

Andrew Bartlett
(This used to be commit 782835470cb68da2188a57007d6f55c17b094d08)

19 years agoRemoved bogus SAFE_FREE() call of talloced return data from
Tim Potter [Mon, 26 Nov 2001 01:20:57 +0000 (01:20 +0000)]
Removed bogus SAFE_FREE() call of talloced return data from
(This used to be commit dd2048c418da7a08bc71305491953731fc427f5a)

19 years agoIgnore *.po files.
Tim Potter [Mon, 26 Nov 2001 01:17:03 +0000 (01:17 +0000)]
Ignore *.po files.
(This used to be commit 091f01f34ab0ff7d394811af0d027ea3bad56d0e)

19 years agoFixed some indentation.
Tim Potter [Mon, 26 Nov 2001 00:58:43 +0000 (00:58 +0000)]
Fixed some indentation.
(This used to be commit 1dd462844a9b90b498ee79ca33e4048980e2af5f)

19 years agouse DEBUG() not d_printf() in libraries
Andrew Tridgell [Mon, 26 Nov 2001 00:45:51 +0000 (00:45 +0000)]
use DEBUG() not d_printf() in libraries
(This used to be commit 5100ae4ae032545edaf525de1dfbe5dc9dafecfc)

19 years agofixed spnego, non-kerberos negprot
Andrew Tridgell [Mon, 26 Nov 2001 00:43:37 +0000 (00:43 +0000)]
fixed spnego, non-kerberos negprot
(This used to be commit 2e916222a915c27f919a9841bde5ba0967af2190)

19 years agoAllow lookup of users with spaces in their name.
Tim Potter [Mon, 26 Nov 2001 00:19:23 +0000 (00:19 +0000)]
Allow lookup of users with spaces in their name.
(This used to be commit 751ea8cfb931e1de6df447ed05e051262cdeb304)

19 years agoFixed compiler warning.
Tim Potter [Sun, 25 Nov 2001 23:33:15 +0000 (23:33 +0000)]
Fixed compiler warning.

Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk.  )-:

I've noticed TNG have started to split stuff up in to individual header
files included as needed.
(This used to be commit 36630f3984cb2bc4e60d910889e0396891cbc088)

19 years agoadded 'security=ADS'
Andrew Tridgell [Sun, 25 Nov 2001 23:05:13 +0000 (23:05 +0000)]
added 'security=ADS'
(This used to be commit 5a735a88e472a48cd4329832998dc31c1e230ecb)

19 years agoMinor typos
Volker Lendecke [Sun, 25 Nov 2001 18:54:04 +0000 (18:54 +0000)]
Minor typos
(This used to be commit 1c9d951f86609b08e5660b0fc966c5e5058a3ce2)

19 years agoDon't close tdb twice.
Volker Lendecke [Sun, 25 Nov 2001 18:49:20 +0000 (18:49 +0000)]
Don't close tdb twice.
(This used to be commit 6dda341bc80dc7c4d044df134fc153f646a6a4e9)

19 years agoportability fixes
Andrew Tridgell [Sun, 25 Nov 2001 13:36:02 +0000 (13:36 +0000)]
portability fixes
(This used to be commit 09127d85dc91037c9d0280b57d48d23e93a39f8b)

19 years agofixed typo
Andrew Tridgell [Sun, 25 Nov 2001 13:32:28 +0000 (13:32 +0000)]
fixed typo
(This used to be commit b14ae495028da4d2b995cefa786746d2c649460c)

19 years agoadd popt build dependency
Andrew Tridgell [Sun, 25 Nov 2001 12:56:04 +0000 (12:56 +0000)]
add popt build dependency
(This used to be commit 0c1f90402bf6aa403719cef59afd127ae42b0865)

19 years agomove popt out of proto objs
Andrew Tridgell [Sun, 25 Nov 2001 12:46:14 +0000 (12:46 +0000)]
move popt out of proto objs
(This used to be commit db0bee1c68d8d9af3febb841c86cd3d4ade87c7b)

19 years agoadded HAVE_LDAP_H check
Andrew Tridgell [Sun, 25 Nov 2001 12:40:23 +0000 (12:40 +0000)]
added HAVE_LDAP_H check
(This used to be commit a1304be045d9cfd7bb793bb55ff49e158440a90e)

19 years agocheck for liblber separately
Andrew Tridgell [Sun, 25 Nov 2001 12:26:40 +0000 (12:26 +0000)]
check for liblber separately
(This used to be commit d7216424d94ee89e1760596c8f87d1883f369771)

19 years ago#ifdefed DMF fix so not compiled by default. We need to look at this...
Jeremy Allison [Sun, 25 Nov 2001 08:26:37 +0000 (08:26 +0000)]
#ifdefed DMF fix so not compiled by default. We need to look at this...
(This used to be commit 97dca242a91c68048e510f42be53421b533183be)

19 years agoUse "password server" for searching for BDC's also as Tim suggested.
Jeremy Allison [Sun, 25 Nov 2001 06:38:17 +0000 (06:38 +0000)]
Use "password server" for searching for BDC's also as Tim suggested.
(This used to be commit 4aca67761fbe601e27f8f768c28a11241f088bba)

19 years agoAdd the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
Andrew Bartlett [Sun, 25 Nov 2001 03:01:14 +0000 (03:01 +0000)]
Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error

This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool

invoke by setting:

auth methods = guest sam name_to_ntstatus

in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).

Andrew Bartlett
(This used to be commit 9807e66f34c1088399657060977e384c5a7f0664)

19 years agooops, I forgot to include the header file
Andrew Bartlett [Sun, 25 Nov 2001 02:58:15 +0000 (02:58 +0000)]
oops, I forgot to include the header file
(This used to be commit c28956d8601c103c3f8dab4253de80e6a00a02d7)

19 years agoAdd a new torture test to extract a NT->DOS error map from an NT member of a
Andrew Bartlett [Sun, 25 Nov 2001 02:35:37 +0000 (02:35 +0000)]
Add a new torture test to extract a NT->DOS error map from an NT member of a
samba domain.

The PDC must be running a special authenticaion module that spits out NT errors
based on username.

Andrew Bartlett
(This used to be commit adc7a6048c13342b79b6228beafb5142c50f318d)

19 years agoUnless the error is exactly NT_STATUS_OK, we might not have a server info, so
Andrew Bartlett [Sun, 25 Nov 2001 02:30:30 +0000 (02:30 +0000)]
Unless the error is exactly NT_STATUS_OK, we might not have a server info, so
we need to bail here.
(This used to be commit ea0331354e5968aa0a25c0b12379a56c72d7946b)

19 years agoI think this is a fix for the "out of space" errors with oplocks=no.
Jeremy Allison [Sun, 25 Nov 2001 02:23:22 +0000 (02:23 +0000)]
I think this is a fix for the "out of space" errors with oplocks=no.
(This used to be commit 84b62d3c8ebd78cd578ac36168631b3bbcafdd8c)

19 years agoFix ./configure --enable-developer warnings (shadow of global)
Andrew Bartlett [Sun, 25 Nov 2001 02:08:43 +0000 (02:08 +0000)]
Fix ./configure --enable-developer warnings (shadow of global)
(This used to be commit 3f1cfb62e85343a45817651f111f01051fc66b18)

19 years agobetter help
Andrew Tridgell [Sun, 25 Nov 2001 01:42:29 +0000 (01:42 +0000)]
better help
(This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026)

19 years agouse generate_random_str()
Andrew Tridgell [Sun, 25 Nov 2001 01:36:02 +0000 (01:36 +0000)]
use generate_random_str()
(This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8)

19 years agoadded "net ads user" and "net ads group" commands
Andrew Tridgell [Sun, 25 Nov 2001 01:31:07 +0000 (01:31 +0000)]
added "net ads user" and "net ads group" commands
(This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5)

19 years agoadded "net ads status" command
Andrew Tridgell [Sun, 25 Nov 2001 01:06:56 +0000 (01:06 +0000)]
added "net ads status" command
(This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea)

19 years agomade a "net ads" command, currently with "net ads join" and "net ads leave"
Andrew Tridgell [Sun, 25 Nov 2001 00:18:11 +0000 (00:18 +0000)]
made a "net ads" command, currently with "net ads join" and "net ads leave"
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)

19 years agostop popt from doing its own intl stuff
Andrew Tridgell [Sun, 25 Nov 2001 00:10:28 +0000 (00:10 +0000)]
stop popt from doing its own intl stuff
(This used to be commit 1a5ef2425747c2e0c7cf28fc7712563039086100)

19 years agobetter auto-selection of realm and ldap server
Andrew Tridgell [Sun, 25 Nov 2001 00:08:48 +0000 (00:08 +0000)]
better auto-selection of realm and ldap server
(This used to be commit 69d256af4612f5c1277202eb8a7ef37eb6bb55f4)

19 years agoadded "net join" command
Andrew Tridgell [Sat, 24 Nov 2001 14:16:41 +0000 (14:16 +0000)]
added "net join" command

this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)

19 years agoremoved unused function
Andrew Tridgell [Sat, 24 Nov 2001 13:58:40 +0000 (13:58 +0000)]
removed unused function
(This used to be commit ad7afbfdea600a62fa1550bd354996ad38807533)

19 years agorewrote net.c
Andrew Tridgell [Sat, 24 Nov 2001 13:26:01 +0000 (13:26 +0000)]
rewrote net.c

The rewrite fixes a number of things:

- much better command line parsing
- fixed usage of static and const
- better finding of hosts
- clean internal separation of sub-functions
- expandable design
(This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)

19 years agoAnd add the winbind module I missed in the last run.
Andrew Bartlett [Sat, 24 Nov 2001 12:16:27 +0000 (12:16 +0000)]
And add the winbind module I missed in the last run.

(large change to modularise the auth subsystem)

Andrew Bartlett
(This used to be commit 324c4676280641fee0647221dba1e826e03ba9ab)

19 years agoThis is another rather major change to the samba authenticaion
Andrew Bartlett [Sat, 24 Nov 2001 12:12:38 +0000 (12:12 +0000)]
This is another rather major change to the samba authenticaion

The particular aim is to modularized the interface - so that we
can have arbitrary password back-ends.

This code adds one such back-end, a 'winbind' module to authenticate
against the winbind_auth_crap functionality.  While fully-functional
this code is mainly useful as a demonstration, because we don't get
back the info3 as we would for direct ntdomain authentication.

This commit introduced the new 'auth methods' parameter, in the
spirit of the 'auth order' discussed on the lists.  It is renamed
because not all the methods may be consulted, even if previous
methods fail - they may not have a suitable challenge for example.

Also, we have a 'local' authentication method, for old-style
'unix if plaintext, sam if encrypted' authentication and a
'guest' module to handle guest logins in a single place.

While this current design is not ideal, I feel that it does
provide a better infrastructure than the current design, and can
be built upon.

The following parameters have changed:
 - use rhosts =

  This has been replaced by the 'rhosts' authentication method,
 and can be specified like 'auth methods = guest rhosts'

 - hosts equiv =

  This needs both this parameter and an 'auth methods' entry
  to be effective.  (auth methods = guest hostsequiv ....)

 - plaintext to smbpasswd =

  This is replaced by specifying 'sam' rather than 'local'
  in the auth methods.

The security = parameter is unchanged, and now provides defaults
for the 'auth methods' parameter.

The available auth methods are:

sam (passdb direct hash access)
unix (PAM, crypt() etc)
local (the combination of the above, based on encryption)
smbserver (old security=server)
ntdomain (old security=domain)
winbind (use winbind to cache DC connections)

Assistance in testing, or the production of new and interesting
authentication modules is always appreciated.

Andrew Bartlett
(This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)

19 years agoKill off that crazy copy_sam_passwd(). You simply can't do that if the
Andrew Bartlett [Sat, 24 Nov 2001 00:36:37 +0000 (00:36 +0000)]
Kill off that crazy copy_sam_passwd().  You simply can't do that if the
structre contains pointers (well not if you intend of free those pointers
at some stage)

There is no reason (given the new passdb interface) that you can't modify a
SAM_ACCOUNT in any case.

Andrew Bartlett
(This used to be commit e8e73f7f0fcd86c8c2bfe3fc0b44ea2fd6570cc5)

19 years agoadded lsaenumprivsaccount and lsalookupprivvalue to rpcclient
Jean-François Micouleau [Sat, 24 Nov 2001 00:13:41 +0000 (00:13 +0000)]
added lsaenumprivsaccount and lsalookupprivvalue to rpcclient

and more to come ...

(This used to be commit 1748d5a2af1f2dcf718d6f162ed483b001542494)

19 years agoSorry. I broke the build, missed on open_directory call.
Jeremy Allison [Fri, 23 Nov 2001 19:07:35 +0000 (19:07 +0000)]
Sorry. I broke the build, missed on open_directory call.
(This used to be commit fe288b14cc7f2bc6b8427438da672e7dd7812027)

19 years agoreturn NO_MORE_ENTRIES in lsa_enum_trust_dom. UserManager is happier :-)
Jean-François Micouleau [Fri, 23 Nov 2001 15:17:30 +0000 (15:17 +0000)]
return NO_MORE_ENTRIES in lsa_enum_trust_dom. UserManager is happier :-)

(This used to be commit 75ee50bbef531a1487c1f8b76b8e70627fbdbdf1)

19 years agoChanged how the privileges are stored in the group mapping code. It's now
Jean-François Micouleau [Fri, 23 Nov 2001 15:11:22 +0000 (15:11 +0000)]
Changed how the privileges are stored in the group mapping code. It's now
an array of uint32. That's not perfect but that's better.

Added more privileges too.

Changed the local_lookup_rid/name functions in passdb.c to check if the
group is mapped. Makes the LSA rpc calls return correct groups

Corrected the return code in the LSA server code enum_sids.

Only enumerate well known aliases if they are mapped to real unix groups.
Won't confuse user seeing groups not available.

Added a short/long view to smbgroupedit.

now decoding rpc calls to add/remove privileges to sid.

(This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)

19 years agoFixed delete on close bug. Added core dump code to winbindd.
Jeremy Allison [Fri, 23 Nov 2001 11:18:20 +0000 (11:18 +0000)]
Fixed delete on close bug. Added core dump code to winbindd.
(This used to be commit a58d0f91f9ee7354c01a9c20cfe178d5dc02142d)

19 years agoSet type to NOTUSED if lookup fail.
Jeremy Allison [Fri, 23 Nov 2001 09:04:09 +0000 (09:04 +0000)]
Set type to NOTUSED if lookup fail.
(This used to be commit 20a4167599ce211f239d0f324e7e73a1c2d8a5a6)

19 years agoUpdate some of the error mapping, based on on-the-wire observations of an NT4 server.
Andrew Bartlett [Fri, 23 Nov 2001 07:08:20 +0000 (07:08 +0000)]
Update some of the error mapping, based on on-the-wire observations of an NT4 server.

This lets our Win9X clients give sane error messages when you get passwords wrong
and the like.

Andrew Bartlett
(This used to be commit f199e9518226ed57a011113bdf06c85265e49674)

19 years agoFinally worked out why a enumerate trusted domains was returning a
Tim Potter [Fri, 23 Nov 2001 05:50:05 +0000 (05:50 +0000)]
Finally worked out why a enumerate trusted domains was returning a
NT_STATUS_UNABLE_TO_FREE_VM error.  This error code was mis-defined
as 0x8000001a instead of 0xc000001a.  The former is actually a
NT_STATUS_NO_MORE_ENTRIES warning which is what we see in the status

Removed the & 0xffffff from the loop in get_nt_error_msg() as all the
error constants now have the correct high bits set.
(This used to be commit 80dca2c9e46753d87e673d712c96c76ffde0b276)

19 years agoAdded constants and error message for dos error code 1326 (logon failure).
Tim Potter [Fri, 23 Nov 2001 05:37:40 +0000 (05:37 +0000)]
Added constants and error message for dos error code 1326 (logon failure).
(This used to be commit 6ce1eec09de64f19d969a67fc236abd4ae277926)

19 years agoReference about SIDs from tpot.
Martin Pool [Fri, 23 Nov 2001 05:34:41 +0000 (05:34 +0000)]
Reference about SIDs from tpot.
(This used to be commit 53963eae7d5930246c6c0c0b947f425d50d382c3)

19 years agoMore better now.
Martin Pool [Fri, 23 Nov 2001 04:53:56 +0000 (04:53 +0000)]
More better now.
(This used to be commit a875b3a6e7a9501a31fe15fb9b04394a95484e77)

19 years agoGot rid of that stupid parse_domain_user() warning when compiling
Tim Potter [Fri, 23 Nov 2001 04:37:41 +0000 (04:37 +0000)]
Got rid of that stupid parse_domain_user() warning when compiling
(This used to be commit 72060a6f5af505d597f372d550d7f3fe559e5550)

19 years agoQuieten gcc const warning.
Martin Pool [Fri, 23 Nov 2001 04:24:26 +0000 (04:24 +0000)]
Quieten gcc const warning.

(This used to be commit 6ddd8e7bf69d8aee4148cbcf72de55c903d5f0a1)

19 years agoFinish 1.45 by removing redundant sid->string conversion in
Martin Pool [Fri, 23 Nov 2001 03:54:07 +0000 (03:54 +0000)]
Finish 1.45 by removing redundant sid->string conversion in
winbindd_lookup_sid_by_name.  Also if the lookup fails then clobber
the output parameters rather than leaving them looking potentially

Add doxygen.
(This used to be commit 61dba52a549039255e46393be1618d3eb54b79dd)

19 years agoI think you were passing the name of the SID, rather than the DOM_SID
Martin Pool [Fri, 23 Nov 2001 03:33:22 +0000 (03:33 +0000)]
I think you were passing the name of the SID, rather than the DOM_SID
pointer itself.  (Whatever that is.... ;-)
(This used to be commit 1393c7c4ede1d6d624c3f5d0bfa4c18b0c6dc27f)

19 years agoFixed bug in canned results list for checking the error code of wbinfo.
Tim Potter [Fri, 23 Nov 2001 03:24:36 +0000 (03:24 +0000)]
Fixed bug in canned results list for checking the error code of wbinfo.

Made test names more verbose.
(This used to be commit 87955fcf303d82d38ae543e7986c59fd086dc2db)

19 years agoDon't initialise static pointers to NULL.
Tim Potter [Fri, 23 Nov 2001 01:00:54 +0000 (01:00 +0000)]
Don't initialise static pointers to NULL.
(This used to be commit 039ea0a0b94be2d70164616f448c0e29fed071cf)

19 years agoRemoved TimeInit() call from every client program (except for one place
Tim Potter [Fri, 23 Nov 2001 00:52:29 +0000 (00:52 +0000)]
Removed TimeInit() call from every client program (except for one place
in smbd/process.c where the timezone is reinitialised.  Was replaced with
check for a static is_initialised boolean.
(This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)

19 years agoFixed check machine account function.
Tim Potter [Fri, 23 Nov 2001 00:14:04 +0000 (00:14 +0000)]
Fixed check machine account function.
(This used to be commit 8f01a8b07883d18f44da665cbc8e5fba04d3bc91)

19 years agoIgnore *.po files.
Tim Potter [Fri, 23 Nov 2001 00:08:12 +0000 (00:08 +0000)]
Ignore *.po files.
(This used to be commit 5d343b40650464ae70037fd6e3fd96a9865fa611)

19 years agoRename $pwd to $test_root to avoid future confusion.
Martin Pool [Thu, 22 Nov 2001 23:59:48 +0000 (23:59 +0000)]
Rename $pwd to $test_root to avoid future confusion.
(This used to be commit fa7367a9731bc139ff4611f2781f3ca9bc7f89a7)