15 years agosource/rpc_parse/parse_prs.c ZERO_STRUCTP(ps) not needed as it is done
Herb Lewis [Wed, 14 Jan 2004 23:00:06 +0000 (23:00 +0000)]
source/rpc_parse/parse_prs.c ZERO_STRUCTP(ps) not needed as it is done
in prs_init now

testsuite/printing/psec.c cannot do a prs_mem_free() when tdb_prs_fetch fails
as the prs structure has not been initialized
(This used to be commit 6289d7b842819fb31bec93119f15b3823e02b49e)

15 years agoInitial design of some of the functions to operate on trust passwords
Rafal Szczesniak [Wed, 14 Jan 2004 22:02:16 +0000 (22:02 +0000)]
Initial design of some of the functions to operate on trust passwords
from passdb backend level (tdbsam, in this case).
It is written as wrapper for secrets_ calls that use secrets.tdb file
and is not treated as eventual solution. Trust passwords are being
handled uniformly, SAM_TRUST_PASSWD structure, and so they should be
stored as well.

Note, this code is disabled ie. not used anywhere yet. I'm working
on next routines in line.

(This used to be commit 02ac9332ab1d34f47667b40ce23b2b5d04c4dff1)

15 years agoComment and formatting fix.
Rafal Szczesniak [Wed, 14 Jan 2004 21:50:25 +0000 (21:50 +0000)]
Comment and formatting fix.

(This used to be commit 336720416abd1f6d62f9a6748ae6a0454976c9d4)

15 years agoTrust passwords types for use with SAM_TRUST_PASSWD structure.
Rafal Szczesniak [Wed, 14 Jan 2004 21:46:29 +0000 (21:46 +0000)]
Trust passwords types for use with SAM_TRUST_PASSWD structure.

(This used to be commit ea15c148fd6393512f2fd95d88db6546d40cf14c)

15 years agoFix initgroups() call nss_winbind on solaris; patch from John Klinger <john.klinger...
Gerald Carter [Wed, 14 Jan 2004 21:22:44 +0000 (21:22 +0000)]
Fix initgroups() call nss_winbind on solaris; patch from John Klinger <>
(This used to be commit c4d58ec5d5c2b8947824d78639a7e9e615e2a400)

15 years agobug 770; correct fix this time; Make sure that we send the SMBjobid for unix jobs...
Gerald Carter [Wed, 14 Jan 2004 20:57:31 +0000 (20:57 +0000)]
bug 770; correct fix this time;  Make sure that we send the SMBjobid for unix jobs back to the client.  Allows windows client to remove print jobs submitted from lpr
(This used to be commit 6a7f9ebccd6a40455cb5446551f3d68ea9a7a824)

15 years agobug 660; using byte order safe macros (or tdb_unpack) when reading 2 or 4 byte values...
Gerald Carter [Wed, 14 Jan 2004 19:12:54 +0000 (19:12 +0000)]
bug 660; using byte order safe macros (or tdb_unpack) when reading 2 or 4 byte values from a tdb buffer; also recognize smbjobs if the jobid < UNIX_JOB_START
(This used to be commit ae6feb54a09a69e3a870b1a0d707b23eb8ca356a)

15 years agosyncing abartlet's cracklib tests from 3.0
Gerald Carter [Wed, 14 Jan 2004 17:56:05 +0000 (17:56 +0000)]
syncing abartlet's cracklib tests from 3.0
(This used to be commit 64c1db9bce27bbe5bc28acb631b265419d6d6286)

15 years ago* Revert to using rpc for mixed mode AD domains.
Gerald Carter [Wed, 14 Jan 2004 16:26:14 +0000 (16:26 +0000)]
* Revert to using rpc for mixed mode AD domains.
  The reason for this are:
  (a) the set_dc_type_and_flags() cannot tell the different
      between connecting to an NT4 domain and an NT4 BDC
      of a mixed mode domain.
  (b) the connection management for the rpc backend only
      provides on named pipe per cli_state.  So it is possible
      to connect to an NT4 BDC for netlogon and an AD mixed mode
      DC for lsarpc.  RPC is the lowest common demonimator here.
  (c) Issue with the sequence number value between the
      highestCommittedUSN LDAP attribute and the seq_num returned
      via RPC.

We will revisit this later, but the changes need to make this
work right now are too broad and risky.
(This used to be commit 86f24908c395cc832ae87b04c9da3d32449acad3)

15 years agoRemove duplicate extern.
Jeremy Allison [Wed, 14 Jan 2004 06:44:15 +0000 (06:44 +0000)]
Remove duplicate extern.
(This used to be commit 72d8eea25dbb54d7ef78264cd6f419220dc85fb6)

15 years agoRemove references to 'jn' which gcc-3.4 with precompiled headers
Jeremy Allison [Wed, 14 Jan 2004 06:41:46 +0000 (06:41 +0000)]
Remove references to 'jn' which gcc-3.4 with precompiled headers
doesn't like.
(This used to be commit bf3d06a2e483d043c89a6b11ceb283a5b392859b)

15 years agomerge:
Stefan Metzmacher [Wed, 14 Jan 2004 02:55:07 +0000 (02:55 +0000)]
fix XFS quotas the macro changed from HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS

(This used to be commit ae20cf0810b9bef3d460994d5bf5e820c01296f0)

15 years ago* allow dns lookups to be disabled for DOMAIN#1c (and #1b)
Gerald Carter [Tue, 13 Jan 2004 19:43:50 +0000 (19:43 +0000)]
* allow dns lookups to be disabled for DOMAIN#1c (and #1b)
* fix some a mispelled variable name
(This used to be commit 93fed3074f4384dc658cd0ec81ba2afbe8192417)

15 years agosync HEAD with recent changes in 3.0
Gerald Carter [Tue, 13 Jan 2004 17:55:43 +0000 (17:55 +0000)]
sync HEAD with recent changes in 3.0
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)

15 years agoFix --with-fhs for swatdir
Jelmer Vernooij [Sun, 11 Jan 2004 13:40:48 +0000 (13:40 +0000)]
Fix --with-fhs for swatdir
(This used to be commit 69a9cfdad809a9b3fc7f6dc4ad5a708b6559b714)

15 years agoupdate copyright to -2004
Stefan Metzmacher [Sun, 11 Jan 2004 13:21:03 +0000 (13:21 +0000)]
update copyright to -2004

(This used to be commit fcb3c9c61ecd787b8d3e5a53ee8f9e04daae76fe)

15 years agofix some warnings from the Sun compiler; also merge some of abartlet's error code...
Gerald Carter [Fri, 9 Jan 2004 15:36:07 +0000 (15:36 +0000)]
fix some warnings from the Sun compiler; also merge some of abartlet's error code changes form 3.0
(This used to be commit 2279e98cb81faaf8a4e971fec339955f14c23858)

15 years agofix segfault when sid_ptr == 0 in DsEnumDomainTrusts() reply
Gerald Carter [Thu, 8 Jan 2004 22:21:39 +0000 (22:21 +0000)]
fix segfault when sid_ptr == 0 in DsEnumDomainTrusts() reply
(This used to be commit 36d985a75faa5ebda1c8c7de1e3ab5d7a51a9c10)

15 years agoFix for bug #922. Fast path not called for strlower_m() and strupper_m().
Jeremy Allison [Wed, 7 Jan 2004 23:21:25 +0000 (23:21 +0000)]
Fix for bug #922. Fast path not called for strlower_m() and strupper_m().
From (Alexander Bokovoy).
(This used to be commit 88c51454327533f8bc06ce1cd479370aabefdf81)

15 years agoThis was cut-n-paste mistake, I guess... :)
Rafal Szczesniak [Wed, 7 Jan 2004 21:53:19 +0000 (21:53 +0000)]
This was cut-n-paste mistake, I guess... :)

(This used to be commit f912d8c3403071582f776886f9793e3289b285b6)

15 years agoTypo fix.
Rafal Szczesniak [Wed, 7 Jan 2004 21:50:30 +0000 (21:50 +0000)]
Typo fix.

(This used to be commit 4a2bd4de3f5a99bc19013a2878659e8686606e30)

15 years agoFixes to doxygen comment.
Rafal Szczesniak [Wed, 7 Jan 2004 21:47:36 +0000 (21:47 +0000)]
Fixes to doxygen comment.
(This used to be commit 4f92db99be8feaccebe654103dd6c227c66e5bdc)

15 years agoPrototype version of trust passwords moved to SAM/pdb. This is
Rafal Szczesniak [Wed, 7 Jan 2004 21:41:48 +0000 (21:41 +0000)]
Prototype version of trust passwords moved to SAM/pdb. This is
backend-independent part ie. interface - does build and (it seems)
doesn't break anything else.

(This used to be commit 9ce6dc6476202d9db6ea1c2deab93e454e4db546)

15 years agocommiting jra's fix for Exchange clear test auth
Gerald Carter [Wed, 7 Jan 2004 19:58:14 +0000 (19:58 +0000)]
commiting jra's fix for Exchange clear test auth
(This used to be commit 05dd3383010ba6f44370fc302ee00b7680937176)

15 years agoFix from Luke Howard <lukeh@PADL.COM> for incorrect early free().
Jeremy Allison [Wed, 7 Jan 2004 19:55:03 +0000 (19:55 +0000)]
Fix from Luke Howard <lukeh@PADL.COM> for incorrect early free().
(This used to be commit e763a220f492bb8a9cacf31c07809c4866379bb6)

15 years agoMerge Translation fixes
Volker Lendecke [Wed, 7 Jan 2004 10:02:42 +0000 (10:02 +0000)]
Merge Translation fixes

(This used to be commit 70b0fcdeec4810944a4e0d9bbaf6a979b2fb914a)

15 years ago(merge from 3.0)
Andrew Bartlett [Wed, 7 Jan 2004 00:06:45 +0000 (00:06 +0000)]
(merge from 3.0)

Fix segfualt caused by incorrect configuration.  If lp_realm() was not set,
but security=ADS, we would attempt to free the principal name that krb5
never allocated.

Also fix the dump_data() of the session key, now that we use a data_blob to
store that.

Andrew Bartlett
(This used to be commit 24d7eed6cae8015e020ad34c13130ee8afc9052e)

15 years agoPatch penguin. Cleaning out old mbp patch.
Jeremy Allison [Tue, 6 Jan 2004 22:34:04 +0000 (22:34 +0000)]
Patch penguin. Cleaning out old mbp patch.
(This used to be commit a0dc10bed68ef961609c0a4a456b6a132e2e347b)

15 years agoremove unused seek_file(); don't hardcode '\' when printing the auth-user
Gerald Carter [Tue, 6 Jan 2004 19:57:50 +0000 (19:57 +0000)]
remove unused seek_file(); don't hardcode '\' when printing the auth-user
(This used to be commit 175c5c9faa8c1cb3577eb96598434e6097d408c7)

15 years agoisolate ldap debug messages to the common smbldap_XXX() functions
Gerald Carter [Tue, 6 Jan 2004 18:26:53 +0000 (18:26 +0000)]
isolate ldap debug messages to the common smbldap_XXX() functions
(This used to be commit 4c877ccc16bcb69490c4d34d2ef5f727bf98438e)

15 years agoCorrectly detect AFS headers on SuSE in /usr/include/afs/afs/
Volker Lendecke [Tue, 6 Jan 2004 15:42:48 +0000 (15:42 +0000)]
Correctly detect AFS headers on SuSE in /usr/include/afs/afs/

(This used to be commit 9f0292091b37cac637ba86cab6c8fd1800faef5c)

15 years agomerging from 3.0
Gerald Carter [Tue, 6 Jan 2004 14:45:56 +0000 (14:45 +0000)]
merging from 3.0
(This used to be commit 694052f8a9cc703d4e4ec8075c623ab7122a169b)

15 years agomerge torture changes from Samba 3.0 -> HEAD
Andrew Bartlett [Tue, 6 Jan 2004 08:25:03 +0000 (08:25 +0000)]
merge torture changes from Samba 3.0 -> HEAD
(This used to be commit 6e9c68217bec1e4138b5eb9a9ed85807b31bbdb8)

15 years agoMerge NTLMSSP fixes from 3.0 to HEAD.
Andrew Bartlett [Tue, 6 Jan 2004 08:12:35 +0000 (08:12 +0000)]
Merge NTLMSSP fixes from 3.0 to HEAD.

Andrew Bartlett
(This used to be commit f7d39c787771616ddb015bd77e3e6cd33f0c7a15)

15 years agoGUID is struct uuid in HEAD.
Andrew Bartlett [Tue, 6 Jan 2004 08:11:19 +0000 (08:11 +0000)]
GUID is struct uuid in HEAD.

Andrew Bartlett
(This used to be commit ec24c7f42ac344d14c0e29d4b49c07d8ce213448)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 02:29:29 +0000 (02:29 +0000)]
(merge from 3.0)

Fixes bug 924

Andrew Bartlett
(This used to be commit ee18f897f9452a84a6b11c077ff706beb49441ff)

15 years agoMerge winbind from Samba 3.0 onto HEAD.
Andrew Bartlett [Tue, 6 Jan 2004 01:59:20 +0000 (01:59 +0000)]
Merge winbind from Samba 3.0 onto HEAD.

Changes include:
 - header changes for better pre-compiled headers (tridge)
 - get a list of sids for a given user (tridge)
 - fix function prototype

and a few other minor things

Andrew Bartlett
(This used to be commit 60107efdc61247034424d008c6f1eb4d46a19881)

15 years agoPatch based on work from James Peach <> to convert over to
Jeremy Allison [Tue, 6 Jan 2004 01:21:59 +0000 (01:21 +0000)]
Patch based on work from James Peach <> to convert over to
using pread/pwrite. Modified a little to ensure fsp->pos is correct.
Fix for #889.
(This used to be commit 3a24dc868d95c9bcc2ac3a0dbd50e6e226ac0841)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 01:20:01 +0000 (01:20 +0000)]
(merge from 3.0)

I think this was tpot's originally:

Fix format types for 64 bit systems.

Andrew Bartlett
(This used to be commit 256b2da7c96e8313f4f98ce700fc7634eaccb72b)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 01:15:13 +0000 (01:15 +0000)]
(merge from 3.0)

Always call the auto-init funciton - this avoids tdb segfaulting under
us if we failed to open it earlier.

Andrew Bartlett
(This used to be commit 34f16eaeaa81a0cc6ae564f4be8a02752ee5624d)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:41:13 +0000 (00:41 +0000)]
(merge from 3.0)

Ensure that for wbinfo --set-auth-user, we actually use the domain.

Andrew Bartlett
(This used to be commit 8a63bed29315acb3fe9cc2973426ef8392987c8c)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:27:34 +0000 (00:27 +0000)]
(merge from 3.0)

Try to keep vl happy - shorten some of these lines.


Grumble... grumble... fix the build...


Show the sid type in name->sid translatons in a way that can be easily
understood by humans.

Andrew Bartlett
(This used to be commit c5d1e2112baa7d87cd6b9f0855c2fd8b006af01d)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:13:56 +0000 (00:13 +0000)]
(merge from 3.0)

Change our Domain controller lookup routines to more carefully seperate
DNS names (realms) from NetBIOS domain names.

Until now, we would experience delays as we broadcast lookups for DNS names
onto the local network segments.

Now if DNS comes back negative, we fall straight back to looking up the
short name.

Andrew Bartlett
(This used to be commit 4c3bd0a99e464198d243da302ff1868189b4dcff)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:08:53 +0000 (00:08 +0000)]
(merge from 3.0)

Add const.

Andrew Bartlett
(This used to be commit b08502a8fb1083cc49fd2976880b7bef3f14a72a)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:06:49 +0000 (00:06 +0000)]
(merge from 3.0)

There is some memory corruption hidden somewhere in our winbind code.  If I
could reproduce it, I would fix it, but for now just make sure we always
SAFE_FREE() and set our starting pointers to NULL.

Andrew Bartlett
(This used to be commit a00f29624d10df7f31fa978b79bc71b40d696359)

15 years ago(merge from 3.0)
Andrew Bartlett [Tue, 6 Jan 2004 00:05:31 +0000 (00:05 +0000)]
(merge from 3.0)

Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.

Andrew Bartlett
(This used to be commit 3c02aad8b3a4b28ca492ca1abbbd594ba75975e4)

15 years agorpc_client/cli_lsarpc.c:
Andrew Bartlett [Mon, 5 Jan 2004 23:54:37 +0000 (23:54 +0000)]
 - Add const

-  Add ads_sid_to_dn utility function

 - Use new utility function ads_sid_to_dn
 - Don't search for 'dn=', rather call the ads_search_retry_dn()

 - Fixup braindamage in cli_ds_enum_domain_trusts():
    - This function was returning a UNISTR2 up to the caller, and
      was doing nasty (invalid, per valgrind) things with memcpy()
    - Create a new structure that represents this informaiton in a useful way
      and use talloc.

Andrew Bartlett
(This used to be commit 627d33d1667f0d4b1070f988494885b74c4c04dd)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:51:34 +0000 (23:51 +0000)]
(merge from 3.0)

Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

VL rewrote most of Güther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was

In particular, the range retrieval is now generic, for strings.  It
could easily be made generic for any attribute type, if need be.

Andrew Bartlett
(This used to be commit 08e851c7417d52a86e31982fcfce695c8a6360b7)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:48:04 +0000 (23:48 +0000)]
(merge from 3.0)

Even if the 'device type' is always an ascii string, use push_string to get
it out onto the wire.  Avoids valgrind warnings because the fstrcpy() causes
part of the wire buffer to be 'marked'.

Andrew Bartlett
(This used to be commit 326becbde23c8039e1f0f00930bcab094bf91ed2)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:45:14 +0000 (23:45 +0000)]
(merge from 3.0)

if this parameter is not an account type

Andrew Bartlett
(This used to be commit 43ee2e0b6a6f95ce2864befeb08b5de2ace41c7c)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:43:07 +0000 (23:43 +0000)]
(merge from 3.0)

Having no members of a group is a perfectly valid (if unusual) situation.

Andrew Bartlett
(This used to be commit bc77b586be6992a662422304dbefbd4b833818fb)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:41:50 +0000 (23:41 +0000)]
(merge from 3.0)

JHT came up with a nasty (broken) torture case in preparing examples for
his book.

This prompted me to look at the code that reads the unix group list.  This
code did a lot of name -> uid -> name -> sid translations, which caused
problems.  Instead, we now do just name -> sid

I also cleaned up some interfaces, and client tools.

Andrew Bartlett
(This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:38:49 +0000 (23:38 +0000)]
(merge from 3.0)

Changes to our PAM code to cope with the fact that we can't handle some
domains (in particular, the domain of the current machine, if it is not a PDC)

By changing the error codes, we now return values that PAM can correctly
use for better stacking of PAM modules - in particular of the password change

This allows pam_winbind to co-exist with other pam modules for password changes.
Andrew Bartlett
(This used to be commit 06b4eb4b9f867998c8faf9a91830ba3181cdf605)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:37:07 +0000 (23:37 +0000)]
(merge from 3.0)

 - Fill in the 'backup' idea of a domain, if the DC didn't supply one.  This
   doesn't seem to occour in reality, hence why we missed the typo.

 - all the callers to pull_utf8_allocate() pass a char ** as the first
   parammeter, so don't make them all cast it to a void **

 - Allow for a more 'correct' view of when usernames should be qualified
   in winbindd.  If we are a PDC, or have 'winbind trusted domains only',
   then for the authentication returns stip the domain portion.
 - Fix valgrind warning about use of free()ed name when looking up our
   local domain.  lp_workgroup() is maniplated inside a procedure that
   uses it's former value.  Instead, use the fact that our local domain is
   always the first in the list.


Jerry rightly complained that we can't assume that the first domain is
our primary domain - new domains are added to the front of the list. :-(

Use a much more reliable 'flag test' instead.  (note:  changes winbind
structures, make clean).


Forgot to commit this for the 'get our primary domain' change.

Andrew Bartlett
(This used to be commit acacd27ba25f7ebfec40bfa66d34ece543569e23)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:28:50 +0000 (23:28 +0000)]
(merge from 3.0)

Try to gain a bit more consistancy in the output of usernames from ntlm_auth:

Instead of returning a name in DOMAIN\user format, we now return it in the
same way that nsswtich does - following the rules of 'winbind use default
domain', in the correct case and with the correct seperator.

This should help sites who are using Squid or the new SASL code I'm working
on, to match back to their unix usernames.


Get the DOMAIN\username around the right way (I had username\domain...)

Push the unix username into utf8 for it's trip across the socket.

Andrew Bartlett
(This used to be commit 4c2e1189ff84d254f19b604999d011fdb17e538d)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:25:56 +0000 (23:25 +0000)]
(merge from 3.0)

Remove testing hack

Make the name of the NTLMSSP client more consistant before we lock it in stone.

Andrew Bartlett
(This used to be commit 273dcda9ce62eb04c9cce673bb49b41982b26d98)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:23:59 +0000 (23:23 +0000)]
(merge from 3.0)

Move our basic password checking code from inside the authentication
subsystem into a seperate file - ntlm_check.c.

This allows us to call these routines from ntlm_auth.  The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind.  This should allow for easier debugging.

ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes.  A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's

Andrew Bartlett
(This used to be commit 2f196bb31ac83cf7922583063c74a5f679ca5be7)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:22:00 +0000 (23:22 +0000)]
(merge from 3.0)

Refactor our authentication and authentication testing code.

The next move will be to remove our password checking code from the SAM
authentication backend, and into a file where other parts of samba can use

The ntlm_auth changes provide for better use of common code.

Andrew Bartlett
(This used to be commit 0d97b10248347398fbee66767baac0c7adf6889d)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:20:59 +0000 (23:20 +0000)]
(merge from 3.0)

Add the alignment required before all 2-byte quantities in NDR.  Allows us
to correctly parse plaintext netlogon calls with odd-length passwords

Andrew Bartlett
(This used to be commit 39d8a9e488eb31796e8e7eca42fe27f8218ce5d6)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:19:49 +0000 (23:19 +0000)]
(merge from 3.0)

Shutting down the connection closes outstanding sessions, so we don't need
to do it twice...

Amdrew Bartlett
(This used to be commit 77b3515981ebe972a4c78e14b205d0c70a34b69f)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:18:06 +0000 (23:18 +0000)]
(merge from 3.0)

Check the return value of string_to_sid in a few more places.  (But
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)

Andrew Bartlett
(This used to be commit 74ea8682e4b5c78f456cc9284e953e35e4146a8b)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:16:47 +0000 (23:16 +0000)]
(merge from 3.0)

Show the error message for failure to set the ldap password.
(For 'ldap password sync = yes')

Andrew Bartlett
(This used to be commit ef5d2309c2252c9d6111738075f863b69b616722)

15 years ago(merge from 3.0)
Andrew Bartlett [Mon, 5 Jan 2004 23:15:33 +0000 (23:15 +0000)]
(merge from 3.0)

Based on patch by Petri Asikainen <> fix bug #387 and #330.

This patch will change order how attributes are modified
from: add, delete
to:   delete, add

This is needed to update single valued attributes in Novell NDS and
should not harm anyone else.
(This used to be commit e925cae0f3846ea95633d38afd652e0f3d8acfb9)

15 years agoFix from James Flemer <> to make HAVE_ATTR_LIST linked to
Jeremy Allison [Mon, 5 Jan 2004 21:01:06 +0000 (21:01 +0000)]
Fix from James Flemer <> to make HAVE_ATTR_LIST linked to
(This used to be commit 1d90cc2034c023755981a07a49c3d9958b60fb74)

15 years agofix inverted check using krb5_kt_resolve() and HAVE_MEMORY_KEYTAB; bug 912
Gerald Carter [Mon, 5 Jan 2004 20:24:21 +0000 (20:24 +0000)]
fix inverted check using krb5_kt_resolve() and HAVE_MEMORY_KEYTAB; bug 912
(This used to be commit cca2afecd505881412df65c21c0389a0079cf023)

15 years agoMerge commit to 3_0: add pdb_pgsql
Jelmer Vernooij [Mon, 5 Jan 2004 00:57:53 +0000 (00:57 +0000)]
Merge commit to 3_0: add pdb_pgsql
(This used to be commit 61cbd5c9be1962d0c33c28ff472a2f82d3aa2a80)

15 years agoCommit the translation of the realm to the netbios domain name in the kerberos
Volker Lendecke [Sun, 4 Jan 2004 11:59:11 +0000 (11:59 +0000)]
Commit the translation of the realm to the netbios domain name in the kerberos
session setup. After talking to jht and abartlet I made this unconditional, no
additional parameter.

Jerry: This is a change in behaviour, but I think it is necessary.

(This used to be commit d32f47fedcff3fdf46f42926d1cd84433e7ab487)

15 years agoAnd yet another const
Volker Lendecke [Sat, 3 Jan 2004 20:21:37 +0000 (20:21 +0000)]
And yet another const

(This used to be commit 6121a866659c3b81e790a79432b6d89d7865fbd3)

15 years agoAfter talking with abartlet remove the fix for bug 707 again.
Volker Lendecke [Thu, 1 Jan 2004 21:11:33 +0000 (21:11 +0000)]
After talking with abartlet remove the fix for bug 707 again.

(This used to be commit a2e384262d0203772a6237b566c294f15bfd8948)

15 years agoFix for bug 707, getent group for huge ads groups (>1500 members)
Volker Lendecke [Thu, 1 Jan 2004 20:33:45 +0000 (20:33 +0000)]
Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

I've rewritten most of Günther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

Andrew, you told me that you would like to see a check whether the AD sequence
number is the same before and after the retrieval to achieve atomicity. This
would be trivial to add, but I'm not sure that we want this, as this adds two
roundtrips to every membership query. We can not know before the first query
whether we get additional range values, and at that point it's too late to ask
for the USN.

Tested with a group of 4000 members along with lots of small groups.

(This used to be commit a2aa6e41e552abfb6d1056ab3a7c75e8fd0a150c)

15 years agoMove to short lived TALLOC_CTX* for allocating printer
Gerald Carter [Tue, 30 Dec 2003 22:18:40 +0000 (22:18 +0000)]
Move to short lived TALLOC_CTX* for allocating printer
objects from the print handle cache.   Fixes bug that
caused smbd to consume large amounts of RAM when

(a) a printer handle was kept open over an extended
    period of time, and
(b) the client issued frequent requests that resulted
    in a call to get_a_printer()
(This used to be commit b84ea23f99481f9260dedbe8dd715112ccdc7d7a)

15 years agoAnother little one: Make pdb_test.c at least compile, although its way out of
Volker Lendecke [Tue, 30 Dec 2003 21:12:57 +0000 (21:12 +0000)]
Another little one: Make pdb_test.c at least compile, although its way out of

(This used to be commit 0a84173555b29b77b241741c7b1ae4fac595c28f)

15 years agoThe AFS pts command always generates completely lower-case user names. As case
Volker Lendecke [Tue, 30 Dec 2003 16:01:24 +0000 (16:01 +0000)]
The AFS pts command always generates completely lower-case user names. As case
is not significant in windows user names we should not lose information by
lower-casing the name before handing it to AFS.

(This used to be commit 097e8d44b4a6eb49f36debae1f2cc8af7565b0eb)

15 years agoFix Bug # 924
Volker Lendecke [Tue, 30 Dec 2003 15:20:07 +0000 (15:20 +0000)]
Fix Bug # 924

(This used to be commit 1f0e045502f802f819738d1b89574b07dfaa6bc6)

15 years agoPreliminary fix for our signing problem with failed NTLMSSP logins. This patch
Volker Lendecke [Sat, 27 Dec 2003 10:13:20 +0000 (10:13 +0000)]
Preliminary fix for our signing problem with failed NTLMSSP logins. This patch
solves the problem for me here, I can still successfully set up signing using
NTLMSSP against w2k3 and it does not show a signing error anymoe when the
password was wrong.

Jeremy, you might want to take a further look at it as this is not
particularly elegant.

(This used to be commit 8a82060e3aee6d5ef38b1448035d865f9bce63a7)

15 years agoCollecting another little patch from
Volker Lendecke [Fri, 26 Dec 2003 21:35:39 +0000 (21:35 +0000)]
Collecting another little patch from

As broken as it might be, should be put into the
libdir and not bindir.

(This used to be commit c374fd982e63209cf555fe8fbf15cfae0f79aca1)

15 years agoCollecting some minor patches...
Volker Lendecke [Fri, 26 Dec 2003 19:39:50 +0000 (19:39 +0000)]
Collecting some minor patches...

This adds the ability to specify the new user password for 'net ads password'
on the command line. As this needs the admin password on the command line, the
information leak is minimally more.

Patch from

(This used to be commit 68af56f517014476ab4549de72a0585a0a07c72f)

15 years ago(merge from 3.0)
Andrew Bartlett [Thu, 25 Dec 2003 23:35:27 +0000 (23:35 +0000)]
(merge from 3.0)
ldap rebind sleep -> ldap replication sleep

While writing documentation for metze's patch, it became clear that this is a
better name.

Andrew Bartlett
(This used to be commit bac2c20adf6a8f541f227652d4da3d8f31f1a648)

15 years agoThis is metze's LDAP rebind sleep patch:
Volker Lendecke [Thu, 25 Dec 2003 22:45:15 +0000 (22:45 +0000)]
This is metze's LDAP rebind sleep patch:

When smb.conf tells us to write to a read-only LDAP replica and we are
redirected by the LDAP server, the replication might take some seconds,
especially over slow links. This patch delays the next read after a rebind for
'ldap rebind sleep' milliseconds.

Metze, thanks for your patience.

(This used to be commit 7293550e3642e2553684a7011084dabb0b78fd24)

15 years agoFix our parsing of the LDAP url. We get around it as all decent systems seem
Volker Lendecke [Thu, 25 Dec 2003 22:31:30 +0000 (22:31 +0000)]
Fix our parsing of the LDAP url. We get around it as all decent systems seem
to have ldap_initialize.

Thanks to abartlet for the fix (and the bug in the first place ;-))

(This used to be commit 943e156788ea361cb3ec0ab37a87653494e47f2e)

15 years agoabartlet pointed me at the fact that the order and flags in loadparm.c are
Volker Lendecke [Thu, 25 Dec 2003 10:10:49 +0000 (10:10 +0000)]
abartlet pointed me at the fact that the order and flags in loadparm.c are
actually used.... 'afs username map' should not show up in the swat basic
view. :-)

Maybe I should use swat from time to time....

(This used to be commit 82f47aeca3d376d766efc36fdf2efe158f975484)

15 years ago(merge from 3.0)
Andrew Bartlett [Thu, 25 Dec 2003 09:57:39 +0000 (09:57 +0000)]
(merge from 3.0)

Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
strings, only form input in SWAT.

Andrew Bartlett
(This used to be commit 794ff4da03a3c5b6afa3ee4802f83f04571a5652)

15 years ago(merge from 3.0)
Andrew Bartlett [Wed, 24 Dec 2003 10:02:57 +0000 (10:02 +0000)]
(merge from 3.0)

Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP
implementation.  We were not resetting the NTLMSSP state for new
negotiate packets.

Andrew Bartlett
(This used to be commit ada064af72e120aacd733245292e988dd696d059)

15 years agoFix for special files being hidden from admins by Dmitry Butskoj <>
Jeremy Allison [Tue, 23 Dec 2003 07:33:38 +0000 (07:33 +0000)]
Fix for special files being hidden from admins by Dmitry Butskoj <>
(This used to be commit a14259d885291c138d3d62d36737472048840aa6)

15 years agocorrect typo in delete user script; bug 887
Gerald Carter [Mon, 22 Dec 2003 21:26:29 +0000 (21:26 +0000)]
correct typo in delete user script; bug 887
(This used to be commit 44ef3dd2b346176e756b5e361a38da19ea93e071)

15 years agoadd well known rid for pre win2k compatible access group; bug 897
Gerald Carter [Mon, 22 Dec 2003 21:24:40 +0000 (21:24 +0000)]
add well known rid for pre win2k compatible access group; bug 897
(This used to be commit 426a02cf678236f902c143b56eaaf854fca2237f)

15 years agoPatch from Jianliang Lu to manage Power Users
Jeremy Allison [Mon, 22 Dec 2003 11:12:12 +0000 (11:12 +0000)]
Patch from Jianliang Lu to manage Power Users
(This used to be commit 72174634aa26c01431ccf85331aaa8b51e70c8ff)

15 years ago* add a few useful debug lines
Gerald Carter [Fri, 19 Dec 2003 00:33:27 +0000 (00:33 +0000)]
* add a few useful debug lines
* fix bug involving Win9x clients.  Make sure we
  save the right case for the located username
  in fill_sam_account()
(This used to be commit d22b4097d4c2bde7989af31ccb572871c6e63424)

16 years agoAdd in comments explaining NTLMv2 selection. Use lm session key if that's
Jeremy Allison [Wed, 17 Dec 2003 21:57:29 +0000 (21:57 +0000)]
Add in comments explaining NTLMv2 selection. Use lm session key if that's
all there is.
(This used to be commit 3e6abeffe176cdba43d251f55f3b7aecd8fa55b1)

16 years agoTidyup debug message in ntlmssp code. Add brackets around dodgy if statement.
Jeremy Allison [Wed, 17 Dec 2003 20:11:35 +0000 (20:11 +0000)]
Tidyup debug message in ntlmssp code. Add brackets around dodgy if statement.
(This used to be commit 6cd0f6e7c0a28ddccf55acb1e411e5ed5bd3cf47)

16 years agoMake sure we correctly generate the lm session key.
Gerald Carter [Wed, 17 Dec 2003 06:18:41 +0000 (06:18 +0000)]
Make sure we correctly generate the lm session key.
This fixes a problem joining a Samba domain from a
vanilla win2k client that doesn't set the

Reported on samba ml as "decode_pw: incorrect password length"
when handling a samr_set_userinfo(23 or 24) RPC.
(This used to be commit 14558c942beb05cd12c0e40c1bb30c3dcde8ce48)

16 years agomake sure we delete the group mapping before calling the delete group script; patch...
Gerald Carter [Tue, 16 Dec 2003 18:36:05 +0000 (18:36 +0000)]
make sure we delete the group mapping before calling the delete group script; patch from Jianliang Lu <>
(This used to be commit 66edeb855e7d7a0bfa20cbe93275c86880bd453d)

16 years agoFix from to allow an existing LDAP machine account to be
Jeremy Allison [Sat, 13 Dec 2003 01:43:52 +0000 (01:43 +0000)]
Fix from to allow an existing LDAP machine account to be
re-used, rather than created from scratch.
(This used to be commit 1bcc4c244dd127643c66ed75550f405e90c99c76)

16 years agoFix for bug #815. Make plaintext unicode passwords work with NT4.x
Jeremy Allison [Fri, 12 Dec 2003 22:54:41 +0000 (22:54 +0000)]
Fix for bug #815. Make plaintext unicode passwords work with NT4.x
(This used to be commit 29bac18b6971f459c3cb138366ae493d5805f643)

16 years agoFix detection of elements in in-memory keytab code.
Jeremy Allison [Fri, 12 Dec 2003 20:15:47 +0000 (20:15 +0000)]
Fix detection of elements in in-memory keytab code.
(This used to be commit c208ea44aa4cc8c0cde6aa02d98d87f36aed9589)

16 years agofix bug that prevent --mandir from overriding the defaults given in the --with-fhs...
Gerald Carter [Thu, 11 Dec 2003 22:31:00 +0000 (22:31 +0000)]
fix bug that prevent --mandir from overriding the defaults given in the --with-fhs macro
(This used to be commit 824218d086d90f6fcf3789e8e87f047e2da55c25)

16 years agoCorrectly detect in-memory krb5 keytab support. Fix for bug #863 from
Jeremy Allison [Thu, 11 Dec 2003 20:54:55 +0000 (20:54 +0000)]
Correctly detect in-memory krb5 keytab support. Fix for bug #863 from (Greg Schafer).
(This used to be commit 25d91f8d8c4e3bd8237716052b53350587ffb8dc)

16 years agoPatch from James Peach <>. Remove the MAX_CONNECTIONS limit
Jeremy Allison [Thu, 11 Dec 2003 19:59:05 +0000 (19:59 +0000)]
Patch from James Peach <>. Remove the MAX_CONNECTIONS limit
by increasing bitmap size. Limited by "max connections" parameter.
Bug #716.
(This used to be commit 0be57a2eb015f832c6bb6d84525719a3d632f741)

16 years agofixed bad formal parameter type in get_static(); patch Andy Polyakov
Gerald Carter [Thu, 11 Dec 2003 15:35:44 +0000 (15:35 +0000)]
fixed bad formal parameter type in get_static(); patch Andy Polyakov
(This used to be commit 67d893701f09f29e8af56cd98f04131658b39713)

16 years agoFix uninitialized variable in passdb code. Reported by Andy Polyakov <appro@fy.chalme...
Alexander Bokovoy [Thu, 11 Dec 2003 10:31:20 +0000 (10:31 +0000)]
Fix uninitialized variable in passdb code. Reported by Andy Polyakov <>
(This used to be commit ca21dd3bb682700d628e9fc1aeedd1594cda3094)