12 years agor17172: Fix typo.
John Terpstra [Fri, 21 Jul 2006 01:58:17 +0000 (01:58 +0000)]
r17172: Fix typo.
(This used to be commit 421cb6f728be7821b537d00cdd05d05f1490eb3f)

12 years agor17162: Fix typo small typos noticed by Paul Green.
Gerald Carter [Thu, 20 Jul 2006 20:23:04 +0000 (20:23 +0000)]
r17162: Fix typo small typos noticed by Paul Green.
(This used to be commit 1a5874588686fb4ece9be70059ff75b975ed2bd5)

12 years agor17159: Bug 3920: Restore wnibind use default domain behavior for domain groups.
Gerald Carter [Thu, 20 Jul 2006 18:02:51 +0000 (18:02 +0000)]
r17159: Bug 3920: Restore wnibind use default domain behavior for domain groups.
This break local users and 'winbind nested groups' on domain members.
Cannot be helped.

My plans is to move the default domain crud to the client code (pam and
nss libraries) in 3.0.24.
(This used to be commit 8ee22eeab5d06008b363f8bb250dc767ddfbb86a)

12 years agor17158: Add two new options to 'net ads join'
Gerald Carter [Thu, 20 Jul 2006 14:39:06 +0000 (14:39 +0000)]
r17158: Add two new options to 'net ads join'

  * createupn=[host_upn@realm]
  * createcomputer=<ou path top to bottom> (this was previously
    the only arg)
(This used to be commit 75054e984e5ca7249b1327630db9d09da974a54e)

12 years agor17152: Don't handle the delete pending here, await
Jeremy Allison [Wed, 19 Jul 2006 21:03:03 +0000 (21:03 +0000)]
r17152: Don't handle the delete pending here, await
(This used to be commit 11bab9d57958659c71f053fe8dc0f9156c9f3c1f)

12 years agor17151: revert a few accidental commits to the Makefile
Gerald Carter [Wed, 19 Jul 2006 21:02:03 +0000 (21:02 +0000)]
r17151: revert a few accidental commits to the Makefile
(This used to be commit 3fea233802dd2f6a5528fdb183a2ff30d572020d)

12 years agor17150: MMC User & group plugins fixes:
Gerald Carter [Wed, 19 Jul 2006 20:59:04 +0000 (20:59 +0000)]
r17150: MMC User & group plugins fixes:

* Make sure to lower case all usernames before
  calling the create, delete, or rename hooks.
* Preserve case for usernames in passdb
* Flush the getpwnam cache after renaming a user
* Add become/unbecome root block in _samr_delete_dom_user()
  when trying to verify the account's existence.
(This used to be commit bbe11b7a950e7d85001f042bbd1ea3bf33ecda7b)

12 years agor17149: Fail the join if we cannot set any SPNs for the machine account.
Gerald Carter [Wed, 19 Jul 2006 20:56:11 +0000 (20:56 +0000)]
r17149: Fail the join if we cannot set any SPNs for the machine account.
Disable the one we created and whine.
(This used to be commit 1a7e81a4a8955e643d1c8a54365221a9e2ed8a12)

12 years agor17148: the wins service should not accept any controls so that a GUI can grey it...
Gerald Carter [Wed, 19 Jul 2006 20:54:39 +0000 (20:54 +0000)]
r17148: the wins service should not accept any controls so that a GUI can grey it out as not remotely manageable
(This used to be commit 859c51cf25a2bb80787a5060156f09c2f0142dfb)

12 years agor17147: Install fixes for libraries
Gerald Carter [Wed, 19 Jul 2006 20:54:02 +0000 (20:54 +0000)]
r17147: Install fixes for libraries
(This used to be commit 72bac13f21bf2c71538e3b3bafa0fc447e1e8af8)

12 years agor17146: Starting to cleanout my local tree some
Gerald Carter [Wed, 19 Jul 2006 20:53:10 +0000 (20:53 +0000)]
r17146: Starting to cleanout my local tree some

* add code to lookup NS records (in prep for later coe that
  does DNS updates as part of the net ads join)
(This used to be commit 36d4970646638a2719ebb05a091c951183535987)

12 years agor17142: Ensure we record the correct can_read/can_write
Jeremy Allison [Wed, 19 Jul 2006 18:45:25 +0000 (18:45 +0000)]
r17142: Ensure we record the correct can_read/can_write
from the client requested access mask.
(This used to be commit 12490fafc7f98952bf709c4c504f8f2b5646f197)

12 years agor17140: Get rid of the lock release/reacquire code ! Turns out
Jeremy Allison [Wed, 19 Jul 2006 18:34:19 +0000 (18:34 +0000)]
r17140: Get rid of the lock release/reacquire code ! Turns out
that create dispositions that cause O_TRUNC break
oplocks. This simplifies the code - although we have
to keep separate the client requested access mask and
the access mask we actually use to open the file.
(This used to be commit 3bcd52a4752ec6c2a8f678afa3b7b3646103ad60)

12 years agor17138: In preparation for the cluster merge, add an empty configure option :-)
Volker Lendecke [Wed, 19 Jul 2006 16:28:20 +0000 (16:28 +0000)]
r17138: In preparation for the cluster merge, add an empty configure option :-)

(This used to be commit 906720649b4a6c9de9fb6e248e573d3e8fd00ead)

12 years agor17136: Fix alignment on lsaquery. This broke in particular level 6, where the client
Volker Lendecke [Wed, 19 Jul 2006 15:05:06 +0000 (15:05 +0000)]
r17136: Fix alignment on lsaquery. This broke in particular level 6, where the client
tried to figure out which role we are.

Needs to go into 23a.

Thanks to Karolin for insisting and setting up the test case :-)

(This used to be commit 3482bb1ef57e60397df8dcf1b29999161359c42a)

12 years agor17134: Fix a debug message
Volker Lendecke [Wed, 19 Jul 2006 10:42:50 +0000 (10:42 +0000)]
r17134: Fix a debug message
(This used to be commit 40e267981174840f4f36d1863985ee010ef5074a)

12 years agor17131: Optimisation - when doing a stat open don't open the
Jeremy Allison [Wed, 19 Jul 2006 05:32:12 +0000 (05:32 +0000)]
r17131: Optimisation - when doing a stat open don't open the
file unless we really have to (ie. O_CREAT and file
doesn't exist).
(This used to be commit 788aa15ea24e6dfb61820465b5b881829a64297a)

12 years agor17130: Remove unneeded unlock call.
Jeremy Allison [Wed, 19 Jul 2006 05:26:51 +0000 (05:26 +0000)]
r17130: Remove unneeded unlock call.
(This used to be commit b3b5aec0eef3bdcae75ce79ffd3ecf21fb1279e7)

12 years agor17128: Missed a logic error in my last patch. Ensure we deal with any
Jeremy Allison [Wed, 19 Jul 2006 01:30:30 +0000 (01:30 +0000)]
r17128: Missed a logic error in my last patch. Ensure we deal with any
oplocks that were granted when we had released the lock. Fix
strange case where stat open grants a batch oplock on file
create, but grants no oplock on file open.
(This used to be commit b7374835e6ec0c98fc4020623f0a37c0c173b8aa)

12 years agor17125: Drastic problems require drastic solutions. There's
Jeremy Allison [Wed, 19 Jul 2006 00:13:28 +0000 (00:13 +0000)]
r17125: Drastic problems require drastic solutions. There's
no way to get all the cases where kernel oplocks are
on and we can't open the file and get the correct
semantics (think about the open with truncate with
an attribute only open - we'd need a vfs change to
add the truncate(fname, len) call). So always drop
the share mode lock before doing any real fd opens and
then re-acquire it afterwards. We're already dealing
with the race in the create case, and we deal with
any other races in the same way. Volker, please
examine *carefully* :-). This should fix the problems
people reported with kernel oplocks being on.
(This used to be commit 8171c4c404e9f382880c65daa0232f89e560f399)

12 years agor17124: fixed a bug which caused resolve_ads() to spin forever if one of the
Andrew Tridgell [Wed, 19 Jul 2006 00:13:01 +0000 (00:13 +0000)]
r17124: fixed a bug which caused resolve_ads() to spin forever if one of the
DCs isn't resolvable in DNS. The fix is to leave that DC out of the
returned list of DCs. I think the original code intended that anyway,
just didn't quite get it right ('i' wasn't incremented in that code
path, so the loop didn't terminate)
(This used to be commit d7ec9f3cc0439e9e0f4c98988b14ae2155d931b9)

12 years agor17123: Fix 32bit/64bit portability issues again.
Gerald Carter [Tue, 18 Jul 2006 20:19:55 +0000 (20:19 +0000)]
r17123: Fix 32bit/64bit portability issues again.

NO NOT change the winbindd response or request structures
*unless* you test a 32bit wbinfo against a 64bit winbindd.
The structure sizes MUST be the same on 32bit and 64 bit

The way to test is to build a 64bit version of Winbind as normal.
Then build a 32bit version using gcc -m32.  Now install the 64bit and
32bit versions of libnss_winbindd.so and launch the 64bit winbindd.
Make sure that the responses from both 32bit and 64bit versions
of wbinfo match.

If you don't understand the previous paragraph you don't need to
be changing nsswitch/winbindd_nss.h
(This used to be commit bc03141429273703c540d6120b0c5ca4d0949266)

12 years agor17122: remove unused global var from idmap_ad
Gerald Carter [Tue, 18 Jul 2006 20:16:44 +0000 (20:16 +0000)]
r17122: remove unused global var from idmap_ad
(This used to be commit c8b7952843adb75d0b9bb42cfbcfb80e070e8f45)

12 years agor17121: Fix maintainer information for pdb_*sql.
Jelmer Vernooij [Tue, 18 Jul 2006 20:05:59 +0000 (20:05 +0000)]
r17121: Fix maintainer information for pdb_*sql.

This commit was made using Bazaar, using the Subversion support
(see http://bazaar-vcs.org/BzrSvn)
(This used to be commit cbe286ac114dc079506eb028221d0ffa8cf2e14d)

12 years agor17116: Jerry, I can't reach you right now, but r17110 broke the build.
Volker Lendecke [Tue, 18 Jul 2006 14:33:02 +0000 (14:33 +0000)]
r17116: Jerry, I can't reach you right now, but r17110 broke the build.

Please check.

(This used to be commit 8c7d6cab19a3b0e68ebb5fe9abb22bcb42703d37)

12 years agor17111: cleanup the idmap_ad initialization after review by gd
Gerald Carter [Tue, 18 Jul 2006 11:56:46 +0000 (11:56 +0000)]
r17111: cleanup the idmap_ad initialization after review by gd
(This used to be commit 6c0a690f0a8ec4539b06ad75da0fd91abeb15fa4)

12 years agor17110: revert a bad merge from the old trunk
Gerald Carter [Tue, 18 Jul 2006 11:54:49 +0000 (11:54 +0000)]
r17110: revert a bad merge from the old trunk
(This used to be commit 2c7448e43ea82138cdb7f3f6d61372e2027ddc83)

12 years agor17108: Make the default timeout parameter for lock waiting
Jeremy Allison [Tue, 18 Jul 2006 01:29:43 +0000 (01:29 +0000)]
r17108: Make the default timeout parameter for lock waiting
be lp_lock_spin(). lock spin count is no longer
used. I'll update the man pages.
(This used to be commit 0451a170c9be88399202abd225af35ddc45023f0)

12 years agor17107: Make the 200 ms timeout value tunable in local.h...
Jeremy Allison [Tue, 18 Jul 2006 01:20:26 +0000 (01:20 +0000)]
r17107: Make the 200 ms timeout value tunable in local.h...
Might need to be a parameter ?
(This used to be commit 98d8d9399bb287319578daaf2a2fb42f3c48f858)

12 years agor17106: Match Windows timing values on locks.
Jeremy Allison [Tue, 18 Jul 2006 01:17:54 +0000 (01:17 +0000)]
r17106: Match Windows timing values on locks.
(This used to be commit b5aaff665937313370e0e87225e146f9af7b7e67)

12 years agor17105: Fix the race Volker found - we had a non-locked
Jeremy Allison [Tue, 18 Jul 2006 01:05:51 +0000 (01:05 +0000)]
r17105: Fix the race Volker found - we had a non-locked
region between detecting a pending lock was needed
and when we added the blocking lock record. Make
sure that we hold the lock over all this period.
Removed the old code for doing blocking locks on
SMB requests that never block (the old SMBlock
and friends).
Discovered something interesting about the strange
for a lock with zero timeout, and we got an error
of NT_STATUS_FILE_LOCK_CONFLICT, treat it as though
it was a blocking lock with a timeout of 150 - 300ms.
This only happens when timeout is sent as zero and
can be seen quite clearly in ethereal. This is the
real replacement for old do_lock_spin() code.
Re-worked the blocking lock select timeout to correctly
use milliseconds instead of the old second level
resolution (far too coarse for this work).
(This used to be commit b81d6d1ae95a3d3e449dde629884b565eac289d9)

12 years agor17102: Fix segfault in libnss_wins [bugzilla #3937].
Günther Deschner [Mon, 17 Jul 2006 22:19:54 +0000 (22:19 +0000)]
r17102: Fix segfault in libnss_wins [bugzilla #3937].

(This used to be commit d73d0ec3d074f1acc4fe1c78d218aabd0fe4118a)

12 years agor17100: Ooops. Fix the build...
Jeremy Allison [Mon, 17 Jul 2006 21:24:56 +0000 (21:24 +0000)]
r17100: Ooops. Fix the build...
(This used to be commit b21ca265a25b3d1e4f154ce0ee4b8757b41cf910)

12 years agor17098: Samba3 now cleanly passes Samba4 RAW-LOCK torture
Jeremy Allison [Mon, 17 Jul 2006 21:09:02 +0000 (21:09 +0000)]
r17098: Samba3 now cleanly passes Samba4 RAW-LOCK torture
test. Phew - that was painful :-). But what it means
is that we now implement lock cancels and I can add
lock cancels into POSIX lock handling which will fix
the fast/slow system call issue with cifsfs !
(This used to be commit f1a9cf075b87c76c032d19da0168424c90f6cb3c)

12 years agor17097: Move share_access_check from rpc_server/srv_srvsvc_nt.c to lib/sharesec.c
Volker Lendecke [Mon, 17 Jul 2006 19:53:15 +0000 (19:53 +0000)]
r17097: Move share_access_check from rpc_server/srv_srvsvc_nt.c to lib/sharesec.c
(This used to be commit 220dd4333032aea238066e3fbec9fca51ed16ddf)

12 years agor17096: Simplify share_access_check a bit: It takes the sharename instead of the...
Volker Lendecke [Mon, 17 Jul 2006 19:50:59 +0000 (19:50 +0000)]
r17096: Simplify share_access_check a bit: It takes the sharename instead of the snum,
and the decision which token to use (conn or vuser) does not really belong
here, it is better done in the two places where this is called.

(This used to be commit 0a138888adf7a0f04a38cd911e797e1a379e908b)

12 years agor17095: Activate RPC-SAMBA3-SHARESEC
Volker Lendecke [Mon, 17 Jul 2006 19:31:01 +0000 (19:31 +0000)]
r17095: Activate RPC-SAMBA3-SHARESEC
(This used to be commit bcb196d21ea7eb13af02bb0c2fa85f0d363b55a1)

12 years agor17089: Fix a possible null dereference and some memleaks.
Volker Lendecke [Mon, 17 Jul 2006 15:00:49 +0000 (15:00 +0000)]
r17089: Fix a possible null dereference and some memleaks.

Jerry, please check.


(This used to be commit b87c4952216b6302b0e1f22689b5a36b6aa65349)

12 years agor17086: Re-add ability to contact remote domain controllers with the "net ads"
Günther Deschner [Mon, 17 Jul 2006 11:04:47 +0000 (11:04 +0000)]
r17086: Re-add ability to contact remote domain controllers with the "net ads"

In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).

(This used to be commit d573e64781667993478a289580fa65c34e847f64)

12 years agor17080: Remove traces of the wrepld directory (now
Jeremy Allison [Mon, 17 Jul 2006 03:53:39 +0000 (03:53 +0000)]
r17080: Remove traces of the wrepld directory (now
(This used to be commit 58e5e270d2957cdf07c29757a83b53f73372d62a)

12 years agor17078: Ouch....
Volker Lendecke [Sun, 16 Jul 2006 06:33:41 +0000 (06:33 +0000)]
r17078: Ouch....
(This used to be commit 1d928f783a78b3e957b675f12f1ad56e84c2fcfb)

12 years agor17077: Activate RPC-SAMBA3-GETUSERNAME in the build farm
Volker Lendecke [Sun, 16 Jul 2006 06:32:35 +0000 (06:32 +0000)]
r17077: Activate RPC-SAMBA3-GETUSERNAME in the build farm
(This used to be commit 8c6088f2bd0a5e3a854a31fe428d841d61055a30)

12 years agor17075: Even without talloc_steal you can still create memory problems.... ;-)
Volker Lendecke [Sat, 15 Jul 2006 20:39:00 +0000 (20:39 +0000)]
r17075: Even without talloc_steal you can still create memory problems.... ;-)
(This used to be commit 03e9924f5c82537ca72c03e3b0f70ea002e76934)

12 years agor17064: lsa_GetUserName needs to return the name for S-1-5-7 on an anonymous login.
Volker Lendecke [Sat, 15 Jul 2006 17:55:01 +0000 (17:55 +0000)]
r17064: lsa_GetUserName needs to return the name for S-1-5-7 on an anonymous login.

Found that because I want to play around with setsharesecurity, for this I
need the "whoami" call figuring out the SID of the currently connected user.

Not activating this test yet until the build farm has picked up the new samba4

(This used to be commit 5cfe482841b77208b68376f9e2b8a4a62271f7c9)

12 years agor17063: Update debian-sarge for 3.0.23
Simo Sorce [Sat, 15 Jul 2006 16:51:23 +0000 (16:51 +0000)]
r17063: Update debian-sarge for 3.0.23
(This used to be commit a77b18c78197f40ab51462f3a35d27f300a8359c)

12 years agor17060: Some c++ warnings
Volker Lendecke [Sat, 15 Jul 2006 10:55:24 +0000 (10:55 +0000)]
r17060: Some c++ warnings
(This used to be commit 2e7afa9e19b117d7a8ce1238c1b9b80ececec729)

12 years agor17047: Fix a typo and a possible NULL dereference
Volker Lendecke [Sat, 15 Jul 2006 08:36:44 +0000 (08:36 +0000)]
r17047: Fix a typo and a possible NULL dereference
(This used to be commit c0d9114706345c6bc1fa392bbf9ee81b146cba85)

12 years agor17046: Ensure we're using the right pointers ...
Jeremy Allison [Sat, 15 Jul 2006 00:34:08 +0000 (00:34 +0000)]
r17046: Ensure we're using the right pointers ...
(This used to be commit a8df1863bf2817a82a55c816ba1f685828c5b6ec)

12 years agor17043: Fix memleak when processing CIFS POSIX lock/unlock
Jeremy Allison [Sat, 15 Jul 2006 00:05:47 +0000 (00:05 +0000)]
r17043: Fix memleak when processing CIFS POSIX lock/unlock
requests. Maybe the Linux kernel OOM killer will
be kinder to smbd now :-). Back to tdbtorture
tests on cifsfs.
(This used to be commit 1201383e7ab2413795a395491af0a4d3877b1c8b)

12 years agor17041: Trying to track down a *big* memory leak in the new lock code.
Jeremy Allison [Fri, 14 Jul 2006 23:23:39 +0000 (23:23 +0000)]
r17041: Trying to track down a *big* memory leak in the new lock code.
Fix a small one first.... (easy to valgrind).
(This used to be commit 43d24fbd41ed745a5b21514b526e655663c509ee)

12 years agor17039: Eliminate snum from enumshares and getshareinfo. Get rid of some pstrings.
Volker Lendecke [Fri, 14 Jul 2006 22:06:38 +0000 (22:06 +0000)]
r17039: Eliminate snum from enumshares and getshareinfo. Get rid of some pstrings.

(This used to be commit c5e393d5eda4e13a844171d9ff319d1f1bac3d84)

12 years agor17033: Restructure init_srv_share_info_ctr so that there's only one loop, not a...
Volker Lendecke [Fri, 14 Jul 2006 17:53:45 +0000 (17:53 +0000)]
r17033: Restructure init_srv_share_info_ctr so that there's only one loop, not a dozen
or so. Next step will be to eliminate the explicit snum reference.

(This used to be commit 6e98f8d6c6cc126b0d27ac574c128be96e50abf3)

12 years agor17032: I thought I had already merged this from trunk:
Volker Lendecke [Fri, 14 Jul 2006 17:46:06 +0000 (17:46 +0000)]
r17032: I thought I had already merged this from trunk:

> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
> get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC

(This used to be commit c89471e15766fcdbfa4f40701e12c19f95c2d8ef)

12 years agor17030: Partially fix standalone build of tdb directory
Jeremy Allison [Fri, 14 Jul 2006 05:10:55 +0000 (05:10 +0000)]
r17030: Partially fix standalone build of tdb directory
(tdbtool still fails).
(This used to be commit 50dbb66d73c8c25755e675876dd55000ca8bfd12)

12 years agor17025: Remove one blank line - test checking in to two
Jeremy Allison [Thu, 13 Jul 2006 22:08:10 +0000 (22:08 +0000)]
r17025: Remove one blank line - test checking in to two
branches simultaneously.....
(This used to be commit 13e7fe540acf575c3b4503050a25cbe4d30b8835)

12 years agor17023: security = server should not be considerd ROLE_DOMAIN_MEMBER
Gerald Carter [Thu, 13 Jul 2006 20:24:16 +0000 (20:24 +0000)]
r17023: security = server should not be considerd ROLE_DOMAIN_MEMBER
(This used to be commit 6eb77442a570b4ef3bb71dd5a1b7ea81ad18f09c)

12 years agor17022: Fix the build farm -- maybe this is the real fix, testing more
Volker Lendecke [Thu, 13 Jul 2006 20:16:12 +0000 (20:16 +0000)]
r17022: Fix the build farm -- maybe this is the real fix, testing more
(This used to be commit 19d02690002a35cb6e0204db236d2b768e48c6d8)

12 years agor17021: remove unsupported smbwrapper code
Gerald Carter [Thu, 13 Jul 2006 18:10:29 +0000 (18:10 +0000)]
r17021: remove unsupported smbwrapper code
(This used to be commit 07c67fbfc0790169ee748c0e62da14c89d3add23)

12 years agor17017: BUG 3916: fix pam config file parsing in pam_winbind.
Gerald Carter [Thu, 13 Jul 2006 16:31:26 +0000 (16:31 +0000)]
r17017: BUG 3916: fix pam config file parsing in pam_winbind.
Patch from Dietrich Streifert <dietrich.streifert@visionet.de>
(This used to be commit 8d6218825827a54ca69e462c00a3dc9e25ef3ddf)

12 years agor17016: Different and smaller fix for the valid users = username problem.
Volker Lendecke [Thu, 13 Jul 2006 16:28:38 +0000 (16:28 +0000)]
r17016: Different and smaller fix for the valid users = username problem.

If no winbind is around, the best we can do to get the user's token correct is
to ask unix via create_token_from_username. More investigation is needed if
this also fixes the +groupname for unmapped groups problems more cleanly.

(This used to be commit f6e3ee147ffde572532fb44b619dda01388d4a31)

12 years agor17011: Back out r17010 after talking to Jerry. Another fix pending...
Volker Lendecke [Thu, 13 Jul 2006 15:37:58 +0000 (15:37 +0000)]
r17011: Back out r17010 after talking to Jerry. Another fix pending...

(This used to be commit 7a629118ee6f468505172147724f7f532f0f4a4f)

12 years agor17010: If winbind is not around, add S-1-22-1-<uid> to the user's token.
Volker Lendecke [Thu, 13 Jul 2006 15:03:46 +0000 (15:03 +0000)]
r17010: If winbind is not around, add S-1-22-1-<uid> to the user's token.

See the comment in the patch for the reason.

(This used to be commit 5e07ab750af3744e1ee5bfc813d5c6532aff4ecb)

12 years agor17007: Increment winbind protocol version number.
Andrew Bartlett [Thu, 13 Jul 2006 09:31:04 +0000 (09:31 +0000)]
r17007: Increment winbind protocol version number.

Andrew Bartlett
(This used to be commit ed51b6293b7577cb2d9e661a8491606abf349406)

12 years agor17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
Andrew Bartlett [Thu, 13 Jul 2006 09:29:25 +0000 (09:29 +0000)]
r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1

This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)

12 years agor17003: Fix coverity #303 - possible null deref. Jerry please
Jeremy Allison [Thu, 13 Jul 2006 00:11:34 +0000 (00:11 +0000)]
r17003: Fix coverity #303 - possible null deref. Jerry please
check this is your new code.
(This used to be commit 144067783d1c56b574911532f074bdaa7cea9c6e)

12 years agor17000: Allow CIFS POSIX locks to coexist with Windows locks.
Jeremy Allison [Wed, 12 Jul 2006 21:57:54 +0000 (21:57 +0000)]
r17000: Allow CIFS POSIX locks to coexist with Windows locks.
We shouldn't allow this on the same smbd, but the cifsfs
client negotiates POSIX locks then sends Windows ones.
Doh ! Can't fix shipped client code....
(This used to be commit 2f8cabe98d3776cb0bdf6b4ef1490fe0119e260a)

12 years agor16998: patch from Paul Griffith <paulg@cs.yorku.ca> to fix compile of the test.c...
Gerald Carter [Wed, 12 Jul 2006 21:05:11 +0000 (21:05 +0000)]
r16998: patch from Paul Griffith <paulg@cs.yorku.ca> to fix compile of the test.c pdb file
(This used to be commit 34ad8e183cf882913c32b4d03c9ab5fc09181ad2)

12 years agor16997: Simo's patch (based on repotr from Seth Elssworth of Quest) to try to be...
Gerald Carter [Wed, 12 Jul 2006 21:02:22 +0000 (21:02 +0000)]
r16997: Simo's patch (based on repotr from Seth Elssworth of Quest) to try to be more robust in the precense of more broken /etc/hosts files when determining our fwdn
(This used to be commit 6413df8348829659807c0c30e6eaef511815e0ed)

12 years agor16994: Fix bug #3923, reported by jason@ncac.gwu.edu. Incorrect type
Jeremy Allison [Wed, 12 Jul 2006 19:33:51 +0000 (19:33 +0000)]
r16994: Fix bug #3923, reported by jason@ncac.gwu.edu. Incorrect type
(This used to be commit 738b99078c6e0ececa6c0268258510a4e97f84e7)

12 years agor16992: Fix bug #3922 reported by jason@ncac.gwu.edu, correctly
Jeremy Allison [Wed, 12 Jul 2006 19:23:45 +0000 (19:23 +0000)]
r16992: Fix bug #3922 reported by jason@ncac.gwu.edu, correctly
look at the return code.
(This used to be commit f11933b3ac91c6fbacd6b410f4d2c0d400df23ee)

12 years agor16990: Fix bug #3921 spotted by jason@ncac.gwu.edu. Correctly
Jeremy Allison [Wed, 12 Jul 2006 19:13:00 +0000 (19:13 +0000)]
r16990: Fix bug #3921 spotted by jason@ncac.gwu.edu. Correctly
obey blocking/non-blocking request for POSIX locks.
(This used to be commit f62c01316ef3ce0351f8b34229307a75d8f9f156)

12 years agor16987: Fix the logic errors in ref-counting Windows locks.
Jeremy Allison [Wed, 12 Jul 2006 16:32:02 +0000 (16:32 +0000)]
r16987: Fix the logic errors in ref-counting Windows locks.
Hopefully will fix the build farm. Still a few errors
in RAW-LOCK to look at though...
(This used to be commit edd72d37de570fdad09f7ee983b5b22a1613e558)

12 years agor16973: Fix subtle logic error in lock ref counting found by
Jeremy Allison [Wed, 12 Jul 2006 06:56:43 +0000 (06:56 +0000)]
r16973: Fix subtle logic error in lock ref counting found by
cifsfs client code.
(This used to be commit 53094435d89088124041d57078c21a12e761e2bf)

12 years agor16971: Ensure we use the correct separator for pathnames
Jeremy Allison [Wed, 12 Jul 2006 03:20:53 +0000 (03:20 +0000)]
r16971: Ensure we use the correct separator for pathnames
in POSIX mode (clitar needs fixing too). Add test
posix lock/unlock commands.
(This used to be commit 596497ccc250896025253be1d67711d6d7f059f0)

12 years agor16968: The function parse_processed_dfs_path() is dependent on the
Jeremy Allison [Wed, 12 Jul 2006 03:02:33 +0000 (03:02 +0000)]
r16968: The function parse_processed_dfs_path() is dependent on the
fact that check_path_syntax() will convert '\\' characters to '/'.
When POSIX pathnames have been selected this doesn't happen, so we
must look for the unaltered separator of '\\' instead of the modified '/'.
Stevef please check this with the CIFSFS MS-DFS code !
(This used to be commit 883bb398e58f54ee79160487b49b79a4774ef939)

12 years agor16962: Add a few utility fns into client. Allow POSIX capabilities
Jeremy Allison [Wed, 12 Jul 2006 00:21:14 +0000 (00:21 +0000)]
r16962: Add a few utility fns into client. Allow POSIX capabilities
to be selected.
(This used to be commit 2d8d4bd77bac6f5e7865657e12affd8b94aa85c3)

12 years agor16960: Some warnings from host "opi"
Volker Lendecke [Tue, 11 Jul 2006 21:23:44 +0000 (21:23 +0000)]
r16960: Some warnings from host "opi"
(This used to be commit 083ef11cc9be8f1299f233bde194173e092e2c3c)

12 years agor16957: fix cut-n-paste error. The check for 'if (\!salt)' make no sense when fetchi...
Gerald Carter [Tue, 11 Jul 2006 21:09:13 +0000 (21:09 +0000)]
r16957: fix cut-n-paste error.  The check for 'if (\!salt)' make no sense when fetching the DES salting principal
(This used to be commit baf554c7934cbd591635196453c19d402358e073)

12 years agor16955: Fix an uninitialized var -- Jerry, please check.
Volker Lendecke [Tue, 11 Jul 2006 20:50:50 +0000 (20:50 +0000)]
r16955: Fix an uninitialized var -- Jerry, please check.
(This used to be commit bf701f51294dacd0d4077b5304772c40119460eb)

12 years agor16954: Volker reminded me we already have code to do this check.
Gerald Carter [Tue, 11 Jul 2006 20:31:13 +0000 (20:31 +0000)]
r16954: Volker reminded me we already have code to do this check.
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1eb3c7ea0900f455cec48c3b95a17f6)

12 years agor16953: Don't allow groups to be renamed to an existing user or other group
Gerald Carter [Tue, 11 Jul 2006 20:02:22 +0000 (20:02 +0000)]
r16953: Don't allow groups to be renamed to an existing user or other group
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)

12 years agor16952: New derive DES salt code and Krb5 keytab generation
Gerald Carter [Tue, 11 Jul 2006 18:45:22 +0000 (18:45 +0000)]
r16952: New derive DES salt code and Krb5 keytab generation

Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)

12 years agor16948: Sync the exmaples code from trunk.
Jeremy Allison [Tue, 11 Jul 2006 18:06:52 +0000 (18:06 +0000)]
r16948: Sync the exmaples code from trunk.
(This used to be commit 508ba05a8e4a7df8bf7f6ffe3d09a3c461026f78)

12 years agor16947: Fix warning with profile separator when profiles not
Jeremy Allison [Tue, 11 Jul 2006 18:03:25 +0000 (18:03 +0000)]
r16947: Fix warning with profile separator when profiles not
being used.
(This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)

12 years agor16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
Jeremy Allison [Tue, 11 Jul 2006 18:01:26 +0000 (18:01 +0000)]
r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)

12 years agor16943: Add Jim's code.
Jeremy Allison [Tue, 11 Jul 2006 17:09:38 +0000 (17:09 +0000)]
r16943: Add Jim's code.
(This used to be commit f131bf8f16fd8b7c49e6065ecbf6f8686b2f4269)

12 years agor16941: Fix crash bug when the pam conversation receives an empty token.
Günther Deschner [Tue, 11 Jul 2006 10:39:32 +0000 (10:39 +0000)]
r16941: Fix crash bug when the pam conversation receives an empty token.
Thanks to Bjoern Jacke for the report and test-case.

(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)

12 years agor16940: libnscd sets errno, use that to display error message.
Günther Deschner [Tue, 11 Jul 2006 09:59:22 +0000 (09:59 +0000)]
r16940: libnscd sets errno, use that to display error message.

(This used to be commit df10448e2c6166d1c129c2d9a9a74c5b4a42555f)

12 years agor16939: Still clear the winbind_cache.tdb when offline logons are not enabled.
Günther Deschner [Tue, 11 Jul 2006 09:22:55 +0000 (09:22 +0000)]
r16939: Still clear the winbind_cache.tdb when offline logons are not enabled.

(This used to be commit 4121ccfc3e39001d5b7b8288e3bc27d919f79167)

12 years agor16927: back merge of a packaging fix for release numbers (from 3.0.23)
Gerald Carter [Mon, 10 Jul 2006 20:40:42 +0000 (20:40 +0000)]
r16927: back merge of a packaging fix for release numbers (from 3.0.23)
(This used to be commit 5b4c4928ac63d6872cf13c3cdc4a9a63405bbda4)

12 years agor16866: No idea why I did not see the warning, sorry....
Volker Lendecke [Fri, 7 Jul 2006 19:01:15 +0000 (19:01 +0000)]
r16866: No idea why I did not see the warning, sorry....
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)

12 years agor16865: This is a proposal to fix bug 3915. Before sending patches around, this is
Volker Lendecke [Fri, 7 Jul 2006 18:53:19 +0000 (18:53 +0000)]
r16865: This is a proposal to fix bug 3915. Before sending patches around, this is
what svn is for.

The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.

(This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)

12 years agor16864: Intermediate checkin -- swap the sid_check_is_in_unix_users and
Volker Lendecke [Fri, 7 Jul 2006 18:22:26 +0000 (18:22 +0000)]
r16864: Intermediate checkin -- swap the sid_check_is_in_unix_users and
sid_check_is_in_our_domain cases.

(This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)

12 years agor16862: Reverting accidential changes in ads_try_connect() from previous commit.
Günther Deschner [Fri, 7 Jul 2006 11:59:19 +0000 (11:59 +0000)]
r16862: Reverting accidential changes in ads_try_connect() from previous commit.

(This used to be commit 6257f9af93f2391940b2c60fe39c0bf106de15dd)

12 years agor16861: Fixing crash bug when passing no domain/realm name to the CLDAP request.
Günther Deschner [Fri, 7 Jul 2006 11:43:47 +0000 (11:43 +0000)]
r16861: Fixing crash bug when passing no domain/realm name to the CLDAP request.

(This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)

12 years agor16845: Properly report the error during join when the set password fails
Gerald Carter [Fri, 7 Jul 2006 00:20:55 +0000 (00:20 +0000)]
r16845: Properly report the error during join when the set password fails
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)

12 years agor16836: When receiving a CLDAP reply make sure that we always store the correct
Günther Deschner [Thu, 6 Jul 2006 13:38:41 +0000 (13:38 +0000)]
r16836: When receiving a CLDAP reply make sure that we always store the correct
netbios domain name in server affinity cache.

(This used to be commit 08958411eeff430fb523d9b73e0259d060bac17b)

12 years agor16823: Allow to call wbinfo --domain-info="" or --domain-info="." to get domain
Günther Deschner [Wed, 5 Jul 2006 15:29:31 +0000 (15:29 +0000)]
r16823: Allow to call wbinfo --domain-info="" or --domain-info="." to get domain
info for our own domain.

(This used to be commit ebd3c547e508e191d5e1b5bb001797666db7b269)

12 years agor16800: correct a probable cut&paste error
Simo Sorce [Tue, 4 Jul 2006 15:49:26 +0000 (15:49 +0000)]
r16800: correct a probable cut&paste error
(This used to be commit c139a2293bfb66554e1be09c6824d04381de58e1)

12 years agor16799: Fix remote smbd crash bug by removing half-implemented info level 4
Günther Deschner [Tue, 4 Jul 2006 15:29:21 +0000 (15:29 +0000)]
r16799: Fix remote smbd crash bug by removing half-implemented info level 4

(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)