kai/samba.git
18 years agoA couple more little fixes for the domain security tests.
Andrew Bartlett [Sun, 20 Jan 2002 22:06:35 +0000 (22:06 +0000)]
A couple more little fixes for the domain security tests.

18 years agoVance and his eagle eyes spotted a copy and paste error in my smb.conf updates.
Andrew Bartlett [Sun, 20 Jan 2002 21:56:18 +0000 (21:56 +0000)]
Vance and his eagle eyes spotted a copy and paste error in my smb.conf updates.

Thanks!

Andrew Bartlett

18 years agoTry to see if we can get these tests working...
Andrew Bartlett [Sun, 20 Jan 2002 21:41:07 +0000 (21:41 +0000)]
Try to see if we can get these tests working...

18 years agofixes from 2.2
Simo Sorce [Sun, 20 Jan 2002 17:03:23 +0000 (17:03 +0000)]
fixes from 2.2

18 years agoThis is another *BIG* change...
Andrew Bartlett [Sun, 20 Jan 2002 14:30:58 +0000 (14:30 +0000)]
This is another *BIG* change...

Samba now features a pluggable passdb interface, along the same lines as the
one in use in the auth subsystem.  In this case, only one backend may be active
at a time by the 'normal' interface, and only one backend per passdb_context is
permitted outside that.

This pluggable interface is designed to allow any number of passdb backends to
be compiled in, with the selection at runtime.  The 'passdb backend' paramater
has been created (and documented!) to support this.

As such, configure has been modfied to allow (for example) --with-ldap and the
old smbpasswd to be selected at the same time.

This patch also introduces two new backends:  smbpasswd_nua and tdbsam_nua.
These two backends accept 'non unix accounts', where the user does *not* exist
in /etc/passwd.  These accounts' don't have UIDs in the unix sense, but to
avoid conflicts in the algroitmic mapping of RIDs, they use the values
specified in the 'non unix account range' paramter - in the same way as the
winbind ranges are specifed.

While I was at it, I cleaned up some of the code in pdb_tdb (code copied
directly from smbpasswd and not really considered properly).  Most of this was
to do with % macro expansion on stored data.  It isn't easy to get the macros
into the tdb, and the first password change will 'expand' them.  tdbsam needs
to use a similar system to pdb_ldap in this regard.

This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I
don't have the test facilities for these.  I plan to incoroprate at least
pdb_ldap into this scheme after consultation with Jerry.

Each (converted) passdb module now no longer has any 'static' variables, and
only exports 1 init function outside its .c file.

The non-unix-account support in this patch has been proven!  It is now possible
to join a win2k machine to a Samba PDC without an account in /etc/passwd!

Other changes:

Minor interface adjustments:
pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*.

pdb_update_sam_account() no longer takes the 'override' argument that was being
ignored so often (every other passdb backend).  Extra checks have been added in
some places.

Minor code changes:
smbpasswd no longer attempts to initialise the passdb at startup, this is
now done on first use.

pdbedit has lost some of its 'machine account' logic, as this behaviour is now
controlled by the passdb subsystem directly.

The samr subsystem no longer calls 'local password change', but does the pdb
interactions directly.  This allow the ACB_ flags specifed to be transferred
direct to the backend, without interference.

Doco:

I've updated the doco to reflect some of the changes, and removed some paramters
no longer applicable to HEAD.

18 years agoKill off another ugly wart from the side of the passdb subsystem.
Andrew Bartlett [Sun, 20 Jan 2002 13:26:31 +0000 (13:26 +0000)]
Kill off another ugly wart from the side of the passdb subsystem.

This time its the pdb_getsampwuid() function - which was only being used by the
SAMR rpc subsystem to gain a 'user session key'.  This 'user session key' is
actually generated at login time, and the other changes here simply move that
data around.

This also means that (when I check some details) we will be able to use the
user session key, even when we are not actually the DC, becouse its one of the
components of the info3 struct returned on logon.

Andrew Bartlett

18 years agoFix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNT
Andrew Bartlett [Sun, 20 Jan 2002 12:26:46 +0000 (12:26 +0000)]
Fix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNT
conversion across to the pdb_set...() interface.

Now we only set strings that are non-null.  This allows Win2k to join the
domain again, particularly when using tdbsam.

Andrew Bartlett

18 years agoKill off the old varient of 'check_plaintext_password' (new version just
Andrew Bartlett [Sun, 20 Jan 2002 09:00:32 +0000 (09:00 +0000)]
Kill off the old varient of 'check_plaintext_password' (new version just
committed in auth/auth_compat.c and use the new version to make the plaintext
password change slightly sane...  (Needs testing).

Andrew Bartlett

18 years agoAdd a touch of 'const' to some auth components, and move the simple plaintext
Andrew Bartlett [Sun, 20 Jan 2002 08:58:21 +0000 (08:58 +0000)]
Add a touch of 'const' to some auth components, and move the simple plaintext
password check into its own helper funciton.  (This will allow it to be called
from other places).

Andrew Bartlett

18 years agoFix a couple of memory leaks in the cli_establish_connection() code's failure
Andrew Bartlett [Sun, 20 Jan 2002 07:13:05 +0000 (07:13 +0000)]
Fix a couple of memory leaks in the cli_establish_connection() code's failure
case.

Thanks to Nigel Williams <nigel@wednesday.demon.co.uk> for spotting these!

Andrew Bartlett

18 years agoThis is the current patch from Luke Leighton <lckl@samba-tng.org> to add a
Andrew Bartlett [Sun, 20 Jan 2002 02:40:05 +0000 (02:40 +0000)]
This is the current patch from Luke Leighton <lckl@samba-tng.org> to add a
degree of seperation betwen reading/writing the raw NamedPipe SMB packets
and the matching operations inside smbd's RPC components.

This patch is designed for no change in behaviour, and my tests hold that to be
true.  This patch does however allow for the future loadable modules interface
to specify function pointers in replacement of the fixed state.

The pipes_struct has been split into two peices, with smb_np_struct taking the
information that should be generic to where the data ends up.

Some other minor changes are made: we get another small helper function in
util_sock.c and some of the original code has better failure debugs and
variable use. (As per on-list comments).

Andrew Bartlett

18 years agoThis patch makes the 'winbind use default domain' code interact better with
Andrew Bartlett [Sun, 20 Jan 2002 01:24:59 +0000 (01:24 +0000)]
This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett

18 years agoEnsure identical between 2.2.3 and 3.0 - no need for difference here..
Jeremy Allison [Sun, 20 Jan 2002 01:01:46 +0000 (01:01 +0000)]
Ensure identical between 2.2.3 and 3.0 - no need for difference here..
Jeremy.

18 years agoFix file size calculations for write cache code.
Jeremy Allison [Sun, 20 Jan 2002 00:43:28 +0000 (00:43 +0000)]
Fix file size calculations for write cache code.
Jeremy.

18 years agoAttempt to fix bugs in write cache code (yes I know it's going away :-).
Jeremy Allison [Sun, 20 Jan 2002 00:04:15 +0000 (00:04 +0000)]
Attempt to fix bugs in write cache code (yes I know it's going away :-).
Jeremy.

18 years agoReadline has problems on non tty fd's. Use readline replacement to in cases
Jeremy Allison [Sat, 19 Jan 2002 22:54:13 +0000 (22:54 +0000)]
Readline has problems on non tty fd's. Use readline replacement to in cases
where stdin is !isatty to allow stripts to work.
Jeremy.

18 years agoAdded #ifdef for FreeBSD TCP bug.
Jeremy Allison [Sat, 19 Jan 2002 21:37:38 +0000 (21:37 +0000)]
Added #ifdef for FreeBSD TCP bug.
Jeremy.

18 years agoReport write fail in smb_dump.
Jeremy Allison [Sat, 19 Jan 2002 21:29:20 +0000 (21:29 +0000)]
Report write fail in smb_dump.
Jeremy.

18 years agoFix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.
Jeremy Allison [Sat, 19 Jan 2002 20:21:29 +0000 (20:21 +0000)]
Fix to close winbindd_idmap on exit. Pointed out by Alexander Bokovoy.
Jeremy.

18 years agofixes (asprintf) from 2.2
Simo Sorce [Sat, 19 Jan 2002 17:29:32 +0000 (17:29 +0000)]
fixes (asprintf) from 2.2

18 years agoFix up runlist botchup.
Andrew Bartlett [Sat, 19 Jan 2002 00:38:34 +0000 (00:38 +0000)]
Fix up runlist botchup.

18 years agoUpdate the build farm's test runlist and make it a bit easier to read.
Andrew Bartlett [Fri, 18 Jan 2002 23:52:43 +0000 (23:52 +0000)]
Update the build farm's test runlist and make it a bit easier to read.

18 years agoDon't do tridge's crazy 'am I a trusted domain' lookup for guests.
Andrew Bartlett [Fri, 18 Jan 2002 08:12:10 +0000 (08:12 +0000)]
Don't do tridge's crazy 'am I a trusted domain' lookup for guests.

Andrew Bartlett

18 years agoEnsure (C) message is output on startup.
Jeremy Allison [Fri, 18 Jan 2002 03:26:53 +0000 (03:26 +0000)]
Ensure (C) message is output on startup.
Jeremy.

18 years agoIf 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek vorlon...
Jeremy Allison [Fri, 18 Jan 2002 03:08:40 +0000 (03:08 +0000)]
If 127.0.0.1 matches both allow & deny then allow. Patch from Steve Langasek vorlon@netexpress.net
Jeremy.

18 years agoThis is the 'winbind default domain' patch from Alexander Bokovoy
Andrew Bartlett [Fri, 18 Jan 2002 02:37:55 +0000 (02:37 +0000)]
This is the 'winbind default domain' patch from Alexander Bokovoy
<a.bokovoy@sam-solutions.net>.

The idea is the domain\username is rather harsh for unix systems - people don't
expect to have to FTP, SSH and (in particular) e-mail with a username like
that.

This 'corrects' that - but is not without its own problems.

As you can see from the changes to files like username.c and wb_client.c (smbd's
winbind client code) a lot of assumptions are made in a lot of places about
lp_winbind_seperator determining a users's status as a domain or local user.

The main change I will shortly be making is to investigate and kill off
winbind_initgroups() - as far as I know it was a workaround for an old bug in
winbind itself (and a bug in RH 5.2) and should no longer be relevent.

I am also going to move to using the 'winbind uid' and 'winbind gid' paramaters
to determine a user/groups's 'local' status, rather than the presence of the
seperator.

As such, this functionality is recommended for servers providing unix services,
but is currently less than optimal for windows clients.

(TODO: remove all references to lp_winbind_seperator() and
lp_winbind_use_default_domain() from smbd)

Andrew Bartlett

18 years agoTidyup & code refactoring from Martin.Sheppard@csiro.au.
Jeremy Allison [Fri, 18 Jan 2002 02:30:37 +0000 (02:30 +0000)]
Tidyup & code refactoring from Martin.Sheppard@csiro.au.
Jeremy.

18 years agoEnsure we log tdb open fails. Patch from Alexander Bokovoy <a.bokovoy@sam-solutions...
Jeremy Allison [Fri, 18 Jan 2002 02:15:04 +0000 (02:15 +0000)]
Ensure we log tdb open fails. Patch from Alexander Bokovoy <a.bokovoy@sam-solutions.net>
Jeremy.

18 years agoAdded prs_mem_clear(). Clear memory on buffer reallocation. That way
Jeremy Allison [Fri, 18 Jan 2002 00:36:16 +0000 (00:36 +0000)]
Added prs_mem_clear(). Clear memory on buffer reallocation. That way
we're not returning what the client gave us.
Jeremy.

18 years agoAlways clear malloced memory for parse structs.
Jeremy Allison [Fri, 18 Jan 2002 00:19:45 +0000 (00:19 +0000)]
Always clear malloced memory for parse structs.
Jeremy.

18 years agoA nice *big* change to the fundemental way we do things.
Andrew Bartlett [Thu, 17 Jan 2002 08:45:58 +0000 (08:45 +0000)]
A nice *big* change to the fundemental way we do things.

Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps
them around for a long time - often past the next call...

This adds a getpwnam_alloc and a getpwuid_alloc to the collection.

These function as expected, returning a malloced structure that can be
free()ed with passwd_free(&passwd).

This patch also cuts down on the number of calls to getpwnam - mostly by
taking advantage of the fact that the passdb interface is already
case-insensiteve.

With this patch most of the recursive cases have been removed (that I know
of) and the problems are reduced further by not using the sys_ interface
in the new code.  This means that pointers to the cache won't be affected.
(This is a tempoary HACK, I intend to kill the password cache entirly).

The only change I'm a little worried about is the change to
rpc_server/srv_samr_nt.c for private groups.  In this case we are getting
groups from the new group mapping DB.  Do we still need to check for private
groups?  I've toned down the check to a case sensitve match with the new code,
but we might be able to kill it entirly.

I've also added a make_modifyable_passwd() function, that copies a passwd
struct into the form that the old sys_getpw* code provided.  As far as I can
tell this is only actually used in the pass_check.c crazies, where I moved
the final 'special case' for shadow passwords (out of _Get_Pwnam()).

The matching case for getpwent() is dealt with already, in lib/util_getent.c

Also included in here is a small change to register the [homes] share at vuid
creation rather than just in one varient of the session setup.  (This picks
up the SPNEGO cases).  The home directory is now stored on the vuid, and I
am hoping this might provide a saner way to do %H substitions.

TODO:  Kill off remaining Get_Pwnam_Modify calls (they are not needed), change
the remaining sys_getpwnam() callers to use getpwnam_alloc() and move
Get_Pwnam to return an allocated struct.

Andrew Bartlett

18 years agoMove the bang (!) command back to the bottom of the list, allowing smbclient
Andrew Bartlett [Thu, 17 Jan 2002 07:14:21 +0000 (07:14 +0000)]
Move the bang (!) command back to the bottom of the list, allowing smbclient
to function again.

Add comment to warn anybody that wants to 'Alphabetize' the list to read crh's
existing comment on the issue.

Andrew Bartlett

18 years agoMade a debug look nicer.
Tim Potter [Thu, 17 Jan 2002 05:07:36 +0000 (05:07 +0000)]
Made a debug look nicer.

18 years agoAdded some guards.
Tim Potter [Thu, 17 Jan 2002 03:03:58 +0000 (03:03 +0000)]
Added some guards.

18 years agoFixed typo.
Tim Potter [Thu, 17 Jan 2002 02:54:23 +0000 (02:54 +0000)]
Fixed typo.

18 years agonew config files for winbindd startup
Herb Lewis [Thu, 17 Jan 2002 01:18:13 +0000 (01:18 +0000)]
new config files for winbindd startup

18 years agofixed a typo in the error map for WRONG_PASSWORD
Andrew Tridgell [Thu, 17 Jan 2002 01:05:34 +0000 (01:05 +0000)]
fixed a typo in the error map for WRONG_PASSWORD

18 years agodon't use O_NONBLOCK in open(). This was added erroneously for kernel
Andrew Tridgell [Thu, 17 Jan 2002 00:25:13 +0000 (00:25 +0000)]
don't use O_NONBLOCK in open(). This was added erroneously for kernel
oplocks and really shouldn't be used

18 years agoSeparate out get_user_home_dir() from get_user_home_service_dir().
Jeremy Allison [Wed, 16 Jan 2002 23:53:10 +0000 (23:53 +0000)]
Separate out get_user_home_dir() from get_user_home_service_dir().
Jeremy.

18 years agoMerged in %S fixes and XX_NOT_CHANGED fixes from 2.2.
Jeremy Allison [Wed, 16 Jan 2002 23:32:10 +0000 (23:32 +0000)]
Merged in %S fixes and XX_NOT_CHANGED fixes from 2.2.
Jeremy.

18 years agoFixup error mapping so we have only one table containing errno -> dos error -> NT...
Jeremy Allison [Wed, 16 Jan 2002 21:27:57 +0000 (21:27 +0000)]
Fixup error mapping so we have only one table containing errno -> dos error -> NT STATUS
maps. Fixes problem with disk full returning incorrect error.
Jeremy.

18 years agoAlphabetize.
Jeremy Allison [Wed, 16 Jan 2002 20:25:23 +0000 (20:25 +0000)]
Alphabetize.
Jeremy.

18 years agoAdded CIFS UNIX extension code to client.
Jeremy Allison [Wed, 16 Jan 2002 20:13:28 +0000 (20:13 +0000)]
Added CIFS UNIX extension code to client.
Jeremy.

18 years agoFix name register bug with non-existent wins server.
Jeremy Allison [Wed, 16 Jan 2002 19:23:05 +0000 (19:23 +0000)]
Fix name register bug with non-existent wins server.
Jeremy.

18 years agoAt leadt don't lose this - I need to re-sync trans2.c between 2.2.x and
Jeremy Allison [Wed, 16 Jan 2002 02:42:47 +0000 (02:42 +0000)]
At leadt don't lose this - I need to re-sync trans2.c between 2.2.x and
HEAD soon.
Jeremy.

18 years agoRoll back PSTRING_SANCTIFY patch; just leave non-controversial type
Martin Pool [Wed, 16 Jan 2002 02:42:07 +0000 (02:42 +0000)]
Roll back PSTRING_SANCTIFY patch; just leave non-controversial type
and constness changes.

18 years agoQuieten some pointer cast warnings.
Tim Potter [Wed, 16 Jan 2002 02:31:53 +0000 (02:31 +0000)]
Quieten some pointer cast warnings.

18 years agomuch better support for organisational units in ADS join
Andrew Tridgell [Wed, 16 Jan 2002 02:22:30 +0000 (02:22 +0000)]
much better support for organisational units in ADS join

18 years agoRoll back PSTR insertion.
Martin Pool [Wed, 16 Jan 2002 02:20:34 +0000 (02:20 +0000)]
Roll back PSTR insertion.

Just leave the fstrcpy/pstrcpy bugfix, and conversion to pstr_sprintf
rather than manual calculation of length.

18 years agoMerge of name_status_find() debugs.
Tim Potter [Wed, 16 Jan 2002 01:41:30 +0000 (01:41 +0000)]
Merge of name_status_find() debugs.

18 years agoFix from 2.2. It didn't break on HEAD because it isn't being compiled. Herb?
Jim McDonough [Tue, 15 Jan 2002 17:58:59 +0000 (17:58 +0000)]
Fix from 2.2.  It didn't break on HEAD because it isn't being compiled.  Herb?

18 years agoMissing assign fix from Bernt Nilsson bkn@ida.liu.se.
Jeremy Allison [Tue, 15 Jan 2002 16:20:25 +0000 (16:20 +0000)]
Missing assign fix from Bernt Nilsson bkn@ida.liu.se.
Jeremy.

18 years agoFor some reason I wasn't thinking about failure cases this morning...
Andrew Bartlett [Tue, 15 Jan 2002 05:15:22 +0000 (05:15 +0000)]
For some reason I wasn't thinking about failure cases this morning...

Anyway, this makes it slightly sane, but we may decide to smb_panic() here
instead.

Andrew Bartlett

18 years agoConvert to the new pstring interface. This diff is a pretty good
Martin Pool [Tue, 15 Jan 2002 02:15:58 +0000 (02:15 +0000)]
Convert to the new pstring interface.  This diff is a pretty good
example of the scope of change the new pstrings would entail:
basically inserting PSTR() or FSTR() everywhere you need to coerce one
to a char*.

It's also a good example of the kind of bug we might catch: on about
line 540, we were doing a pstrcpy into an fstring, which might
overflow.  It's not a problem in this particular case, but it is in
general.

18 years agoSplit pstring definitions into their own header.
Martin Pool [Tue, 15 Jan 2002 02:11:55 +0000 (02:11 +0000)]
Split pstring definitions into their own header.

18 years agoIntegrate with PSTRING_SANCTIFY.
Martin Pool [Tue, 15 Jan 2002 02:10:50 +0000 (02:10 +0000)]
Integrate with PSTRING_SANCTIFY.

18 years ago#ifdef variable that's not used without dmalloc
Martin Pool [Tue, 15 Jan 2002 01:49:06 +0000 (01:49 +0000)]
#ifdef variable that's not used without dmalloc

18 years agoAdd constness to parameters
Martin Pool [Tue, 15 Jan 2002 01:45:26 +0000 (01:45 +0000)]
Add constness to parameters

18 years agoadding wins commands to winbindd - will check in the rest of the changes
Herb Lewis [Tue, 15 Jan 2002 01:42:57 +0000 (01:42 +0000)]
adding wins commands to winbindd - will check in the rest of the changes
after further testing in 2.2 branch.

18 years agoAdd constness to parameters
Martin Pool [Tue, 15 Jan 2002 01:38:05 +0000 (01:38 +0000)]
Add constness to parameters

18 years agoAdd constness to filenames passed to functions.
Martin Pool [Tue, 15 Jan 2002 01:37:12 +0000 (01:37 +0000)]
Add constness to filenames passed to functions.

18 years agoCommit the auth associated changes I missed from the last commit.
Andrew Bartlett [Tue, 15 Jan 2002 01:14:58 +0000 (01:14 +0000)]
Commit the auth associated changes I missed from the last commit.

Also set the default value of all the allocated strings to "" to avoid changing
the interface (becouse pdb_get...() would point to a null string, rather than a
null pointer and parts of samba rely on that).

Andrew Bartlett

18 years agoChange the passdb interface to use allocated strings.
Andrew Bartlett [Tue, 15 Jan 2002 01:02:13 +0000 (01:02 +0000)]
Change the passdb interface to use allocated strings.

These strings are allocated using talloc(), either using its own memory context
stored on the SAM_ACCOUNT or one supplied by the caller.

The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call
to pdb_free_sam() will either clean up (remove hashes from memory) and destroy
the TALLOC_CTX or just clean up depending on who supplied it.

The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I
have modified the 3 places that actually checked these returns.

The only nasty thing about this patch is the small measure needed to maintin
interface compatability - strings set to NULL are actually set to "".

This is becouse there are too many places in Samba that do strlen() on these
strings without checking if they are NULL pointers.

A supp patch will follow to set all strings to "" in pdb_default_sam().

Andrew Bartlett

18 years agorerun autoconf
Andrew Bartlett [Mon, 14 Jan 2002 22:11:44 +0000 (22:11 +0000)]
rerun autoconf

18 years agoI like --enable-developer, but I find it rather usless when all it gets me is a
Andrew Bartlett [Mon, 14 Jan 2002 22:11:01 +0000 (22:11 +0000)]
I like --enable-developer, but I find it rather usless when all it gets me is a
screen-full of kerberos warnings.

This is almost as good, and I can actually see the Samba warnings.

Andrew Bartlett

18 years agoInitialise cli variables and try not to do a cli_shutdown() of uninitialsed
Andrew Bartlett [Mon, 14 Jan 2002 22:08:47 +0000 (22:08 +0000)]
Initialise cli variables and try not to do a cli_shutdown() of uninitialsed
memory.

The winbind connection caching code isn't exactly a plesent beast, and there is
more work that needs to be done to nail this properly.

Andrew Bartlett

18 years agoFix a segfault in auth/auth_domain.c error cases.
Andrew Bartlett [Mon, 14 Jan 2002 21:52:25 +0000 (21:52 +0000)]
Fix a segfault in auth/auth_domain.c error cases.

This occured when the attempt to contact the PDC failed.  The connection code
has already shut down the connection, and 'free'ed the cli or has never
initialised it in the first place.

Andrew Bartlett

18 years agoRemoved MAXSTATUS which was set incorrectly - thus causing tdb traversal
Jeremy Allison [Mon, 14 Jan 2002 19:34:28 +0000 (19:34 +0000)]
Removed MAXSTATUS which was set incorrectly - thus causing tdb traversal
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.

18 years agoFIXME We should turn the global list off when using Insure++,
Martin Pool [Mon, 14 Jan 2002 06:51:34 +0000 (06:51 +0000)]
FIXME We should turn the global list off when using Insure++,
otherwise all the memory will be seen as still reachable.

18 years agoMove local variable to avoid warning when compiled without GSSAPI.
Martin Pool [Mon, 14 Jan 2002 06:34:53 +0000 (06:34 +0000)]
Move local variable to avoid warning when compiled without GSSAPI.

18 years agoPSTRING_SANCTIFY:
Martin Pool [Mon, 14 Jan 2002 06:15:07 +0000 (06:15 +0000)]
PSTRING_SANCTIFY:

If you define this, pstring and fstring become distinguished types, so
that it's harder to accidentally overflow them by for example passing
an fstring on the lhs of pstrcpy.

The types are defined as one-element union arrays so that with
"fstring f" the name "f" will be a pointer and with a big hammer you
can cast it to (char *).  So code that tries to just use it directly
will get a loud warning, but hopefully nothing worse.

To pass them to non-pstring-aware functions, use PSTR and check that
the function takes a const.  They should almost never be modified
except by special calls.  In those unusual cases, use PSTR_MUTABLE.

This is off by default so as not to produce too many warnings.  As the
code is vetted it can become the default.

18 years agoRemoved fprintf(stderr, ...); calls which should not be present in library
Tim Potter [Mon, 14 Jan 2002 02:22:31 +0000 (02:22 +0000)]
Removed fprintf(stderr, ...); calls which should not be present in library
functions.

18 years agoA couple of coding syle updates to follow the re-indent.
Andrew Bartlett [Sun, 13 Jan 2002 12:37:01 +0000 (12:37 +0000)]
A couple of coding syle updates to follow the re-indent.

18 years agoRe-indent these two functions to make it actually possible to understand their
Andrew Bartlett [Sun, 13 Jan 2002 12:33:42 +0000 (12:33 +0000)]
Re-indent these two functions to make it actually possible to understand their
contents...

Andrew Bartlett

18 years agodon't try to allocate zero bytes
Andrew Tridgell [Sun, 13 Jan 2002 11:46:04 +0000 (11:46 +0000)]
don't try to allocate zero bytes

18 years agoI'm doing some things towards the NamedPipes game with lckl and he has asked me
Andrew Bartlett [Sun, 13 Jan 2002 11:13:54 +0000 (11:13 +0000)]
I'm doing some things towards the NamedPipes game with lckl and he has asked me
to move this from being a static to matching its mate in lib/util_sock.c.

In any case, this should discorage anybody from using the 'wrong' version of
this function.  (ie the one from TNG, which needs a bit more error checking
depending on use).

Andrew Bartlett

18 years agoMany thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.
Andrew Bartlett [Sat, 12 Jan 2002 23:57:10 +0000 (23:57 +0000)]
Many thanks to Alexander Bokovoy <a.bokovoy@sam-solutions.net>.
This work was sponsored by Optifacio Software Services, Inc.

Andrew Bartlett

(various e-mails announcements merged into some form of commit message below:)

This patch which adds basics of universal groups support
into Samba 3. Currently, only Winbind with RPC calls supports this, ADS
support requires additional (possibly huge) work on KRB5 PAC. However,
basic infrastructure is here.

This patch adds:

1. Storing of universal groups for particular user logged into Samba
software (smbd/ two winbind-pam methods) into netlogon_unigrp.tdb as array
of uint32 supplemental group rids keyed as DOMAIN_SID/USER_RID in tdb.

2. Fetching of unversal groups for given user rid and domain sid from
netlogon_unigrp.tdb.

Since this is used in both smbd and winbindd, main code is in
source/lib/netlogon_uingrp.c. Dependencies are added to AUTH_OBJ as
UNIGRP_OBJ and WINBINDD_OBJ as UNIGRP_OBJ.

This patch has had a few versions, the final version in particular:

Many thanks to Andrew Bartlett for critics and comments, and partly
rewritten code.

New:
- updated fetching code to changed byte order macros
- moved functions to proper namespace
- optimized memory usage by reusing caller's memory context
- enhanced code to more follow Samba coding rules

Todo:
- proper universal group expiration after timeout

18 years agoupdates from 2.2
Simo Sorce [Sat, 12 Jan 2002 23:12:13 +0000 (23:12 +0000)]
updates from 2.2

18 years agoAdded PRINTER_INFO_4/PRINTER_INFO_5, we're seeing level 5 requested on the wire....
Jeremy Allison [Sat, 12 Jan 2002 02:37:54 +0000 (02:37 +0000)]
Added PRINTER_INFO_4/PRINTER_INFO_5, we're seeing level 5 requested on the wire... so.
Jeremy.

18 years agoThanks to vance for spotting the missing Makefile.in commit.
Andrew Bartlett [Sat, 12 Jan 2002 02:06:17 +0000 (02:06 +0000)]
Thanks to vance for spotting the missing Makefile.in commit.

This should make things a little happier...

Andrew Bartlett

18 years agoMove all the pdb_get...() and pdb_set...() functions to a new file.
Andrew Bartlett [Sat, 12 Jan 2002 01:55:09 +0000 (01:55 +0000)]
Move all the pdb_get...() and pdb_set...() functions to a new file.

This brings passdb.c down to a much more manageable ~1100 lines and makes it a
little easier to comprehend whats going on here.

Andrew Bartlett

18 years agoAdded the O_NOFOLLOW flag if follow symlinks is set off.
Jeremy Allison [Sat, 12 Jan 2002 00:50:01 +0000 (00:50 +0000)]
Added the O_NOFOLLOW flag if follow symlinks is set off.
Jeremy.

18 years agoRound and round we go....
Jeremy Allison [Fri, 11 Jan 2002 23:33:12 +0000 (23:33 +0000)]
Round and round we go....
Jeremy.

18 years agoLatest attempt at changeid.
Jeremy Allison [Fri, 11 Jan 2002 21:52:46 +0000 (21:52 +0000)]
Latest attempt at changeid.
Jeremy.

18 years agoSame fix as went into 2.2 (I'm waiting for jerry to finish some code).
Jeremy Allison [Fri, 11 Jan 2002 19:10:25 +0000 (19:10 +0000)]
Same fix as went into 2.2 (I'm waiting for jerry to finish some code).
Jeremy.

18 years agofixed a crash bug in domain auth caused by an uninitialised nt_status
Andrew Tridgell [Fri, 11 Jan 2002 13:14:28 +0000 (13:14 +0000)]
fixed a crash bug in domain auth caused by an uninitialised nt_status

18 years agofixed a crash in merge_aces()
Andrew Tridgell [Fri, 11 Jan 2002 11:26:31 +0000 (11:26 +0000)]
fixed a crash in merge_aces()
when we free curr_ace_outer we need to not try to use it again :)

18 years agoforce the time difference in cache comparisons to be unsigned to cope
Andrew Tridgell [Fri, 11 Jan 2002 10:05:34 +0000 (10:05 +0000)]
force the time difference in cache comparisons to be unsigned to cope
with the local machine time changing

18 years agomake the winbind sequence number code more robust
Andrew Tridgell [Fri, 11 Jan 2002 10:02:28 +0000 (10:02 +0000)]
make the winbind sequence number code more robust

when switching from rpc to ADS this now should make sense

18 years agocope with direct IP addresses in resolve_name()
Andrew Tridgell [Fri, 11 Jan 2002 09:48:27 +0000 (09:48 +0000)]
cope with direct IP addresses in resolve_name()

18 years agopreparing for release of 3.0-alpha13
Samba Release Account [Fri, 11 Jan 2002 08:48:49 +0000 (08:48 +0000)]
preparing for release of 3.0-alpha13

18 years agoMake this error match Win2k.
Andrew Bartlett [Fri, 11 Jan 2002 07:48:55 +0000 (07:48 +0000)]
Make this error match Win2k.

18 years agoThe DC is meant to be sent the *unmapped* username...
Andrew Bartlett [Fri, 11 Jan 2002 06:22:42 +0000 (06:22 +0000)]
The DC is meant to be sent the *unmapped* username...

Andrew Bartlett

18 years agoAlways query the PDC for the list of trusted domains rather than interating
Tim Potter [Fri, 11 Jan 2002 05:33:45 +0000 (05:33 +0000)]
Always query the PDC for the list of trusted domains rather than interating
the list received at startup or we get an out of date list.  I thought
there might be some sequence number that is incremented when a trusted
domain is added or removed - perhaps there is but I just haven't found it
yet.

 - Renamed get_domain_info() to init_domain_list()

 - Made an accessor function to return the list of trusted domains rather
   than using a global so we don't have to remember to put a magic init
   function

 - The getent state can not keep a pointer to a winbind_domain structure as
   it may be freed if init_domain_list() is called again so we keep the
   domain name instead

18 years agoBack out the crazy notion that the NTLMSSP flags actually mean anything...
Andrew Bartlett [Fri, 11 Jan 2002 05:29:09 +0000 (05:29 +0000)]
Back out the crazy notion that the NTLMSSP flags actually mean anything...

Replace this with some flags that *we* define.  We can do a mapping later
if we actually get some more reliable info about what passwords are actually
valid.

Andrew Bartlett

18 years agoCorrect4ed comment.
Tim Potter [Fri, 11 Jan 2002 05:14:52 +0000 (05:14 +0000)]
Correct4ed comment.

18 years agoFix up 'net ads join' to delete and rejoin if the account already exists.
Andrew Bartlett [Fri, 11 Jan 2002 04:50:45 +0000 (04:50 +0000)]
Fix up 'net ads join' to delete and rejoin if the account already exists.

This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.

Andrew Bartlett

18 years agoSome memory leak fixes.
Tim Potter [Fri, 11 Jan 2002 03:49:51 +0000 (03:49 +0000)]
Some memory leak fixes.

18 years agocommit some changes for ab, and keep working on the smbgroupedit
Gerald Carter [Fri, 11 Jan 2002 00:41:27 +0000 (00:41 +0000)]
commit some changes for ab, and keep working on the smbgroupedit
manpage.

18 years agomake sure resolve_name() only returns valid IP addresses
Andrew Tridgell [Fri, 11 Jan 2002 00:23:29 +0000 (00:23 +0000)]
make sure resolve_name() only returns valid IP addresses
this is actually a workaround for old broken nmbd daemons, especially
from Samba 2.0