Jeremy Allison [Wed, 12 Dec 2001 19:40:22 +0000 (19:40 +0000)]
Always use ASCII strings when changing passwords with RAP.
Jeremy.
Herb Lewis [Wed, 12 Dec 2001 16:13:52 +0000 (16:13 +0000)]
ran autoconf
Herb Lewis [Wed, 12 Dec 2001 16:08:32 +0000 (16:08 +0000)]
allow IRIX to build nsswitch/libnss_wins.so
Herb Lewis [Wed, 12 Dec 2001 16:04:37 +0000 (16:04 +0000)]
add *.po32 to ignore list
Jean-François Micouleau [Wed, 12 Dec 2001 15:25:22 +0000 (15:25 +0000)]
added a -V[erbose] option to samsync. Decode a lot of information
I'm looking at chaining the credentials
J.F.
Jean-François Micouleau [Wed, 12 Dec 2001 11:38:57 +0000 (11:38 +0000)]
decoded SAM_DELTA 0x0e and 0x12.
One is an entry for the trusted domains
The other is an entry for the trusting domains
They are pretty basic, I'll improve them.
J.F.
Samba Release Account [Wed, 12 Dec 2001 10:22:34 +0000 (10:22 +0000)]
preparing for release of 3.0-alpha6
Jean-François Micouleau [Wed, 12 Dec 2001 09:43:56 +0000 (09:43 +0000)]
a ugly decoder for SAM_DELTA_DOM_INFO (0x0d)
a correct decoder for SAM_PRIVS_INFO (0x10)
this code is totally useless right now, it's just fun to decode those and
will save tpot some time.
J.F.
Andrew Tridgell [Wed, 12 Dec 2001 09:37:17 +0000 (09:37 +0000)]
added "net time zone" command to show the timezone on a computer
Andrew Tridgell [Tue, 11 Dec 2001 23:44:33 +0000 (23:44 +0000)]
pam_smbpass updates from a.bokovoy@sam-solutions.net
Tim Potter [Tue, 11 Dec 2001 23:27:45 +0000 (23:27 +0000)]
Oops, the -a option disappeared.
Andrew Tridgell [Tue, 11 Dec 2001 22:53:21 +0000 (22:53 +0000)]
ads howto update
Herb Lewis [Tue, 11 Dec 2001 20:41:31 +0000 (20:41 +0000)]
add PATH_FLAGS to .po32 objects so dynconfig builds with smbwrapper
Herb Lewis [Tue, 11 Dec 2001 20:20:30 +0000 (20:20 +0000)]
sync with 2.2
added multiple include protection
added IRIX defines
Jim McDonough [Tue, 11 Dec 2001 19:27:40 +0000 (19:27 +0000)]
Replace backslash with winbind separator before calling parse_domain_user(). Winbind separators other than backslash didn't work.
Herb Lewis [Tue, 11 Dec 2001 18:08:48 +0000 (18:08 +0000)]
fix for IRIX compilers
Volker Lendecke [Tue, 11 Dec 2001 17:45:51 +0000 (17:45 +0000)]
Clarify a little
Volker
Andrew Tridgell [Tue, 11 Dec 2001 12:29:03 +0000 (12:29 +0000)]
allow join of already joined domain
Andrew Tridgell [Tue, 11 Dec 2001 10:37:00 +0000 (10:37 +0000)]
prevent double free
Jeremy Allison [Tue, 11 Dec 2001 08:31:58 +0000 (08:31 +0000)]
Fix up warnings. Make tdb_openXX() names const.
Jeremy.
Jeremy Allison [Tue, 11 Dec 2001 08:24:36 +0000 (08:24 +0000)]
Tidyups to remove warnings on tdb standalone code.
Jeremy.
Samba Release Account [Tue, 11 Dec 2001 06:35:00 +0000 (06:35 +0000)]
preparing for release of 3.0-alpha5
Andrew Tridgell [Tue, 11 Dec 2001 06:17:01 +0000 (06:17 +0000)]
handle systems without setenv()
Andrew Tridgell [Tue, 11 Dec 2001 05:48:27 +0000 (05:48 +0000)]
handle a NULL hostname in cli_connect()
Andrew Tridgell [Tue, 11 Dec 2001 05:47:26 +0000 (05:47 +0000)]
better error handling
Andrew Tridgell [Tue, 11 Dec 2001 05:28:56 +0000 (05:28 +0000)]
added a comment about /bin/date
Andrew Tridgell [Tue, 11 Dec 2001 05:21:50 +0000 (05:21 +0000)]
added a net time command. Allow display or set of system time based on
a SMB server
particularly useful for ADS is:
net time set -S DOMAIN#1B
this makes kerberos clock skew problems go away :)
Tim Potter [Tue, 11 Dec 2001 05:19:15 +0000 (05:19 +0000)]
Modify winbindd to use authenticated user info from secrets.tdb when making
IPC$ connections to domain controllers.
Tim Potter [Tue, 11 Dec 2001 05:18:36 +0000 (05:18 +0000)]
Converted wbinfo to use popt instead of getopt - popt is very nice!
Added a --set-auth-user function to set a username and password that can be
used by winbindd when making connections to domain controllers. This is
necessary when restrictions have been placed on anonymous connections
either through the RestrictAnonymous registry setting, or the win2k Local
Security Policy -> Security Settings -> Local Policies -> Security Options
-> Additional restrictions for anonymous connections. (phew)
Two new keys are set in secrets.tdb: SECRETS/AUTH_USER and
SECRETS/AUTH_PASSWORD which hold the username and plaintext password of the
user to connect as.
To reset these values, run wbinfo --set-auth-user ""
Andrew Tridgell [Tue, 11 Dec 2001 05:16:48 +0000 (05:16 +0000)]
detect attempts to connect to names of the type NAME#xx and do a
netbios lookup for name NAME with node type xx.
This affects all our client progs. Very useful :)
Andrew Tridgell [Tue, 11 Dec 2001 05:15:52 +0000 (05:15 +0000)]
allow overriding the local time in kerberos_kinit_password()
Tim Potter [Tue, 11 Dec 2001 04:25:21 +0000 (04:25 +0000)]
Removed unreferenced getopt() externals.
Tim Potter [Tue, 11 Dec 2001 03:03:45 +0000 (03:03 +0000)]
SAMR query sec obj returns different results depending on which sam handle
it is passed. Not sure what these different contexts are called or what
they are used for.
- if a rid is specified to samquerysecobj then use the sam user policy
handle for that rid
- if -d is specified then use the sam domain policy handle
- otherwise just use the sam connect policy handle
JF, any ideas about this?
Tim Potter [Tue, 11 Dec 2001 02:23:14 +0000 (02:23 +0000)]
Grr - people who put const everywhere should fix up all the warnings they
generate.
Tim Potter [Tue, 11 Dec 2001 02:22:42 +0000 (02:22 +0000)]
Removed unused variable.
Tim Potter [Tue, 11 Dec 2001 02:17:26 +0000 (02:17 +0000)]
Doing some research into ACLs on the LSA and SAM policy objects.
- added lsaquerysecobj to rpcclient
- renamed querysecobj to samquerysecobj
- removed duplicated display_sec_acl() code from cmd_spoolss.c and
cmd_samr.c and moved it into display_sec.c
Samba Release Account [Tue, 11 Dec 2001 01:29:04 +0000 (01:29 +0000)]
preparing for release of 3.0-alpha4
Andrew Tridgell [Tue, 11 Dec 2001 01:04:13 +0000 (01:04 +0000)]
removed the start_ndx parameter from group enumeration
I tried testing this by lowering the buffer size in
cli_samr_enum_dom_groups() but that didn't work - I think this needs
more looking into
Tim Potter [Tue, 11 Dec 2001 00:11:11 +0000 (00:11 +0000)]
Compile fix.
Andrew Tridgell [Tue, 11 Dec 2001 00:03:58 +0000 (00:03 +0000)]
got rid of start_ndx from query_user_list()
Jean-François Micouleau [Mon, 10 Dec 2001 23:34:32 +0000 (23:34 +0000)]
NT_STATUS(0x80000005) maps to ERRDOS,234
J.F.
Jean-François Micouleau [Mon, 10 Dec 2001 22:30:31 +0000 (22:30 +0000)]
added enum alias groups to rpcclient
Andrew Tridgell [Mon, 10 Dec 2001 22:25:21 +0000 (22:25 +0000)]
reinstated all the rap commands as top level commands until we get the
protocol switch mechanism in place
Andrew Tridgell [Mon, 10 Dec 2001 22:10:31 +0000 (22:10 +0000)]
moved ccache location change into winbindd code
Andrew Tridgell [Mon, 10 Dec 2001 22:10:16 +0000 (22:10 +0000)]
robustness fixes and moved ccache location into winbindd_ads code
Jeremy Allison [Mon, 10 Dec 2001 19:48:43 +0000 (19:48 +0000)]
Treat RAP codes differently.
Jeremy.
Jeremy Allison [Mon, 10 Dec 2001 19:18:56 +0000 (19:18 +0000)]
RAP error strings take precedence as they are not encoded in the SMB header
(ie. the call can succeed, but still be an encoded error).
Jeremy.
Jim McDonough [Mon, 10 Dec 2001 18:07:17 +0000 (18:07 +0000)]
Delay gssapi header checking until after kerberos has been located. Wasn't working on RedHat systems because of /usr/kerberos install location.
Jean-François Micouleau [Mon, 10 Dec 2001 15:03:16 +0000 (15:03 +0000)]
added info level 3 to samrgetgroupinfo. I don't know what the value is.
It's just to keep usermanager happy ;-)
clean up a bit samr_query_aliasinfo to return the group description
added: samr_del_aliasmem, samr_del_groupmem and samr_del_domuser
with the correct scripts, you can now entirely manage the users from
usermanager ! Closer to full PDC every day ;-)
J.F.
Martin Pool [Mon, 10 Dec 2001 08:36:42 +0000 (08:36 +0000)]
Make proto
Martin Pool [Mon, 10 Dec 2001 08:10:05 +0000 (08:10 +0000)]
Add a panic action that tries to call gdb noninteractively to get a
backtrace. Will break on many machines, but we're already crashed in
this case.
Samba Release Account [Mon, 10 Dec 2001 07:33:16 +0000 (07:33 +0000)]
preparing for release of 3.0-alpha3
Martin Pool [Mon, 10 Dec 2001 07:29:34 +0000 (07:29 +0000)]
Doc.
Martin Pool [Mon, 10 Dec 2001 07:27:20 +0000 (07:27 +0000)]
Allow for internal databases which may have no name.
Samba Release Account [Mon, 10 Dec 2001 07:19:21 +0000 (07:19 +0000)]
preparing for release of 3.0alpha2
Martin Pool [Mon, 10 Dec 2001 07:02:58 +0000 (07:02 +0000)]
Log more error messages.
Martin Pool [Mon, 10 Dec 2001 07:02:24 +0000 (07:02 +0000)]
Log more error messages.
Martin Pool [Mon, 10 Dec 2001 06:23:28 +0000 (06:23 +0000)]
Also show LDFLAGS/LDSHFLAGS when starting compilation, because they're
not visible later on.
Andrew Tridgell [Mon, 10 Dec 2001 06:21:44 +0000 (06:21 +0000)]
use objectCategory instead of objectClass for faster searching
Tim Potter [Mon, 10 Dec 2001 06:21:18 +0000 (06:21 +0000)]
Merge of memory leak fixes from APPLIANCE_TNG.
Martin Pool [Mon, 10 Dec 2001 06:09:42 +0000 (06:09 +0000)]
Allocate tdb name up front in case log functions want to use it.
Andrew Tridgell [Mon, 10 Dec 2001 06:05:21 +0000 (06:05 +0000)]
winbindd backends can now be marked "consistent" or "inconsistent"
consistent backends (like ADS) always give correct primary group
info, so we can play cache tricks to speed things up a lot
inconsistent backends (like MSRPC) need to fetch stuff more often
Martin Pool [Mon, 10 Dec 2001 05:29:47 +0000 (05:29 +0000)]
tdb_open_ex: More cleanups: just dynamically allocate the TDB_CONTEXT
up front, rather than working on the stack and then copying across.
Martin Pool [Mon, 10 Dec 2001 05:22:04 +0000 (05:22 +0000)]
Refactor code to check whether already open into its own function.
Andrew Tridgell [Mon, 10 Dec 2001 05:20:55 +0000 (05:20 +0000)]
shrank the winbindd_cache.tdb somewhat
on my system it now uses 132k for 308 users
Martin Pool [Mon, 10 Dec 2001 05:12:52 +0000 (05:12 +0000)]
tdb_open_ex should always "goto fail" in case of error, rather than
just returning. I don't think this would leak at the moment, but it's
an accident waiting to happen.
Martin Pool [Mon, 10 Dec 2001 05:08:22 +0000 (05:08 +0000)]
Doc.
Martin Pool [Mon, 10 Dec 2001 05:05:21 +0000 (05:05 +0000)]
tdb_open_ex: Continue previous refactoring so that we consistently
just say "tdb" not "&tdb".
Tim Potter [Mon, 10 Dec 2001 05:03:17 +0000 (05:03 +0000)]
Added client and server code for the GetPrintProcessorDirectory SPOOLSS
rpc. This was supposed to fix a printer driver download bug but it didn't
but it seemed a shame to trash all this code so I'm commiting it #ifdef'ed
out in case someone needs it one day.
Martin Pool [Mon, 10 Dec 2001 05:00:36 +0000 (05:00 +0000)]
tdb_open_ex: Refactor to use a pointer to tdb, rather than an auto
tdb, to be consistent with the rest of the code.
Tim Potter [Mon, 10 Dec 2001 04:59:17 +0000 (04:59 +0000)]
Formatting fixup.
Martin Pool [Mon, 10 Dec 2001 04:35:01 +0000 (04:35 +0000)]
Explain why snprintf has to be overridden in this way.
Martin Pool [Mon, 10 Dec 2001 04:29:14 +0000 (04:29 +0000)]
(merge 1.130.4.93) Display results of checks for shared libraries.
Tim Potter [Mon, 10 Dec 2001 04:15:58 +0000 (04:15 +0000)]
Typo spotting.
Andrew Tridgell [Mon, 10 Dec 2001 03:21:38 +0000 (03:21 +0000)]
cleanup a little namespace pollution
Andrew Tridgell [Mon, 10 Dec 2001 03:06:15 +0000 (03:06 +0000)]
switch off level 100 debug for server security
Andrew Tridgell [Mon, 10 Dec 2001 02:30:18 +0000 (02:30 +0000)]
added some comments
Andrew Tridgell [Mon, 10 Dec 2001 02:25:19 +0000 (02:25 +0000)]
moved the domain sid lookup and enumeration of trusted domains into
the backends
at startup, loop until we get the domain sid for our primary domain,
trying every 10 seconds. This makes winbindd handle a room-wide power
failure better
Andrew Tridgell [Mon, 10 Dec 2001 01:05:50 +0000 (01:05 +0000)]
added some comments
Andrew Tridgell [Mon, 10 Dec 2001 00:39:01 +0000 (00:39 +0000)]
make sid_binstring available without HAVE_ADS
Andrew Tridgell [Mon, 10 Dec 2001 00:07:51 +0000 (00:07 +0000)]
explicitly encode NULL strings in the cache
Andrew Tridgell [Mon, 10 Dec 2001 00:00:44 +0000 (00:00 +0000)]
removed a debug line
Andrew Tridgell [Sun, 9 Dec 2001 23:59:42 +0000 (23:59 +0000)]
completely new winbindd cache infrastructure
this one looks like just another winbind backend, and has the
following properties:
- does -ve and +ve cacheing of all queries
- can be disabled with -n switch to winbindd
- stores all records packed, so even huge domains are not a problem
for a complete cache
- handles the server being down
- uses sequence numbers for all entries
This fixes a lot of problems with winbindd. Serving from cache is now
*very* fast.
Andrew Tridgell [Sun, 9 Dec 2001 23:56:07 +0000 (23:56 +0000)]
add smb_xvasprintf() panic wrapper around vasprintf
Motonobu Takahashi [Sun, 9 Dec 2001 17:06:45 +0000 (17:06 +0000)]
added fr.msg from Fanch
Andrew Tridgell [Sun, 9 Dec 2001 07:49:20 +0000 (07:49 +0000)]
added a simple tdbdump utility
Andrew Tridgell [Sun, 9 Dec 2001 07:18:59 +0000 (07:18 +0000)]
set return value to total errors
Andrew Tridgell [Sun, 9 Dec 2001 06:51:27 +0000 (06:51 +0000)]
better error checking in nsstest
Andrew Tridgell [Sun, 9 Dec 2001 06:10:40 +0000 (06:10 +0000)]
- check for correct error codes
- handle no initgroups fn
Andrew Tridgell [Sun, 9 Dec 2001 06:10:02 +0000 (06:10 +0000)]
- use accountype not accountcontrol
- better debug code
Andrew Tridgell [Sun, 9 Dec 2001 00:46:37 +0000 (00:46 +0000)]
fixed type passed to ads_search
Andrew Tridgell [Sun, 9 Dec 2001 00:45:51 +0000 (00:45 +0000)]
fixed used of string after free
Jean-François Micouleau [Sat, 8 Dec 2001 23:57:35 +0000 (23:57 +0000)]
small comment I don't want to loose.
J.F.
Jean-François Micouleau [Sat, 8 Dec 2001 23:56:58 +0000 (23:56 +0000)]
Fix domain logon that I broke 3 days ago.
And it's in sync with the docs, %U is really replaced by the name the user
asked. Whereas in 2.2 that's false, %U is replaced by the name the user
was mapped to.
J.F.
Andrew Bartlett [Sat, 8 Dec 2001 17:37:59 +0000 (17:37 +0000)]
By popular demand: a new config.guess and config.sub
(I hope I did this right)
Andrew Bartlett
Andrew Tridgell [Sat, 8 Dec 2001 12:06:08 +0000 (12:06 +0000)]
check for gssapi_generic.h
Andrew Tridgell [Sat, 8 Dec 2001 12:00:27 +0000 (12:00 +0000)]
fix a DEBUG() line
Andrew Tridgell [Sat, 8 Dec 2001 11:18:56 +0000 (11:18 +0000)]
added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
Andrew Bartlett [Sat, 8 Dec 2001 02:25:25 +0000 (02:25 +0000)]
Fix segfault, and add a comment.
Andrew Bartlett [Sat, 8 Dec 2001 02:14:56 +0000 (02:14 +0000)]
Leak less memory.
Now, is there any reason that the prs_init() doesn't use the talloc context
that it is supplied as an argument for the actual data buffer?
It would seem logical to replace the malloc with a talloc, but I'm sure
there is some method to the madness (extrnal use/Reallocing of it I presume)
Andrew Bartlett