Jean-François Micouleau [Fri, 7 Dec 2001 10:20:17 +0000 (10:20 +0000)]
basic howto
Herb Lewis [Fri, 7 Dec 2001 01:01:28 +0000 (01:01 +0000)]
include/build_env.h wasn't getting built by default with new rules unless
you did make headers - fixed
Andrew Tridgell [Fri, 7 Dec 2001 01:01:10 +0000 (01:01 +0000)]
added a "use spnego" option
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
Herb Lewis [Fri, 7 Dec 2001 00:37:31 +0000 (00:37 +0000)]
OK I think this does what everyone wants with the .headers.stamp
it gets removed on a make clean
it gets created on a make headers (if it doesn't already exist)
This makes it so I only rebuild everthing once after a make clean and
also so nothing gets rebuilt after jfm does a make headers (proto)
Andrew Tridgell [Thu, 6 Dec 2001 22:42:27 +0000 (22:42 +0000)]
allow nsstest to test any nss module
Herb Lewis [Thu, 6 Dec 2001 19:04:01 +0000 (19:04 +0000)]
add smbgroupedit
Jean-François Micouleau [Thu, 6 Dec 2001 13:09:15 +0000 (13:09 +0000)]
again an intrusive patch:
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.
- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !
- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.
I just have to write an HOWTO now ;-)
J.F.
Jean-François Micouleau [Thu, 6 Dec 2001 12:57:50 +0000 (12:57 +0000)]
remove .headers.stamp from the delheaders definition
It forced a complete build to occur each time the proto are rebuild !
J.F.
Gerald Carter [Thu, 6 Dec 2001 07:44:12 +0000 (07:44 +0000)]
merge from 2.2
Gerald Carter [Thu, 6 Dec 2001 07:37:58 +0000 (07:37 +0000)]
merge from 2.2
Gerald Carter [Thu, 6 Dec 2001 07:33:48 +0000 (07:33 +0000)]
commit from 2.2
Andrew Tridgell [Thu, 6 Dec 2001 07:33:35 +0000 (07:33 +0000)]
put the winbindd krb5 credentials cache in the lock directory
this prevents it clobbering the users cache
Andrew Tridgell [Thu, 6 Dec 2001 07:17:25 +0000 (07:17 +0000)]
allow a MAX_DEBUG_LEVEL setting in local.h (or the Makefile)
This allows embedded systems to compile out the higher debug
levels. It should gain speed as well as reducing the code
size. Setting it to 1 saves about 300k of code on my system.
Andrew Tridgell [Thu, 6 Dec 2001 05:41:53 +0000 (05:41 +0000)]
added a propoer kerberos_kinit_password call
contribution from remus@snapserver.com
thanks!
Tim Potter [Thu, 6 Dec 2001 04:23:06 +0000 (04:23 +0000)]
Fixed typo in fix for typo in debug. (-:
Herb Lewis [Wed, 5 Dec 2001 21:49:51 +0000 (21:49 +0000)]
fix up packaging stuff
Herb Lewis [Wed, 5 Dec 2001 21:08:17 +0000 (21:08 +0000)]
merge from 2.2
don't set WINBIND variables unless configure was run --with-winbind
Herb Lewis [Wed, 5 Dec 2001 19:45:30 +0000 (19:45 +0000)]
dont add -I./popt to CFLAGS it really belongs in FLAGS1 with other include
paths. This make it hard to use a script that overrides CFLAGS options.
Jeremy Allison [Wed, 5 Dec 2001 19:33:35 +0000 (19:33 +0000)]
Added fetch_domain_sid. Not used in current code, but a nice example
of how to use this interface.
Jeremy.
Jean-François Micouleau [Wed, 5 Dec 2001 15:45:36 +0000 (15:45 +0000)]
changed the DEBUG level of tdb_pack and tdb_unpack. Instead of 8, it's now
18.
when you're looking at a level 10, and it's all clutered with
tdb_pack/unpack, it's getting .... And anyway most of our code using
tdb_pack/unpack have DEBUG around the call if there is a problem.
J.F.
Jean-François Micouleau [Wed, 5 Dec 2001 15:41:44 +0000 (15:41 +0000)]
added samr_queryuseralias(). instead of returning BUILTIN_ALIAS_RID_USERS,
now return the alias correctly.
time to look at the netlogon case.
J.F.
Samba Release Account [Wed, 5 Dec 2001 12:28:21 +0000 (12:28 +0000)]
preparing for release of 3.0alpha1
Andrew Tridgell [Wed, 5 Dec 2001 11:32:25 +0000 (11:32 +0000)]
fixed a return value
Andrew Bartlett [Wed, 5 Dec 2001 11:00:26 +0000 (11:00 +0000)]
OK. Smbpasswd -j is DEAD.
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
Andrew Bartlett [Wed, 5 Dec 2001 10:52:13 +0000 (10:52 +0000)]
Add a couple of extra debugs for the secrets.tdb stuff
Andrew Bartlett [Wed, 5 Dec 2001 10:50:26 +0000 (10:50 +0000)]
Ensure we fill in the %U for NTLMSSP connections
Andrew Tridgell [Wed, 5 Dec 2001 10:44:30 +0000 (10:44 +0000)]
fixed a minor password memory leak
Andrew Tridgell [Wed, 5 Dec 2001 10:43:43 +0000 (10:43 +0000)]
fixed a memory leak
Andrew Tridgell [Wed, 5 Dec 2001 10:35:25 +0000 (10:35 +0000)]
fix link error
Andrew Tridgell [Wed, 5 Dec 2001 10:14:22 +0000 (10:14 +0000)]
handle ldap server down better
Andrew Tridgell [Wed, 5 Dec 2001 09:46:53 +0000 (09:46 +0000)]
added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
Andrew Tridgell [Wed, 5 Dec 2001 09:45:00 +0000 (09:45 +0000)]
auto-init secrets.tdb
Andrew Tridgell [Wed, 5 Dec 2001 09:19:25 +0000 (09:19 +0000)]
added timeouts and retries to ldap operations
Andrew Tridgell [Wed, 5 Dec 2001 07:52:44 +0000 (07:52 +0000)]
moved the sequence number fetch into the backend, and fetch the
sequence number via ldap when using ads
Andrew Tridgell [Wed, 5 Dec 2001 07:36:35 +0000 (07:36 +0000)]
don't double free ldap message lists
Andrew Tridgell [Wed, 5 Dec 2001 07:35:57 +0000 (07:35 +0000)]
paranoia fixes in based ldap routines for potential memory leaks
Andrew Tridgell [Wed, 5 Dec 2001 07:11:26 +0000 (07:11 +0000)]
fixed another leak - memory usage now seems to be quite small
Andrew Tridgell [Wed, 5 Dec 2001 07:05:53 +0000 (07:05 +0000)]
added very basic ads connection cacheing
Andrew Tridgell [Wed, 5 Dec 2001 06:26:56 +0000 (06:26 +0000)]
more memory leak fixes
Andrew Tridgell [Wed, 5 Dec 2001 06:16:33 +0000 (06:16 +0000)]
plugged most of the memory leaks
Andrew Tridgell [Wed, 5 Dec 2001 05:35:45 +0000 (05:35 +0000)]
added the last winbindd/ads backend function
winbindd is now fully functional with a native mode w2k server
now for the memory leaks and speed ...
Andrew Tridgell [Wed, 5 Dec 2001 04:48:51 +0000 (04:48 +0000)]
finally worked out how to do ldap lookups by binary blobs, so I can
now do searches on SID. This allows me to do a true ldap sid_to_name()
function
one one function to go!
Andrew Tridgell [Wed, 5 Dec 2001 04:44:34 +0000 (04:44 +0000)]
added functions that convert a ads binary blob to a string (for
searching on SID)
Andrew Tridgell [Wed, 5 Dec 2001 04:43:53 +0000 (04:43 +0000)]
fixed an off by 1 bug in talloc_asprintf()
Jeremy Allison [Wed, 5 Dec 2001 04:17:39 +0000 (04:17 +0000)]
Fixed parse_domain_user to be bool.
Jeremy.
Andrew Bartlett [Wed, 5 Dec 2001 03:14:35 +0000 (03:14 +0000)]
Add a new flag for anonymous connections
Andrew Bartlett [Wed, 5 Dec 2001 03:14:21 +0000 (03:14 +0000)]
Make it easier to construct anonymous connections with a new flag and helper
function.
Andrew Bartlett [Wed, 5 Dec 2001 02:58:40 +0000 (02:58 +0000)]
Split out the name resolution code into a seperate function
Jeremy Allison [Wed, 5 Dec 2001 02:11:03 +0000 (02:11 +0000)]
Use print_queue_length() by preference if we don't need a queue
as it doesn't do a traversal.
Jeremy.
Andrew Bartlett [Wed, 5 Dec 2001 01:59:32 +0000 (01:59 +0000)]
Follow herb's suggestion and don't strdup a string to itself
Andrew Bartlett [Wed, 5 Dec 2001 01:58:33 +0000 (01:58 +0000)]
Follow herb's suggestion and don't strdup a string to itself.
Herb Lewis [Wed, 5 Dec 2001 01:04:47 +0000 (01:04 +0000)]
merge from 2.2 branch
Jeremy Allison [Wed, 5 Dec 2001 00:54:33 +0000 (00:54 +0000)]
Improved efficiency of enumerating print queue's under a particular
extreme condition...
Jeremy.
Andrew Bartlett [Wed, 5 Dec 2001 00:26:36 +0000 (00:26 +0000)]
Add a mechinism to allow for sane porting of rpcclient components into the new
'net' command.
This also gets us 'net rpc user add'.
Andrew Bartlett
Andrew Bartlett [Wed, 5 Dec 2001 00:24:57 +0000 (00:24 +0000)]
Ditto on the const religion.
Andrew Bartlett [Wed, 5 Dec 2001 00:22:24 +0000 (00:22 +0000)]
Const religion for some of the RPC code.
Herb Lewis [Tue, 4 Dec 2001 22:24:17 +0000 (22:24 +0000)]
Merge from 2.2
If you do not have one more expect than issue when talking to the passwd
program you will not send the last issue.
Jean-François Micouleau [Tue, 4 Dec 2001 21:58:37 +0000 (21:58 +0000)]
move proto.h and build_env.h from $(srcdir)/include to $(builddir)/include
tridge, martin, if you think it's wrong , you can revert it.
J.F.
Jean-François Micouleau [Tue, 4 Dec 2001 21:53:47 +0000 (21:53 +0000)]
added a boolean to the group mapping functions to specify if we need or
not the privileges. Usually we don't need them, so the memory is free
early.
lib/util_sid.c: added some helper functions to check an SID.
passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass
an RID all the way. If the group doesn't exist on the domain SID,
don't return a faked one as it can collide with a builtin one. Some rpc
structures have been badly designed, they return only rids and force the
client to do subsequent lsa_lookup_sid() on the domain sid and the builtin
sid !
rpc_server/srv_util.c: wrote a new version of get_domain_user_groups().
Only the samr code uses it atm. It uses the group mapping code instead of
a bloody hard coded crap. The netlogon code will use it too, but I have to
do some test first.
J.F.
Jeremy Allison [Tue, 4 Dec 2001 21:30:52 +0000 (21:30 +0000)]
Correct message on wbinfo fail to open config file.
Jeremy.
Jeremy Allison [Tue, 4 Dec 2001 18:37:14 +0000 (18:37 +0000)]
Tidup.
Jeremy.
Martin Pool [Tue, 4 Dec 2001 13:21:15 +0000 (13:21 +0000)]
Put back changes to set errno, which seem to do no harm.
Martin Pool [Tue, 4 Dec 2001 13:17:22 +0000 (13:17 +0000)]
Fix headers. This I know is correct.
Martin Pool [Tue, 4 Dec 2001 12:44:10 +0000 (12:44 +0000)]
Fix headers. This I know is correct.
Andrew Tridgell [Tue, 4 Dec 2001 12:10:05 +0000 (12:10 +0000)]
added lookup_groups() to the ads backend
winbindd/ADS can now do initgroups()
Andrew Tridgell [Tue, 4 Dec 2001 12:08:16 +0000 (12:08 +0000)]
added ads_search_dn() and ads_pull_sids()
Martin Pool [Tue, 4 Dec 2001 11:41:12 +0000 (11:41 +0000)]
undo
Martin Pool [Tue, 4 Dec 2001 11:25:44 +0000 (11:25 +0000)]
Implement suggestion from tridge to leave the old tdb_open interface
as it was, and add tdb_open_ex() which takes a log callback. I guess
this makes more sense since it's a public interface.
Martin Pool [Tue, 4 Dec 2001 07:40:25 +0000 (07:40 +0000)]
Better error handling:
- tdb_open api changed so that you now pass an error handling
callback when opening the file, so that errors detected during
opening have somewhere to go. (All calls from the body of Samba to
this function go through a wrapper in tdbutil, which has been
updated.)
- Clean up logic for deciding how to open tdb. Emit log messages if
something goes wrong (e.g. bad magic.)
- tdbtool now logs errors to stderr.
Andrew Tridgell [Tue, 4 Dec 2001 06:56:58 +0000 (06:56 +0000)]
allow for passwords other than "samba2"
:)
Andrew Tridgell [Tue, 4 Dec 2001 06:46:53 +0000 (06:46 +0000)]
moved lookup_usergroups() into the backend structure
Andrew Tridgell [Tue, 4 Dec 2001 06:20:39 +0000 (06:20 +0000)]
moved init_account_policy() to the right place
Andrew Tridgell [Tue, 4 Dec 2001 06:17:39 +0000 (06:17 +0000)]
added a query_user backend
fixed a winbindd crash when the group membership can't be looked up
Andrew Tridgell [Tue, 4 Dec 2001 06:16:02 +0000 (06:16 +0000)]
typo fix
Andrew Tridgell [Tue, 4 Dec 2001 06:14:42 +0000 (06:14 +0000)]
const religion in talloc calls
Andrew Bartlett [Tue, 4 Dec 2001 05:16:54 +0000 (05:16 +0000)]
smbpasswd is *ugly*!
However this looks like the best spot to init the account policy db...
(fix segfaults on all local smbpasswd ops)
Andrew Bartlett
Jeremy Allison [Tue, 4 Dec 2001 05:13:04 +0000 (05:13 +0000)]
winbindd friendly user_in_list code. Tested on a 65k user domain.
Jeremy.
Andrew Bartlett [Tue, 4 Dec 2001 05:03:03 +0000 (05:03 +0000)]
Add 'net rpc join' to match the ADS equiv.
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
Andrew Bartlett [Tue, 4 Dec 2001 04:48:01 +0000 (04:48 +0000)]
Some changes to the name resolution code in 'net' to allow us to find a
PDC, as well as changes for correctness as per tridge.
Andrew Bartlett
Andrew Bartlett [Tue, 4 Dec 2001 04:45:17 +0000 (04:45 +0000)]
Fix up funtion name, as this finds local, not domain master browsers.
(as per tridge's instructions)
Andrew Bartlett [Tue, 4 Dec 2001 04:33:22 +0000 (04:33 +0000)]
This comment no longer applies.
Martin Pool [Tue, 4 Dec 2001 04:03:29 +0000 (04:03 +0000)]
Magic file for TDB databases.
Jeremy Allison [Tue, 4 Dec 2001 03:59:18 +0000 (03:59 +0000)]
Stop using getgrgid() - a very expensive call with winbindd, to look up
a group name.
Jeremy.
Jeremy Allison [Tue, 4 Dec 2001 03:47:44 +0000 (03:47 +0000)]
Moved name_is_local to the correct place. Ooops.
Jeremy.
Martin Pool [Tue, 4 Dec 2001 02:58:42 +0000 (02:58 +0000)]
Set errno in tdb_open in cases where we detect an error in opening the
database, but no underlying system call sets errno.
The particular case I had was a mangled .tdb, but there are others.
For this one, set EIO. It's a shame Unix messages aren't more
detailed -- "bad data format" would be better.
Jeremy Allison [Tue, 4 Dec 2001 02:58:22 +0000 (02:58 +0000)]
Tidyup of lib/username. Add name_is_local fn to determine if name is
winbindd. Getting ready for efficiency fix in group lookups.
Jeremy.
Tim Potter [Tue, 4 Dec 2001 00:46:12 +0000 (00:46 +0000)]
Added error message for ERRdiskfull.
Andrew Tridgell [Tue, 4 Dec 2001 00:07:08 +0000 (00:07 +0000)]
when using non-encrypted password ignore the ntpass variable to
session setup
Jeremy Allison [Mon, 3 Dec 2001 20:39:15 +0000 (20:39 +0000)]
Added prototypes for new fns. Thanks Elrond.
Jeremy.
Jean-François Micouleau [Mon, 3 Dec 2001 17:14:23 +0000 (17:14 +0000)]
added a tdb to store the account policy informations.
You can change them with either usermanager->policies->account
or from a command prompt on NT/W2K: net accounts /domain
we can add a rpc accounts to the net command. As the net_rpc.c is still
empty, I did not start. How should I add command to it ? Should I take the
rpcclient/cmd_xxx functions and call them from there ?
alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more
for jeremy ;-)
J.F.
Andrew Tridgell [Mon, 3 Dec 2001 11:32:55 +0000 (11:32 +0000)]
changed query_dispinfo to query_user_list
Andrew Tridgell [Mon, 3 Dec 2001 11:11:14 +0000 (11:11 +0000)]
put sid_to_name behind the winbindd backend interface
I spent quite a while trying to work out how to make this call
via ldap and failed. I then found that MS servers seem use rpc
for sid_to_name, and it works even when in native mode, I ended
up just implementing it via rpc
Andrew Tridgell [Mon, 3 Dec 2001 08:17:46 +0000 (08:17 +0000)]
added name_to_sid to the backend
Andrew Tridgell [Mon, 3 Dec 2001 08:16:51 +0000 (08:16 +0000)]
const religion
Andrew Tridgell [Mon, 3 Dec 2001 08:16:01 +0000 (08:16 +0000)]
added another ATYPE_
Andrew Tridgell [Mon, 3 Dec 2001 08:15:18 +0000 (08:15 +0000)]
make proto should build winbindd_proto.h as well
Andrew Bartlett [Mon, 3 Dec 2001 07:42:18 +0000 (07:42 +0000)]
This change reworkes the connection code for both rpcclient and net new
'net' untility.
This should make it easier to port rpcclient code across to net.
It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse
it kills off the early destruction of the clear-text password.
Andrew Bartlett
Andrew Bartlett [Mon, 3 Dec 2001 06:49:47 +0000 (06:49 +0000)]
Forgot this one with the last commit...
Andrew Bartlett
Andrew Tridgell [Mon, 3 Dec 2001 06:04:18 +0000 (06:04 +0000)]
added a basic ADS backend to winbind. More work needed, but at
least basic operations work
Andrew Bartlett [Mon, 3 Dec 2001 04:39:23 +0000 (04:39 +0000)]
This is another major rework of the 'net' command.
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett