cvs2svn Import User [Mon, 10 Dec 2001 07:33:17 +0000 (07:33 +0000)]
This commit was manufactured by cvs2svn to create tag
'release-3-0-alpha3'.
Samba Release Account [Mon, 10 Dec 2001 07:33:16 +0000 (07:33 +0000)]
preparing for release of 3.0-alpha3
Martin Pool [Mon, 10 Dec 2001 07:29:34 +0000 (07:29 +0000)]
Doc.
Martin Pool [Mon, 10 Dec 2001 07:27:20 +0000 (07:27 +0000)]
Allow for internal databases which may have no name.
Samba Release Account [Mon, 10 Dec 2001 07:19:21 +0000 (07:19 +0000)]
preparing for release of 3.0alpha2
Martin Pool [Mon, 10 Dec 2001 07:02:58 +0000 (07:02 +0000)]
Log more error messages.
Martin Pool [Mon, 10 Dec 2001 07:02:24 +0000 (07:02 +0000)]
Log more error messages.
Martin Pool [Mon, 10 Dec 2001 06:23:28 +0000 (06:23 +0000)]
Also show LDFLAGS/LDSHFLAGS when starting compilation, because they're
not visible later on.
Andrew Tridgell [Mon, 10 Dec 2001 06:21:44 +0000 (06:21 +0000)]
use objectCategory instead of objectClass for faster searching
Tim Potter [Mon, 10 Dec 2001 06:21:18 +0000 (06:21 +0000)]
Merge of memory leak fixes from APPLIANCE_TNG.
Martin Pool [Mon, 10 Dec 2001 06:09:42 +0000 (06:09 +0000)]
Allocate tdb name up front in case log functions want to use it.
Andrew Tridgell [Mon, 10 Dec 2001 06:05:21 +0000 (06:05 +0000)]
winbindd backends can now be marked "consistent" or "inconsistent"
consistent backends (like ADS) always give correct primary group
info, so we can play cache tricks to speed things up a lot
inconsistent backends (like MSRPC) need to fetch stuff more often
Martin Pool [Mon, 10 Dec 2001 05:29:47 +0000 (05:29 +0000)]
tdb_open_ex: More cleanups: just dynamically allocate the TDB_CONTEXT
up front, rather than working on the stack and then copying across.
Martin Pool [Mon, 10 Dec 2001 05:22:04 +0000 (05:22 +0000)]
Refactor code to check whether already open into its own function.
Andrew Tridgell [Mon, 10 Dec 2001 05:20:55 +0000 (05:20 +0000)]
shrank the winbindd_cache.tdb somewhat
on my system it now uses 132k for 308 users
Martin Pool [Mon, 10 Dec 2001 05:12:52 +0000 (05:12 +0000)]
tdb_open_ex should always "goto fail" in case of error, rather than
just returning. I don't think this would leak at the moment, but it's
an accident waiting to happen.
Martin Pool [Mon, 10 Dec 2001 05:08:22 +0000 (05:08 +0000)]
Doc.
Martin Pool [Mon, 10 Dec 2001 05:05:21 +0000 (05:05 +0000)]
tdb_open_ex: Continue previous refactoring so that we consistently
just say "tdb" not "&tdb".
Tim Potter [Mon, 10 Dec 2001 05:03:17 +0000 (05:03 +0000)]
Added client and server code for the GetPrintProcessorDirectory SPOOLSS
rpc. This was supposed to fix a printer driver download bug but it didn't
but it seemed a shame to trash all this code so I'm commiting it #ifdef'ed
out in case someone needs it one day.
Martin Pool [Mon, 10 Dec 2001 05:00:36 +0000 (05:00 +0000)]
tdb_open_ex: Refactor to use a pointer to tdb, rather than an auto
tdb, to be consistent with the rest of the code.
Tim Potter [Mon, 10 Dec 2001 04:59:17 +0000 (04:59 +0000)]
Formatting fixup.
Martin Pool [Mon, 10 Dec 2001 04:35:01 +0000 (04:35 +0000)]
Explain why snprintf has to be overridden in this way.
Martin Pool [Mon, 10 Dec 2001 04:29:14 +0000 (04:29 +0000)]
(merge 1.130.4.93) Display results of checks for shared libraries.
Tim Potter [Mon, 10 Dec 2001 04:15:58 +0000 (04:15 +0000)]
Typo spotting.
Andrew Tridgell [Mon, 10 Dec 2001 03:21:38 +0000 (03:21 +0000)]
cleanup a little namespace pollution
Andrew Tridgell [Mon, 10 Dec 2001 03:06:15 +0000 (03:06 +0000)]
switch off level 100 debug for server security
Andrew Tridgell [Mon, 10 Dec 2001 02:30:18 +0000 (02:30 +0000)]
added some comments
Andrew Tridgell [Mon, 10 Dec 2001 02:25:19 +0000 (02:25 +0000)]
moved the domain sid lookup and enumeration of trusted domains into
the backends
at startup, loop until we get the domain sid for our primary domain,
trying every 10 seconds. This makes winbindd handle a room-wide power
failure better
Andrew Tridgell [Mon, 10 Dec 2001 01:05:50 +0000 (01:05 +0000)]
added some comments
Andrew Tridgell [Mon, 10 Dec 2001 00:39:01 +0000 (00:39 +0000)]
make sid_binstring available without HAVE_ADS
Andrew Tridgell [Mon, 10 Dec 2001 00:07:51 +0000 (00:07 +0000)]
explicitly encode NULL strings in the cache
Andrew Tridgell [Mon, 10 Dec 2001 00:00:44 +0000 (00:00 +0000)]
removed a debug line
Andrew Tridgell [Sun, 9 Dec 2001 23:59:42 +0000 (23:59 +0000)]
completely new winbindd cache infrastructure
this one looks like just another winbind backend, and has the
following properties:
- does -ve and +ve cacheing of all queries
- can be disabled with -n switch to winbindd
- stores all records packed, so even huge domains are not a problem
for a complete cache
- handles the server being down
- uses sequence numbers for all entries
This fixes a lot of problems with winbindd. Serving from cache is now
*very* fast.
Andrew Tridgell [Sun, 9 Dec 2001 23:56:07 +0000 (23:56 +0000)]
add smb_xvasprintf() panic wrapper around vasprintf
Motonobu Takahashi [Sun, 9 Dec 2001 17:06:45 +0000 (17:06 +0000)]
added fr.msg from Fanch
Andrew Tridgell [Sun, 9 Dec 2001 07:49:20 +0000 (07:49 +0000)]
added a simple tdbdump utility
Andrew Tridgell [Sun, 9 Dec 2001 07:18:59 +0000 (07:18 +0000)]
set return value to total errors
Andrew Tridgell [Sun, 9 Dec 2001 06:51:27 +0000 (06:51 +0000)]
better error checking in nsstest
Andrew Tridgell [Sun, 9 Dec 2001 06:10:40 +0000 (06:10 +0000)]
- check for correct error codes
- handle no initgroups fn
Andrew Tridgell [Sun, 9 Dec 2001 06:10:02 +0000 (06:10 +0000)]
- use accountype not accountcontrol
- better debug code
Andrew Tridgell [Sun, 9 Dec 2001 00:46:37 +0000 (00:46 +0000)]
fixed type passed to ads_search
Andrew Tridgell [Sun, 9 Dec 2001 00:45:51 +0000 (00:45 +0000)]
fixed used of string after free
Jean-François Micouleau [Sat, 8 Dec 2001 23:57:35 +0000 (23:57 +0000)]
small comment I don't want to loose.
J.F.
Jean-François Micouleau [Sat, 8 Dec 2001 23:56:58 +0000 (23:56 +0000)]
Fix domain logon that I broke 3 days ago.
And it's in sync with the docs, %U is really replaced by the name the user
asked. Whereas in 2.2 that's false, %U is replaced by the name the user
was mapped to.
J.F.
Andrew Bartlett [Sat, 8 Dec 2001 17:37:59 +0000 (17:37 +0000)]
By popular demand: a new config.guess and config.sub
(I hope I did this right)
Andrew Bartlett
Andrew Tridgell [Sat, 8 Dec 2001 12:06:08 +0000 (12:06 +0000)]
check for gssapi_generic.h
Andrew Tridgell [Sat, 8 Dec 2001 12:00:27 +0000 (12:00 +0000)]
fix a DEBUG() line
Andrew Tridgell [Sat, 8 Dec 2001 11:18:56 +0000 (11:18 +0000)]
added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
Andrew Bartlett [Sat, 8 Dec 2001 02:25:25 +0000 (02:25 +0000)]
Fix segfault, and add a comment.
Andrew Bartlett [Sat, 8 Dec 2001 02:14:56 +0000 (02:14 +0000)]
Leak less memory.
Now, is there any reason that the prs_init() doesn't use the talloc context
that it is supplied as an argument for the actual data buffer?
It would seem logical to replace the malloc with a talloc, but I'm sure
there is some method to the madness (extrnal use/Reallocing of it I presume)
Andrew Bartlett
Andrew Bartlett [Sat, 8 Dec 2001 02:12:17 +0000 (02:12 +0000)]
Ensure that 'use spnego' restricts, rather than just advises our clients.
This means that if a hole is found in the spnego code, we can tell people
to just set 'use spengo' in their config file while we sort it out.
Other than that, preventing 'unusual' behaviour is always a good thing.
Andrew Bartlett
Jean-François Micouleau [Fri, 7 Dec 2001 10:20:17 +0000 (10:20 +0000)]
basic howto
Herb Lewis [Fri, 7 Dec 2001 01:01:28 +0000 (01:01 +0000)]
include/build_env.h wasn't getting built by default with new rules unless
you did make headers - fixed
Andrew Tridgell [Fri, 7 Dec 2001 01:01:10 +0000 (01:01 +0000)]
added a "use spnego" option
you need to set "use spnego = no" for w2k to be able to join a samba
domain. Otherwise the w2k box will assume we can do kerberos as a KDC
Herb Lewis [Fri, 7 Dec 2001 00:37:31 +0000 (00:37 +0000)]
OK I think this does what everyone wants with the .headers.stamp
it gets removed on a make clean
it gets created on a make headers (if it doesn't already exist)
This makes it so I only rebuild everthing once after a make clean and
also so nothing gets rebuilt after jfm does a make headers (proto)
Andrew Tridgell [Thu, 6 Dec 2001 22:42:27 +0000 (22:42 +0000)]
allow nsstest to test any nss module
Herb Lewis [Thu, 6 Dec 2001 19:04:01 +0000 (19:04 +0000)]
add smbgroupedit
Jean-François Micouleau [Thu, 6 Dec 2001 13:09:15 +0000 (13:09 +0000)]
again an intrusive patch:
- removed the ugly as hell sam_logon_in_ssb variable, I changed a bit the
definition of standard_sub_basic() to cope with that.
- removed the smb.conf: 'domain admin group' and 'domain guest group'
parameters ! We're not playing anymore with the user's group RIDs !
- in get_domain_user_groups(), if the user's gid is a group, put it first
in the group RID list.
I just have to write an HOWTO now ;-)
J.F.
Jean-François Micouleau [Thu, 6 Dec 2001 12:57:50 +0000 (12:57 +0000)]
remove .headers.stamp from the delheaders definition
It forced a complete build to occur each time the proto are rebuild !
J.F.
Gerald Carter [Thu, 6 Dec 2001 07:44:12 +0000 (07:44 +0000)]
merge from 2.2
Gerald Carter [Thu, 6 Dec 2001 07:37:58 +0000 (07:37 +0000)]
merge from 2.2
Gerald Carter [Thu, 6 Dec 2001 07:33:48 +0000 (07:33 +0000)]
commit from 2.2
Andrew Tridgell [Thu, 6 Dec 2001 07:33:35 +0000 (07:33 +0000)]
put the winbindd krb5 credentials cache in the lock directory
this prevents it clobbering the users cache
Andrew Tridgell [Thu, 6 Dec 2001 07:17:25 +0000 (07:17 +0000)]
allow a MAX_DEBUG_LEVEL setting in local.h (or the Makefile)
This allows embedded systems to compile out the higher debug
levels. It should gain speed as well as reducing the code
size. Setting it to 1 saves about 300k of code on my system.
Andrew Tridgell [Thu, 6 Dec 2001 05:41:53 +0000 (05:41 +0000)]
added a propoer kerberos_kinit_password call
contribution from remus@snapserver.com
thanks!
Tim Potter [Thu, 6 Dec 2001 04:23:06 +0000 (04:23 +0000)]
Fixed typo in fix for typo in debug. (-:
Herb Lewis [Wed, 5 Dec 2001 21:49:51 +0000 (21:49 +0000)]
fix up packaging stuff
Herb Lewis [Wed, 5 Dec 2001 21:08:17 +0000 (21:08 +0000)]
merge from 2.2
don't set WINBIND variables unless configure was run --with-winbind
Herb Lewis [Wed, 5 Dec 2001 19:45:30 +0000 (19:45 +0000)]
dont add -I./popt to CFLAGS it really belongs in FLAGS1 with other include
paths. This make it hard to use a script that overrides CFLAGS options.
Jeremy Allison [Wed, 5 Dec 2001 19:33:35 +0000 (19:33 +0000)]
Added fetch_domain_sid. Not used in current code, but a nice example
of how to use this interface.
Jeremy.
Jean-François Micouleau [Wed, 5 Dec 2001 15:45:36 +0000 (15:45 +0000)]
changed the DEBUG level of tdb_pack and tdb_unpack. Instead of 8, it's now
18.
when you're looking at a level 10, and it's all clutered with
tdb_pack/unpack, it's getting .... And anyway most of our code using
tdb_pack/unpack have DEBUG around the call if there is a problem.
J.F.
Jean-François Micouleau [Wed, 5 Dec 2001 15:41:44 +0000 (15:41 +0000)]
added samr_queryuseralias(). instead of returning BUILTIN_ALIAS_RID_USERS,
now return the alias correctly.
time to look at the netlogon case.
J.F.
Samba Release Account [Wed, 5 Dec 2001 12:28:21 +0000 (12:28 +0000)]
preparing for release of 3.0alpha1
Andrew Tridgell [Wed, 5 Dec 2001 11:32:25 +0000 (11:32 +0000)]
fixed a return value
Andrew Bartlett [Wed, 5 Dec 2001 11:00:26 +0000 (11:00 +0000)]
OK. Smbpasswd -j is DEAD.
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
Andrew Bartlett [Wed, 5 Dec 2001 10:52:13 +0000 (10:52 +0000)]
Add a couple of extra debugs for the secrets.tdb stuff
Andrew Bartlett [Wed, 5 Dec 2001 10:50:26 +0000 (10:50 +0000)]
Ensure we fill in the %U for NTLMSSP connections
Andrew Tridgell [Wed, 5 Dec 2001 10:44:30 +0000 (10:44 +0000)]
fixed a minor password memory leak
Andrew Tridgell [Wed, 5 Dec 2001 10:43:43 +0000 (10:43 +0000)]
fixed a memory leak
Andrew Tridgell [Wed, 5 Dec 2001 10:35:25 +0000 (10:35 +0000)]
fix link error
Andrew Tridgell [Wed, 5 Dec 2001 10:14:22 +0000 (10:14 +0000)]
handle ldap server down better
Andrew Tridgell [Wed, 5 Dec 2001 09:46:53 +0000 (09:46 +0000)]
added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
Andrew Tridgell [Wed, 5 Dec 2001 09:45:00 +0000 (09:45 +0000)]
auto-init secrets.tdb
Andrew Tridgell [Wed, 5 Dec 2001 09:19:25 +0000 (09:19 +0000)]
added timeouts and retries to ldap operations
Andrew Tridgell [Wed, 5 Dec 2001 07:52:44 +0000 (07:52 +0000)]
moved the sequence number fetch into the backend, and fetch the
sequence number via ldap when using ads
Andrew Tridgell [Wed, 5 Dec 2001 07:36:35 +0000 (07:36 +0000)]
don't double free ldap message lists
Andrew Tridgell [Wed, 5 Dec 2001 07:35:57 +0000 (07:35 +0000)]
paranoia fixes in based ldap routines for potential memory leaks
Andrew Tridgell [Wed, 5 Dec 2001 07:11:26 +0000 (07:11 +0000)]
fixed another leak - memory usage now seems to be quite small
Andrew Tridgell [Wed, 5 Dec 2001 07:05:53 +0000 (07:05 +0000)]
added very basic ads connection cacheing
Andrew Tridgell [Wed, 5 Dec 2001 06:26:56 +0000 (06:26 +0000)]
more memory leak fixes
Andrew Tridgell [Wed, 5 Dec 2001 06:16:33 +0000 (06:16 +0000)]
plugged most of the memory leaks
Andrew Tridgell [Wed, 5 Dec 2001 05:35:45 +0000 (05:35 +0000)]
added the last winbindd/ads backend function
winbindd is now fully functional with a native mode w2k server
now for the memory leaks and speed ...
Andrew Tridgell [Wed, 5 Dec 2001 04:48:51 +0000 (04:48 +0000)]
finally worked out how to do ldap lookups by binary blobs, so I can
now do searches on SID. This allows me to do a true ldap sid_to_name()
function
one one function to go!
Andrew Tridgell [Wed, 5 Dec 2001 04:44:34 +0000 (04:44 +0000)]
added functions that convert a ads binary blob to a string (for
searching on SID)
Andrew Tridgell [Wed, 5 Dec 2001 04:43:53 +0000 (04:43 +0000)]
fixed an off by 1 bug in talloc_asprintf()
Jeremy Allison [Wed, 5 Dec 2001 04:17:39 +0000 (04:17 +0000)]
Fixed parse_domain_user to be bool.
Jeremy.
Andrew Bartlett [Wed, 5 Dec 2001 03:14:35 +0000 (03:14 +0000)]
Add a new flag for anonymous connections
Andrew Bartlett [Wed, 5 Dec 2001 03:14:21 +0000 (03:14 +0000)]
Make it easier to construct anonymous connections with a new flag and helper
function.
Andrew Bartlett [Wed, 5 Dec 2001 02:58:40 +0000 (02:58 +0000)]
Split out the name resolution code into a seperate function
Jeremy Allison [Wed, 5 Dec 2001 02:11:03 +0000 (02:11 +0000)]
Use print_queue_length() by preference if we don't need a queue
as it doesn't do a traversal.
Jeremy.