Simo Sorce [Sun, 4 Aug 2002 15:40:39 +0000 (15:40 +0000)]
passwords where not checked (you cannot check if the same buffer differs from itself).
they where alo not clean after use!
Simo.
Simo Sorce [Sun, 4 Aug 2002 14:25:32 +0000 (14:25 +0000)]
commented out strupper before key check against internal db, it's no good
to check for uppercased strings when we store them not uppercased.
jerry, this fix is needed to make usrmgr.exe work again.
meanwhile we found out that NT_STATUS code may not be appropriate there.
In particular it seem that an NT PDC will send back 02 as error
(ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT)
I think further investigation is need to understand which are aprropriate
return codes here.
Andrew Bartlett [Sun, 4 Aug 2002 01:16:37 +0000 (01:16 +0000)]
Now that I got the function arguments sane, remove the silly (void **) casts
from some of the callers.
Andrew Bartlett
Andrew Tridgell [Sat, 3 Aug 2002 01:55:44 +0000 (01:55 +0000)]
fixed a bug where we were truncating the returned names in a netbios
name status query to 14 bytes, so we could not join a DC who had a
netbios name of 15 bytes in length.
Simo Sorce [Sat, 3 Aug 2002 01:20:42 +0000 (01:20 +0000)]
updates the log level parameter man section
can someone regenerate and commit the other formats?
thanks
Simo Sorce [Sat, 3 Aug 2002 01:11:16 +0000 (01:11 +0000)]
fix log level, set a default, and also copy the value set in smb.conf into parm_struct.ptr
this one also fixes log level not shown in swat
fix swat help system
Jim McDonough [Fri, 2 Aug 2002 17:44:02 +0000 (17:44 +0000)]
Fix length on mailslots. Looks like it should have been 0x17, not decimal 17.
Jelmer Vernooij [Fri, 2 Aug 2002 10:53:40 +0000 (10:53 +0000)]
Escape ampersand(&) to better comply to SGML syntax
Tim Potter [Fri, 2 Aug 2002 07:20:56 +0000 (07:20 +0000)]
Moved rpc client routines from libsmb back to rpc_client where they belong.
Tim Potter [Fri, 2 Aug 2002 05:35:09 +0000 (05:35 +0000)]
Added connect, session_request, session_setup and tconx methods.
Tim Potter [Fri, 2 Aug 2002 05:28:54 +0000 (05:28 +0000)]
Broke out unpacking of a username/password stored in a Python
dictionary into a separate function.
Tim Potter [Fri, 2 Aug 2002 03:57:40 +0000 (03:57 +0000)]
Merge of print notify fixes from APPLIANCE_HEAD.
Tim Potter [Thu, 1 Aug 2002 23:14:48 +0000 (23:14 +0000)]
Fixed compiler warning.
Andrew Tridgell [Thu, 1 Aug 2002 03:38:21 +0000 (03:38 +0000)]
make sure we null terminate plaintext passwords
Gerald Carter [Wed, 31 Jul 2002 14:56:40 +0000 (14:56 +0000)]
merge from SAMBA_2_2
Simo Sorce [Wed, 31 Jul 2002 13:16:14 +0000 (13:16 +0000)]
forgot to change the makefile system, sorry
Andrew Bartlett [Wed, 31 Jul 2002 12:53:56 +0000 (12:53 +0000)]
Add the current working document on the interface to the tree that we have
*somthing* in the directory. (Stops cvs update -P eating it).
This is the combined effort of many from #samba-technical, kai, metze,
ctrlsoft, idra and abartlet in particular. It will no doubt change :-)
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 12:17:32 +0000 (12:17 +0000)]
Let everybody enjoy my new toy - make it the default!
Authenticaions will now attempt to use winbind, and only fall back to
'ntdomain' (the old security=domain) code if that fails (for any reason,
including wrong password).
I'll fix up the authenticaion code to better handle the different types of
failures in the near future.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 12:05:30 +0000 (12:05 +0000)]
Winbind updates!
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 11:57:56 +0000 (11:57 +0000)]
Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, nor
longer than the buffer they claim to be in.
Many thanks to tridge for explaining the macros.
Andrew Bartlett
Andrew Tridgell [Wed, 31 Jul 2002 10:47:26 +0000 (10:47 +0000)]
fixed the length checking for plaintext passwords (thanks to andrewb
for spotting this)
Andrew Bartlett [Wed, 31 Jul 2002 10:12:52 +0000 (10:12 +0000)]
Don't accidenity mess with the wrong domain's sids.
Andrew Bartlett [Wed, 31 Jul 2002 10:11:03 +0000 (10:11 +0000)]
fix debug, at idra's suggestion.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 10:07:35 +0000 (10:07 +0000)]
Only allow 'security=ads' when we HAVE_ADS.
Andrew Bartlett
Andrew Tridgell [Wed, 31 Jul 2002 09:36:05 +0000 (09:36 +0000)]
support netbiosless search for the DC using ADS in the winbindd AUTH
code.
Andrew Tridgell [Wed, 31 Jul 2002 09:34:00 +0000 (09:34 +0000)]
fixed multi-line strings for portability
Andrew Tridgell [Wed, 31 Jul 2002 09:32:45 +0000 (09:32 +0000)]
make sure we zero the unusued elements in a SID when parsing
Andrew Tridgell [Wed, 31 Jul 2002 05:41:51 +0000 (05:41 +0000)]
added 'disable netbios = yes/no' option, default is no
When this option is disabled we should not do *any* netbios
operations. You should also not start nmbd at all. I have put initial
checks in at the major points we do netbios operations in smbd but
there are bound to be more needed. Right now I've disabled all netbios
name queries, all WINS lookups and node status queries in smbd and
winbindd.
I've been testing this option and the most noticable thing is how much
more responsive things are! wthout those damn netbios timeouts things
certainly are much slicker.
Andrew Tridgell [Wed, 31 Jul 2002 05:38:53 +0000 (05:38 +0000)]
fixed a net crash bug if we can't find a DC in a 'net rpc' command
Andrew Tridgell [Wed, 31 Jul 2002 04:56:16 +0000 (04:56 +0000)]
added support for smbd listening on port 445 and 139. It now listens
on both by default, and you can specify a list of ports to listen on
either with "smb ports = " in smb.conf or using the -p option to smbd.
this is needed for proper netbiosless operation.
Andrew Tridgell [Wed, 31 Jul 2002 02:00:30 +0000 (02:00 +0000)]
the ads_connect() here doesn't need to actually succeed, as its only
needed to find the DC IP. Just don't check its return value!
Andrew Tridgell [Wed, 31 Jul 2002 01:44:37 +0000 (01:44 +0000)]
make sure that 'net ads info' gives info on the server we specify, not
our smb.conf setup.
John Terpstra [Wed, 31 Jul 2002 01:02:03 +0000 (01:02 +0000)]
Remove VFS module build so RPMs can build for now.
Jim McDonough [Tue, 30 Jul 2002 17:38:27 +0000 (17:38 +0000)]
Fix the build for now..
Tridge, please look at this. Did you mean to take out the last parm?
Jim McDonough [Tue, 30 Jul 2002 17:23:07 +0000 (17:23 +0000)]
Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, which
is netbios and dns domain info. Also add code to set/fetch the domain GUID
from secrets.tdb (although set is not yet called by anyone).
Andrew Tridgell [Tue, 30 Jul 2002 15:34:10 +0000 (15:34 +0000)]
net ads info now reports the IP of the LDAP server as well as its name - very useful in scripts
Andrew Tridgell [Tue, 30 Jul 2002 15:03:14 +0000 (15:03 +0000)]
this fixes plaintext passwords with win2000
there were 2 bugs:
1) we were sending a null challenge when we should have sent an empty
challenge
2) the password can be in unicode if unicode is negotiated. This means
our client code was wrong too :(
Andrew Tridgell [Tue, 30 Jul 2002 14:34:02 +0000 (14:34 +0000)]
always include the (void) for void fns ...
Andrew Tridgell [Tue, 30 Jul 2002 13:27:42 +0000 (13:27 +0000)]
a couple more minor tweaks. This now allows us to operate in ADS mode
without any 'realm =' or 'ads server =' options at all, as long as DNS
is working right.
Andrew Tridgell [Tue, 30 Jul 2002 12:42:41 +0000 (12:42 +0000)]
2nd try at a fix for netbiosless connections to a ADS DC. This also
make the code a fair bit cleaner as it splits up the ADS and RPC
cases, which really are very different.
Andrew Tridgell [Tue, 30 Jul 2002 11:30:13 +0000 (11:30 +0000)]
removed a gratuitous standard_sub_basic() on the 'password server'
field. This has got to be pointless.
Andrew Tridgell [Tue, 30 Jul 2002 11:21:42 +0000 (11:21 +0000)]
- if we are in ADS mode then avoid an expensive netbios lookup to find
the servers netbios name when we don't need it. This also fixes ADS
mode when the DC has netbios disabled.
- if the password server is specified as an IP then actually use that
IP, don't do a lookup for the servers name :)
Simo Sorce [Tue, 30 Jul 2002 09:59:53 +0000 (09:59 +0000)]
OK!
Finally the cascaded VFS patch is in.
Testing is very welcome, specially with layered multiple vfs modules.
A big thank to Alexander Bokovoy for his work and patience :)
Simo.
Andrew Bartlett [Tue, 30 Jul 2002 09:26:44 +0000 (09:26 +0000)]
Update a pile of Samba's SID lookup code to ensure:
- That we never call winbind recursivly
- That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping
in either the passdb or the group mapping db.
Also, remove restrictions that say 'this domain only'. If we have a mapping
configured, allow it to be returned. If we later decide certian mappings are
invalid, then we sould put that in the code that actually does the map.
Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even
if they are not represented by Unix groups yet.
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jul 2002 09:21:57 +0000 (09:21 +0000)]
Make some of the charconv code a bit easier to read and work with - when we
are dealing with utf8 we may as well specify char** for the pointer, save
otherwise casting in the caller.
Andrew Bartlett
Tim Potter [Tue, 30 Jul 2002 04:32:29 +0000 (04:32 +0000)]
Some crash fixes for netshareenum returning zero shares.
Andrew Bartlett [Tue, 30 Jul 2002 04:23:59 +0000 (04:23 +0000)]
These pointers should be for the service we just cloned, not the new service
as it might actually not be a clone, but a 'found' service.
Previously this meant that a second session setup on the same TCP/IP connection
for a user would write '' as the home directory. Instead, I want it to update
the share to be there current home directory (so that this can be updated
without the need to reboot the client for example).
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jul 2002 04:03:40 +0000 (04:03 +0000)]
These are not critical errors, they should not be a level 0.
Andrew Bartlett
Andrew Bartlett [Tue, 30 Jul 2002 04:02:47 +0000 (04:02 +0000)]
Add quotes so we can see 0 length strings.
Tim Potter [Tue, 30 Jul 2002 01:26:25 +0000 (01:26 +0000)]
Reran configure.
Tim Potter [Tue, 30 Jul 2002 01:25:59 +0000 (01:25 +0000)]
Do AC_MSG_RESULT(yes) when using included popt.
Tim Potter [Tue, 30 Jul 2002 01:06:20 +0000 (01:06 +0000)]
Fixed for memory leak in connection caching code when a dc is
permanently down. Found by Dan Coppock.
Tim Potter [Mon, 29 Jul 2002 23:50:54 +0000 (23:50 +0000)]
Our include popt is starting to get a bit old - fixed some compile
problems here.
Also fixed some non-constant initialisers in samsync.
Gerald Carter [Mon, 29 Jul 2002 19:45:15 +0000 (19:45 +0000)]
add another registry rpc (opnum 0x14). Have no idea what it's real name
is. I'm calling it REG_SAVE_KEY, because 2k preps a regedt32.exe
Registry->Save Key with this call.
Done in the process of tracking down a PrinterDriverData issue.
Gerald Carter [Mon, 29 Jul 2002 18:10:59 +0000 (18:10 +0000)]
couple of minor formatting fixes to help me see better.
Gerald Carter [Mon, 29 Jul 2002 18:10:18 +0000 (18:10 +0000)]
passing -1 for the src length in rpcstr_pull results in only
converting the first character of the unicode string., See convert_string()
for why. uniarray_2_dosarray() passes 0 for the src length now which works.
Gerald Carter [Mon, 29 Jul 2002 18:06:22 +0000 (18:06 +0000)]
hardcode printprocessor name since it is everywhere else
Gerald Carter [Mon, 29 Jul 2002 16:22:37 +0000 (16:22 +0000)]
simple perl script for retreiving cvs log messages for a file
after a given date. I use it to help update the WHATSNEW.txt for a
release.
./cvslog.pl SAMBA_2_2 '>2002-06-18' configure.in
The output is a little messy right now, but I plan to clean that up.
Gerald Carter [Mon, 29 Jul 2002 13:24:56 +0000 (13:24 +0000)]
merge from SAMBA_2_2
Andrew Tridgell [Mon, 29 Jul 2002 13:10:03 +0000 (13:10 +0000)]
introduced a get_file_size() macro in trans2.c to make it easier to
experiment with file size returns
Andrew Bartlett [Mon, 29 Jul 2002 12:52:27 +0000 (12:52 +0000)]
We don't need this silly unix username stuff. NT username is basicly unused,
and must == unix username for sane implementation in passdb.
Andrew Bartlett
Andrew Tridgell [Mon, 29 Jul 2002 11:14:05 +0000 (11:14 +0000)]
an initial fix for handling sparse files in smbd
This gets my test code working, where we previously failed with files
above 20G in size.
I'm still not completely happy with this. There are just too many
fields in trans2.c that we don't fill in.
Simo Sorce [Mon, 29 Jul 2002 09:44:29 +0000 (09:44 +0000)]
as suggested by Alexander Oswald <oswald@is.haw-hamburg.de>
hide only unwriteable files and not dirs with this one.
may be a hide unwriteable dirs param will follow.
Tim Potter [Mon, 29 Jul 2002 09:32:25 +0000 (09:32 +0000)]
Started to get samsync to insert account information in the passdb. It's
pretty half-arsed at the moment and doesn't work very well but Mr Bartlett
was interested in it.
Also started playing around with the more interesting bits of popt. The
auto-generated usage information is pretty neat.
Tim Potter [Mon, 29 Jul 2002 09:28:16 +0000 (09:28 +0000)]
Added extern for popt_common_debug.
Tim Potter [Mon, 29 Jul 2002 09:26:38 +0000 (09:26 +0000)]
Add lib/popt_common.o
Tim Potter [Mon, 29 Jul 2002 09:25:23 +0000 (09:25 +0000)]
Use common popt definition for -d option.
Tim Potter [Mon, 29 Jul 2002 09:23:01 +0000 (09:23 +0000)]
A place to store common popt routines.
Simo Sorce [Mon, 29 Jul 2002 07:57:48 +0000 (07:57 +0000)]
people should be happier now.
changed strtof with sscanf to make things working on all platforms.
changed auto-made bubble sort for more efficient and clean qsort()
Tim Potter [Mon, 29 Jul 2002 03:50:35 +0000 (03:50 +0000)]
Skeleton for a libsmb python wrapper.
Tim Potter [Mon, 29 Jul 2002 03:26:31 +0000 (03:26 +0000)]
Merge from APPLIANCE_HEAD:
>When creating an automatically generated prototype make sure the
>destination directory exists.
Tim Potter [Mon, 29 Jul 2002 03:07:49 +0000 (03:07 +0000)]
Updated patch.
Simo Sorce [Sun, 28 Jul 2002 18:10:39 +0000 (18:10 +0000)]
found nasty bug in intl/lang_tdb.c tdb structure was not tested to not be null before close
this one fixes swat not working with browsers that set more then one language.
along the way implemented language priority in web/neg_lang.c with bubble sort
also changet str_list_make to be able to use a different separator string
Simo.
Andrew Bartlett [Sun, 28 Jul 2002 08:14:17 +0000 (08:14 +0000)]
This patch does two things:
The first is to add sensible quotes to various default paramaters, and the
second is to ensure that we don't remove to many " characters from paramaters.
(Both from the debian patches to Samba).
Andrew Bartlett
Andrew Tridgell [Sun, 28 Jul 2002 08:04:31 +0000 (08:04 +0000)]
minor portability fix
samba-patches 820
Andrew Tridgell [Sun, 28 Jul 2002 07:53:14 +0000 (07:53 +0000)]
fix for smbtar filename matching
samba-patches 852
Andrew Tridgell [Sun, 28 Jul 2002 07:15:42 +0000 (07:15 +0000)]
this is an interim fix for nmbd not registering DOMAIN#1b with WINS
when a PDC. The fix does not iterate over all WINS tags, which it
should do, but after having looked at doing that it gets *very* messy
to do with our current code base.
Andrew Bartlett [Sun, 28 Jul 2002 06:43:03 +0000 (06:43 +0000)]
Add the ability to set account policies too.
Andrew Bartlett
Andrew Tridgell [Sun, 28 Jul 2002 06:26:41 +0000 (06:26 +0000)]
make sure async dns nmbd child dies
samba-patches 898
Andrew Tridgell [Sun, 28 Jul 2002 06:19:14 +0000 (06:19 +0000)]
fix minor nits in nmbd from adtam@cup.hp.com
samba-patches 959
Andrew Tridgell [Sun, 28 Jul 2002 06:08:30 +0000 (06:08 +0000)]
good security patch from Timothy.Sell@unisys.com
we could generate short passwords!
samba-patches 880
Andrew Tridgell [Sun, 28 Jul 2002 06:04:32 +0000 (06:04 +0000)]
partial apply of samba-patches 960
Andrew Tridgell [Sun, 28 Jul 2002 05:57:23 +0000 (05:57 +0000)]
fixed man install
samba-patches 961
Andrew Tridgell [Sun, 28 Jul 2002 05:50:57 +0000 (05:50 +0000)]
fixed logfile location to honor configure
samba-patches 966
Andrew Tridgell [Sun, 28 Jul 2002 05:45:48 +0000 (05:45 +0000)]
fixed typo
samba-patches 970
Andrew Bartlett [Sun, 28 Jul 2002 03:41:50 +0000 (03:41 +0000)]
Fix a missing 'no memory' return in last night's svrsvc code, and use
sys_dup2() in a couple more places.
Andrew Bartlett
Andrew Bartlett [Sun, 28 Jul 2002 02:36:16 +0000 (02:36 +0000)]
Warn about n^2 algorithm with utmp=yes.
Andrew Bartlett
Andrew Bartlett [Sun, 28 Jul 2002 02:23:22 +0000 (02:23 +0000)]
Another item off my long-term todo list:
Remove the n^2 search for valid 'tty' names from the sesion code when we
don't actually need it. Its main value is in getting 'well behaved'
numbers for use with utmp, so when we are not doing utmp we don't need
this to get in the way.
Andrew Bartlett
Andrew Bartlett [Sun, 28 Jul 2002 02:20:15 +0000 (02:20 +0000)]
It seems I didn't need to write a dup2() wrapper - as we already use it a
lot. But as thats done, we might as well use it anyway.
Andrew Bartlett
Andrew Bartlett [Sun, 28 Jul 2002 02:17:57 +0000 (02:17 +0000)]
Clean this code up a little. If it's alrady asprintf()ed, I see no
need for a manual strdup() too...
Andrew Bartlett [Sat, 27 Jul 2002 11:48:55 +0000 (11:48 +0000)]
A very long time ago (actually 6 months ago) I promised to commit this code
to the Samba tree.
Originally written by Nigel Williams" <nigel@veritas.com>, I've been
trying to keep it in some form of shape for the last 6 months. In particular
I think some of the code got committed a few months ago, and others have made
changes to the CVS version over time.
anyway, its finally in - and doesn't appear to have broken anything.
Now to try the client-side patches :-)
Andrew Bartlett
Andrew Bartlett [Sat, 27 Jul 2002 06:07:53 +0000 (06:07 +0000)]
Update the rebind code in pdb_ldap.
I've still not tested this, but I didn't test the last lot and I'm pretty
sure I stuffed it up - but at least this rebind procedure matches the
function prototype.
It should also be fine on OpenLDAP 2.1 if I'm lucky.
Andrew Bartlett
Andrew Bartlett [Sat, 27 Jul 2002 02:54:39 +0000 (02:54 +0000)]
This should fix a nastly little bug where if a user had already done one
session setup, it would not correctly pick up the [homes] share on a subsequent
session setup.
The new rules are: If you want to connect to [homes], then it must have been
available at session setup time, or you must be in security=share. At each
session setup, the user's copy of [homes] is updated to ensure it has the right
path etc.
Andrew Bartlett
Simo Sorce [Sat, 27 Jul 2002 02:33:49 +0000 (02:33 +0000)]
nice day today
add also hide unwriteable as per user request
Simo Sorce [Sat, 27 Jul 2002 01:37:33 +0000 (01:37 +0000)]
as per user request added windbind start/stop/restart in swat
almost working, seem it does not yet properly detect if windbind is running or not in all situations testing is welcome.
Andrew Bartlett [Sat, 27 Jul 2002 00:15:02 +0000 (00:15 +0000)]
Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busy
again, and has added 'net rpc trustdom list' support.
This lists the trusted and trusting domains of a remote PDC.
I've applied these almost directly, just fixing some special
case code for when there are *no* trusting domains. We still
have some parse errors in this case however.
Andrew Bartlett.
From mimir's e-mail:
Here are another patches adding trust relationship features.
More details:
Better error reporting in cli_lsa_enum_trust_dom().
Implementation of cli_samr_enum_dom_users() which cli_samr.c
lacked.
More "consts" -- one of arguments in net_find_dc().
Modified implementation of run_rpc_command() -- now it
allows to reuse already opened connection (if it is passed)
to remote server's IPC$ (e.g. as part of longer exchange
of rpc calls). I'm sure Andrew will argue ;-)
More neat version of rpc_trustdom_list() function.
Gerald Carter [Fri, 26 Jul 2002 22:40:06 +0000 (22:40 +0000)]
3 things:
* normalize all registry key strings before storing or looking
up paths in the registry tdb
* return the current buffer size for REG_INFO even when not returning
actual data
* fix a segfault report by metze on #samba-technical so that the
user/group object picker works again (was the "ProductType" key
lookup that was failing).
Gerald Carter [Fri, 26 Jul 2002 21:49:56 +0000 (21:49 +0000)]
fix parameters for ldap_set_rebind_proc() from OpenLDAP 2.1
Andrew Bartlett [Fri, 26 Jul 2002 15:24:12 +0000 (15:24 +0000)]
(another patch from mimir)
Add some debugging info to the secrets code.
We might review what debug level that should be at, but it's fine for now.
Andrew Bartlett
Andrew Bartlett [Fri, 26 Jul 2002 13:05:29 +0000 (13:05 +0000)]
Mimir has been busy with patches again, and sent in the following
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)