cvs2svn Import User [Sat, 17 Aug 2002 07:09:23 +0000 (07:09 +0000)]
This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.
Andrew Bartlett [Sat, 17 Aug 2002 07:09:22 +0000 (07:09 +0000)]
Move tridge's getgrouplist() replacement function from replace.c to a new
'system_smbd.c' file, where it can link with become_root() and unbecome_root(),
and therefore avoiding some nasty 'it workes on linux' bugs.
(The replacement function is implemented in terms of initgroups(), which is
naturally only avaliable to root).
Andrew Bartlett
Andrew Bartlett [Sat, 17 Aug 2002 06:36:18 +0000 (06:36 +0000)]
Add const.
Andrew Bartlett [Sat, 17 Aug 2002 06:34:41 +0000 (06:34 +0000)]
Add 'const'.
Andrew Bartlett [Sat, 17 Aug 2002 05:26:58 +0000 (05:26 +0000)]
Becouse of changes to the meaning of this feild over time, this doesn't
actually work. Also, the idea of 'loopback winbind' isn't that bad an idea
anyway (potential PDC/BDC applications).
Given all that, remove it...
Andrew Bartlett
Andrew Bartlett [Sat, 17 Aug 2002 04:56:38 +0000 (04:56 +0000)]
The idea of this function is not to touch the argument, so make it const too...
Andrew Bartlett [Sat, 17 Aug 2002 04:51:27 +0000 (04:51 +0000)]
Rework the 'guest account get's RID 501' code again...
This moves it right into the passdb subsystem, where we can do this in
just one (or 2) places. Due to the fact that this code can be in a tight loop,
I've had to make 'guest account' a 'const' paramater, where % macros cannot be
used. In any case, if the 'guest account' varies, we are in for some nasty
cases in the other code, so it's useful anyway.
Andrew Bartlett
Gerald Carter [Sat, 17 Aug 2002 00:38:20 +0000 (00:38 +0000)]
fix seg fault in _spoolss_enumprinterkey after changes...
add SPOOL_PNPDATA_KEY define
Tim Potter [Fri, 16 Aug 2002 17:35:38 +0000 (17:35 +0000)]
Return access granted in create_user2.
Gerald Carter [Fri, 16 Aug 2002 16:46:50 +0000 (16:46 +0000)]
fix small bug in enumprinterdataex due to my changes (still more lurking
though).
Gerald Carter [Fri, 16 Aug 2002 15:36:37 +0000 (15:36 +0000)]
Fairly large change to printing code.
* removed support for PHANTOM_DEVMODE printer data
* s/NT_PRINTER_PARAM/REGISTRY_VALUE/g - This was a good bit
of work. Everything seems stable, but is not complete.
* support for printer data keys other than PrinterDriverData
in the store and fetch routines. Still needs to be plugged
into the XxxPrinterDataEx() calls.
Tested against NT4.0 & 2k. Like I said, it's not done, but doesn't
crash so it shouldn't upset anyone (unless you're trying to build
a Samba printer server off of HEAD). More work to come. Should
settle by Monday.
jerry
Andrew Bartlett [Fri, 16 Aug 2002 08:47:10 +0000 (08:47 +0000)]
Return the error if get_group_domain_entries() fails.
Andrew Bartlett [Fri, 16 Aug 2002 08:46:03 +0000 (08:46 +0000)]
Make the 'guest account' always have a RID of DOMAIN_USER_RID_GUEST.
Andrew Bartlett
Jim McDonough [Fri, 16 Aug 2002 08:09:55 +0000 (08:09 +0000)]
Re-add the last empty item to the NTLMSSP info list, but this time do it
with an empty string, not a NULL pointer...
Also, check for security=ads before giving a kerberos spnego response.
Andrew Bartlett [Fri, 16 Aug 2002 07:56:08 +0000 (07:56 +0000)]
Add some const to the 'in' paramaters for these functions.
Andrew Bartlett
Andrew Bartlett [Fri, 16 Aug 2002 07:04:37 +0000 (07:04 +0000)]
Fix segfault in the new NTLMSSP code. jmcd: can you look at this - what
exactly were you trying to do here?
Andrew Bartlett
Tim Potter [Fri, 16 Aug 2002 00:25:48 +0000 (00:25 +0000)]
Merge ... netbios namecache code from APPLIANCE_HEAD.
Tridge suggested a generic caching mechanism for Samba to avoid the
proliferation of little cache files hanging around limpet like in the
locks directory. Someone should probably implement this at some
stage.
Tim Potter [Thu, 15 Aug 2002 22:03:22 +0000 (22:03 +0000)]
The unused variable was actually needed. The correct fix is to move
it inside an #ifdef HAVE_ADS to avoid the warning and breaking the
build. (-:
Tim Potter [Thu, 15 Aug 2002 19:40:34 +0000 (19:40 +0000)]
Rename unknown_0 field in create_user2 reply in the actual struct.
Tim Potter [Thu, 15 Aug 2002 19:37:34 +0000 (19:37 +0000)]
Rename unknown_0 field in create_user2 reply in the actual struct.
Remove 9th place leading zero from some constants.
Tim Potter [Thu, 15 Aug 2002 19:34:57 +0000 (19:34 +0000)]
Removed unused variable.
Gerald Carter [Thu, 15 Aug 2002 13:56:33 +0000 (13:56 +0000)]
large set of updates converting some of the textdocs to SGML/DocBook.
I think these were originally from Jelmer, but I've lost
the original message.
Also had some syntax errors in the manpages (does no one regenerate
after making changes to the SGML source?)
Still have some developer specific docs to add from Jelmer in the next
go around....
Simo Sorce [Thu, 15 Aug 2002 13:25:25 +0000 (13:25 +0000)]
*** empty log message ***
Jim McDonough [Thu, 15 Aug 2002 12:18:25 +0000 (12:18 +0000)]
Fix NTLMSSP challenge command and auth response. We can now service joins
from win2k AND still use SPNEGO (provided you don't build with kerberos...I
still have to fix that, as we are not properly falling back).
Tim Potter [Thu, 15 Aug 2002 02:26:37 +0000 (02:26 +0000)]
The unknown_0 field in a CREATE_USER2 reply is the access granted.
Gerald Carter [Wed, 14 Aug 2002 10:21:53 +0000 (10:21 +0000)]
added comment about a new specversion seen from client.
Device mode size is still the same though.
jerry
Gerald Carter [Wed, 14 Aug 2002 10:20:51 +0000 (10:20 +0000)]
unresolved symbols fix for pam_smbpass from Steve L.
Jim McDonough [Mon, 12 Aug 2002 16:39:10 +0000 (16:39 +0000)]
Use byteorder.h macros
Jeremy Allison [Mon, 12 Aug 2002 16:20:54 +0000 (16:20 +0000)]
Bugfix for problem pointed out by Sean Trace <Sean.Trace@aveva.com>. We can't
check for POSIX errors in the blocking lock code as we may have never made
a POSIX call (could have denied lock before POSIX checked).
Jeremy.
Jim McDonough [Mon, 12 Aug 2002 13:55:31 +0000 (13:55 +0000)]
Update secrets_fetch_domain_guid to generate and store it if it doesn't exist.
Only does it for PDCs.
Jim McDonough [Mon, 12 Aug 2002 13:54:42 +0000 (13:54 +0000)]
Allow ADS PDC to exist
Jim McDonough [Mon, 12 Aug 2002 13:54:18 +0000 (13:54 +0000)]
Add lib/util_uuid.c to build.
Jim McDonough [Mon, 12 Aug 2002 13:48:19 +0000 (13:48 +0000)]
Code to generate uuids for ADS setups. Uses our random generator but
conforms to standard OSF/DCE uuid format.
Jim McDonough [Mon, 12 Aug 2002 13:41:52 +0000 (13:41 +0000)]
Add lsaqueryinfo2, but keep under "lsaquery" command. It will autoselect
which lsaqueryinfo to do based in infoclass. Currently 12 is the only one
that causes a queryinfo2.
Jim McDonough [Mon, 12 Aug 2002 13:40:59 +0000 (13:40 +0000)]
Add lsa 0x2e (queryinfo2) client side
Shirish Kalele [Mon, 12 Aug 2002 13:35:17 +0000 (13:35 +0000)]
Add RESOLVE_DFSPATH to mkdir operations in HEAD.
Jim McDonough [Mon, 12 Aug 2002 08:26:28 +0000 (08:26 +0000)]
Use samr connect4, then fall back to samr connect if it fails. This is
what 2k does.
Jim McDonough [Mon, 12 Aug 2002 08:25:02 +0000 (08:25 +0000)]
Add client side support for samr connect4 (0x3e). Seems to have one
additional parm compared to samr connect, but I've only seen 0x00000002
in that field...
Tim Potter [Sun, 11 Aug 2002 19:52:47 +0000 (19:52 +0000)]
Updated smbcontrol manpage for new printnotify commands.
Jerry, what's the latest on rebuilding doco from source? I've no idea
whether this actually compiles or not.
Tim Potter [Sun, 11 Aug 2002 19:23:09 +0000 (19:23 +0000)]
Merge some usage info from APPLIANCE_HEAD.
Tim Potter [Sun, 11 Aug 2002 18:19:03 +0000 (18:19 +0000)]
Merge of case fixes from APPLIANCE_HEAD.
Jelmer Vernooij [Sun, 11 Aug 2002 08:15:49 +0000 (08:15 +0000)]
Add indent argument to put function name and type on same line -
for satisfying the autoprototyper and abartlet
Jelmer Vernooij [Sun, 11 Aug 2002 08:06:14 +0000 (08:06 +0000)]
Update CodingSuggestions to include 'indent' arguments for the samba coding
style
Andrew Bartlett [Sun, 11 Aug 2002 02:30:35 +0000 (02:30 +0000)]
Make 'remote_machine' private to lib/substitute.c, and fix all the user to use
the new accessor functions.
Andrew Bartlett
Andrew Bartlett [Sat, 10 Aug 2002 23:20:04 +0000 (23:20 +0000)]
Fix the %m security bug again - and try to make it harder to reintroduce in
future.
This moves us from fstrcpy() and global variables to 'get' and 'set' functions.
In particular, the 'set' function sainity-checks the input, in the same way as
we always have.
Andrew Bartlett
Jelmer Vernooij [Sat, 10 Aug 2002 20:14:32 +0000 (20:14 +0000)]
Adding pdb_xml and pdb_mysql passdb modules.
Added some consts to pdb_test to follow pdb_methods struct more strictly
Gerald Carter [Thu, 8 Aug 2002 22:17:42 +0000 (22:17 +0000)]
one line merge from APP_HEAD
Gerald Carter [Thu, 8 Aug 2002 22:14:42 +0000 (22:14 +0000)]
delete printer driver fix from APP_HEAD
Gerald Carter [Thu, 8 Aug 2002 20:54:37 +0000 (20:54 +0000)]
printing change notification merge from APPLIANCE_HEAD
Andrew Bartlett [Thu, 8 Aug 2002 06:44:03 +0000 (06:44 +0000)]
Samba dependency hell claim's another victim...
Back out last night's patch to to reduce -l dependencies until we can ensure
that *all* configurations/platforms work...
Andrew Bartlett
Tim Potter [Thu, 8 Aug 2002 04:58:19 +0000 (04:58 +0000)]
Merge ... incomplete rffpcnex testing code from APPLIANCE_HEAD.
Jim McDonough [Wed, 7 Aug 2002 12:17:35 +0000 (12:17 +0000)]
Hmm, had too many objects added last time in the nmbd changes. Don't
need all of them. Hopefully this will fix a few builds.
Andrew Bartlett [Wed, 7 Aug 2002 09:51:59 +0000 (09:51 +0000)]
Patch from Steve Langasek <vorlon@netexpress.net> to split up our -l
dependencies. This benifits packagers (like debian) becouse then our client
code won't have references to 'server only' libraries.
(In particular, it removes the client dependency on CUPS, which was raised in
a debian bug report).
Andrew Bartlett
Andrew Bartlett [Wed, 7 Aug 2002 07:46:01 +0000 (07:46 +0000)]
Add 'const' to the function prototypes to match the recent commit.
Andrew Bartlett [Wed, 7 Aug 2002 07:28:24 +0000 (07:28 +0000)]
Add some more const :-)
This also makes it a easier to see which paramaters are 'in', and which are
'out'.
Andrew Bartlett
Andrew Bartlett [Wed, 7 Aug 2002 07:22:43 +0000 (07:22 +0000)]
Add const to a pile of const to *DOM_SID paramaters.
Andrew Bartlett
Jim McDonough [Tue, 6 Aug 2002 19:52:43 +0000 (19:52 +0000)]
Ooops...forgot to put this in with the new nmbd samlogon response code.
THis should fix the build.
Jim McDonough [Tue, 6 Aug 2002 18:16:28 +0000 (18:16 +0000)]
Add AD version of samlogon replies for getdc. ATM it will only function
if you have an ADS DC.
Jim McDonough [Tue, 6 Aug 2002 18:02:56 +0000 (18:02 +0000)]
Add SAMR 0x3e, which is samr_connect4. Seems to be the same as our
existing connect (which I've been told is really connect2), with one
extra dword. We've only seen 0x00000002 there...
Andrew Bartlett [Tue, 6 Aug 2002 11:48:17 +0000 (11:48 +0000)]
Try to bind with LDAPv3 if possible.
Andrew Bartlett
Andrew Bartlett [Tue, 6 Aug 2002 10:10:54 +0000 (10:10 +0000)]
Back out idra's change (at his request) - the values in the tdb *should* be
upper cased already.
However, if you created your registry tdb in the very early versions of jerry's
patch, you could find that usrmgr doesn't function. Simply delete the
registry.tdb, it will be recreated on startup.
Andrew Bartlett
Andrew Tridgell [Tue, 6 Aug 2002 10:01:38 +0000 (10:01 +0000)]
fixed 'net ads chostpass' for new ads structures
Andrew Tridgell [Tue, 6 Aug 2002 05:11:57 +0000 (05:11 +0000)]
when using netbios lookup methods make sure we try any BDCs even if
we get a response from WINS for a PDC, if the PDC isn't responding.
Andrew Tridgell [Tue, 6 Aug 2002 03:26:58 +0000 (03:26 +0000)]
fixed a memory corruption bug in ads_try_dns()
Tim Potter [Tue, 6 Aug 2002 01:07:07 +0000 (01:07 +0000)]
Compile fix for new cli_lsa_enum_trust_dom() argument list.
Andrew Tridgell [Tue, 6 Aug 2002 00:56:39 +0000 (00:56 +0000)]
fixed a memory corruption bug in the wins code
Andrew Tridgell [Mon, 5 Aug 2002 14:11:50 +0000 (14:11 +0000)]
added 'net rpc testjoin' and 'net ads testjoin' commands
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
Tim Potter [Mon, 5 Aug 2002 06:28:58 +0000 (06:28 +0000)]
Spelling fix.
Andrew Tridgell [Mon, 5 Aug 2002 05:04:13 +0000 (05:04 +0000)]
fixed wbinfo -t for netbiosless domains
Andrew Bartlett [Mon, 5 Aug 2002 03:43:26 +0000 (03:43 +0000)]
I must have missed this when I was adding 'const' to these earlier...
Andrew Bartlett
Andrew Bartlett [Mon, 5 Aug 2002 03:27:04 +0000 (03:27 +0000)]
Try to make this easier to debug - display the username that failed.
Andrew Bartlett
Andrew Tridgell [Mon, 5 Aug 2002 02:47:46 +0000 (02:47 +0000)]
This fixes a number of ADS problems, particularly with netbiosless
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
Simo Sorce [Sun, 4 Aug 2002 15:40:39 +0000 (15:40 +0000)]
passwords where not checked (you cannot check if the same buffer differs from itself).
they where alo not clean after use!
Simo.
Simo Sorce [Sun, 4 Aug 2002 14:25:32 +0000 (14:25 +0000)]
commented out strupper before key check against internal db, it's no good
to check for uppercased strings when we store them not uppercased.
jerry, this fix is needed to make usrmgr.exe work again.
meanwhile we found out that NT_STATUS code may not be appropriate there.
In particular it seem that an NT PDC will send back 02 as error
(ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT)
I think further investigation is need to understand which are aprropriate
return codes here.
Andrew Bartlett [Sun, 4 Aug 2002 01:16:37 +0000 (01:16 +0000)]
Now that I got the function arguments sane, remove the silly (void **) casts
from some of the callers.
Andrew Bartlett
Andrew Tridgell [Sat, 3 Aug 2002 01:55:44 +0000 (01:55 +0000)]
fixed a bug where we were truncating the returned names in a netbios
name status query to 14 bytes, so we could not join a DC who had a
netbios name of 15 bytes in length.
Simo Sorce [Sat, 3 Aug 2002 01:20:42 +0000 (01:20 +0000)]
updates the log level parameter man section
can someone regenerate and commit the other formats?
thanks
Simo Sorce [Sat, 3 Aug 2002 01:11:16 +0000 (01:11 +0000)]
fix log level, set a default, and also copy the value set in smb.conf into parm_struct.ptr
this one also fixes log level not shown in swat
fix swat help system
Jim McDonough [Fri, 2 Aug 2002 17:44:02 +0000 (17:44 +0000)]
Fix length on mailslots. Looks like it should have been 0x17, not decimal 17.
Jelmer Vernooij [Fri, 2 Aug 2002 10:53:40 +0000 (10:53 +0000)]
Escape ampersand(&) to better comply to SGML syntax
Tim Potter [Fri, 2 Aug 2002 07:20:56 +0000 (07:20 +0000)]
Moved rpc client routines from libsmb back to rpc_client where they belong.
Tim Potter [Fri, 2 Aug 2002 05:35:09 +0000 (05:35 +0000)]
Added connect, session_request, session_setup and tconx methods.
Tim Potter [Fri, 2 Aug 2002 05:28:54 +0000 (05:28 +0000)]
Broke out unpacking of a username/password stored in a Python
dictionary into a separate function.
Tim Potter [Fri, 2 Aug 2002 03:57:40 +0000 (03:57 +0000)]
Merge of print notify fixes from APPLIANCE_HEAD.
Tim Potter [Thu, 1 Aug 2002 23:14:48 +0000 (23:14 +0000)]
Fixed compiler warning.
Andrew Tridgell [Thu, 1 Aug 2002 03:38:21 +0000 (03:38 +0000)]
make sure we null terminate plaintext passwords
Gerald Carter [Wed, 31 Jul 2002 14:56:40 +0000 (14:56 +0000)]
merge from SAMBA_2_2
Simo Sorce [Wed, 31 Jul 2002 13:16:14 +0000 (13:16 +0000)]
forgot to change the makefile system, sorry
Andrew Bartlett [Wed, 31 Jul 2002 12:53:56 +0000 (12:53 +0000)]
Add the current working document on the interface to the tree that we have
*somthing* in the directory. (Stops cvs update -P eating it).
This is the combined effort of many from #samba-technical, kai, metze,
ctrlsoft, idra and abartlet in particular. It will no doubt change :-)
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 12:17:32 +0000 (12:17 +0000)]
Let everybody enjoy my new toy - make it the default!
Authenticaions will now attempt to use winbind, and only fall back to
'ntdomain' (the old security=domain) code if that fails (for any reason,
including wrong password).
I'll fix up the authenticaion code to better handle the different types of
failures in the near future.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 12:05:30 +0000 (12:05 +0000)]
Winbind updates!
This updates the 'winbind' authentication module and winbind's 'PAM' (actually
netlogon) code to allow smbd to cache connections to the DC.
This is particulary relevent when we need mutex locks already - there is no
parallelism to be gained anyway.
The winbind code authenticates the user, and if successful, passes back the
'info3' struct describing the user. smbd then interprets that in exactly the
same way as an 'ntdomain' logon.
Also, add parinoia to winbind about null termination.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 11:57:56 +0000 (11:57 +0000)]
Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, nor
longer than the buffer they claim to be in.
Many thanks to tridge for explaining the macros.
Andrew Bartlett
Andrew Tridgell [Wed, 31 Jul 2002 10:47:26 +0000 (10:47 +0000)]
fixed the length checking for plaintext passwords (thanks to andrewb
for spotting this)
Andrew Bartlett [Wed, 31 Jul 2002 10:12:52 +0000 (10:12 +0000)]
Don't accidenity mess with the wrong domain's sids.
Andrew Bartlett [Wed, 31 Jul 2002 10:11:03 +0000 (10:11 +0000)]
fix debug, at idra's suggestion.
Andrew Bartlett
Andrew Bartlett [Wed, 31 Jul 2002 10:07:35 +0000 (10:07 +0000)]
Only allow 'security=ads' when we HAVE_ADS.
Andrew Bartlett
Andrew Tridgell [Wed, 31 Jul 2002 09:36:05 +0000 (09:36 +0000)]
support netbiosless search for the DC using ADS in the winbindd AUTH
code.
Andrew Tridgell [Wed, 31 Jul 2002 09:34:00 +0000 (09:34 +0000)]
fixed multi-line strings for portability
Andrew Tridgell [Wed, 31 Jul 2002 09:32:45 +0000 (09:32 +0000)]
make sure we zero the unusued elements in a SID when parsing
Andrew Tridgell [Wed, 31 Jul 2002 05:41:51 +0000 (05:41 +0000)]
added 'disable netbios = yes/no' option, default is no
When this option is disabled we should not do *any* netbios
operations. You should also not start nmbd at all. I have put initial
checks in at the major points we do netbios operations in smbd but
there are bound to be more needed. Right now I've disabled all netbios
name queries, all WINS lookups and node status queries in smbd and
winbindd.
I've been testing this option and the most noticable thing is how much
more responsive things are! wthout those damn netbios timeouts things
certainly are much slicker.