11 years agoFix possible uninitialized variable use.
Jeremy Allison [Thu, 28 Feb 2008 10:41:01 +0000 (02:41 -0800)]
Fix possible uninitialized variable use.

11 years agoFix from Guenter Kukkukk <> to fix listing against
Jeremy Allison [Thu, 28 Feb 2008 10:26:16 +0000 (02:26 -0800)]
Fix from Guenter Kukkukk <> to fix listing against
OS/2 servers. OS/2 returns eclass == ERRDOS && ecode == ERRnofiles
for a zero entry directory listing.

11 years agoClosed memory leak on error path.
Steven Danneman [Wed, 27 Feb 2008 04:33:30 +0000 (20:33 -0800)]
Closed memory leak on error path.

11 years agoAdd variable to define if a share should be hidden.
Andreas Schneider [Fri, 22 Feb 2008 16:06:24 +0000 (17:06 +0100)]
Add variable to define if a share should be hidden.

If you create a share on a Windows machine called foo$ then this share is
of the type STYPE_DISKTREE. So it is possible to administrate this kind of
share. Tested on Windows NT and 2003.

In samba we assume that if a share with a $ at the end must be of the type
STYPE_DISKTREE_HIDDEN. This is wrong, so we need a variable in the config
to define if the share should be hidden or not.

11 years agoCorrectly check return of rename(2)
Volker Lendecke [Mon, 25 Feb 2008 12:00:24 +0000 (13:00 +0100)]
Correctly check return of rename(2)

Bug 5279 -- Thanks to Max Matveev

11 years agoFix inotify detection
Volker Lendecke [Mon, 25 Feb 2008 11:52:55 +0000 (12:52 +0100)]
Fix inotify detection

Bug 5271 -- thanks to Tiziano Müller

11 years agoFix confusing error message -- bug 5252
Volker Lendecke [Mon, 25 Feb 2008 08:51:33 +0000 (09:51 +0100)]
Fix confusing error message -- bug 5252

Thanks to Walter Franzini

11 years agoFix typo.
Karolin Seeger [Fri, 8 Feb 2008 12:48:23 +0000 (13:48 +0100)]
Fix typo.


11 years agoChange ldap search filter. This function is also used to search machine accounts...
Karolin Seeger [Tue, 19 Feb 2008 10:36:35 +0000 (11:36 +0100)]
Change ldap search filter. This function is also used to search machine accounts which may be located in a different ou.


11 years agoEnsure we call nt_status_squash() on returns. Smnall whitespace cleanup.
Jeremy Allison [Fri, 15 Feb 2008 01:43:34 +0000 (17:43 -0800)]
Ensure we call nt_status_squash() on returns. Smnall whitespace cleanup.

11 years agoEnsure we call auth_ntlmssp_end in invalidate_vuid and invalidate_partical_vuid.
Jeremy Allison [Fri, 15 Feb 2008 01:42:03 +0000 (17:42 -0800)]
Ensure we call auth_ntlmssp_end in invalidate_vuid and invalidate_partical_vuid.

11 years agoAllow a *NULL to be passed to auth_ntlmssp_end().
Jeremy Allison [Fri, 15 Feb 2008 01:41:06 +0000 (17:41 -0800)]
Allow a *NULL to be passed to auth_ntlmssp_end().

11 years agoRevert "mount.cifs: fix several problems when mounting subdirectories of shares"
Simo Sorce [Thu, 14 Feb 2008 16:53:59 +0000 (11:53 -0500)]
Revert "mount.cifs: fix several problems when mounting subdirectories of shares"

This reverts commit e8f569735e2c0523efa175ca44dd919f838ae49e.

We found that this patch does not play well with currently released cifs.ko
code, so after discussions with Jeff Layton and Steve french we decided it
is best to back it off and re-think a better approach. Jeff will send new
patches later, but for now it is better to just revert to the previous code

11 years agoFix obscure bug where if client sends us the krb5 part
Jeremy Allison [Thu, 14 Feb 2008 03:21:12 +0000 (19:21 -0800)]
Fix obscure bug where if client sends us the krb5 part
of a SPNEGO packet we could drop into the NTLMSSP
part of the processing. This fix only for 3.0.28a,
I have a proper SPNEGO negotiate fix for 3.2.

11 years agoBack-port from vl.
Jeremy Allison [Mon, 11 Feb 2008 17:53:31 +0000 (09:53 -0800)]
Back-port from vl.

Author: Volker Lendecke <>
Date:   Mon Feb 11 18:36:06 2008 +0100

    Add a missing return

    If I'm not completely blind, we should return here. Not doing it here seems not
    to be a major flaw, as far as I can see we're only missing the error code. This
    might account for some of the very unhelpful NT_STATUS_UNSUCCESSFUL error
    messages people see during joins.

    All with stake in Samba client, please check!

11 years agoFix bug #5247 "Wildcard expansion in mget is broken"
Jeremy Allison [Sat, 9 Feb 2008 00:05:08 +0000 (16:05 -0800)]
Fix bug #5247 "Wildcard expansion in mget is broken"
by making cur_dir an invarient ending in '\\' or '/'.
Will forward-port to 3.2 as the code is different here.

11 years agoAdd configure check for LBER_LOG_PRINT_FN - to intercept ldap debug.
Michael Adam [Wed, 6 Feb 2008 17:16:03 +0000 (18:16 +0100)]
Add configure check for LBER_LOG_PRINT_FN - to intercept ldap debug.

Use the resulting HAVE_LBER_LOG_PRINT_FN to determine whether we can
use it in init_ldap_debugging to intercept LDAP debug output and print
it out in the samba logs (controlled with "ldap debug level").


11 years agoAdd support for LDAP debug output in Samba log file.
Michael Adam [Mon, 28 Jan 2008 13:47:01 +0000 (14:47 +0100)]
Add support for LDAP debug output in Samba log file.

Logging of the ldap libraries appears with a [LDAP] prefix
inside the samba logs. This is controlled by two new parameters:

* "ldap debug level" sets the debug level of the ldap libraries.
  It is the bit-field as understood by the openldap server.

* "ldap debug threshold" is the samba debug level at which ldap
  logging appears inside the samba logs.

This probably needs some configure tests since it makes
use of the LBER_OPT_LOG_PRINT_FN option to redirect the
debug output of the ldap libraries.


11 years agoMove libads/util.o into the standard ADS list
Jeremy Allison [Wed, 6 Feb 2008 23:24:01 +0000 (15:24 -0800)]
Move libads/util.o into the standard ADS list
from the server list.

11 years agoBack-ported fix from 3.2 (mainly from Bo Yang <>)
Jeremy Allison [Wed, 6 Feb 2008 01:06:25 +0000 (17:06 -0800)]
Back-ported fix from 3.2 (mainly from Bo Yang <>)
to fix bad private_data pointer in winbindd_lookupname_async().

11 years agoFix two memleaks
Volker Lendecke [Sun, 3 Feb 2008 10:18:02 +0000 (11:18 +0100)]
Fix two memleaks

Thanks to Andreas Schneider <> for nagging :-)

11 years agoEnsure that convert_string_allocate() allocates 2 extra
Jeremy Allison [Fri, 1 Feb 2008 22:54:19 +0000 (14:54 -0800)]
Ensure that convert_string_allocate() allocates 2 extra
bytes and null terminates them to ensure NDR wire-reads
of string types are always null terminated. Bug found by
Volker after great pain :-).

11 years agouse correct path for ignored file
Herb Lewis [Fri, 1 Feb 2008 20:47:01 +0000 (12:47 -0800)]
use correct path for ignored file

11 years agoFix winbindd running on a Samba DC,
Simo Sorce [Fri, 1 Feb 2008 18:50:04 +0000 (13:50 -0500)]
Fix winbindd running on a Samba DC,
This patch make sure we do not try to contact smbd in the main dameon
to avoid deadlocks.
All the operations that require connecting to smbd are performed in
the domain child anyway.

11 years agoEnable v3-0-test to successfully join a windows 2008 domain controller.
Günther Deschner [Thu, 31 Jan 2008 12:05:36 +0000 (13:05 +0100)]
Enable v3-0-test to successfully join a windows 2008 domain controller.

This is hand-merged from a couple of commits from 3-2-test, cherry-picking was
hardly possible without importing all the ldap sign/seal work from metze.


11 years agoRestrict the enctypes in the generated krb5.conf files to Win2003 types.
Gerald W. Carter [Mon, 28 Jan 2008 17:32:09 +0000 (11:32 -0600)]
Restrict the enctypes in the generated krb5.conf files to Win2003 types.

This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain.  We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.

11 years agor24771: Use infolevel 25 to set the machine account's password (just like winxp).
Rafal Szczesniak [Wed, 29 Aug 2007 11:02:04 +0000 (11:02 +0000)]
r24771: Use infolevel 25 to set the machine account's password (just like winxp).
This correctly updates pwdLastSet field on win2k3 server.


11 years agoFix build warning.
Günther Deschner [Tue, 29 Jan 2008 22:53:49 +0000 (23:53 +0100)]
Fix build warning.


11 years agoidmap: Fix an incompatible pointer type warning.
Kai Blin [Mon, 28 Jan 2008 15:52:37 +0000 (16:52 +0100)]
idmap: Fix an incompatible pointer type warning.

Thanks to Simo for pointing me at the easier solution

11 years agoPort SMB_FS_OBJECTID_INFORMATION from 3.2
Volker Lendecke [Sat, 26 Jan 2008 20:35:01 +0000 (21:35 +0100)]

Patch by Corinna Vinschen -- Thanks

11 years agoFix the same bug with user -> user_obj.
Jeremy Allison [Fri, 25 Jan 2008 02:22:41 +0000 (18:22 -0800)]
Fix the same bug with user -> user_obj.

11 years agoBack port : Correctly set flags in ACE's inherited from parent.
Jeremy Allison [Fri, 25 Jan 2008 02:17:59 +0000 (18:17 -0800)]
Back port : Correctly set flags in ACE's inherited from parent.

11 years agoFix a really subtle old, old bug :-). When canonicalizing the
Jeremy Allison [Fri, 25 Jan 2008 02:13:20 +0000 (18:13 -0800)]
Fix a really subtle old, old bug :-). When canonicalizing the
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.

11 years agoMake explicit in debug we're ignoring flags from the parent SD.
Jeremy Allison [Fri, 25 Jan 2008 00:18:50 +0000 (16:18 -0800)]
Make explicit in debug we're ignoring flags from the parent SD.

11 years agoAdd debug messages to trace this if needed.
Jeremy Allison [Thu, 24 Jan 2008 21:29:00 +0000 (13:29 -0800)]
Add debug messages to trace this if needed.

11 years agoThe checks for OI and CI were just wrong.... Fix them. Thanks to
Jeremy Allison [Thu, 24 Jan 2008 21:27:51 +0000 (13:27 -0800)]
The checks for OI and CI were just wrong.... Fix them. Thanks to
Jim for testing this.

11 years agoFirst part of fix for bug #4929 - worked out by jmcd.
Jeremy Allison [Thu, 24 Jan 2008 21:27:26 +0000 (13:27 -0800)]
First part of fix for bug #4929 - worked out by jmcd.
Cope with protected ACL set correctly.

11 years agoMissed one flags change.
Jeremy Allison [Thu, 24 Jan 2008 00:27:30 +0000 (16:27 -0800)]
Missed one flags change.

11 years agoAdded :
Jeremy Allison [Wed, 23 Jan 2008 23:24:57 +0000 (15:24 -0800)]
Added :

Author: Jeremy Allison <>
Date:   Wed Jan 23 15:23:16 2008 -0800

    Don't leak memory in error path.

Author: Jeremy Allison <>
Date:   Wed Jan 23 15:00:40 2008 -0800

    Use strchr_m in seaching for '.' in the hostname to make sure we're mb safe.

Author: Andreas Schneider <>
Date:   Thu Jan 17 11:35:40 2008 +0100

    Fix Windows 2008 (Longhorn) join.

    During 'net ads join' the cli->desthost is a hostname (e.g. Check if we have a hostname and use only the
    first part, the machine name, of the string.

Author: Andreas Schneider <>
Date:   Thu Jan 17 10:11:11 2008 +0100

    Windows 2008 (Longhorn) auth2 flag fixes.

    Interop fixes for AD specific flags. Original patch from Todd Stetcher.

11 years agoVersion of Matt Geddes <>
Jeremy Allison [Wed, 23 Jan 2008 21:55:13 +0000 (13:55 -0800)]
Version of Matt Geddes <>
patch for adding acct_flags to rpccli_samr_create_dom_user().
Jerry please test.

11 years agoFix get_trust_creds() to return always an upper-cased krb5 principal (this
Günther Deschner [Wed, 23 Jan 2008 11:03:51 +0000 (12:03 +0100)]
Fix get_trust_creds() to return always an upper-cased krb5 principal (this
fixes winbind krb5 session at least with heimdal).


11 years agoCopy the 3.2 version of string_replace to 3.0
Volker Lendecke [Tue, 22 Jan 2008 10:54:31 +0000 (11:54 +0100)]
Copy the 3.2 version of string_replace to 3.0

There are several callers in 3.0 that don't give a pstring to string_replace,
thus it will end up in segfaults like the one reported by Sergio Pires
<> on The 3.2 version of string_replace
does not have the pstring assumption anymore.

Jeremy, Jerry, please check!



11 years agoFix build warning.
Günther Deschner [Mon, 21 Jan 2008 15:33:40 +0000 (16:33 +0100)]
Fix build warning.


11 years agoActually test vl's new code and make it work to fix the build farm :-).
Jeremy Allison [Sat, 19 Jan 2008 02:39:29 +0000 (18:39 -0800)]
Actually test vl's new code and make it work to fix the build farm :-).

11 years agoBack port vl's fix for nlink counts.
Jeremy Allison [Sat, 19 Jan 2008 01:57:31 +0000 (17:57 -0800)]
Back port vl's fix for nlink counts.

11 years agoFix two uninitialized variables in vfs_hpuxacl.c
Volker Lendecke [Thu, 17 Jan 2008 16:17:52 +0000 (17:17 +0100)]
Fix two uninitialized variables in vfs_hpuxacl.c

Thanks to David Leonard <>, this fixes bug 5208.


11 years agolibsmb: Do not upper-case target name on NTLMv2 hash generation
Kai Blin [Tue, 15 Jan 2008 18:28:23 +0000 (19:28 +0100)]
libsmb: Do not upper-case target name on NTLMv2 hash generation

This makes our NTLMv2 hash generation compatible to the Davenport example
and fixes a bug when ntlm_auth is called with a non-upper-case --domain
parameter and client ntlmv2 auth = yes

Jerry, please consider for 3.0.28a

11 years agoFix bug #5171 (perl syntax error) found by Jason Filley <>.
Michael Adam [Mon, 14 Jan 2008 14:45:46 +0000 (15:45 +0100)]
Fix bug #5171 (perl syntax error) found by Jason Filley <>.


11 years agoEnable building the notify_fam module.
Michael Adam [Wed, 9 Jan 2008 23:47:10 +0000 (00:47 +0100)]
Enable building the notify_fam module.

Found by Timur I. Bakeyev <>.


11 years agoCorrect comment. Default debug level of smbclient is 1, not 0.
Karolin Seeger [Tue, 8 Jan 2008 18:21:26 +0000 (19:21 +0100)]
Correct comment. Default debug level of smbclient is 1, not 0.

11 years agoensure uni_name.buffer is initialised
Volker Lendecke [Wed, 9 Jan 2008 06:59:12 +0000 (07:59 +0100)]
ensure uni_name.buffer is initialised

merge from

11 years agoFix coverity resource leak on error.
Jeremy Allison [Wed, 9 Jan 2008 02:47:29 +0000 (18:47 -0800)]
Fix coverity resource leak on error.

11 years agoFix resource leak on error found by coverity.
Jeremy Allison [Wed, 9 Jan 2008 02:43:48 +0000 (18:43 -0800)]
Fix resource leak on error found by coverity.

11 years agoMerge branch 'v3-0-test' of ssh:// into v3-0-test
Jeremy Allison [Wed, 9 Jan 2008 01:59:46 +0000 (17:59 -0800)]
Merge branch 'v3-0-test' of ssh:// into v3-0-test

11 years agoAdd missing quote. Fix bug 5172. Thanks to Jason Filley <> for...
Karolin Seeger [Tue, 8 Jan 2008 11:23:25 +0000 (12:23 +0100)]
Add missing quote. Fix bug 5172. Thanks to Jason Filley <> for reporting!


11 years agoUsing a bool with a logical operation. IBM checker caught.
Jeremy Allison [Sat, 5 Jan 2008 07:18:42 +0000 (23:18 -0800)]
Using a bool with a logical operation. IBM checker caught.

11 years agoMerge branch 'v3-0-test' of ssh:// into v3-0-test
Jeremy Allison [Sat, 5 Jan 2008 01:15:50 +0000 (17:15 -0800)]
Merge branch 'v3-0-test' of ssh:// into v3-0-test

11 years agoAdd missing patch to allow smbcacls to do krb5 auth, bug #5175
Jeremy Allison [Sat, 5 Jan 2008 01:15:06 +0000 (17:15 -0800)]
Add missing patch to allow smbcacls to do krb5 auth, bug #5175
from Tom Maher <>.

11 years agoRevert "no-atime-on-mtime"
Stefan Metzmacher [Thu, 3 Jan 2008 19:55:42 +0000 (20:55 +0100)]
Revert "no-atime-on-mtime"

This reverts commit 54adb86890eb22b6bcf0bc1163662c3f9c075777.

Sorry I didn't want to push that...


11 years agoHappy new year !
Günther Deschner [Wed, 2 Jan 2008 11:55:53 +0000 (12:55 +0100)]
Happy new year !

(cherry picked from commit 9a58cd57953d6aead14789daa47a3badef19496d)

11 years agoMerge remote branch 'origin/v3-0-test' of /home/People/metze/devel/samba/samba-bare...
Stefan Metzmacher [Thu, 3 Jan 2008 19:49:06 +0000 (20:49 +0100)]
Merge remote branch 'origin/v3-0-test' of /home/People/metze/devel/samba/samba-bare into v3-0-test

11 years agoFix for bug #5163 from Laurent Pinchart <>
Jeremy Allison [Thu, 3 Jan 2008 02:20:25 +0000 (18:20 -0800)]
Fix for bug #5163 from Laurent Pinchart <>
Failure to change password in ldap is mapped to NT_STATUS_UNSUCCESSFUL unconditionally.

11 years agoAttempt to fix bug #3617. Mix of patches from Volker and
Jeremy Allison [Wed, 2 Jan 2008 19:57:37 +0000 (11:57 -0800)]
Attempt to fix bug #3617. Mix of patches from Volker and
myself. Use standard dlinklist macros.

11 years agoMake send_getdc_request match 3.2.x codebase.
Jeremy Allison [Sat, 29 Dec 2007 22:48:20 +0000 (14:48 -0800)]
Make send_getdc_request match 3.2.x codebase.

11 years agoPort 2135dfe91bf1ae114a18c15286b535662200677d from 3.2.
Jeremy Allison [Fri, 28 Dec 2007 23:38:42 +0000 (15:38 -0800)]
Port 2135dfe91bf1ae114a18c15286b535662200677d from 3.2.
From Volker :

    Fix setting the initial permission bits

    This fixes a make test failure on Solaris. When creating a new file,
    file_set_dosmode() called from open_file_ntcreate calculates a new permission
    mask, very likely different from what had been calculated in
    open_file_ntcreate. Further down we overwrote the newly calculated value with
    SMB_FCHMOD_ACL, ignoring what file_set_dosmode had calculated.

    Why did Linux not see this? fchmod_acl on a newly created file without acls
    would not retrieve an acl at all, whereas under Solaris acl(2) returns
    something even for files with just posix permissions returns something.

    Jeremy, given that we have very similar code in 3.0.28 this might also explain
    some of the bug reports that people have concerning ACLs on new files.


    P.S: This one took a while to find...

11 years agofix dump printout when byte >= 0x80
Herb Lewis [Thu, 20 Dec 2007 23:55:44 +0000 (15:55 -0800)]
fix dump printout when byte >= 0x80

11 years agoOnly retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD is set.
Michael Adam [Wed, 19 Dec 2007 17:18:30 +0000 (18:18 +0100)]
Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD is set.

This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b)
which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbffffb) for
reasons that are unclear to me. Maybe I am being too naive.

Now we do again only retrieve the password policy when called from
the pam_winbind module. This fixes logons delegated to AD trusted
domain controllers: We need to connect to the sam to retrieve the
password policy. But auhtenticated session setup is not possible
when contacting the trusted domain dc and afterwards, SamrConnect
also fails with whatever credentials and method used.


11 years agoFix a debug message: add missing space.
Michael Adam [Tue, 18 Dec 2007 06:58:38 +0000 (07:58 +0100)]
Fix a debug message: add missing space.


11 years agoFix logic error in cm_connect_sam().
Michael Adam [Tue, 18 Dec 2007 00:55:32 +0000 (01:55 +0100)]
Fix logic error in cm_connect_sam().

Don't fall back to schannel when trust creds could be obtained.
This is still not complete, but I am getting closer.


11 years agoFix another segfault.
Michael Adam [Tue, 18 Dec 2007 00:32:02 +0000 (01:32 +0100)]
Fix another segfault.


11 years agoFix a segv in winbindd caused by trying to free an fstring. Make a copy of the machin...
Gerald (Jerry) Carter [Mon, 17 Dec 2007 23:33:48 +0000 (17:33 -0600)]
Fix a segv in winbindd caused by trying to free an fstring. Make a copy of the machine_password and machine_account strings in all conditional paths so that SAFE_FREE() will always be valid.

11 years agoMake cm_connect_sam() try harder to connect autheticated.
Michael Adam [Mon, 17 Dec 2007 22:26:48 +0000 (23:26 +0100)]
Make cm_connect_sam() try harder to connect autheticated.

Even if the session setup was anonymous, try and collect
trust creds with get_trust_creds() and use these before
falling back to schannel.

This is the first attempt to fix interdomain trusts.
(get password policy and stuff)


11 years agoRefactor out assembling of trust creds (pw, account name, principal).
Michael Adam [Mon, 17 Dec 2007 22:24:36 +0000 (23:24 +0100)]
Refactor out assembling of trust creds (pw, account name, principal).


11 years agoStreamline and fix logic of cm_prepare_connection().
Michael Adam [Mon, 17 Dec 2007 22:22:28 +0000 (23:22 +0100)]
Streamline and fix logic of cm_prepare_connection().

Do not attempt to do a session setup when in a trusted domain

Use get_trust_pw_clear to get machine trust account.
Only call this when the results is really used.
Use the proper domain and account name for session setup.


11 years agoRefactor out get_schannel_session_key logic.
Michael Adam [Mon, 17 Dec 2007 22:11:31 +0000 (23:11 +0100)]
Refactor out get_schannel_session_key logic.

Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)


11 years agoPass NULL instead of unneeded &sid: secrets_fetch_trusted_domain_password() checks.
Michael Adam [Mon, 17 Dec 2007 21:37:29 +0000 (22:37 +0100)]
Pass NULL instead of unneeded &sid: secrets_fetch_trusted_domain_password() checks.


11 years agoRename get_trust_pw() to get_trust_pw_hash().
Michael Adam [Mon, 17 Dec 2007 21:29:54 +0000 (22:29 +0100)]
Rename get_trust_pw() to get_trust_pw_hash().


11 years agoExport logic of get_trust_pw() to new function get_trust_pw_clear().
Michael Adam [Mon, 17 Dec 2007 21:26:52 +0000 (22:26 +0100)]
Export logic of get_trust_pw() to new function get_trust_pw_clear().

get_trust_pw() just now computes the md4 hash of the result of
get_trust_pw_clear() if that was successful. As a last resort,
in the non-trusted-domain-situation, get_trust_pw() now tries to
directly obtain the hashed version of the password out of secrets.tdb.


11 years agoRefactor the lagacy part of secrets_fetch_trust_account_password() out
Michael Adam [Mon, 17 Dec 2007 16:49:13 +0000 (17:49 +0100)]
Refactor the lagacy part of secrets_fetch_trust_account_password() out

into a new function secrets_fetch_trust_account_password_legacy() that
does only try to obtain the hashed version of the machine password directly
from secrets.tdb.


11 years agoLet get_trust_pw() determine the machine_account_name to use.
Michael Adam [Mon, 17 Dec 2007 16:42:05 +0000 (17:42 +0100)]
Let get_trust_pw() determine the machine_account_name to use.

Up to now each caller used its own logic.

This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation

I hope I have not missed an important point here!


11 years agoRemove silly amounts of trailing white spaces.
Michael Adam [Mon, 17 Dec 2007 16:38:06 +0000 (17:38 +0100)]
Remove silly amounts of trailing white spaces.


11 years agoStreamline logic in cm_connect_netlogon()
Michael Adam [Tue, 11 Dec 2007 11:47:28 +0000 (12:47 +0100)]
Streamline logic in cm_connect_netlogon()

by retrieving trust password only, when it will be used.


11 years agor25086: Fix interdomain trusts (this povides the fix expected in r22709):
Michael Adam [Tue, 11 Sep 2007 16:15:36 +0000 (16:15 +0000)]
r25086: Fix interdomain trusts (this povides the fix expected in r22709):

Fix winbindd on a Samba DC talking to a trusted domain DC by
making it use the trusted domain password...


I hope this does not brake any other setup.

11 years agor22709: we can only use tschannel when commectcing to our primary (might need some...
Gerald Carter [Sun, 6 May 2007 19:48:13 +0000 (19:48 +0000)]
r22709: we can only use tschannel when commectcing to our primary (might need some fixing here for a Samba DC)

11 years agoIn cm_prepare_connection(), only get auth user creds if we need to.
Michael Adam [Tue, 11 Dec 2007 07:52:20 +0000 (08:52 +0100)]
In cm_prepare_connection(), only get auth user creds if we need to.


11 years agoRemove two unneeded functions.
Michael Adam [Mon, 17 Dec 2007 14:19:38 +0000 (15:19 +0100)]
Remove two unneeded functions.

secrets_store_trust_account_password() and trust_password_delete()
are the write access functions to the SECRETS/$MACHINE.ACC/domain keys
in secrets.tdb, the md4 hashed machine passwords. These are not used
any more: Current code always writes the clear text password.


11 years agopacket_struct is used in several places as raw memory
Volker Lendecke [Wed, 19 Dec 2007 16:05:26 +0000 (17:05 +0100)]
packet_struct is used in several places as raw memory

-> Fix more uninitialized variable warnings

11 years agoSome paranoia checks
Volker Lendecke [Wed, 19 Dec 2007 15:48:18 +0000 (16:48 +0100)]
Some paranoia checks

11 years agoZero the tdb key, there might be padding
Volker Lendecke [Wed, 19 Dec 2007 15:48:04 +0000 (16:48 +0100)]
Zero the tdb key, there might be padding

This leads to uninitialized variable warnings if nmbd is run under valgrind.

11 years agoEnsure we can't pass -1 to smb_fn_name(). Fixes bug #4612.
Jeremy Allison [Wed, 19 Dec 2007 02:08:18 +0000 (18:08 -0800)]
Ensure we can't pass -1 to smb_fn_name(). Fixes bug #4612.
This is not used in 3.2 code.

11 years agoFix socket_wrapper build for 3.0.x.
Jeremy Allison [Mon, 17 Dec 2007 23:09:59 +0000 (15:09 -0800)]
Fix socket_wrapper build for 3.0.x.

11 years agoWhile 'data' is usually 0 terminated, nothing in the spec requires that.
Simo Sorce [Mon, 17 Dec 2007 20:21:38 +0000 (15:21 -0500)]
While 'data' is usually 0 terminated, nothing in the spec requires that.
The correct way is to copy only 'length' bytes.


11 years agoFix bug #5121 (unix passwd sync bnot working on a streams based
Jeremy Allison [Mon, 17 Dec 2007 18:44:01 +0000 (10:44 -0800)]
Fix bug #5121 (unix passwd sync bnot working on a streams based

11 years agoResolve conflict of merging in J.Layton patch
Simo Sorce [Mon, 17 Dec 2007 14:40:10 +0000 (09:40 -0500)]
Resolve conflict of merging in J.Layton patch

Merge branch 'v3-0-test' of ssh:// into v3-0-simo



11 years agomount.cifs: fix several problems when mounting subdirectories of shares
Jeff Layton [Tue, 13 Nov 2007 14:04:33 +0000 (09:04 -0500)]
mount.cifs: fix several problems when mounting subdirectories of shares

This is essentially the same patch as I posted yesterday. The only
difference is that I added the replace_char helper function and now
have the code call it instead of doing the conversion internally.



CIFS has a few problems when mounting subdirectories of shares:

a) mount.cifs assumes that the prefixpath will always begin with a
forward slash. If it begins with a backslash, then it fails to parse out
the prefixpath and leaves it appended to the sharename. This causes the
mount to fail.

b) if the prefixpath uses '/' as a delimiter, it doesn't convert that to
a "native" prefixpath ('\\' delimiter). The kernel will blindly stuff
this prefix into the beginning of a path when it builds one from a dentry,
and this confuses windows servers (samba doesn't seem to care).

c) When you mount a subdir of a share, mount.cifs munges the device string
so that you can't tell what the prefixpath is. So if I mount:


..then /proc/mounts and mtab will show only:


d) If the client has to retry the mount with an uppercase sharename, it
doesn't also uppercase the prefixpath (not sure if that's a real issue,
but it seems inconsistent).

The following patch fixes all of these problems. It separates the
"share_name" from the "device_name", and passes the share_name as the
unc= string, and the device_name as the first arg to mount(), and to

It also changes mount.cifs to use '\\' exclusively as a delimiter for
the unc= and prefixpath= options, and to use '/' exclusively as a
delimiter in the device string (seemingly necessary since the kernel
doesn't deal well with backslashes in the device string).

Signed-off-by: Jeff Layton <>
11 years agoFix flags in all callers of lookup_name() in net_sam.c.
Michael Adam [Mon, 17 Dec 2007 11:15:21 +0000 (12:15 +0100)]
Fix flags in all callers of lookup_name() in net_sam.c.


11 years agoFix flags in call of lookup_name() in srv_samr_nt.c:can_create().
Michael Adam [Mon, 17 Dec 2007 11:14:28 +0000 (12:14 +0100)]
Fix flags in call of lookup_name() in srv_samr_nt.c:can_create().



11 years agoFix flags in call of lookup_name() in pdb_default_create_alias().
Michael Adam [Mon, 17 Dec 2007 11:14:01 +0000 (12:14 +0100)]
Fix flags in call of lookup_name() in pdb_default_create_alias().



11 years agoAdd combined flag LOOKUP_NAME_LOCAL.
Michael Adam [Mon, 17 Dec 2007 11:11:41 +0000 (12:11 +0100)]
Add combined flag LOOKUP_NAME_LOCAL.

Presence of LOOKUP_NAME_ISOLATED as the only flag is not the sign
for doing local lookups only but the sign for allowing lookups
of unqualified names. The correct sign is absence of the flag


11 years agoFix flags in caller of lookup_name() in create_builtin_administrators().
Michael Adam [Mon, 17 Dec 2007 11:10:46 +0000 (12:10 +0100)]
Fix flags in caller of lookup_name() in create_builtin_administrators().