Volker Lendecke [Mon, 11 Aug 2003 17:42:17 +0000 (17:42 +0000)]
Fix typos.
Volker
Alexander Bokovoy [Mon, 11 Aug 2003 08:05:59 +0000 (08:05 +0000)]
Mention security=ads in introductory paragraph too
Gerald Carter [Mon, 11 Aug 2003 07:05:23 +0000 (07:05 +0000)]
fix bug #281 by surrounding pdb_getgrgid() with become/unbecome_root()
Gerald Carter [Mon, 11 Aug 2003 06:36:30 +0000 (06:36 +0000)]
adding '.' special name to --domain to mean our domain
Gerald Carter [Mon, 11 Aug 2003 06:30:22 +0000 (06:30 +0000)]
adding missing options (mine) to wbinfo
Jelmer Vernooij [Mon, 11 Aug 2003 01:41:56 +0000 (01:41 +0000)]
Update upgrading docs
Jelmer Vernooij [Mon, 11 Aug 2003 00:31:28 +0000 (00:31 +0000)]
Improve MySQL library detection, add support for MySQL 4
Gerald Carter [Sun, 10 Aug 2003 22:11:26 +0000 (22:11 +0000)]
not used
Gerald Carter [Sun, 10 Aug 2003 22:01:11 +0000 (22:01 +0000)]
add --domain=DOMAINNAME to wbinfo
Add support for geting the sequence number, list of users, and list
of groups for a specific domain (assuming on reported back by
wbinfo -m)
wbinfo -u --domain=DOA
Volker Lendecke [Sun, 10 Aug 2003 21:43:28 +0000 (21:43 +0000)]
We get the server and workgroup list only over port 139. Fall back to that
and if NetBIOS over TCP/IP is disabled, give an error message.
Fixes Bug #284
Volker
Jelmer Vernooij [Sun, 10 Aug 2003 20:41:27 +0000 (20:41 +0000)]
Fix style
Volker Lendecke [Sun, 10 Aug 2003 20:18:05 +0000 (20:18 +0000)]
Store the server domain from the ntlmssp challenge in the client struct
to be able to ask a LMB for the servers in its workgroup. Against
W2k this only works on port 139....
Volker
Gerald Carter [Sun, 10 Aug 2003 06:45:04 +0000 (06:45 +0000)]
fix MS-DFS (my bug) stupid return code error that cose me more time
that I would like to admit.
Gerald Carter [Sat, 9 Aug 2003 23:12:35 +0000 (23:12 +0000)]
fix for BUG #267 (problem with supplementary groups).
Use winbindd to get the group list if possible since we already
know it from netsamlogon_cache.tdb. More effecient than letting
libc call getgrent() to get seconary groups.
Tested by Ken Cross.
Gerald Carter [Sat, 9 Aug 2003 23:01:35 +0000 (23:01 +0000)]
updating smb.conf manpage to reflect changes in ./configure options
Gerald Carter [Fri, 8 Aug 2003 23:53:13 +0000 (23:53 +0000)]
fix 2 bugs:
1) don't ask trusted DC's for a list of trusted domains. This causes
us to treat non-transitive ones as if they were transitive. Not
needed anyways
2) Fix dc lookup bug where we would always try to use DNS to resolve
the DC's for a domain (even if it was a trusted NT4 domain).
Jeremy Allison [Fri, 8 Aug 2003 23:09:09 +0000 (23:09 +0000)]
Format tidyup.
Jeremy.
Jeremy Allison [Fri, 8 Aug 2003 22:19:09 +0000 (22:19 +0000)]
Turn on client ntlmv2 by default.
Jeremy.
Jeremy Allison [Fri, 8 Aug 2003 17:08:35 +0000 (17:08 +0000)]
RPC fix from Ronan Waide <waider@waider.ie>. Tested with rpcecho.
Jeremy.
Gerald Carter [Fri, 8 Aug 2003 05:11:11 +0000 (05:11 +0000)]
need to be able to connect to a domain member as a local account; don't always map to the domain name
Gerald Carter [Fri, 8 Aug 2003 05:10:12 +0000 (05:10 +0000)]
need to make sure that the connection struct mem_ctx is initialized and destroyed
Jeremy Allison [Fri, 8 Aug 2003 00:53:46 +0000 (00:53 +0000)]
Added by request of "Stefan (metze) Metzmacher" <metze@metzemix.de>.
Jeremy.
Jeremy Allison [Thu, 7 Aug 2003 21:49:01 +0000 (21:49 +0000)]
Test modules for shadow copy by "Stefan (metze) Metzmacher" <metze@metzemix.de>.
Jeremy.
Jeremy Allison [Thu, 7 Aug 2003 21:47:46 +0000 (21:47 +0000)]
Shadow copy API - Original work by "Ken Cross" <kcross@nssolutions.com>, adapted
into a patch by "Stefan (metze) Metzmacher" <metze@metzemix.de>.
Jeremy.
Jeremy Allison [Thu, 7 Aug 2003 05:36:08 +0000 (05:36 +0000)]
An oplock break reply from the client causes the sequence number to be
updated by 2 if there is no open reply outstanding, else by one....
Yes - this makes no sense....
Jeremy.
Gerald Carter [Thu, 7 Aug 2003 05:00:51 +0000 (05:00 +0000)]
adding generic docs for defining VFS module options
Jeremy Allison [Thu, 7 Aug 2003 02:59:52 +0000 (02:59 +0000)]
Turns out I had my packet sequences wrong for oplock break code.
I was storing the mid of the oplock break - I should have been
storing the mid from the open. There are thus 2 types of deferred
packet sequence returns - ones that increment the sequence number
(returns from oplock causing opens) and ones that don't (change notify
returns etc). Running with signing forced on does lead to some
interesting tests :-).
Jeremy.
Jeremy Allison [Thu, 7 Aug 2003 01:04:57 +0000 (01:04 +0000)]
Cosmetic fix from waider@waider.ie.
Jeremy.
Jeremy Allison [Thu, 7 Aug 2003 00:55:35 +0000 (00:55 +0000)]
Patch from waider@waider.ie to print out Port Type.
Jeremy.
Jeremy Allison [Wed, 6 Aug 2003 22:45:46 +0000 (22:45 +0000)]
Ensure smbclient obeys -s smb.conf option.
Jeremy.
Jeremy Allison [Wed, 6 Aug 2003 21:31:11 +0000 (21:31 +0000)]
Reversed replacement. Oops.
Jeremy.
Jeremy Allison [Wed, 6 Aug 2003 20:01:31 +0000 (20:01 +0000)]
Anal formatting tidyup :-).
Jeremy.
Jeremy Allison [Wed, 6 Aug 2003 19:30:42 +0000 (19:30 +0000)]
Get rid of MAXPATHLEN, move to standard PATH_MAX.
Jeremy.
Gerald Carter [Wed, 6 Aug 2003 19:16:17 +0000 (19:16 +0000)]
fix bug #208; have to get the gid of the user's primary group for %G
Gerald Carter [Wed, 6 Aug 2003 18:01:39 +0000 (18:01 +0000)]
rework winbindd_accountdb_init() to reduce error messages in the log
Volker Lendecke [Wed, 6 Aug 2003 09:24:11 +0000 (09:24 +0000)]
When doing 'net groupmap add', default to algorithmic mapping for the rid.
Volker
Tim Potter [Wed, 6 Aug 2003 01:14:51 +0000 (01:14 +0000)]
Spelling.
Gerald Carter [Wed, 6 Aug 2003 00:06:37 +0000 (00:06 +0000)]
oops; fix typo. Noticed by gcc warning
Gerald Carter [Tue, 5 Aug 2003 23:24:14 +0000 (23:24 +0000)]
fix bug #245; local_lookupsid() needed to make a getpwuid() call to get the username instead of making up unix_user.##
Volker Lendecke [Mon, 4 Aug 2003 13:10:43 +0000 (13:10 +0000)]
Changes to make gss-spnego ntlmssp client work against W2k AD.
Now I know where the mechListMIC changes came from: Ethereal ;-)
Volker
Tim Potter [Mon, 4 Aug 2003 06:16:03 +0000 (06:16 +0000)]
Fix unused variable warning.
Tim Potter [Mon, 4 Aug 2003 02:51:30 +0000 (02:51 +0000)]
Memory leak fix for create_rpc_bind_req()
Tim Potter [Mon, 4 Aug 2003 00:50:00 +0000 (00:50 +0000)]
More patches from Brett:
- remove 'if(mem_ctx)' tests prior to 'talloc_destroy' call to make
consistent with other modules; 'talloc_destroy' already test for NULL
anyway.
- initialize PyObject* result pointers to NULL in function
declarations; enables removal of redundant NULL assignments.
- use local scope TALLOC_CTX in lsa_lookup_names to prevent unbounded
memory growth during python policy object lifetime.
- change context name string used in lsa_lookup_sids from
'lsa_open_policy' to 'lsa_lookup_sids' (cut'npaste oversight from
previous patch)
- change docstring to match module name (apparently another cut'npaste
situation)
Tim Potter [Mon, 4 Aug 2003 00:48:49 +0000 (00:48 +0000)]
Fix memory leak in py_smb_set_setdesc()
Consistency fixups in py_smb_query_secdesc()
Thanks to Brett A. Funderburg for these patches.
Jeremy Allison [Sun, 3 Aug 2003 18:50:00 +0000 (18:50 +0000)]
Fix up #defines around utmp_host and utmp_name. Noticed by Cord.Hockemeyer@uni-graz.at
Jeremy.
Jeremy Allison [Sun, 3 Aug 2003 07:20:05 +0000 (07:20 +0000)]
Output message saying "signed connect" instead of just connect when signing
is active.
Jeremy.
Jeremy Allison [Sun, 3 Aug 2003 07:12:46 +0000 (07:12 +0000)]
Fix oplock break detection code on incoming oplock break responses. This
fixes signing for oplocks.
Jeremy.
John Terpstra [Sun, 3 Aug 2003 05:10:57 +0000 (05:10 +0000)]
Removed duplicated file, no longer in use. Note: profiles.1.xml is still
present and relevant.
John Terpstra [Sun, 3 Aug 2003 05:09:19 +0000 (05:09 +0000)]
Changed "winbind uid/gid" to "idmap uid/gid"
Gerald Carter [Sat, 2 Aug 2003 18:15:33 +0000 (18:15 +0000)]
make sure to initialize the backend methods when enumerating sequence numbers; reported by Ken Cross
Jeremy Allison [Sat, 2 Aug 2003 08:48:01 +0000 (08:48 +0000)]
Ensure we don't leak any sign records on cancel of pending requests.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 08:38:34 +0000 (08:38 +0000)]
Only look for mid sign records on incoming packets for oplock break replies.
Otherwise we find spurious mid sign records on reply_ntcancel calls (they cancel
by mid). That took a *lot* of tracking down. I still need to remove the mid
records from the sign state on reply_ntcancel to avoid leaking memory....
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 07:07:38 +0000 (07:07 +0000)]
More fixes for client and server side signing. Ensure sequence numbers
are updated correctly on returning an error for server trans streams.
Ensure we turn off client trans streams on error.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 03:12:39 +0000 (03:12 +0000)]
Leave the packet sequence checkers enabled whilst I track down a smbclient -> smbd
sequence number problem.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 03:06:07 +0000 (03:06 +0000)]
Add the same signing code to the server. Ensure we use identical session
numbers and MIDs when in trans/trans2/nttrans code.
Jeremy.
Jeremy Allison [Sat, 2 Aug 2003 00:29:45 +0000 (00:29 +0000)]
Correct fix (removed the earlier band-aid) for what I thought was a signing
bug with w2k. Turns out that when we're doing a trans/trans2/nttrans call
the MID and send_sequence_number and reply_sequence_number must remain constant.
This was something we got very wrong in earlier versions of Samba. I can now
get a directory listing from WINNT\SYSTEM32 with the older earlier parameters
for clilist.c
This still needs to be fixed for the server side of Samba, client appears to
be working happily now (I'm doing a signed smbtar download of an entire W2K3
image to test this :-).
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 21:09:10 +0000 (21:09 +0000)]
Fix the option processing for smbtar. Does no one check this !
Jeremy.
Herb Lewis [Fri, 1 Aug 2003 19:45:12 +0000 (19:45 +0000)]
add tests for IRIX attr functions
Jim McDonough [Fri, 1 Aug 2003 15:30:44 +0000 (15:30 +0000)]
Update my copyrights according to my agreement with IBM
Jim McDonough [Fri, 1 Aug 2003 15:21:20 +0000 (15:21 +0000)]
Update my copyrights according to my agreement with IBM
Jim McDonough [Fri, 1 Aug 2003 14:47:39 +0000 (14:47 +0000)]
Fix copyright statements for various pieces of Anthony Liguori's work.
Gerald Carter [Fri, 1 Aug 2003 13:28:13 +0000 (13:28 +0000)]
fix cut-n-paste error found by abartlet
Volker Lendecke [Fri, 1 Aug 2003 07:59:23 +0000 (07:59 +0000)]
Add ntlmssp client support to ntlm_auth. Find the corresponding cyrus sasl
module under http://samba.sernet.de/cyrus-gss-spnego.diff
Volker
Volker Lendecke [Fri, 1 Aug 2003 07:46:42 +0000 (07:46 +0000)]
Fix a memory leak. I did not check all the calls to winbindd_request, but
we might leak the extra_data somewhere else as well.
Volker
Volker Lendecke [Fri, 1 Aug 2003 07:45:02 +0000 (07:45 +0000)]
locking.c now refers to map_nt_error_from_unix, so link it in with
smbstatus and smbcontrol
Volker
Jeremy Allison [Fri, 1 Aug 2003 06:29:16 +0000 (06:29 +0000)]
Finish reformatting.
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 06:10:30 +0000 (06:10 +0000)]
Final fix for the bug tridge found. Only push locks onto a blocking lock
queue if the posix lock failed with EACCES or EAGAIN (this means another
lock conflicts). Else return an error and don't queue the request.
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 01:03:05 +0000 (01:03 +0000)]
Reformat lots of clitar code as I hate the style so much :-).
Jeremy.
Jeremy Allison [Fri, 1 Aug 2003 00:41:57 +0000 (00:41 +0000)]
Reformat clitar option processing - getting ready to fix it for popt...
Jeremy.
Andrew Tridgell [Thu, 31 Jul 2003 23:22:21 +0000 (23:22 +0000)]
CVAL_NC() doesn't need the (unsigned) fix and breaks the IRIX build
Thanks to Herb for pointing this out!
Jeremy Allison [Thu, 31 Jul 2003 21:47:22 +0000 (21:47 +0000)]
Added a note inspired by andrew@cis.uoguelph.ca to explain when this
parameter gets run.
Jeremy.
Gerald Carter [Thu, 31 Jul 2003 19:01:22 +0000 (19:01 +0000)]
only honor the first OID in the sessetup snego negotiate. Deviates
from RFC but I'm smelling a client bug here.
/* only look at the first OID for determining the mechToken --
accoirding to RFC2478, we should choose the one we want
and renegotiate, but i smell a client bug here..
Problem observed when connecting to a member (samba box)
of an AD domain as a user in a Samba domain. Samba member
server sent back krb5/mskrb5/ntlmssp as mechtypes, but the
client (2ksp3) replied with ntlmssp/mskrb5/krb5 and an
NTLMSSP mechtoken. --jerry */
Alexander Bokovoy [Thu, 31 Jul 2003 17:08:38 +0000 (17:08 +0000)]
Return proper error when it is impossible to change quota flags
Volker Lendecke [Thu, 31 Jul 2003 15:53:59 +0000 (15:53 +0000)]
Fix off-by-one found by valgrind.
Volker
Volker Lendecke [Thu, 31 Jul 2003 15:53:26 +0000 (15:53 +0000)]
spnego.c has function definitions. Prototype them.
Anybody familiar with Makefile.in could you please look at this?
This is probably the wrong way to fix this.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:24:10 +0000 (10:24 +0000)]
Fixes for memory leaks in gss spnego handling by aliguori.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:23:13 +0000 (10:23 +0000)]
This fixes an error I must have made when playing with spnego.c found
by aliguori: NegTokenInit.mechListMIC is an Octet String.
Second: add a free_spnego_data function.
Both thanks to aliguori.
Volker
Volker Lendecke [Thu, 31 Jul 2003 10:21:13 +0000 (10:21 +0000)]
Apply some const
Gerald Carter [Thu, 31 Jul 2003 06:37:37 +0000 (06:37 +0000)]
make sure the domain sid is set when enumerating trusted domains
(we don't always get it back)
Gerald Carter [Thu, 31 Jul 2003 05:43:47 +0000 (05:43 +0000)]
working on transtive trusts issue:
* use DsEnumerateDomainTrusts() instead of LDAP search.
wbinfo -m now lists all trusted downlevel domains and
all domains in the forest.
Thnigs to do:
o Look at Krb5 connection trusted domains
o make sure to initial the trusted domain cache as soon
as possible
Tim Potter [Thu, 31 Jul 2003 04:28:43 +0000 (04:28 +0000)]
Whoops - this is probably better shell syntax.
Tim Potter [Thu, 31 Jul 2003 04:27:41 +0000 (04:27 +0000)]
Turn on automatic winbindd support for FreeBSD and see what the compile farm
thinks of it.
Andrew Tridgell [Thu, 31 Jul 2003 04:01:32 +0000 (04:01 +0000)]
This is a critical bug fix for a data corruption bug. If you
maintain another tree then please apply!
On non-X86 machines out byte-order macros fails for one particular
value. If you asked for IVAL() of 0xFFFFFFFF and assigned it to a 64
bit quantity then you got a 63 bit number 0x7FFFFFFFFFFFFFFF rather
than the expected 0xFFFFFFFF. This is due to some rather bizarre and
obscure sign extension rules to do with unsigned chars and arithmetic
operators (basically if you | together two unsigned chars you get a
signed result!)
This affected a byte range lock using the large lockingX format and a
lock of offset 0 and length 0xFFFFFFFF. Microsoft Excel does one of
these locks when opening a .csv file. If the platform you run on does
not then handle locks of length 0x7FFFFFFFFFFFFFFF then the posix lock
fails and the client is given a lockingX failure. This causes the .csv
file to be trunated!!
Jeremy Allison [Thu, 31 Jul 2003 01:33:44 +0000 (01:33 +0000)]
Wrap calls to change_oem_password() in become_root()/unbecome_root() pairs
to allow UNIX password change scripts to work correctly. This is safe as
the old password has been checked as correct before invoking this.
Jeremy.
Jeremy Allison [Thu, 31 Jul 2003 00:30:01 +0000 (00:30 +0000)]
Turn the 'doing_signing' variable on - fix bug where it was only being set
on when signing was mandatory.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 23:49:29 +0000 (23:49 +0000)]
Add a command line option (-S on|off|required) to enable signing on client
connections. Overrides smb.conf parameter if set.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 23:33:56 +0000 (23:33 +0000)]
Save us from possibly uninitialised variable (caught by gcc).
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 19:00:52 +0000 (19:00 +0000)]
Fix bug we discovered in W2K client signing on secondary trans2 packets.
Use W2K parameters. tpot please re-test smbclient with your problem
directory.
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 18:57:37 +0000 (18:57 +0000)]
Eliminate valgrind error when client gets bad sig on list. Some reformatting.
Jeremy.
Gerald Carter [Wed, 30 Jul 2003 17:37:46 +0000 (17:37 +0000)]
add a few more tidy ups. Now onto winbindd
Gerald Carter [Wed, 30 Jul 2003 17:29:00 +0000 (17:29 +0000)]
add support for DsEnumerateDomainTrusted for enumerating all the
trusted domains in a forest.
Jeremy Allison [Wed, 30 Jul 2003 16:34:14 +0000 (16:34 +0000)]
Don't revert something until you've seen if volker has already fixed it :-).
Jeremy.
Jeremy Allison [Wed, 30 Jul 2003 15:30:36 +0000 (15:30 +0000)]
Comment out mutex until I get dependencies sorted out...
Jeremy
Volker Lendecke [Wed, 30 Jul 2003 08:05:34 +0000 (08:05 +0000)]
bin/net needs server_mutex as kerberos_verify now uses it.
Volker
Jeremy Allison [Tue, 29 Jul 2003 21:32:36 +0000 (21:32 +0000)]
Put mutex around access of replay cache for krb5 tickets. krb5 replay cache
is not multi-process safe.
Jeremy.
Herb Lewis [Tue, 29 Jul 2003 20:11:18 +0000 (20:11 +0000)]
split replace into replace and replace1 to allow setenv to be used by
nsswitch modules. Add required libraries to get rid of undefined
functions for libns_winbind.so and libns_wins.so
Jeremy Allison [Tue, 29 Jul 2003 19:16:59 +0000 (19:16 +0000)]
Fix bug #226. Stop unmangle of name into a wildcard name from deleting more
than was intended.
Jeremy.
Alexander Bokovoy [Tue, 29 Jul 2003 18:07:13 +0000 (18:07 +0000)]
Add NT quotas support. Users allowed now to manage quotas on systems with sysquotas interface detected (Linux at least) using native Windows tools. Also move default quota support for NT quotas to VFS module default_quota. Code by Metze
Jeremy Allison [Tue, 29 Jul 2003 17:34:20 +0000 (17:34 +0000)]
Finish tridge's patch as referenced here :
make sure we don't allow the creation of directories containing
wildcard characters. I've only put this in mkdir at the moment, but I
suspect this will apply to all places that can create new filenames.
We need to allow the opening of existing filenames that contain
wildcards, but not allow the creation of new ones.
Jeremy.
Jeremy Allison [Tue, 29 Jul 2003 17:03:51 +0000 (17:03 +0000)]
Typo on my part. I typed KRB5_KDB_BAD_ENCTYPE when I meant to type KRB5_BAD_ENCTYPE.
Heimdal has the latter, not the former.
Jeremy.