cvs2svn Import User [Fri, 30 Nov 2001 01:38:50 +0000 (01:38 +0000)]
This commit was manufactured by cvs2svn to create tag
'release-3-0-alpha0'.
Samba Release Account [Fri, 30 Nov 2001 01:38:49 +0000 (01:38 +0000)]
preparing for release of 3.0-alpha0
Tim Potter [Fri, 30 Nov 2001 01:04:15 +0000 (01:04 +0000)]
Renamed sid field in SEC_ACE to trustee to be more in line with MS's
definitions.
Tim Potter [Fri, 30 Nov 2001 00:46:40 +0000 (00:46 +0000)]
Missing return in free_privilege()
Jeremy Allison [Fri, 30 Nov 2001 00:28:39 +0000 (00:28 +0000)]
Ensured the %G substitution exactly matches what the man page states.
Jeremy.
Tim Potter [Fri, 30 Nov 2001 00:24:43 +0000 (00:24 +0000)]
Comment deconfusification.
Jeremy Allison [Thu, 29 Nov 2001 22:37:58 +0000 (22:37 +0000)]
Added close-share message.
Jeremy.
Jean-François Micouleau [Thu, 29 Nov 2001 16:05:05 +0000 (16:05 +0000)]
Changed again how the privilege list is handled in the group mapping code.
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It
makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP
struct as some privilege showing in USRMGR.EXE are not real privs but a
bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT
3.1 box to verify, but I'm too lazy (yes I still have my CDs).
Added 3 more LSA calls: SetSystemAccount, AddPrivileges and
RemovePrivileges, we can manage all this privilege from UserManager.
Time to change the NT_USER_TOKEN struct and add checks in all the rpc
functions. Fun, fun, fun.
J.F.
Andrew Tridgell [Thu, 29 Nov 2001 08:22:45 +0000 (08:22 +0000)]
ads->realm must not be NULL
perhaps we should just fail ads_init() in this case?
Andrew Tridgell [Thu, 29 Nov 2001 06:38:54 +0000 (06:38 +0000)]
define LDAP_PORT when not available
Andrew Tridgell [Thu, 29 Nov 2001 06:26:05 +0000 (06:26 +0000)]
fixed typo
Andrew Bartlett [Thu, 29 Nov 2001 06:23:43 +0000 (06:23 +0000)]
Fix up the ./configure tests for kerberos. This ensures a more consistant
behaviour no matter if kerberos was found automatically, found in the
/usr/kerberos path or was specified.
Andrew Bartlett [Thu, 29 Nov 2001 06:21:56 +0000 (06:21 +0000)]
Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.
Also fix mem leaks etc.
Andrew Bartlett
Tim Potter [Thu, 29 Nov 2001 05:50:32 +0000 (05:50 +0000)]
I think the lookup_pdc_name() should be called lookup_dc_name() and the
name_status_find() call here should look up a #1c name instead of #1d.
This fixes some bugs currently with BDC authentication in winbindd and in
smbd as you can't query the #1d name with the ip address of a BDC.
Who is Uncle Tom Cobbley anyway?
Andrew Tridgell [Thu, 29 Nov 2001 05:20:23 +0000 (05:20 +0000)]
fixed toupper_w() and friends on big-endian
this fixes the core dumps on sparc
Andrew Tridgell [Thu, 29 Nov 2001 05:03:15 +0000 (05:03 +0000)]
2nd attempt at fixing lame char tables on big endian machines
Andrew Tridgell [Thu, 29 Nov 2001 04:58:29 +0000 (04:58 +0000)]
fixed lame char tables on big endian machines
Andrew Tridgell [Wed, 28 Nov 2001 23:54:07 +0000 (23:54 +0000)]
fixed some krb5 ifdefs
Gerald Carter [Wed, 28 Nov 2001 21:51:11 +0000 (21:51 +0000)]
merge from APPLIANCE_HEAD
Jeremy Allison [Wed, 28 Nov 2001 19:51:25 +0000 (19:51 +0000)]
space -> tab.
Jeremy.
Herb Lewis [Wed, 28 Nov 2001 19:49:43 +0000 (19:49 +0000)]
add .po32 files to ignore list
Jeremy Allison [Wed, 28 Nov 2001 18:10:13 +0000 (18:10 +0000)]
Spelling pedents strike again :-).
Jeremy.
Andrew Tridgell [Wed, 28 Nov 2001 07:33:18 +0000 (07:33 +0000)]
minor update
Andrew Bartlett [Wed, 28 Nov 2001 06:52:33 +0000 (06:52 +0000)]
Allow kerberos to work on RedHat and other non /usr systems again
the configure test uses the CPPFLAGS when checking that krb5.h exists
Andrew Tridgell [Wed, 28 Nov 2001 05:49:36 +0000 (05:49 +0000)]
fixed a core dump in server level security
Andrew Bartlett [Wed, 28 Nov 2001 05:13:12 +0000 (05:13 +0000)]
Some random updates for the ADS-HOWTO
Jeremy Allison [Wed, 28 Nov 2001 05:03:37 +0000 (05:03 +0000)]
Ensure the CAN_WRITE is checked and prevents O_CREAT and O_TRUNC from
being set. Also prevent an open on a file on a readonly share from
setting delete on close.
Jeremy.
Jeremy Allison [Wed, 28 Nov 2001 04:47:46 +0000 (04:47 +0000)]
Re-added "Share modes" meaning don't allow deny mode conflict. Due to
user demand (don't talk to me about removing parameters.... :-).
Jeremy.
Andrew Tridgell [Wed, 28 Nov 2001 04:44:23 +0000 (04:44 +0000)]
turn off the insure xterm hack for now
Tim Potter [Wed, 28 Nov 2001 03:58:33 +0000 (03:58 +0000)]
Added a 'keys' command to tdbtool which prints out all keys in the tdb.
Andrew Tridgell [Wed, 28 Nov 2001 03:56:30 +0000 (03:56 +0000)]
fix a bunch of places where we can double-free a cli structure
Jeremy Allison [Wed, 28 Nov 2001 02:42:55 +0000 (02:42 +0000)]
Cross merge to make 2.2 and HEAD closer.
Jeremy.
Jean-François Micouleau [Wed, 28 Nov 2001 00:06:00 +0000 (00:06 +0000)]
added samr_set_domain_info and samr_unknown_2E.
We now get the full account policy window in usermanager, and the
framework to store all those values. I plan to add a TDB file to store
them.
oh, and found that the last value in a sam_unknown_info_12_inf struct is
an uint16 and not a uint32.
andrewb: you hardcoded the MAX_PASSWORD_AGE to 21 days. We can now turn it
to a value setable in usermanager.
J.F.
Tim Potter [Tue, 27 Nov 2001 23:48:44 +0000 (23:48 +0000)]
Some reformatting.
M-x tabify
Andrew Tridgell [Tue, 27 Nov 2001 23:41:14 +0000 (23:41 +0000)]
always send an OID list until we handle raw (unwrapped) NTLMSSP
packets in session setup
Jeremy Allison [Tue, 27 Nov 2001 23:12:25 +0000 (23:12 +0000)]
Fix for the logic bug wrt. existant oplocks. See long message
in samba-technical for explaination.
Jeremy.
Andrew Tridgell [Tue, 27 Nov 2001 22:49:29 +0000 (22:49 +0000)]
up the log level for server level security to try to track down the
segvs in the build farm
Andrew Tridgell [Tue, 27 Nov 2001 22:47:09 +0000 (22:47 +0000)]
don't use /dev/null for a smbpasswd file
Jeremy Allison [Tue, 27 Nov 2001 22:39:57 +0000 (22:39 +0000)]
Added negative caching to group lookups.
Jeremy.
Andrew Tridgell [Tue, 27 Nov 2001 22:37:25 +0000 (22:37 +0000)]
added test for krb5.h
this was causing the kerberos stuff to fail compilation on several
platforms
Jeremy Allison [Tue, 27 Nov 2001 20:57:14 +0000 (20:57 +0000)]
Added negative caching to the user pw lookup by name and by uid.
Jeremy.
Jeremy Allison [Tue, 27 Nov 2001 20:01:23 +0000 (20:01 +0000)]
Added PRINTER_ALREADY_EXISTS error check from Gerry.
Jeremy
Andrew Tridgell [Tue, 27 Nov 2001 13:31:02 +0000 (13:31 +0000)]
allow printing of NULL pointers with internal snprintf
Andrew Tridgell [Tue, 27 Nov 2001 13:29:14 +0000 (13:29 +0000)]
fixed the panics on basicsmb-sharelist on sun1
Richard Sharpe [Tue, 27 Nov 2001 10:42:39 +0000 (10:42 +0000)]
Fix another memory leak spotted by Tom Jansen.
Andrew Tridgell [Tue, 27 Nov 2001 07:09:06 +0000 (07:09 +0000)]
sigh.
some systems have libkrb5 but not krb5.h
Jeremy Allison [Tue, 27 Nov 2001 06:28:06 +0000 (06:28 +0000)]
nsswitch/winbindd_group.c nsswitch/winbindd_user.c: formatting fixups.
smbd/open.c: Fix "delete on close" for directories.
Jeremy.
Andrew Tridgell [Tue, 27 Nov 2001 05:00:55 +0000 (05:00 +0000)]
reverted incorrect patch
Andrew Tridgell [Tue, 27 Nov 2001 04:07:57 +0000 (04:07 +0000)]
fixed leak in free_user_info()
Andrew Tridgell [Tue, 27 Nov 2001 04:05:28 +0000 (04:05 +0000)]
another memory leak bites the dust
Andrew Tridgell [Tue, 27 Nov 2001 03:54:15 +0000 (03:54 +0000)]
fixed another memory leak
Andrew Tridgell [Tue, 27 Nov 2001 03:50:53 +0000 (03:50 +0000)]
prevent a bogus insure wild ptr message
Andrew Tridgell [Tue, 27 Nov 2001 03:40:06 +0000 (03:40 +0000)]
added -i option to nmbd, giving interactive mode (like winbindd)
Andrew Tridgell [Tue, 27 Nov 2001 03:34:56 +0000 (03:34 +0000)]
more memory leak fixes
Andrew Tridgell [Tue, 27 Nov 2001 03:34:25 +0000 (03:34 +0000)]
unable to open smbpasswd on initial create should only be a warning
Andrew Tridgell [Tue, 27 Nov 2001 03:29:20 +0000 (03:29 +0000)]
prevent a memory leak of cli structures
Andrew Tridgell [Tue, 27 Nov 2001 03:25:31 +0000 (03:25 +0000)]
fix sense of lp_allow_trusted_domains()
fix a memory leak
Andrew Tridgell [Tue, 27 Nov 2001 01:51:10 +0000 (01:51 +0000)]
don't try to auto-change the trust password unless we are in domain
security
Andrew Tridgell [Tue, 27 Nov 2001 01:45:08 +0000 (01:45 +0000)]
automatically look for /usr/kerberos to make redhat happy
Andrew Tridgell [Mon, 26 Nov 2001 09:28:27 +0000 (09:28 +0000)]
don't die with a FPE if there are no DCs
Andrew Tridgell [Mon, 26 Nov 2001 09:28:00 +0000 (09:28 +0000)]
increment the value not the pointer
Andrew Bartlett [Mon, 26 Nov 2001 07:53:33 +0000 (07:53 +0000)]
Fix --enable-developer shadow warning
Andrew Bartlett [Mon, 26 Nov 2001 07:23:51 +0000 (07:23 +0000)]
Fix debug
Andrew Tridgell [Mon, 26 Nov 2001 06:52:33 +0000 (06:52 +0000)]
basic ADS HOWTO
Andrew Bartlett [Mon, 26 Nov 2001 06:47:04 +0000 (06:47 +0000)]
A number of things to clean up the auth subsytem a bit...
We now default encrypt passwords = yes
We now check plaintext passwords (however aquired) with the 'sam' backend
rather than unix, if encrypt passwords = yes.
(this kills off the 'local' backed. The sam backend may be renamed in its
place)
The new 'samstrict' wrapper backend checks that the user's domain is one of
our netbios aliases - this ensures that we don't get fallback crazies with
security = domain.
Similarly, the code in the 'ntdomain' and 'smbserver' backends now checks
that the user was not local before contacting the DC.
The default ordering has changed, we now check the local stuff first - but
becouse of the changes above, we will really only ever contact one
auth source.
Andrew Bartlett
Andrew Tridgell [Mon, 26 Nov 2001 06:21:24 +0000 (06:21 +0000)]
add SEC_ADS auth method
Andrew Tridgell [Mon, 26 Nov 2001 06:18:09 +0000 (06:18 +0000)]
updated server_role for ADS
Andrew Bartlett [Mon, 26 Nov 2001 05:59:43 +0000 (05:59 +0000)]
prevent proto from picking up this as a defintion for 'main()' becoue it conflicts with nmbd's definition.
Tim Potter [Mon, 26 Nov 2001 04:53:08 +0000 (04:53 +0000)]
More compiler warnings fixed. Some minor reformatting.
Andrew Tridgell [Mon, 26 Nov 2001 04:37:24 +0000 (04:37 +0000)]
we can safely give NO_SUCH_USER if the ticket decodes but the local
account doesn't exist
Tim Potter [Mon, 26 Nov 2001 04:27:51 +0000 (04:27 +0000)]
Another merge from appliance-head: in [ug]id_to_sid don't call the
winbind function if the id is obviously going to be local. Cleanup
of winbind [ug]id parameter handling.
Tim Potter [Mon, 26 Nov 2001 04:05:28 +0000 (04:05 +0000)]
challange -> challenge
Tim Potter [Mon, 26 Nov 2001 03:39:16 +0000 (03:39 +0000)]
Merge from appliance-head: when creating a default security descriptor
for a printer, save it in ntprinters.tdb instead of recreating it
every time it is required. This can save at least one winbind lookup
per secdesc creation. Opening a port monitor and viewing the security
tab in the properties dialog required the security descriptor to be
returned 25 times!
Tim Potter [Mon, 26 Nov 2001 03:11:44 +0000 (03:11 +0000)]
Got medieval on another pointless extern. Removed extern struct ipzero
and replaced with two functions:
void zero_ip(struct in_adder *ip);
BOOL is_zero_ip(struct in_addr ip);
Andrew Bartlett [Mon, 26 Nov 2001 02:10:59 +0000 (02:10 +0000)]
Fix up the build farm again.
This should get us 'green' for once...
Andrew Bartlett
Tim Potter [Mon, 26 Nov 2001 02:01:00 +0000 (02:01 +0000)]
dyn_CONFIGFILE fixups.
Tim Potter [Mon, 26 Nov 2001 01:59:33 +0000 (01:59 +0000)]
Fixed compiler warnings and dyn_CONFIGFILE related breakage.
Andrew Bartlett [Mon, 26 Nov 2001 01:37:44 +0000 (01:37 +0000)]
And delete domain_client_validate.c...
Andrew Bartlett
Andrew Bartlett [Mon, 26 Nov 2001 01:37:01 +0000 (01:37 +0000)]
This compleats the of the authenticaion subystem into the new 'auth'
subdirectory.
(The insertion of these files was done with some CVS backend magic, hence the
lack of a commit message).
This also moves libsmb/domain_client_validate.c back into auth_domain.c,
becouse we no longer share it with winbind.
Andrew Bartlett
Tim Potter [Mon, 26 Nov 2001 01:20:57 +0000 (01:20 +0000)]
Removed bogus SAFE_FREE() call of talloced return data from
winbindd_lookup_usergroups()
Tim Potter [Mon, 26 Nov 2001 01:17:03 +0000 (01:17 +0000)]
Ignore *.po files.
Tim Potter [Mon, 26 Nov 2001 00:58:43 +0000 (00:58 +0000)]
Fixed some indentation.
Andrew Tridgell [Mon, 26 Nov 2001 00:45:51 +0000 (00:45 +0000)]
use DEBUG() not d_printf() in libraries
Andrew Tridgell [Mon, 26 Nov 2001 00:43:37 +0000 (00:43 +0000)]
fixed spnego, non-kerberos negprot
Tim Potter [Mon, 26 Nov 2001 00:19:23 +0000 (00:19 +0000)]
Allow lookup of users with spaces in their name.
Tim Potter [Sun, 25 Nov 2001 23:33:15 +0000 (23:33 +0000)]
Fixed compiler warning.
Why do people keep adding stuff to includes.h (OK I am guilty of this too)?
It's getting really huge and full of random junk. )-:
I've noticed TNG have started to split stuff up in to individual header
files included as needed.
Andrew Tridgell [Sun, 25 Nov 2001 23:05:13 +0000 (23:05 +0000)]
added 'security=ADS'
Volker Lendecke [Sun, 25 Nov 2001 18:54:04 +0000 (18:54 +0000)]
Minor typos
Volker Lendecke [Sun, 25 Nov 2001 18:49:20 +0000 (18:49 +0000)]
Don't close tdb twice.
Andrew Tridgell [Sun, 25 Nov 2001 13:36:02 +0000 (13:36 +0000)]
portability fixes
Andrew Tridgell [Sun, 25 Nov 2001 13:32:28 +0000 (13:32 +0000)]
fixed typo
Andrew Tridgell [Sun, 25 Nov 2001 12:56:04 +0000 (12:56 +0000)]
add popt build dependency
Andrew Tridgell [Sun, 25 Nov 2001 12:46:14 +0000 (12:46 +0000)]
move popt out of proto objs
Andrew Tridgell [Sun, 25 Nov 2001 12:40:23 +0000 (12:40 +0000)]
added HAVE_LDAP_H check
Andrew Tridgell [Sun, 25 Nov 2001 12:26:40 +0000 (12:26 +0000)]
check for liblber separately
Jeremy Allison [Sun, 25 Nov 2001 08:26:37 +0000 (08:26 +0000)]
#ifdefed DMF fix so not compiled by default. We need to look at this...
Jeremy.
Jeremy Allison [Sun, 25 Nov 2001 06:38:17 +0000 (06:38 +0000)]
Use "password server" for searching for BDC's also as Tim suggested.
Jeremy.
Andrew Bartlett [Sun, 25 Nov 2001 03:01:14 +0000 (03:01 +0000)]
Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
map.
This little authentication module is #ifdef DEVELOPER, becouse it really is of
no use execept as a development tool
invoke by setting:
auth methods = guest sam name_to_ntstatus
in the smb.conf file (the SAM and guest elements are required for the member
server to authenticate itself).
Andrew Bartlett
Andrew Bartlett [Sun, 25 Nov 2001 02:58:15 +0000 (02:58 +0000)]
oops, I forgot to include the header file
Andrew Bartlett [Sun, 25 Nov 2001 02:35:37 +0000 (02:35 +0000)]
Add a new torture test to extract a NT->DOS error map from an NT member of a
samba domain.
The PDC must be running a special authenticaion module that spits out NT errors
based on username.
Andrew Bartlett