1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

162 Commits

Author SHA1 Message Date
Jeremy Allison
7b9d6ac23e r6595: This is Volkers new-talloc patch. Just got the go-ahead from
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a4)
2007-10-10 10:56:46 -05:00
Volker Lendecke
5ba3fb825b r5767: Get rid of some compiler warnings
(This used to be commit 66471de977)
2007-10-10 10:56:00 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Jeremy Allison
c5c2dd6dba r3948: Fix incorrect declaration. Bug #2083.
Jeremy.
(This used to be commit 05b905a28f)
2007-10-10 10:53:26 -05:00
Andrew Bartlett
9d0783bf21 r1492: Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().

For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation.  This removes the 'need_reseed'
parameter from generate_random_buffer().

Andrew Bartlett
(This used to be commit 36741d3cf5)
2007-10-10 10:52:13 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Andrew Bartlett
46975eb92f When we set a domain sid, force get_global_sam_sid() to do it's work again.
This should ensure that the value it returns is always consistant.

Andrew Bartlett
(This used to be commit a4392ede33)
2004-02-08 11:05:34 +00:00
Andrew Bartlett
43a4e1dbf9 Don't duplicate pulling the 'IPC' username from secrets.tdb, instead
just use one function for both places.

Andrew Bartlett
(This used to be commit 85da181e8a)
2004-01-07 10:11:24 +00:00
Volker Lendecke
1c38391c70 Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.

Volker
(This used to be commit 5775690ee8)
2003-09-07 16:36:13 +00:00
Herb Lewis
062f89bc28 get rid of some sompiler warnings on IRIX
(This used to be commit a6a39c61e8)
2003-08-15 01:42:30 +00:00
Volker Lendecke
7756b4088d Fix memleak
(This used to be commit defc71d4cb)
2003-07-19 11:28:15 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Volker Lendecke
f13e48e2ee Different fix for memleak just committed. This belongs into
tdb_search_list_free.

Volker
(This used to be commit 0f3822c8e7)
2003-07-01 13:04:50 +00:00
Volker Lendecke
b78dd91e68 Fix two memory leaks. tdb_search_keys allocates space for the key
strings.

Running 'net cache list' or secrets_get_trusted_domains through
valgrind gives a *huge* amount of invalid reads of one byte beyond the
indicated string length in libc's strncpy. Annoying...

Volker
(This used to be commit 0f8933ae77)
2003-07-01 12:40:52 +00:00
Gerald Carter
f51d769dd3 large change:
*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda42)
2003-06-25 17:41:05 +00:00
Volker Lendecke
cc59bbfdea Fix memory leak. secrets_fetch allocates memory.
Volker
(This used to be commit 2ec8d1ff88)
2003-06-21 14:28:18 +00:00
Tim Potter
0a9396dcca Rename some uuid functions so as not to conflict with system
versions.  Fixes bug #154.
(This used to be commit 986eae40f7)
2003-06-13 04:35:53 +00:00
Andrew Bartlett
53f2dd686a Merge mimir's trusted domain code from HEAD -> 3.0, plus some memory
leak fixes. (secrets.c portion)

Andrew Bartlett
(This used to be commit 3ea8fdd036)
2003-04-22 13:10:02 +00:00
Andrew Bartlett
f071020f5e Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
(This used to be commit 876e00fd11)
2003-04-21 14:09:03 +00:00
Andrew Bartlett
a8eaea53ed Merge from HEAD - make winbindd locking sane again:
Original message:


This patch attemptes to clean up winbindd's mutex locking.

The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.

This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection.  Tim Potter did
some work on this a little while back, verifying the second case.

The two cases are:
 - between connect() and first session setup
 - during the auth2 phase of the netlogon pipe setup.

I've removed the counter on the lock, as I fail to see what it gains us.

This patch also adds 'anonymous fallback' to our winbindd -> DC connection.

If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.

Both tpot and mbp like the patch.

Andrew Bartlett
(This used to be commit b5283c00a9)
2003-03-17 23:06:12 +00:00
Andrew Bartlett
3b2244526c Merge of signed/unsigned fixes from HEAD.
(This used to be commit e9f56a157b)
2003-02-01 07:25:53 +00:00
Jeremy Allison
6b2eb72df0 Fixed up mutex protection around winbindd logon code. Sync with APP-HEAD.
Jeremy.
(This used to be commit daf179bcd6)
2003-01-16 20:08:26 +00:00
Andrew Bartlett
212077afa2 Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.
Andrew Bartlett
(This used to be commit 2a1adb8f81)
2003-01-14 07:26:12 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Gerald Carter
899b6e6d0f merge of get_dc_name()-like code from APP_HEAD; better support password server = DC1 *
(This used to be commit f49de4c517)
2002-12-13 02:07:05 +00:00
Andrew Bartlett
c19598f2a6 Merge from HEAD:
- change auth_sam to use the initialisation flags to determine if
	 the password attributes are set

 - add const to secrets.c, cliconnect.c

 - passdb:  fix spelling in pdb_ldap, add group mapping back to smbpasswd

 - SAMR: add debugs to show what fails for group enum.

Andrew Bartlett
(This used to be commit 4e74d00b36)
2002-11-08 23:08:59 +00:00
Jeremy Allison
3665777a5b Add a timeout to tdb_lock_bystring(). Ensure we never have more than
MAX_PRINT_JOBS in a queue.
Jeremy.
(This used to be commit 9fe3c0b90d)
2002-10-04 22:53:18 +00:00
Andrew Bartlett
ad8a22e570 Updates from Samba HEAD:
- Fix segfaults in the 'net ads' commands when no password is provided
 - Readd --with-ldapsam for 2.2 compatability.  This conditionally compiles the
   old options, but the actual code is available on all ldap systems.
 - Fix shadow passwords (as per work with vl)
 - Fix sending plaintext passwords to unicode servers (again vl)
 - Add a bit of const to secrets.c functions
 - Fix some spelling and grammer by vance.
 - Document the -r option in smbgroupedit.

There are more changes in HEAD, I'm only merging the changes I've been involved
with.

Andrew Bartlett
(This used to be commit 83973c3893)
2002-10-01 13:10:57 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Andrew Tridgell
e7d5f890f5 make sure we use consistent keys in secrets.tdb by uppercasing domain
names
(This used to be commit 4cb7b6954b)
2002-03-10 01:43:04 +00:00
Andrew Bartlett
2ef9be9a99 This patch merges my private LDAP tree into HEAD.
The main change here is to move ldap into the new pluggable passdb subsystem
and to take the LDAP location as a 'location' paramter on the 'passdb backend'
line in the smb.conf.  This is an LDAP URL, parsed by OpenLDAP where supported,
and by hand where it isn't.

It also adds the ldap user suffix and ldap machine suffix smb.conf options,
so that machines added to the LDAP dir don't get mixed in with people.

Non-unix account support is also added.  This means that machines don't need to
be in /etc/passwd or in nss_ldap's scope.

This code has stood up well under my production environment, so it relitivly
well tested.

I'm commiting this now becouse others have shown interest in using it, and
there is no point 'hording' the code :-).

Andrew Bartlett
(This used to be commit cd5234d7dd)
2002-03-02 10:16:28 +00:00
Andrew Bartlett
214307e4d9 Fix up the trusted domains secrets code so as to have a slight chance of
working.
(This used to be commit 4ecc170dcb)
2002-03-02 04:45:29 +00:00
Andrew Bartlett
75de5a5dfa The beginning of trusted and trusting domain support from
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>

This adds the 'net' tools to manipulate the trusted domains.

Andrew Bartlett
(This used to be commit 770c8a31d9)
2002-03-01 02:56:35 +00:00
Andrew Tridgell
488b01f79a made the domain secret key in secrets.tdb domain specific. This allows
you to join a 2nd domain then leave the old domain rather than the other way
around
(This used to be commit b26b6aef64)
2002-02-22 03:18:37 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Jeremy Allison
d2687a00e1 Fixed up atomic update code.
Jeremy.
(This used to be commit 274b04d4a6)
2002-01-09 02:35:08 +00:00
Jean-François Micouleau
9f59fc64b8 update the ldap support code. it compiles.
Ignacio you can update your howto ;-)

samsync: a small patch to try chaning challenges.

	J.F.
(This used to be commit c99bc30559)
2001-12-13 18:09:29 +00:00
Andrew Bartlett
0d09562eed Add a couple of extra debugs for the secrets.tdb stuff
(This used to be commit c76c1f6904)
2001-12-05 10:52:13 +00:00
Andrew Tridgell
cc3aff7436 auto-init secrets.tdb
(This used to be commit aff916e543)
2001-12-05 09:45:00 +00:00
Andrew Bartlett
85450cb1c9 This comment no longer applies.
(This used to be commit 153c4a56b0)
2001-12-04 04:33:22 +00:00
Andrew Tridgell
ad2974cd05 added "net join" command
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee90)
2001-11-24 14:16:41 +00:00
Jeremy Allison
02eda2e251 Tidyups when I was doing the big merge...
Jeremy.
(This used to be commit 9148bb9eaa)
2001-11-17 03:19:17 +00:00
Simo Sorce
4561e8a8ea move to SAFE_FREE()
(This used to be commit 64d35e94fe)
2001-09-17 05:04:17 +00:00
Andrew Tridgell
9a9ac2739b got rid of USE_TDB_MMAP_FLAG as its not needed any more
(This used to be commit c26e0d3f27)
2001-09-06 22:08:19 +00:00
Herb Lewis
717533483b get rid of compiler warnings
(This used to be commit 0768991d04)
2001-08-24 20:32:01 +00:00
Jeremy Allison
996719cce2 Added "use mmap" for HPUX.
Jeremy.
(This used to be commit 840802f106)
2001-07-30 22:21:31 +00:00
Andrew Tridgell
87fbb7092b The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
2001-07-04 07:15:53 +00:00
Jeremy Allison
e8e07a26eb Changes to use new genrand code that got missed while I was in Japan.
Jeremy.
(This used to be commit 5a15831b9a)
2001-06-06 22:04:26 +00:00
Andrew Tridgell
05fc3e578c use LDSHFLAGS not -shared in several places
(This used to be commit 8ec9c87b5d)
2001-06-04 05:13:59 +00:00
Jeremy Allison
f9a15ce1a6 Got "medieval on our ass" about adding the -1 to slprintf.
Jeremy.
(This used to be commit 94747b4639)
2001-04-08 20:22:39 +00:00
Tim Potter
64172d82fc Merge of i18n fixes from appliance branch. Samba can now talk to a network
with a PDC that has international netbios name and domain name.  There's
still quite a bit of i18n stuff to fix though...
(This used to be commit 79045bd72a)
2001-02-14 05:34:50 +00:00
David O'Neill
3380ffae9c Changes from APPLIANCE_HEAD:
testsuite/printing/psec.c
        - Use lock directory from smb.conf parameter when peeking at the
          ntdrivers.tdb file.
    source/rpc_parse/parse_sec.c
        - fix typo in debug message
    source/script/installbin.sh
        - create private directory as part of 'make install'.
    source/nsswitch/winbindd_cache.c
    source/nsswitch/winbindd_idmap.c
    source/passdb/secrets.c
    source/smbd/connection.c
        - always convert tdb key to unix code-page when generating.
    source/printing/nt_printing.c
        - always convert tdb key to unix code-page when generating.
        - don't prepend path to a filename that is NULL in
          add_a_printer_driver_3().
    source/rpc_server/srv_spoolss_nt.c
        - always convert tdb key to unix code-page when generating.
        - don't prepend server name to a path/filename that is NULL in the
          fill_printer_driver_info functions.
    source/printing/printing.c
        - always convert tdb key to unix code-page when generating.
        - move access check for print_queue_purge() outside of job delete
          loop.
    source/smbd/unix_acls.c
        - fix for setting ACLs (this got missed earlier)
    source/lib/messages.c
        - trivial sync with appliance_head
(This used to be commit 376601d17d)
2001-01-11 20:41:19 +00:00
Gerald Carter
c09b1d19f8 updates to the tdbsam implementation.
--jerry
(This used to be commit 29b3ac8634)
2000-12-06 18:22:29 +00:00
Jeremy Allison
0f1c800f85 passdb/secrets.c passdb/smbpassfile.c smbd/server.c : Actually *use* the code
written to transition from an old DOMAIN.MACHINE.MAC file to secrets.tdb.
printing/nt_printing.c: Fix case insensitive name lookups for driver files.
John - this should fix the Win9x/WinME problem correctly.
Jeremy.
(This used to be commit 8f3332a9ac)
2000-11-27 23:59:42 +00:00
Gerald Carter
0dcbafe2b9 Another large patch for the passdb rewrite.
o added BOOL own_memory flag in SAM_ACCOUNT so we could
    use static memory for string pointer assignment or
    allocate a new string

  o added a reference TDB passdb backend.  This is only a reference
    and should not be used in production because
	- RID's are generated using the same algorithm as with smbpasswd
 	- a TDB can only have one key (w/o getting into problems) and we
	  need three.  Therefore the pdb_sam-getpwuid() and
	  pdb_getsampwrid() functions are interative searches :-(

    we need transaction support, multiple indexes, and a nice open
    source DBM.  The Berkeley DB (from sleepycat.com seems to fit
    this criteria now)

  o added a new parameter "private dir" as many places in the code were
    using lp_smb_passwd_file() and chopping off the filename part.
    This makes more sense to me and I will docuement it in the man pages

  o Ran through Insure-lite and corrected memory leaks.  Need for
    a public flogging this time Jeremy (-:



-- jerry
(This used to be commit 4792029a29)
2000-11-21 05:55:16 +00:00
Tim Potter
b561c18597 Fixes for various compile warnings on Solaris 8.
(This used to be commit 898a483cda)
2000-07-10 06:41:04 +00:00
Andrew Tridgell
988810879e moved secrets handling into secrets.c
(This used to be commit e49550b975)
2000-06-03 06:16:11 +00:00
Matthew Chapman
badb7fc0d2 Fixed LsaQueryInformationPolicy level 3 to return primary domain info.
Domain SID is saved in secrets.tdb upon joining domain.

Added "Authenticated Users" and "SYSTEM" well-known SIDs (under
NT Authority).
(This used to be commit 7710b4f48d)
2000-05-29 01:23:48 +00:00
Jeremy Allison
b27886addb passdb/secrets.c: Fix typo in comment.
rpc_server/srv_pipe.c: Use accessor functions rather than diddling with structure
internals directly.
smbd/process.c:
smbd/reply.c: Remove READ_PREDICTION #ifdefs.
Jeremy.
(This used to be commit eba825ff03)
2000-05-15 17:13:50 +00:00
Jeremy Allison
1684d534c8 Someone :-) forgot to add secrets.c to HEAD.
Jeremy.
(This used to be commit ac40971f30)
2000-05-08 18:14:25 +00:00