1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

1999 Commits

Author SHA1 Message Date
Rafal Szczesniak
ce12b32c4a Fix compiler warning.
(This used to be commit 3a71b48730)
2003-07-13 16:25:55 +00:00
Gerald Carter
03d5867d52 moving more code around.
* move rid allocation into IDMAP.  See comments in _api_samr_create_user()
  * add winbind delete user/group functions

I'm checking this in to sync up with everyone.  But I'm going to split
the add a separate winbindd_allocate_rid() function for systems
that have an 'add user script' but need idmap to give them a RID.
Life would be so much simplier without 'enable rid algorithm'.
The current RID allocation is horrible due to this one fact.
Tested idmap_tdb but not idmap_ldap yet.  Will do that tomorrow.

Nothing has changed in the way a samba domain is represented, stored,
or search in the directory so things should be ok with previous installations.

going to bed now.
(This used to be commit 0463045cc7)
2003-07-11 05:33:40 +00:00
Volker Lendecke
0b07d432cc Add const
(This used to be commit 2f7658d9ba)
2003-07-10 14:12:37 +00:00
Gerald Carter
0b18acb841 and so it begins....
* remove idmap_XX_to_XX calls from smbd.  Move back to the
  the winbind_XXX and local_XXX calls used in 2.2

* all uid/gid allocation must involve winbindd now

* move flags field around in winbindd_request struct

* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
  to prevent automatic allocation for unknown SIDs

* add 'winbind trusted domains only' parameter to force a domain member
  server to use matching users names from /etc/passwd for its domain
  (needed for domain member of a Samba domain)

* rename 'idmap only' to 'enable rid algorithm' for better clarity
  (defaults to "yes")

code has been tested on

  * domain member of native mode 2k domain
  * ads domain member of native mode 2k domain
  * domain member of NT4 domain
  * domain member of Samba domain
  * Samba PDC running winbindd with trusts

Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'

This will be a long week of changes.  The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4)
2003-07-07 05:11:10 +00:00
Andrew Bartlett
a3ddfa5069 Fixes to our LDAP/vampire codepaths:
- Try better to add the appropriate mapping between UID and SIDs, based
   on Get_Pwnam()
 - Look for previous users (lookup by SID) and correctly modify the existing
   entry in that case
 - Map the root user to the Admin SID as a 'well known user'
 - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update'
   call on that user.  This means that VL's very nice work on atomic LDAP
   updates now really gets used properly!
 - This also means that we know the right DN to update, without the extra
   round-trips to the server.

Andrew Bartlett
(This used to be commit c7118cb31d)
2003-07-05 09:46:12 +00:00
Andrew Bartlett
4168d61fb2 This patch cleans up some of our ldap code, for better behaviour:
We now always read the Domain SID out of LDAP.  If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP.   We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap).  If we fail to read/add the domain entry, we just
fallback to the old behaviour.

We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available.  This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added.  Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.

The code now allows modifications to the ID mapping in many cases.

Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).

The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'.  This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.

On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.

We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate.  Instead, we just start at the bottom
of the range, and increment again if the user already exists.  The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.

Thanks to metze and AB for double-checking parts of this.

Andrew Bartlett
(This used to be commit 9c595c8c23)
2003-07-04 13:29:42 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Jeremy Allison
af4d658894 Added fix for Japanese case names in statcache - these can change
size on upper casing. Based on patch from monyo@home.monyo.com.
Jeremy.
(This used to be commit 72e382e99b)
2003-07-02 20:01:51 +00:00
Tim Potter
1e07f860a4 Fix poptOption definition for --no-pass and --kerberos options. The 'value'
field for an option should be set to an identifier to use in a switch
statement or zero if the the arg field is to be updated only.

This fixes smbclient -k always prompting for a password which we don't need.
(This used to be commit 0744e2dad3)
2003-07-02 03:04:15 +00:00
Volker Lendecke
f13e48e2ee Different fix for memleak just committed. This belongs into
tdb_search_list_free.

Volker
(This used to be commit 0f3822c8e7)
2003-07-01 13:04:50 +00:00
Volker Lendecke
b78dd91e68 Fix two memory leaks. tdb_search_keys allocates space for the key
strings.

Running 'net cache list' or secrets_get_trusted_domains through
valgrind gives a *huge* amount of invalid reads of one byte beyond the
indicated string length in libc's strncpy. Annoying...

Volker
(This used to be commit 0f8933ae77)
2003-07-01 12:40:52 +00:00
Volker Lendecke
2b0662b33a Fix a segfault found by metze & valgrind...
Don't overwrite past the end of a string.

Volker
(This used to be commit f036368efd)
2003-07-01 12:03:00 +00:00
Gerald Carter
db6ce132e3 * fix the trustdom_cache to work when winbindd is not running.
smbd will update the trustdom_cache periodically after locking
  the timestamp key
(This used to be commit 7bc4b65b91)
2003-07-01 03:49:41 +00:00
Gerald Carter
1d8cd8faf6 fix for platforms that don't have unsetenv().
we now have to check the value for _NO_WINBINDD.
"1" enables, and != "1" disables (use "0" by convention).
(This used to be commit 11eccaef1d)
2003-06-30 16:18:29 +00:00
Andrew Tridgell
0a4959d48d - added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)
- changed --enable-developer debug to use -gstabs as it makes the
  samba binaries about 10x smaller and is still quite functional for
  samba debugging
(This used to be commit 53bfcd478a)
2003-06-30 02:11:13 +00:00
Gerald Carter
b8723aaa65 Here's the code to make winbindd work on a Samba DC
to handle domain trusts.  Jeremy and I talked about this
and it's going in as working code.  It keeps winbind clean
and solves the trust problem with minimal changes.

To summarize, there are 2 basic cases where the deadlock would
occur.  (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.

o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
  the username includes the 'winbind separator'.

o Case #2 is handled by adding checks in winbindd to return failure
  if we are a DC and the domain matches our own.

This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain').  The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.

Other misc fixes:

  * we need to fix check_ntlm_password() to be able to determine
    if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
    etc...).  I worked around my specific situation, but this needs to be
    fixed.  the winbindd auth module was causing delays.
  * fix named server mutex deadlock between trust domain auth module
    and winbindd looking up a uid
  * make sure SAM_ACCOUNT gets stored in the server_info struct for the
    _net_sam_logon() reply.

Configuration details:

The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.

  * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
  * create domain trusts like normal
  * join winbind on the pdc to the Samba domain using 'net rpc join'
  * add normal parameters to smb.conf for winbind
  * set 'auth method = guest sam winbind'
  * start smbd, nmbd, & winbindd

Problems that remain:

  * join a Windows 2k/XP box to a Samba domain.
  * create a 2-way trust between the Samba domain
    and an NT domain
  * logon to the windows client as a user from theh trusted
    domain
  * try to browse server in the trusted domain (or other
    workstations).  an NT client seems to work ok, but 2k
    and XP either prompt for passwords or fail with errors.

apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9)
2003-06-29 03:39:50 +00:00
Gerald Carter
f51d769dd3 large change:
*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda42)
2003-06-25 17:41:05 +00:00
Andrew Bartlett
eb61c82382 Patch to move functions directly from pdb_ldap.c into lib/smbldap.c
The functions are unchanged.  Next step is to make idmap_ldap use them.

Andrew Bartlett
(This used to be commit 57617a0f8c)
2003-06-25 12:51:58 +00:00
Gerald Carter
81d8eefc0d * set domain->last_status = NT_STATUS_SERVER_DISABLED on an ads_connect() failure
* Fix code to use winbind_rpc methods for trusted mixed mode or NT4 domains
  ( does no one ever test this? )
* add in LDAP code to get the sequence number for rpc based seqnum update.
  ( this is needed if the DC is upgraded and samba is not reconfigured
    to use security = ads; it's not pretty but it works (from app_head) )
* fix bug that caused us to enumerate domain local groups in domains
  other than our own
(This used to be commit 14f2cd139a)
2003-06-23 05:10:07 +00:00
Gerald Carter
93bcb9963b merge of the netsamlogon caching code from APPLIANCE_HEAD
This replaces the universal group caching code (was originally
based on that code).  Only applies to the the RPC code.

One comment: domain local groups don't show up in 'getent group'
that's easy to fix.

Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.

netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc)
2003-06-21 04:05:01 +00:00
Andrew Bartlett
f70cc4cdc1 This patch works towards to goal of common code shared between idmap_ldap
and pdb_ldap.

So far, it's just a function rename, so that the next patch can be a very
simple matter of copying functions, without worrying about what changed
in the process.

Also removes the 'static' pointers for the rebind procedures, replacing them
with a linked list of value/key lookups.  (Only needed on older LDAP client
libs)

Andrew Bartlett
(This used to be commit f93167a7e1)
2003-06-21 00:45:03 +00:00
Volker Lendecke
ea1cec68bb Const fixes by metze
Volker
(This used to be commit c0e35f3be8)
2003-06-17 09:40:35 +00:00
Andrew Tridgell
8cd67d7668 reverted locale patch put in by jht (originally from vorlon).
There are lots of things wrong with this patch, including:

1) it overrides a user chosen configuration option

2) it adds lots of complexity inside a loop when a tiny piece of code
   outside the loop would do the same thing

3) it does no error checking, and is sure to crash on some systems

If you want this functionality then try something like this at the end
of charset_name():

#ifdef HAVE_NL_LANGINFO
	if (strcasecmp(ret, "LOCALE") == 0) {
		const char *ln = nl_langinfo(CODESET);
		if (ln) {
			DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln));
			return ln;
		}
	}
#endif

then users can set 'display charset = LOCALE' to get the locale based
charset. You could even make that the default for systems that have
nl_langinfo().
(This used to be commit 382b9b806b)
2003-06-16 02:22:52 +00:00
John Terpstra
489956c823 Patch from vorlon@debian.org, see bugzilal #122
Samba should preferentially use the locale information from the native system,
and only fall back on 'display charset' if this is unavailable or unsupported.
(This used to be commit 1e445fb422)
2003-06-15 06:07:53 +00:00
Tim Potter
0a9396dcca Rename some uuid functions so as not to conflict with system
versions.  Fixes bug #154.
(This used to be commit 986eae40f7)
2003-06-13 04:35:53 +00:00
Andrew Tridgell
7309f50062 applied patch from bug#140
this fixes a timestamp problem with 64 bit machines
(This used to be commit 0ce6eddad8)
2003-06-09 02:54:07 +00:00
Gerald Carter
711f8d0a13 * break out more common code used between pdb_ldap and idmap_ldap
* remove 'winbind uid' and 'winbind gid' parameters (replaced
  by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
  idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
  (parameters are passed to idmap init() function
(This used to be commit 1665926281)
2003-06-06 13:48:39 +00:00
Jeremy Allison
0bbbe382a5 Fix for valgrind - when doing a srvstr_push we must zero fill
any extra bytes, not clobber region them - otherwise valgrind
thinks they are invalid on send() or write().
Jeremy.
(This used to be commit 8aa5f7a65c)
2003-06-06 07:56:23 +00:00
Jelmer Vernooij
bed2de0ff2 Use filedes as first argument to fsetxattr, not the undefined variable 'path' :-)
(This used to be commit d3c02b40c4)
2003-06-06 07:06:30 +00:00
Andrew Tridgell
6b943b5b21 - the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicode
(to match win2003 behaviour)

- added the STR_TERMINATE_ASCII flag from samba4 so we can get the
  string termination right for the case where it is supposed to be
  non-terminated for UCS2 and terminated when ASCII
(This used to be commit 791a4cc7cf)
2003-06-06 05:15:28 +00:00
Jeremy Allison
8e047054e8 Get ready for EA code... Add Linux interface.
Jeremy.
(This used to be commit 4885314074)
2003-06-05 20:29:55 +00:00
Gerald Carter
3bdfd57a2d working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
2003-06-05 02:34:30 +00:00
Jelmer Vernooij
ff0a111d37 Remove module_path_get_name() - it's not used anywhere anymore and was a bad idea anyway.
(This used to be commit b45a67e7a9)
2003-05-30 16:36:38 +00:00
Jelmer Vernooij
d75a4281c5 Fix the events API. Patch by metze with some minor modifications.
(This used to be commit df24c4e839)
2003-05-29 14:46:30 +00:00
Jelmer Vernooij
e731ec1ed6 Get the events API right. Patch from metze with some minor modifications.
(This used to be commit 2aad573625)
2003-05-29 14:40:55 +00:00
Tim Potter
fd448442d9 Merge of rpcstr_pull() termination fixes from 3.0
(This used to be commit d41705dec6)
2003-05-28 00:59:35 +00:00
Tim Potter
044b9af17e Merge of formatting fixups from 3.0
(This used to be commit 43e01fb230)
2003-05-28 00:58:37 +00:00
Tim Potter
5c385ce833 Merge of pull_ascii() and pull_ucs2() termination fixes from 3.0
(This used to be commit bd97a76388)
2003-05-28 00:56:51 +00:00
Tim Potter
bdef2e8eb8 Fix unused variable warning.
(This used to be commit 0a80db5bde)
2003-05-27 07:26:55 +00:00
Tim Potter
797add4a73 Fixed unused variable warning.
(This used to be commit cdbe47a5d5)
2003-05-27 07:26:04 +00:00
Tim Potter
8bf60dc801 Merge from 3.0: Fix set_local_machine_name() for both *SMBSERVER and
*SMBSERV as per comments in loadparm.c
(This used to be commit a6cb33c5bf)
2003-05-27 00:16:43 +00:00
Tim Potter
df90a0b3b6 Jelmer was really excited about copyrights this year.
(This used to be commit 30a1b517fc)
2003-05-27 00:09:34 +00:00
Alexander Bokovoy
2c01eef4d7 Evolve quotas configure check more. Patch from Stefan (metze) Metzemacher. Now we are defaulting to --with-quotas=no but anyway trying to test them in configure. This is done to get information about as much quota API variations as possible -- when --with-quotas=no this does not affect build but provides us with more detailed information on build farm.
(This used to be commit 3786695c72)
2003-05-14 14:38:11 +00:00
Gerald Carter
849e0d6895 syncing LDAP schema changes with Samba_3_0
(This used to be commit a1326ea348)
2003-05-14 04:39:55 +00:00
Gerald Carter
5d16254f56 *****LDAP schema changes*****
New objectclass named sambaSamAccount which uses attribute
prefaced with the phrase 'samba' to prevent future name clashes.

Change in functionality of the 'ldap filter' parameter.  This always
defaults to "(uid=%u)" now and is and'd with the approriate objectclass
depending on whether you are using ldapsam_compat or ldapsam

conversion script for migrating from sambaAccount to
sambaSamAccount will come next.
(This used to be commit 998586e652)
2003-05-14 03:32:20 +00:00
Tim Potter
65bc416e65 Move some #ifdefs and function prototypes around to avoid a compiler
warning when we have a working version of snprintf()
(This used to be commit 080a943e24)
2003-05-14 01:14:06 +00:00
Tim Potter
f184074799 Move some #ifdefs and function prototypes around to avoid a compiler
warning when we have a working version of snprintf()
(This used to be commit 4836c0c0fc)
2003-05-14 01:10:46 +00:00
Simo Sorce
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
Alexander Bokovoy
e8573c8fa9 Add NT quota support. Patch from Stefan (metze) Metzemacher
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e)
2003-05-12 01:20:17 +00:00
Andrew Bartlett
cfe8b79c77 When checking if a SID is in a domain, make sure that indeed the user RID is
one element longer than the domain sid.

Andrew Bartlett
(This used to be commit c61e5e3877)
2003-05-09 09:33:51 +00:00
Gerald Carter
1463c220c5 fixed bug #75; add check for non-zero destlen
(This used to be commit bfcec106d0)
2003-05-08 20:19:21 +00:00
Gerald Carter
27d68a306d fixed bug #75; add check for non-zero destlen
(This used to be commit 83bb84f131)
2003-05-08 20:19:10 +00:00
Tim Potter
bbdc326f15 Another attempt at undoing my bogus patch 1.55.2.19
(This used to be commit 05a684b3be)
2003-05-08 05:10:44 +00:00
Tim Potter
22fb803b39 Whoops - that wasn't a whitespace syncup after all.
(This used to be commit 42d0414ed2)
2003-05-07 05:52:44 +00:00
Martin Pool
b1f3d0e2c3 Merge from distcc:
Put in a prototype for dummy_snprintf() to quiet compiler warnings.

  Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even if
  the C library has some snprintf functions already.
(This used to be commit c49cfe1677)
2003-05-07 01:18:06 +00:00
Jelmer Vernooij
078e66c8d2 Add metze's exit and idle event patch
(This used to be commit e599eba851)
2003-05-06 17:52:11 +00:00
Jelmer Vernooij
ecbd2b5d1e Remove unused variables
(This used to be commit 2f631769f8)
2003-05-06 02:35:33 +00:00
Jelmer Vernooij
06551c644c Patch from metze to add exit and interval events. Useful for modules
(This used to be commit 3033a63cef)
2003-05-06 02:34:59 +00:00
Tim Potter
c724747e2d Fixed typo introduced when reverting patch from revision 1.19
(This used to be commit a102734263)
2003-05-05 03:34:19 +00:00
Tim Potter
ea3d32fe9c Fixed typo introduced in reverted patch from version 1.12.4.5
(This used to be commit 4fccc1f16d)
2003-05-05 03:31:50 +00:00
Andrew Bartlett
24ee141805 Add a comment about the use of string functions in the modules code, and
add \n to the end of the non-dlopen case DEBUGs.

Andrew Bartlett
(This used to be commit ce4ff4cc8e)
2003-05-03 04:34:13 +00:00
Paul Green
5a61380820 Refactor existing sock_exec() and socketpair_tcp() functions into their own
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 10bf65d335)
2003-04-30 17:48:46 +00:00
cvs2svn Import User
72e786496d This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit 7347331053) 2003-04-30 17:35:57 +00:00
Paul Green
4e2bd11d3e Refactor existing sock_exec() and socketpair_tcp() functions into their own
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 2dd18ca0cf)
2003-04-30 17:35:56 +00:00
Jelmer Vernooij
81256ecbb9 Use NTSTATUS as return value for smb_register_*() functions and init_module()
function. Patch by metze with some minor modifications.
(This used to be commit f4576757d1)
2003-04-28 18:33:25 +00:00
Jelmer Vernooij
17a3acafa8 Use NTSTATUS as return value for smb_register_*() functions and init_module()
function. Patch by metze with some minor modifications.
(This used to be commit bc4b51bcb2)
2003-04-28 17:48:48 +00:00
Tim Potter
03412f056d Whitespace syncup.
(This used to be commit 7fd7af121e)
2003-04-28 05:47:07 +00:00
Tim Potter
29ac5d2873 Two character tabs - I don't think so.
(This used to be commit 40d370bec6)
2003-04-28 05:40:46 +00:00
Gerald Carter
e82f3c4461 round three of CIDR fixes; spotted by Tomoki AONO
(This used to be commit 920958a392)
2003-04-26 16:18:39 +00:00
Gerald Carter
ce9af4e049 round three of CIDR fixes; spotted by Tomoki AONO
(This used to be commit 554026b208)
2003-04-26 16:18:20 +00:00
Jelmer Vernooij
d117c3bf0a Complain about duplicate charsets at debug level 0 instead of 2
(This used to be commit d29407d41e)
2003-04-24 20:42:16 +00:00
Jelmer Vernooij
08b30fcf27 Get rid of module_path_get_name() and use the find backend function
to find duplicates
(This used to be commit 871cad7e9a)
2003-04-24 20:27:19 +00:00
Jelmer Vernooij
01ff89b58b Get rid of module_path_get_name()
(This used to be commit 9f9bdd97db)
2003-04-24 20:20:25 +00:00
Jelmer Vernooij
c7a6388e7e Check for absolute paths by only checking the first character of the module name.
Don't use strchr_m, which caused race conditions.
(This used to be commit 69ec6be90f)
2003-04-24 19:47:37 +00:00
Jelmer Vernooij
477f90f95c Check for absolute paths by only checking the first character of the module name.
Don't use strchr_m, which caused race conditions.
(This used to be commit 9411e3336e)
2003-04-24 19:30:16 +00:00
Andrew Bartlett
596de71fc6 When possible, store the IP address of the connecting client, not just the
hostname.

This makes 'last -i' show the IP.

Thanks to Philip Anderson <pza@australia.op.org> for the idea.

Andrew Bartlett
(This used to be commit 107731c080)
2003-04-24 09:52:29 +00:00
Andrew Bartlett
66468d2315 Patch by Metze to ensure that we always at least initialize our output string
for rpc_pull_string.  If we had a NULL or zero-length string, we would use
uninitialised data in the result string.

Andrew Bartlett
(This used to be commit df10aee451)
2003-04-23 14:07:33 +00:00
Andrew Bartlett
1a9394195d Merge HEAD's winbind into 3.0.
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).

Andrew Bartlett
(This used to be commit d4d5e6c2ee)
2003-04-23 11:54:56 +00:00
Andrew Bartlett
075986b00d Merge case handling table changes from 3.0 to HEAD.
(This used to be commit 263407e132)
2003-04-23 11:38:35 +00:00
Andrew Bartlett
656d2c75c9 Don't try to continue if initialisation fails (merge from HEAD)
(This used to be commit ff3ec67e12)
2003-04-23 11:29:54 +00:00
Andrew Bartlett
95705e904f Fix this for both *SMBSERVER and *SMBSERV as per comments in loadparm.c.
Andrew Bartlett
(This used to be commit c6d416541b)
2003-04-23 01:34:56 +00:00
Andrew Bartlett
97a9832541 Try to avoid setting *SMBSERVER as a 'local name'.
Andrew Bartlett
(This used to be commit 5b5e167bb1)
2003-04-23 01:21:42 +00:00
Jeremy Allison
30418a47c6 Limit the number of outstanding print notify messages for a process to
1000.
Jeremy.
(This used to be commit 2e5e4c10d2)
2003-04-23 00:19:30 +00:00
Jeremy Allison
c057f9faff Limit the number of outstanding print notify messages for a process to
1000.
Jeremy.
(This used to be commit aabaac05c6)
2003-04-23 00:19:16 +00:00
Andrew Bartlett
bc83d3a4ed Merge (HEAD->3.0) mbp's fixes to our charcnv code - don't use a staic buffer,
which can restrict things like unix_strupper() to 512 byte strings.

Andrew Bartlett
(This used to be commit 341d6affa4)
2003-04-22 13:15:24 +00:00
Andrew Bartlett
c2e997d6a7 Merge from 3.0 - try harder to get our real DNS domain name, and send this
to the client when it asks for our DNS name and forest name.

(needed for win2k to trust us as a trusted domain).

Andrew Bartlett
(This used to be commit 2a1015eb57)
2003-04-22 07:45:16 +00:00
Andrew Bartlett
8de48f3093 Make our 'get DNS domain name' code try a bit harder - if gethostname() doesn't
include a domain portion, do a gethostbyname() lookup on that name.

Use this name in our PolicyPrimaryDomainInformation reply (_lsa_query_info2)
that Win2k uses when trying to trust us as a trusted domain.

(We need to do a better mapping between our Netbios and Win2k domain names,
but this will do for now - particularly annoying is the way this possibly needs
to map with our kerberos realm).

Andrew Bartlett
(This used to be commit 3be0327103)
2003-04-22 07:28:41 +00:00
Andrew Bartlett
c75af6b980 Merge whitespace and const from HEAD
(This used to be commit 88fdc36f93)
2003-04-21 13:05:51 +00:00
Volker Lendecke
2029f3028c Address gcc warnings.
I could not fix the "passing arg 5 of `ldap_search_s'" completely with
gcc -Wall. A non-developer compile does not complain though.

Volker
(This used to be commit dcbbbd66a9)
2003-04-19 18:45:03 +00:00
Simo Sorce
e02a3f2336 some readline completion exancements
still need working, does not complete remote names yet
(This used to be commit 625eee8e03)
2003-04-19 15:40:32 +00:00
Simo Sorce
84728c3400 fixes
fix debug, add "idmap" string to the list of classes
fix idmap, check init failures, and enhance debugging
fix idmap_tdb, _do_ init uid and gid low,high states (too bad I missed that
before)
fix smbd/uid.c, use gid_t for gids and uid_t for uids
(This used to be commit bc95de4ebb)
2003-04-19 15:29:39 +00:00
Gerald Carter
78f039f043 fix byte ordering when using CIDR notation in hosts allow/deny; spotted by Eloy Paris
(This used to be commit c2580e15d6)
2003-04-18 14:56:29 +00:00
Gerald Carter
6bbedbdb5a fix byte ordering when using CIDR notation in hosts allow/deny; spotted by Eloy Paris
(This used to be commit 6155144b9f)
2003-04-18 14:55:43 +00:00
Jelmer Vernooij
8911258e7e Only use backtrace variables when we can use them
(This used to be commit 17243c61b5)
2003-04-16 14:51:44 +00:00
Jelmer Vernooij
b5fd86aee1 Only declare backtrace variables when using them
(This used to be commit 429b373453)
2003-04-16 14:51:02 +00:00
Jelmer Vernooij
004502551b Add support for the new modules system to lib/iconv.c (merge from HEAD)
(This used to be commit 64a357017a)
2003-04-16 13:09:00 +00:00
Gerald Carter
d15cd357c7 merge in metze' smbcquotas patch from HEAD
(This used to be commit b6a7704888)
2003-04-15 19:51:17 +00:00
Jelmer Vernooij
7fcbdf00f6 Add some more functions for the modules (backport from HEAD):
- init_modules()
 - smb_probe_module()
(This used to be commit b3328dab2f)
2003-04-14 22:23:02 +00:00
Jelmer Vernooij
10bf059b62 Backport my backtrace patch from HEAD
(This used to be commit 66fcf6b493)
2003-04-14 21:49:49 +00:00
Jeremy Allison
ee7f29a9f8 Merge across tridge's Realloc fix.
Jeremy.
(This used to be commit df214d1881)
2003-04-14 11:04:57 +00:00
Martin Pool
1652670e79 Merge from HEAD 1.36.
(This used to be commit 25a01e3247)
2003-04-14 07:36:19 +00:00
Martin Pool
9a5a49e5dd Remove SAFE_FREE() definition, which is not needed in this file.
In TEST_SNPRINTF mode, always compile all the functions in this file
even if they're normally available on this system.

Fix typo in comment.
(This used to be commit 95f4b58288)
2003-04-14 05:16:47 +00:00
Martin Pool
af732811cc Add selected parts of the changelog to this file, to make merging into
other projects easier.
(This used to be commit 0f3c2bfbd2)
2003-04-14 05:02:55 +00:00
Martin Pool
63a1b7637f Merge test cases from rsync.
(This used to be commit a0d841a59e)
2003-04-14 05:00:00 +00:00
Martin Pool
048b0da018 Doc.
Add additional test case for a bug recently found in rsync by Paul
Green.  Appparently it was fixed here a while ago.
(This used to be commit a0033cc83c)
2003-04-14 04:55:49 +00:00
Tim Potter
63cbbe2692 Merge Jelmer's popt updates from HEAD.
(This used to be commit 98e84b3e83)
2003-04-14 03:30:20 +00:00
Tim Potter
886d4e6fe2 Merge of new sid type (SID_NAME_COMPUTER) and tidyup.
(This used to be commit c91cf2b38d)
2003-04-14 02:26:41 +00:00
Tim Potter
e8a0a3d357 Fix a compiler warning.
(This used to be commit bf61aeef44)
2003-04-14 02:24:16 +00:00
Tim Potter
ae7414ed37 Whoops - missed some tdb message registrations from a previous merge.
(This used to be commit 59f8fc438a)
2003-04-14 02:19:10 +00:00
Tim Potter
564cd8cc2d Merge of doxygen updates from HEAD.
(This used to be commit 6d7baad38f)
2003-04-14 02:18:10 +00:00
Tim Potter
44fa3b90e0 Merge removal of some unused functions. Commit mistakenly included with
new rpc echo pipe.
(This used to be commit b7af3cda28)
2003-04-14 00:12:28 +00:00
Gerald Carter
5b51fc4f06 smbcquota patch from metze
(This used to be commit 74fab8f0d2)
2003-04-11 23:32:00 +00:00
Gerald Carter
1da829be47 workaround streams leak on SCO openserver 5.0.x
(This used to be commit 31eaf11d2e)
2003-04-11 14:29:19 +00:00
Gerald Carter
40b85808a2 workaround streams leak on SCO openserver 5.0.x
(This used to be commit ab51878a97)
2003-04-11 14:18:02 +00:00
Tim Potter
065561932c A new RPC pipe! The \pipe\echo named pipe is for testing large RPC
requests and responses and is only compiled in when --enable-developer
is passed to configure.  It includes server and client side code for
generating and responding to functions on this pipe.  The functions are:

 - AddOne: add one to the uint32 argument and return ig
 - EchoData: echo back a variable sized char array to the caller
 - SourceData: request a variable sized char array
 - SinkData: send a variable sized char array and throw it away

There's a win32 implementation of the client and server in the
junkcode CVS repository in the rpcecho-win32 subdirectory.
(This used to be commit 4ccd34ef83)
2003-04-11 04:09:14 +00:00
Martin Pool
786564f2b4 unix_strupper, unix_strlower: Remove fixed-length static buffer that
makes these functions fail for strings over 512 characters.  Now we
use convert_string_allocate, which grows a buffer as necessary.
(This used to be commit a55dc493ca)
2003-04-09 07:34:49 +00:00
Martin Pool
65289c353b Merge from 3_0: Build a lookup table of valid DOS characters just
once, when init_iconv is first called.  Use this in check_dos_char
rather than doing the conversion every time.  Much faster.
(This used to be commit e8f1399323)
2003-04-08 03:01:02 +00:00
Jeremy Allison
8490fa4854 const cleanup.
Jeremy.
(This used to be commit 03ad0179e3)
2003-04-07 21:11:33 +00:00
Jelmer Vernooij
b390459450 BUGS.txt -> Bugs appendix in HOWTO Collection
(This used to be commit f95741ae88)
2003-04-07 18:27:32 +00:00
Jelmer Vernooij
d1c6c05ab0 BUGS.txt -> Bugs Appendix in HOWTO collection
(This used to be commit 1e1ef7a7b5)
2003-04-07 18:26:58 +00:00
Tim Potter
25b1c37f6f Remove duplicate "tallocdump" message from tdb messaging system. The
same functionality exists as "pool-usage".

Move initialisation of this and dmalloc messages inside message_init().
(This used to be commit af6ecafcbb)
2003-04-07 06:13:36 +00:00
Andrew Bartlett
6187ebe30c Fix the interface of pull_ucs2_charcnv() to take a (char **) arg, not a (void **)
(This used to be commit dc04b732ba)
2003-04-06 13:11:29 +00:00
Andrew Bartlett
c5ab17567c Fix memory leak of the key.
(This used to be commit 9daf41c41f)
2003-04-06 13:00:46 +00:00
Andrew Tridgell
f82c61cefe strequal() returns True for equal, not an int
(This used to be commit b96590ad09)
2003-04-06 12:28:50 +00:00
Andrew Tridgell
06ee9702a0 don't rely on realloc() working on NULL
(This used to be commit bd00355c1d)
2003-04-06 12:28:00 +00:00
Martin Pool
4127c455c8 Export lazy_initialize_conv so that it can be called from
check_dos_char.

init_iconv: Call init_doschar_table when reinitializing conversions.
(This used to be commit d0b2c5d7ba)
2003-04-04 08:25:05 +00:00
Martin Pool
75438592cd check_dos_char: Change this to use a lazily-initialized lookup table
indicating which characters are valid dos characters.  This function
was previously quite slow because it did two unicode conversions on
every call.
(This used to be commit e4ec19e03f)
2003-04-04 08:16:14 +00:00
Martin Pool
b5e7b9dbea lazy_initialize_conv: Remove redundant call to init_valid_table,
because init_iconv calls it for us.

init_iconv: Add documentation about how this is reintialized when
configuration is reloaded.
(This used to be commit 0ee80a9018)
2003-04-04 07:50:59 +00:00
Martin Pool
82272f3baf check_dos_char: Export this function so that it can be tested in
isolation by a test case.
(This used to be commit 52520fda6a)
2003-04-04 03:35:06 +00:00
Jim McDonough
77dc0bc6bf The ldap idmap backend from Anthony Liguori (aliguori@us.ibm.com):
This patch moves the ldap routines out of passdb into a generic
library and implements an LDAP backend for IDMAP.  THe backend
can be enabled with "idmap backend = ldap" in smb.conf.  THere
are also schema changes to make sure to update teh ldap schema files.
(This used to be commit 87c7c582c6)
2003-04-03 03:30:25 +00:00
Jelmer Vernooij
4392be0a47 Add const
(This used to be commit 7dccd144b7)
2003-04-02 11:06:42 +00:00
Simo Sorce
a557af96e9 THE Idmap patch :-)
includes a --with-idmap=no switch to disable idmap usage if you find
problems.

cosmetic fixes and param aliases to separate winbind from idamp roles.

A temporarily remote idmap winbind compatibility backend.
As I have time I will further change code to not call directly winbind
(partly done but not tested) and a specilized module will be built in place
for the current glue hack.

The patch has been tested locally in my limited time, the patch is simple and
clear and should not reserve problems, if any just disable it.

As usual, comments and fisex are welcome :-)

Simo.
(This used to be commit 0278132047)
2003-04-02 10:36:02 +00:00
Andrew Bartlett
9ad1ddc793 Don't set zero length for the base64 decoded string (fixes swat auth).
Andrew Bartlett
(This used to be commit 7ab39cba6a)
2003-04-02 00:17:03 +00:00
Andrew Bartlett
a4fe384f1d OHKAWA Yuichi (kuri@makino.ecei.tohoku.ac.jp) points out that using
decoded.length after it's been zero'ed out by data_blob_free() doesn't
give you the original length...

Andrew Bartlett
(This used to be commit 647a720cfb)
2003-04-02 00:03:52 +00:00
Jelmer Vernooij
96b5d5bdfd - Support absolute paths in vfs and charset modules
- Fix typo in Makefile.in
- Fix compatibility with older vfs modules (from patch by metze)
- Build some modules shared by default and some static (and fall
  back to static when dlopen() is not available)
(This used to be commit aa36f462d9)
2003-03-31 15:06:34 +00:00
Jelmer Vernooij
8bb5a02f8c Fix formatting of back traces - pathc by metze
(This used to be commit 9cc17bcfe6)
2003-03-31 12:29:50 +00:00
Jelmer Vernooij
7ea0ef92cb - Point users at the HOWTO Collection instead of 'README' in modules/mysql.c
- Make passdb work with absolute paths (passdb backend = /path/to/smbpasswd.so works now). vfs, rpc and charset will follow
(This used to be commit 794d3ed036)
2003-03-30 12:42:18 +00:00
Gerald Carter
6cc35405ab fix CIDR hosts allow/deny notation
(This used to be commit 0dc6115694)
2003-03-28 15:42:57 +00:00
Gerald Carter
06068da0dc fix CIDR hosts allow/deny notation
(This used to be commit 84707fd95e)
2003-03-28 15:42:36 +00:00
Jelmer Vernooij
fa0ea6d561 Use SAFE_FREE() instead of plain free() - pointed out by metze
(This used to be commit b49436d020)
2003-03-26 13:49:23 +00:00
Jelmer Vernooij
0eff00c692 Output backtrace to logfile in smb_panic(), as suggested by mbp
(only on systems that support it, of course)
(This used to be commit bf439d733d)
2003-03-26 12:53:28 +00:00
Jelmer Vernooij
5ee88b1891 We need to 'preprocess' in popt_common_samba as well
(This used to be commit 37ee8aecf4)
2003-03-25 10:37:58 +00:00
Jelmer Vernooij
41a09c3c53 Revoke some of the popt patch from metze I applied earlier today. It added
some double options and broke some parameters.
(This used to be commit d5f9b0275c)
2003-03-24 14:15:14 +00:00
Jelmer Vernooij
9ae249c6f1 Add modules support to charset
(This used to be commit cf3d31b980)
2003-03-24 12:47:21 +00:00
Jelmer Vernooij
11e9de855c Patch from metze to generalise POPT_COMMON_SAMBA, with some minor changes
(This used to be commit 2ddfed298d)
2003-03-24 11:25:34 +00:00
Andrew Bartlett
53beee9e56 (merge from HEAD)
NTLM Authentication:

- Add a 'privileged' mode to Winbindd.  This is achieved by means of a directory
  under lockdir, that the admin can change the group access for.

- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
  replacement:
 - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
   challenge.
 - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
   servers.
 - Tested - works for Win2k clients, but not Win9X at present.  NTLMSSP updates
   are needed.
 - Now uses fgets(), not x_fgets() to cope with Squid environment (I think
   somthing to do with non-blocking stdin).

- Add much more robust connection code to wb_common.c - it will not connect to
  a server of a different protocol version, and it will automatically try and
  reconnect to the 'privileged' pipe if possible.
  - This could help with 'privileged' idmap operations etc in future.

- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()

- Correctly pull our 'session key' out of the info3 from th the DC.  This is
  used in both the auth code, and in for export over the winbind pipe to
  ntlm_auth.

- Given the user's challenge/response and access to the privileged pipe,
  allow external access to the 'session key'.  To be used for MSCHAPv2
  integration.

Andrew Bartlett
(This used to be commit ec071ca3dc)
2003-03-24 09:54:13 +00:00
Andrew Bartlett
1f5e93e2e7 NTLM Authentication:
- Add a 'privileged' mode to Winbindd.  This is achieved by means of a directory
  under lockdir, that the admin can change the group access for.

- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
  replacement:
 - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
   challenge.
 - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
   servers.
 - Tested - works for Win2k clients, but not Win9X at present.  NTLMSSP updates
   are needed.
 - Now uses fgets(), not x_fgets() to cope with Squid environment (I think
   somthing to do with non-blocking stdin).

- Add much more robust connection code to wb_common.c - it will not connect to
  a server of a different protocol version, and it will automatically try and
  reconnect to the 'privileged' pipe if possible.
  - This could help with 'privileged' idmap operations etc in future.

- Add a generic HEX encode routine to util_str.c,
- fix a small line of dodgy C in StrnCpy_fn()

- Correctly pull our 'session key' out of the info3 from th the DC.  This is
  used in both the auth code, and in for export over the winbind pipe to
  ntlm_auth.

- Given the user's challenge/response and access to the privileged pipe,
  allow external access to the 'session key'.  To be used for MSCHAPv2
  integration.

Andrew Bartlett
(This used to be commit dcdc75ebd8)
2003-03-23 13:03:25 +00:00
Jelmer Vernooij
a76d82616a Use True, not TRUE
(This used to be commit eeeeb37fc6)
2003-03-23 00:30:17 +00:00
Jelmer Vernooij
52cee834d0 Don't crash when initialising tdb fails
(This used to be commit b18d02891b)
2003-03-23 00:10:35 +00:00
Jelmer Vernooij
94837e2125 Add -U, -N, -i, -A, -W to popt.
(This used to be commit 5a88d78f67)
2003-03-22 23:48:02 +00:00
Andrew Bartlett
79f3265893 (merge from HEAD) Valgrind found some memory leaks!
(This used to be commit 8315b9c311)
2003-03-22 23:32:50 +00:00
Jelmer Vernooij
22e62916d8 - Use FUNCTION_MACRO, not __FUNCTION__.
- Add some const
(This used to be commit e149e70717)
2003-03-22 23:25:44 +00:00
Andrew Bartlett
1ce67b7672 Valgrind found a few memory leaks!
Andrew Bartlett
(This used to be commit fb680f610c)
2003-03-22 23:25:09 +00:00
Andrew Bartlett
1f499a79f5 (merge from HEAD)
Small clenaup patches:
 - safe_string.h - don't assume that __FUNCTION__ is available
 - process.c - use new workaround from safe_string.h for the same
 - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
 - gencache.c - Keep valgrind quiet by always null terminating.
 - clistr.c - Add copyright
 - srvstr.h - move srvstr_push into a .c file again, as a real function.
 - srvstr.c - revive, with 'safe' checked srvstr_push
 - loadparm.c - set a default for the display charset.

 - connection.c - use safe_strcpy()
Andrew Bartlett
(This used to be commit c91e76bddb)
2003-03-22 13:47:42 +00:00
Andrew Bartlett
a38e5e6850 Small clenaup patches:
- safe_string.h - don't assume that __FUNCTION__ is available
 - process.c - use new workaround from safe_string.h for the same
 - util.c - Show how many bytes we smb_panic()ed trying to smb_xmalloc()
 - gencache.c - Keep valgrind quiet by always null terminating.
 - clistr.c - Add copyright
 - srvstr.h - move srvstr_push into a .c file again, as a real function.
 - srvstr.c - revive, with 'safe' checked srvstr_push
 - loadparm.c - set a default for the display charset.

Andrew Bartlett
(This used to be commit a7eba37aad)
2003-03-22 13:06:52 +00:00
Jelmer Vernooij
0b72dd8325 Patch from Samuel Thibault to convert messages from dos to unix charset
when sending(and vice versa when receiving).
(This used to be commit 5310447ec6)
2003-03-20 16:44:14 +00:00
Jelmer Vernooij
c7e720c87b Patch from Samuel Thibault to convert messages from unix to dos charset. Works
on 2000.
sending messages to 9x needs to be fixed, but that didn't work anyway
(This used to be commit ca066502a2)
2003-03-20 16:42:39 +00:00
Jeremy Allison
3be18a1fba lib/messages.c: Check return from chainlock before modifying message queue.
Apply the job returned limit across all requests for job queues.
Jeremy.
(This used to be commit bf795b684e)
2003-03-20 00:52:37 +00:00
Jeremy Allison
c8eed69be0 lib/messages.c: Check return from chainlock before modifying message queue.
Apply the job returned limit across all requests for job queues.
Jeremy.
(This used to be commit dee1326a1d)
2003-03-20 00:51:41 +00:00
Tim Potter
2f13a74671 Cleanup bogus initialisation in SID_NAME_USE enum.
Added new sid type = 9 for "computer" from MSDN.
(This used to be commit 45929d1269)
2003-03-20 00:32:44 +00:00
Jim McDonough
6c6fb121cd use strnlen to prevent coredumps
(This used to be commit 5078436d83)
2003-03-19 20:50:56 +00:00
Jim McDonough
e542eedd18 use strnlen to prevent coredumps
(This used to be commit 1960a650c1)
2003-03-19 20:50:43 +00:00
Jelmer Vernooij
47ea3a2bf2 Put in the new modules system. It's now used by passdb and rpc. I will
put a doc about it in dev-doc later today.
(This used to be commit af7bfee0c6)
2003-03-19 18:45:19 +00:00
Jeremy Allison
84e99fe898 Merge mbp's HEAD changes.
Jeremy.
(This used to be commit da1271a95f)
2003-03-18 21:21:21 +00:00
Andrew Bartlett
6cbe33161d Add const.
(This used to be commit 38a6ad95d7)
2003-03-18 12:12:14 +00:00
Andrew Bartlett
cdc6fc8acb Add an extra parameter to our 'set_remote_machine_name' and
'set_local_machine_name' so that the client can't change it from under us.

(.NET RC2 and WinXP install calls the machine 'machinename' during NTLMSSP
on the domain join).

Andrew Bartlett
(This used to be commit 4c7163e7c2)
2003-03-18 09:52:55 +00:00
Martin Pool
743d429d9b Step one of optimizations for StrCaseCmp:
First of all, do a char-by-char walk through both buffers until we get
to a non-ascii character, or a difference between the strings.  This
prefix can be directly compared without needing to call into iconv.
This should be much faster for strings that are either all ascii, or
differ near the start.
(This used to be commit f7f692b2db)
2003-03-18 07:31:49 +00:00
cvs2svn Import User
74d3be0218 This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit f0d009c3e9) 2003-03-18 07:09:24 +00:00
Martin Pool
a084f06fe3 Split "clobber" function and variables into its own file before it
grows too much larger.
(This used to be commit 4bbddbfc6a)
2003-03-18 07:09:23 +00:00
Martin Pool
556fea4e1e Update comment: Valgrind 1.9.4 seems to always respect client
requests, without needing --client-perms=yes.
(This used to be commit 412a8780c3)
2003-03-18 05:30:15 +00:00
Martin Pool
eb83748940 global_globber_region_function/line ought to be recorded before
clobbering the region, just in case clobbering causes us to crash
immediately.  (That might happen if we just shot ourselves in the
stack and strcpy was not inlined.)

Also, in DEVELOPER mode and when Valgrind is available, mark the
clobbered region as uninitialized.  This is an even stronger
protection than clobbering with 0xf1.
(This used to be commit 5653a42ae6)
2003-03-18 05:00:02 +00:00
Jeremy Allison
d332200c25 Merge in the developer string options from HEAD. We need to ensure 3.0
is as stable as possible in the string department and some pain now
will help later :-).
Jeremy.
(This used to be commit 86e3eddac6)
2003-03-18 01:48:11 +00:00
Andrew Bartlett
a8eaea53ed Merge from HEAD - make winbindd locking sane again:
Original message:


This patch attemptes to clean up winbindd's mutex locking.

The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.

This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection.  Tim Potter did
some work on this a little while back, verifying the second case.

The two cases are:
 - between connect() and first session setup
 - during the auth2 phase of the netlogon pipe setup.

I've removed the counter on the lock, as I fail to see what it gains us.

This patch also adds 'anonymous fallback' to our winbindd -> DC connection.

If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.

Both tpot and mbp like the patch.

Andrew Bartlett
(This used to be commit b5283c00a9)
2003-03-17 23:06:12 +00:00
Andrew Bartlett
ad0d6509a7 Merge from HEAD:
- Make ReadDirName return a const char*.

 - Consequential changes from that

 - mark our fstring/pstring assumptions in function prototypes

Andrew Bartlett
(This used to be commit 10b53d7c6f)
2003-03-17 22:56:13 +00:00
Andrew Bartlett
45d3e78547 Mege from HEAD - doxygen.
(This used to be commit 04a5cbc896)
2003-03-17 22:42:56 +00:00
Andrew Bartlett
467f1028f4 Merge from (earlier) HEAD - doxygen.
I'm not merging the current HEAD string stuff quite yet.
(This used to be commit 9b8d12e081)
2003-03-17 22:42:01 +00:00
Andrew Bartlett
400bb4bfab - Make ReadDirName return a const char*.
- Consequential changes from that

 - mark our fstring/pstring assumptions in function prototypes

Andrew Bartlett
(This used to be commit fe2bc64bc4)
2003-03-16 13:21:12 +00:00
Andrew Bartlett
f1d333ea35 Remove an unused function and fix the build.
Andrew Bartlett
(This used to be commit 67a0319d26)
2003-03-15 08:03:11 +00:00
Andrew Bartlett
3b5bc93e9d String handling parinoia fixes.
This patch enables the compile-time checking of strings assable by means of
sizeof().  (Original code had the configure check reversed).

This is extended to all safe_strcpy() users, push_string and pull_string,
as well as the cli and srv derivitives.  There is an attempt to cap strings
at the end of the cli buffer, and clobber_region() of the speified length
(when not -1 :-).

Becouse of the way they are declared, the 'overmalloc a string' users of
safe_strcpy() have been changed to use overmalloc_safe_strcpy() (which skips
some of the checks).

This whole ball of mud worked fine, until I pulled out my 'fix' for our
statcache.  When jeremy fixes that, we should be able to get back to testing
this stuff.

This patch also includes a 'marker' of the last caller to clobber_region (ie,
the function that called pstrcpy() that called clobber_region) to assist in
debugging problems that may have smashed the stack.  This is printed at
smb_panic() time.  (Original idea and patch by metze).

It also removes some unsused functions, and #if 0's some others that are
unused but probably should be used in the near future.

For now, this patch gives us some confidence on one class of trivial parsing
error in our code.

Andrew Bartlett
(This used to be commit 31f4827acc)
2003-03-15 07:14:55 +00:00
Gerald Carter
7ae555c43c fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing
(This used to be commit 2487480228)
2003-03-14 23:11:19 +00:00
Gerald Carter
128e7edaaf fix WinXP & Win2K3 remote_arch and check pointer in ntlmssp code before dereferencing
(This used to be commit 7bc5fc729f)
2003-03-14 23:06:06 +00:00
Gerald Carter
fd56ede2b6 adding some initiaial code to sert %a to Win2K3 (using Native LanMan string from .NET RC2)
(This used to be commit e074cab810)
2003-03-12 15:41:39 +00:00
Gerald Carter
c992f66d73 adding some initiaial code to sert %a to Win2K3 (using Native LanMan string from .NET RC2)
(This used to be commit 4c823e61d1)
2003-03-12 15:40:43 +00:00
Andrew Bartlett
f4a8417d6f Add const
(This used to be commit 147a0c8b13)
2003-03-12 11:00:02 +00:00
Andrew Bartlett
3b580ff000 This patch attemptes to clean up winbindd's mutex locking.
The current locking scheme in winbind is a complete mess - indeed, the
next step should be to push the locking into cli_full_connection(), but
I'll leave it for now.

This patch works on the noted behaviour that 2 parts of the connection
process need protection - and independent protection.  Tim Potter did
some work on this a little while back, verifying the second case.

The two cases are:
 - between connect() and first session setup
 - during the auth2 phase of the netlogon pipe setup.

I've removed the counter on the lock, as I fail to see what it gains us.

This patch also adds 'anonymous fallback' to our winbindd -> DC connection.

If the authenticated connection fails (wbinfo -A specifed) - say that
account isn't trusted by a trusted DC - then we try an anonymous.

Both tpot and mbp like the patch.

Andrew Bartlett
(This used to be commit 0620320002)
2003-03-11 11:28:59 +00:00
Martin Pool
2e01ef5957 Remove valgrind_strlen function, hopefully no longer needed with
recent Valgrind relases and clashing with -DVALGRIND.
(This used to be commit 98479f1315)
2003-03-11 07:25:48 +00:00
Martin Pool
de6b39d898 Clobber strings with 0xf1f1f1f1 before writing to them to check buffer
lengths are correct.  Attempts to pstrcpy into an fstring or allocated
string should fail in developer builds.

This builds on abartlet's earlier overflow probe for safe_strcpy, but
by clobbering the whole string with a nonzero value is more likely to
find overflows on the stack.

This is only used in -DDEVELOPER mode.

Reviewed by abartlet, tpot.
(This used to be commit 8d915e266c)
2003-03-10 01:10:45 +00:00
Andrew Bartlett
8ccff3e995 This is C, not C++
(This used to be commit 25d210b90b)
2003-03-08 23:39:44 +00:00
Andrew Bartlett
01289b14a7 Make sure that the 'remote' machine name can only be set once. For some weird
reason, during a Win2003 installation, when you select 'domain join' it sends
one machine name in the name exchange, and litraly 'machinename' during the
NTLMSSP login.

Also fix up winbindd's logfile handling, so that it matches smbd and nmbd.

(This helps me, by seperating the logs by pid).

Andrew Bartlett
(This used to be commit afe5a3832f)
2003-03-08 10:22:50 +00:00
Jeremy Allison
e9f51a6e38 Patch from Michael Steffens. In his own words :
-------------------------------------------------------------------------
I think there are basically two problem:

  1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
     and SMB_ACL_OTHER.
     The function ensure_canon_entry_valid() is prepared for that, but tries
     to "guess" values from group or other permissions, respectively, otherwise
     falling back to minimum r-- for the owner. Even if the owner had full
     permissions before setting ACL. This is the problem with W2k clients.

  2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
     This is ok in a take-ownership situation, but must fail if the file is
     to be given away. This is the problem with XP clients, trying to transfer
     ownership of the original file to the temp file.

The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.

I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:

  1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
     as "preserve current value" instead of attempting to build one ourself.
     The original code is still in, but only as fallback in case current values
     can't be retrieved.

  2. Rearrange set_nt_acl() such that chown is only done before setting
     ACLs if there is either no change of owning user, or change of owning
     user is towards the current user. Otherwise chown is done after setting
     ACLs.

It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 1d3b8c528b)
2003-03-07 19:37:31 +00:00
Simo Sorce
8a751c019c Some progress towards gums and tdbsam2
genparser works fine, and it is a marvelous tool to store objects in tdb :)
(This used to be commit 4c6d461a85)
2003-03-07 18:26:24 +00:00
Jeremy Allison
f434f039e6 dlsym takes a const char *.
Jeremy.
(This used to be commit ff3827a62b)
2003-03-03 19:53:04 +00:00
Jeremy Allison
8ce11aee91 dlysym takes a const char *.
Jeremy.
(This used to be commit 54e5413a92)
2003-03-03 19:52:27 +00:00
Martin Pool
e443560789 Doxygen janitor: add note that strequal is in fact case-insensitive.
(This used to be commit a4b9c5c257)
2003-02-28 05:34:19 +00:00
Martin Pool
481b4e6d6c Doxygen janitor
(This used to be commit 9af0717315)
2003-02-28 04:21:55 +00:00
Martin Pool
f5f59e866e Doxygen janitor: fix parameter names, grammar, tag names.
(This used to be commit 42d9ec28cd)
2003-02-28 04:17:30 +00:00
Martin Pool
921e569ed5 Add a comment about the meaning of samba's internal character set and
how this interacts with it.
(This used to be commit eb876ee9cf)
2003-02-28 03:51:25 +00:00
Gerald Carter
0d30cdf66c additional fix for CR 601
* distinguish WinXP from Win2k
  * add a 1/3 of a second delay in OpenPrinter
    in order to trigger a LAN/WAN optimization in
    2k clients.
(This used to be commit c7712fa054)
2003-02-27 21:22:36 +00:00
Gerald Carter
97e7d2ffae additional fix for CR 601
* distinguish WinXP from Win2k
  * add a 1/3 of a second delay in OpenPrinter
    in order to trigger a LAN/WAN optimization in
    2k clients.
(This used to be commit 96570699d1)
2003-02-27 21:21:02 +00:00
Martin Pool
ff5d95f0ef Doxygen merge from head
(This used to be commit 38fa289896)
2003-02-27 05:57:21 +00:00
Martin Pool
5c82d3f00a Doxygen janitor
(This used to be commit 67bf36c69d)
2003-02-27 05:53:25 +00:00
Martin Pool
03ae31248e Merge 1.100 patch from HEAD:
init_valid_table: Fix a memory leak that would lose the
dynamically-created valid table every time the configuration was
reloaded.
(This used to be commit 3ff4845bc4)
2003-02-27 05:20:23 +00:00
Jelmer Vernooij
d21b15ff57 - Rename 'modules = ' to 'preload modules = '
- Add smb_probe_module()
- Add init_modules()
- Call these functions
(This used to be commit f8f2165322)
2003-02-27 01:54:41 +00:00
Martin Pool
f7bb698298 init_valid_table: Fix a memory leak that would lose the
dynamically-created valid table every time the configuration was
reloaded.
(This used to be commit e42b237d98)
2003-02-26 06:19:16 +00:00
Jeremy Allison
11c3fdbc51 Merge from head. Move off-by-one buggy malloc()/safe_strcpy() combination to strdup() instead.
Jeremy.
(This used to be commit 6521601bf8)
2003-02-24 19:22:54 +00:00
Andrew Bartlett
426cd68f74 Move off-by-one buggy malloc()/safe_strcpy() combination to strdup() instead.
Andrew Bartlett
(This used to be commit c26881633d)
2003-02-24 11:23:15 +00:00
Martin Pool
1a2035a8f5 Merge documentation from HEAD
(This used to be commit 3761f8ebe3)
2003-02-24 04:49:10 +00:00
Martin Pool
5b5453e6c7 Merge documentation from 3_0.
(This used to be commit 5002555a97)
2003-02-24 04:42:24 +00:00
Andrew Bartlett
266ec4aac0 Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.
Andrew Bartlett
(This used to be commit 9ef0d40c3f)
2003-02-24 03:09:08 +00:00
Andrew Bartlett
d1221c9b6c Merge from HEAD client-side authentication changes:
- new kerberos code, allowing the account to change it's own password
   without special SD settings required
 - NTLMSSP client code, now seperated from cliconnect.c
 - NTLMv2 client code
 - SMB signing fixes

Andrew Bartlett
(This used to be commit 837680ca51)
2003-02-24 02:55:00 +00:00
Andrew Bartlett
e72ecdc862 Merge of server-side authentication changes to 3.0:
- user_ok() and user_in_group() now take a list of groups, instead of
   looking for the user in the members of all groups.

 - The 'server_info' returned from the authentication is now kept around
  - in future we won't copy the sesion key, username etc, we will just
    referece them directly.

 - rhosts upgraded to use the SAM if possible, otherwise fake up based on
   getpwnam().

 - auth_util code to deal with groups upgraded to deal with non-winbind domain
   members again.

Andrew Bartlett
(This used to be commit 74b5436c75)
2003-02-24 02:35:54 +00:00
Andrew Bartlett
ded88da1ea Add const
(This used to be commit ffaa608be0)
2003-02-24 02:11:32 +00:00
Andrew Bartlett
e68684aa65 Fix 2 off-by-one bugs in the use of malloc()ed strings and safe_strcpy().
safe_strcpy() isn't particularly safe (this has been noted before) as it does
not take the size of the buffer, but instead the size of the buffer *minus 1*

The locking.c fix was causing segfaults on machines running with
--enable-developer, and was tracked down thanks to the fact that vance's build
farm machine runs with such an option, and smbtorture's DIR1 test hits this
bug very well.

(The --enable-developer code writes to the last byte of the string, to check
for incorrect use of safe_strcpy()).

Andrew Bartlett
(This used to be commit e908fd164d)
2003-02-24 01:13:31 +00:00
Martin Pool
0fc93128b8 Add comment about Samba character sets, from explanation by abartlet.
(This used to be commit 822f6c2f38)
2003-02-24 01:10:15 +00:00
Simo Sorce
bfc5f0ba8e move genparser to use talloc contexts instead of [m|c|re]alloc() and free()s
(This used to be commit 70fce680c0)
2003-02-23 17:40:43 +00:00
Andrew Bartlett
7e110f782a More signed/unsigned fixes (yes, I run with funny compiler options) and
make x_fwrite() match fwrite() in returning a size_t.

Andrew Bartlett
(This used to be commit 2943c69578)
2003-02-22 12:22:06 +00:00
Martin Pool
1fc2976e14 Doxygen janitor
(This used to be commit 3679975629)
2003-02-21 03:05:55 +00:00
Jelmer Vernooij
8d8a8c9633 Make init_module() and thus smb_load_module() return an int.
modules/developer.c: init_module() should return an int
(This used to be commit 7f59703550)
2003-02-20 22:26:28 +00:00
Jelmer Vernooij
7859c7df44 Merge in smb_load_module() function from HEAD
(This used to be commit 6cb124247d)
2003-02-20 19:14:55 +00:00
Tim Potter
aa1a248336 Merge cleanups of return values.
(This used to be commit bae354a20c)
2003-02-19 22:50:29 +00:00
Andrew Bartlett
251ea1e677 Merge minor library fixes from HEAD to 3.0.
- setenv() replacement
 - mimir's ASN1/SPNEGO typo fixes
 - (size_t)-1 fixes for push_* returns
 - function argument signed/unsigned correction
 - ASN1 error handling (ensure we don't use initiailsed data)
 - extra net ads join error checking
 - allow 'set security discriptor' to fail
 - escape ldap strings in libads.
 - getgrouplist() correctness fixes (include primary gid)

Andrew Bartlett
(This used to be commit e9d6e2ea9a)
2003-02-19 12:31:16 +00:00
Andrew Bartlett
1f1125577c Move to a in-memory ccache for winbind, and replace setenv() properly.
(According to the manpages, you cannot put a stack variable into putenv()).

Yes, this leaks memory.

Andrew Bartlett
(This used to be commit 50bced1e26)
2003-02-19 11:33:35 +00:00
Jim McDonough
a0913929ef base64_decode() with heimdal libs, so I've renamed it base64_decode_inplace().
(This used to be commit 8c69212eeb)
2003-02-19 00:27:38 +00:00
Jim McDonough
17ec9642cd base64_decode() with heimdal libs, so I've renamed it base64_decode_inplace().
(This used to be commit d510ff85fb)
2003-02-18 23:17:59 +00:00
Jeremy Allison
fb8d1412e1 Ensure we use getgrnam() unless BROKEN_GETGRNAM is defined. I now need
to set this for Tru64.
Jeremy.
(This used to be commit e7c4616c45)
2003-02-18 04:49:31 +00:00
Jeremy Allison
737f82e3b3 Ensure we use getgrnam() unless BROKEN_GETGRNAM is defined. I now need
to set this for Tru64.
Jeremy.
(This used to be commit a211549611)
2003-02-18 04:48:32 +00:00
Martin Pool
097bf66f71 Remove obsolete comment.
(This used to be commit e22465749d)
2003-02-18 02:01:38 +00:00
Martin Pool
54a09519a4 Doxygen janitor and some doc typo fixes.
(This used to be commit 82414706e6)
2003-02-18 00:52:42 +00:00
Martin Pool
5a35b2138e Doxygen janitor. No other changes.
(This used to be commit fa38e7956c)
2003-02-18 00:41:13 +00:00
Martin Pool
789780275c Add comment explaining the -DDEVELOPER safe_strcpy overflow hack.
(This used to be commit 90e1d8bdfa)
2003-02-17 23:33:55 +00:00
Andrew Bartlett
bc8c03b662 This is a very nice way to detect pstrcpy() into a malloc()ed string, but
it really is a developer hack...

Andrew Bartlett
(This used to be commit 3588ebb35b)
2003-02-17 12:33:24 +00:00
Andrew Bartlett
cc0202884b This patch fixes one of my longest-standing pet hates with Samba :-).
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.

I'm sure this will fix some nasty performance issues, particularly on large
domains etc.  In particular, this avoids contacting winbind at all, if the
group is not a winbind group.

(This caused a deadlock on my winbind-on-PDC setup).

The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.

Andrew Bartlett
(This used to be commit 9be21976f7)
2003-02-17 12:27:34 +00:00
Andrew Bartlett
e33551bc0c Set the length back to zero when we free the data_blob.
(This used to be commit 4560594a67)
2003-02-17 12:19:12 +00:00
Andrew Bartlett
55da3690b7 Try to make our getgrouplist replacement better match the 'real' implemenations.
In particular, make sure we include the primary gid in the list.

Andrew Bartlett
(This used to be commit 0cd4b339b7)
2003-02-17 12:04:09 +00:00
Jelmer Vernooij
9770ba3f4c Remove obsolete file lib/netatalk.c - We now have a vfs module
(This used to be commit fcc7a197b1)
2003-02-15 02:03:55 +00:00
Jelmer Vernooij
1cf9b9be79 Remove obsolete file lib/netatalk.c - We have a VFS module now
(This used to be commit 28653989cf)
2003-02-15 02:02:51 +00:00
Tim Potter
3b23695db6 Simplify some return values in gencache functions:
-	return ret == 0 ? True : False;
+	return ret == 0;

and

-	return tdb_close(cache) ? False : True;
+	return tdb_close(cache) != -1;
(This used to be commit 026b988b13)
2003-02-14 05:07:05 +00:00
Jim McDonough
49d3f7bc81 merge from HEAD - enable dynamic RPC modules
(This used to be commit d9c485b010)
2003-02-14 00:48:28 +00:00
Martin Pool
1f2a901d78 Add FIXME about checking exit code for popen'd commands.
Fix typo.
(This used to be commit 2b5664823e)
2003-02-13 04:46:55 +00:00
Tim Potter
a68de8f42c Merge of nicer error message for gencache open error from HEAD.
(This used to be commit 23ca540005)
2003-02-12 01:20:56 +00:00
Jeremy Allison
cba08587d3 Merge from HEAD - pull_ucs2_talloc() should pull to a char**, not a void**
Jeremy.
(This used to be commit 81437e2ad0)
2003-02-12 01:09:35 +00:00
Andrew Tridgell
c713b6aaf5 pull_ucs2_talloc() should pull to a char**, not a void**
(This used to be commit 3cf539421f)
2003-02-12 00:39:36 +00:00
Andrew Bartlett
8f166a9725 merge from HEAD - x_fileno, not fileno on an XFILE
(This used to be commit e3468d8edc)
2003-02-08 01:01:49 +00:00
Andrew Bartlett
99f9caebe4 One more fix for the difference between FILE and X_FILE.
(This used to be commit 7e56014b28)
2003-02-08 01:00:55 +00:00
Andrew Bartlett
b36a53b0cb Merge from HEAD - don't mix FILE and X_FILE - fixes debian bug
http://bugs.debian.org/178219 where the first 4096 bytes where being chewed
into the FILE buffer, and never available to X_FILE's read.

Andrew Bartlett
(This used to be commit 8af72c1384)
2003-02-08 00:08:23 +00:00
Andrew Bartlett
315e4f513b Ensure we don't get problems between FILE and X_FILE buffers - always use the
x_ varient of the command.

Andrew Bartlett
(This used to be commit 6a028507f0)
2003-02-07 23:39:47 +00:00
Jeremy Allison
a90def7e8a Samba janitor: adding mbp's umask patch :-).
Jeremy.
(This used to be commit d4d8d27bf1)
2003-02-07 21:59:51 +00:00
Jeremy Allison
5bff9ad142 Samba janitor: adding mbp's umask patch :-).
Jeremy.
(This used to be commit babbbd9c65)
2003-02-07 21:59:42 +00:00
Andrew Tridgell
50edc1a831 merge from head
(This used to be commit fd3216dbcb)
2003-02-07 04:11:36 +00:00
Andrew Tridgell
4dc434c804 make sure we don't run over the end of 'name' in unix_convert()
Thanks to Andrew Bartlett for spotting this.
(This used to be commit b4c210ccb0)
2003-02-07 04:01:36 +00:00