1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

344 Commits

Author SHA1 Message Date
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Gerald Carter
96a3fede40 r5517: code cleanup; rename the sorted_tree to pathtree (used by registry code)
I was going to use this for tracking dfs mounts in smbclient
but found another way.  Still the cleanup is valid so commiting it.
should be minimally disruptive since it is not widely used.
(This used to be commit 00738dca3b)
2007-10-10 10:55:43 -05:00
Gerald Carter
d94d87472c r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
  sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
  parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa)
2007-10-10 10:53:51 -05:00
Tim Potter
92e9793480 r4268: Merge fix for bugzilla #2150.
(This used to be commit f00ae4ab0c)
2007-10-10 10:53:41 -05:00
Gerald Carter
b5eeca9f70 r3772: BUG 2006: patch from Michel Gravey <michel.gravey@optogone.com>; fix build when using gcc 3.0
(This used to be commit 1bc79a2808)
2007-10-10 10:53:17 -05:00
Jeremy Allison
8ea9237d82 r3538: Fix the build with the latest Heimdal code.
Jeremy.
(This used to be commit 34275bae78)
2007-10-10 10:53:09 -05:00
Günther Deschner
c0e31dd4f5 r3495: Fix the build (recent kerberos-changes).
Guenther
(This used to be commit c7eab285d9)
2007-10-10 10:53:07 -05:00
Günther Deschner
7cb23bf74d r3438: fix some kerberos-related prototype warnings
Guenther
(This used to be commit 43c8a9e259)
2007-10-10 10:53:07 -05:00
Tim Potter
b4cf9e9505 r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of
'..' from all #include preprocessor commands.   This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa)
2007-10-10 10:52:55 -05:00
Tim Potter
ebc84c4efd r2364: Include yp_prot.h before ypclnt.h as AIX 5.2 spits the dummy otherwise.
Bugzilla #1778.
(This used to be commit 0f1ffe0f30)
2007-10-10 10:52:41 -05:00
Tim Potter
17f2560ce6 r2248: Merge of tridge's PRINTF_ATTRIBUTE fixes from samba4.
(This used to be commit 53bfb76608)
2007-10-10 10:52:37 -05:00
Tim Potter
fc84e916f6 r2246: Some good fixes for HPUX from JBravo on #samba-technical:
- Fix linker options so that stuff actually builds (oops - part of this
    commit was accidentally made in -r2245)

  - Add some preprocessor magic to avoid warnings being printed for every
    single C file being compiled.  This was due to a bug in the HPUX system
    header files.

This should make the HPUX build farm machine build again.
(This used to be commit 46b9d6dcb5)
2007-10-10 10:52:37 -05:00
Gerald Carter
278f9467f2 r2133: Several fixes:
* BUG 1627: fix for NIS compiles on HPUX 11.00, AIX 4.3 and 5.1
  patch from Olaf Flebbe <o.flebbe@science-computing.de>.
  Will need to watch this one in the build farm.

* Fix bug found by rwf@loonybin.net where the PRINT_ATTRIBUTE_PUBLISHED
  was getting reset by attempts to sanitize the defined attributes
  (PRINTER_ATTRIBUTE_SAMBA)

* Resolve name conflict on DEC OSF-5.1 (inspired by patch from
  Adharsh Praveen <rprav@india.hp.com>)

* Work around parsing error in the print change notify code
  (not that the alignment bug is still there but reording the
   entries in the array works around it).

* remove duplicate declaration of getprintprocdir from rpcclient.
(This used to be commit 7474c6a446)
2007-10-10 10:52:32 -05:00
Jeremy Allison
fcbb2d3132 r2026: Simplify statcache to use an in-memory tdb. Modify tdb to use
a customer hash function for this tdb (yes it does make a difference
on benchmarks). Remove the no longer used hash.c code.
Jeremy.
(This used to be commit 3fbadac85b)
2007-10-10 10:52:29 -05:00
Günther Deschner
9e2af93087 r1721: Get rid of compiler-warning.
Guenther
(This used to be commit 153c813464)
2007-10-10 10:52:20 -05:00
Gerald Carter
e571c8a8ac r1500: BUG 1516: manually declare ldap_open_with_timeout() to workaround compiler errors on IRIX
(This used to be commit b47971174d)
2007-10-10 10:52:13 -05:00
Jeremy Allison
ee79226d2a r1195: Ensure libsmb/clikrb5.c compiles.
Jeremy.
(This used to be commit 7067e274dc)
2007-10-10 10:51:59 -05:00
Jeremy Allison
f38c27b4e0 r1193: Ensure we check for and use krb5_free_unparsed_name().
Jeremy.
(This used to be commit af5a08f5ad)
2007-10-10 10:51:59 -05:00
Jelmer Vernooij
f28e4f3863 r1111: Rename vsnprintf to smb_vsnprintf so we don't get duplicate symbol errors
when linking against an app that does have vsnprintf() (bug #478)
(This used to be commit 9f1c978088)
2007-10-10 10:51:55 -05:00
Herb Lewis
a26e22edfb add missing #ifdef HAVE_BICONV stuff
(This used to be commit 9ea0560b0b)
2004-03-11 15:12:59 +00:00
Gerald Carter
9b882ce3e5 BUG 1015: patch from jmcd to fix statfs redeclaration of statfs struct on ppc
(This used to be commit fafb243278)
2004-03-04 18:34:45 +00:00
Gerald Carter
7f6d708f86 BUG 1080: fix declaration of SMB_BIG_UINT
(This used to be commit 810bc1e2a0)
2004-03-04 18:17:01 +00:00
Gerald Carter
43dd09f9da another fix for bug 761; don't default to bsd printing on linux
(This used to be commit d58139d64f)
2004-03-04 15:18:36 +00:00
Gerald Carter
8adb394ee6 just say no to crack
(This used to be commit 66be4492aa)
2004-02-20 15:52:14 +00:00
Gerald Carter
11bf157469 <attr/xattr.h> & <sys/xattr.h> are mutually exclusive it seems; fix build on SuSE 8.2
(This used to be commit 34e6c5f8f3)
2004-02-20 15:50:18 +00:00
Gerald Carter
95bc32e93c sys/xattr.h merge from HEAD
(This used to be commit 798dd7299e)
2004-02-19 22:17:54 +00:00
Andrew Bartlett
181f2be495 If we are providing strndup(), ensure we provide a prototype too.
Andrew Bartlett
(This used to be commit 1096271454)
2004-01-25 01:02:39 +00:00
Andrew Bartlett
fcbfc7ad06 Changes all over the shop, but all towards:
- NTLM2 support in the server
 - KEY_EXCH support in the server
 - variable length session keys.

In detail:

 - NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).

 * This is known as 'NTLMv2 session security' *

(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes.  We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)

This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed.  This also needs to be turned off for
'security=server', which does not support this.

- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.

- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.

- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure.  This should help the SPNEGO implementation.

- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.

- The other big change is to allow variable length session keys.  We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter.  However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.

 * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *

- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe.  This
should help reduce some of the 'it just doesn't work' issues.

- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer.  (just allocate)


REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0d)
2003-11-22 13:19:38 +00:00
Gerald Carter
7c55d23cbf removing #include <compat.h> in hopes to avoid problems with apache header files; will watch the build farm on this to make sure things don't blow up
(This used to be commit e92583cecd)
2003-11-03 19:22:32 +00:00
Richard Sharpe
f3ea6329ba Fix one other place VA_COPY is defined ... should fix NetBSD build.
(This used to be commit fb69597629)
2003-10-24 17:58:30 +00:00
Tim Potter
4c0d641475 If we have blacklisted mmap() try to avoid using it accidentally by
undefining the HAVE_MMAP symbol.
(This used to be commit c420195231)
2003-10-21 04:08:32 +00:00
Volker Lendecke
852ffbda33 Latest heimdal snapshot has a krb5_set_real_time with a slightly
different (but by implicit conversion hopefully compatible... ;-)
prototype. Fix the build for that.
(This used to be commit 497b190edc)
2003-08-15 19:29:08 +00:00
Herb Lewis
23c314bb58 add IRIX EA support
(This used to be commit 589e94f4ff)
2003-08-15 01:29:08 +00:00
Jeremy Allison
17a713d1b9 Get rid of MAXPATHLEN, move to standard PATH_MAX.
Jeremy.
(This used to be commit 455ed2d51d)
2003-08-06 19:30:42 +00:00
Volker Lendecke
7730b658a1 This adds gss-spnego to ntlm_auth. It contains some new spnego support
from Jim McDonough. It is to enable cyrus sasl to provide the
gss-spnego support. For a preliminary patch to cyrus sasl see

http://samba.sernet.de/cyrus-gss-spnego.diff

Volker
(This used to be commit 45cef8f66e)
2003-07-29 15:00:38 +00:00
Jeremy Allison
4632786cfb W00t! Client smb signing is now working correctly with krb5 and w2k server.
Server code *should* also work (I'll check shortly). May be the odd memory
leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup
code (b) we need to ask for a subkey... (c). The client and server need to
ask for local and remote subkeys respectively.
Thanks to Paul Nelson @ Thursby for some sage advice on this :-).
Jeremy.
(This used to be commit 3f9e3b6070)
2003-07-25 23:15:30 +00:00
Tim Potter
8991cecd54 A fix for bug 174. I'm pushing this to the tree to test it on one of
the build farm machines that I don't have direct access to (hpntc9I).
(This used to be commit b019658233)
2003-07-23 03:59:57 +00:00
Andrew Tridgell
0a4959d48d - added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)
- changed --enable-developer debug to use -gstabs as it makes the
  samba binaries about 10x smaller and is still quite functional for
  samba debugging
(This used to be commit 53bfcd478a)
2003-06-30 02:11:13 +00:00
Andrew Tridgell
8cd67d7668 reverted locale patch put in by jht (originally from vorlon).
There are lots of things wrong with this patch, including:

1) it overrides a user chosen configuration option

2) it adds lots of complexity inside a loop when a tiny piece of code
   outside the loop would do the same thing

3) it does no error checking, and is sure to crash on some systems

If you want this functionality then try something like this at the end
of charset_name():

#ifdef HAVE_NL_LANGINFO
	if (strcasecmp(ret, "LOCALE") == 0) {
		const char *ln = nl_langinfo(CODESET);
		if (ln) {
			DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln));
			return ln;
		}
	}
#endif

then users can set 'display charset = LOCALE' to get the locale based
charset. You could even make that the default for systems that have
nl_langinfo().
(This used to be commit 382b9b806b)
2003-06-16 02:22:52 +00:00
John Terpstra
489956c823 Patch from vorlon@debian.org, see bugzilal #122
Samba should preferentially use the locale information from the native system,
and only fall back on 'display charset' if this is unavailable or unsupported.
(This used to be commit 1e445fb422)
2003-06-15 06:07:53 +00:00
Jeremy Allison
5cee22714c Ok, I've tried being Mr. Nice Guy and people (you know who you are) still
keep putting bzero BSD'ism's into our source code. Make this an error like
bcopy and others to prevent it in future.
Jeremy.
(This used to be commit 80d0432316)
2003-06-10 17:30:28 +00:00
Jeremy Allison
8e047054e8 Get ready for EA code... Add Linux interface.
Jeremy.
(This used to be commit 4885314074)
2003-06-05 20:29:55 +00:00
Gerald Carter
3bdfd57a2d working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
2003-06-05 02:34:30 +00:00
Jim McDonough
4f276f9696 More on bug 137: rename more of krb5_xxx functions to not start with krb5_
(This used to be commit 10f1da3f4a)
2003-05-30 20:11:34 +00:00
Gerald Carter
931dc9d25a remove WITH_TDB_SAM & USE_SMBPASS_DB
(This used to be commit 1f98ced316)
2003-05-20 18:30:37 +00:00
Simo Sorce
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
Alexander Bokovoy
e7c8c15888 Fix VFS layer:
1. Finally work with cascaded modules with private data storage per module
2. Convert VFS API to macro calls to simplify cascading
3. Add quota support to VFS layer (prepare to NT quota support)

Patch by Stefan (metze) Metzemacher, with review of Jelmer and me
Tested in past few weeks. Documentation to new VFS API for third-party developers to follow
(This used to be commit 91984ef5ca)
2003-05-11 23:34:18 +00:00
Jelmer Vernooij
06551c644c Patch from metze to add exit and interval events. Useful for modules
(This used to be commit 3033a63cef)
2003-05-06 02:34:59 +00:00
Gerald Carter
4d6c97edb2 remove --with-tdbsam since it is always built now
(This used to be commit f277cd54ea)
2003-04-29 06:03:04 +00:00
Andrew Bartlett
8cb0672c58 Merge valgrind header usage from HEAD.
(This used to be commit 5c978e39f2)
2003-04-16 13:19:51 +00:00