1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

974 Commits

Author SHA1 Message Date
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Gerald Carter
79a822b7e6 r10451: add $(LDFLAGS) to tdb command line tools to fix build issues
(This used to be commit 32edf36b95)
2007-10-10 11:03:42 -05:00
Jeremy Allison
c762908074 r10371: Adding iPrint printing backend written by Joel J. Smith @ Novell.
Jeremy.
(This used to be commit 155dc2d52a)
2007-10-10 11:03:41 -05:00
Jeremy Allison
418e92d06d r10234: Add new auth module "auth_script" to allow valid users to
be provisioned on demand - calls script with domain,
username, challenge and LM and NT responses - passing
the info through a pipe.
Jeremy.
(This used to be commit 67be4ee41c)
2007-10-10 11:03:38 -05:00
Gerald Carter
dade4d9e95 r10176: adding smbctool from Kalim's SoC project; requires make bin/smbctool
(This used to be commit 79fcc3bb7b)
2007-10-10 11:03:35 -05:00
Jeremy Allison
1ff0de8b6d r10135: Remove external dependencies for libsmbsharemodes.so
Jeremy.
(This used to be commit 2521ae826f)
2007-10-10 11:03:33 -05:00
Jeremy Allison
ddb8f65bba r10056: Fix typo stopping .o's being added to shared library.
Jeremy.
(This used to be commit 6ac2fa52bc)
2007-10-10 11:03:32 -05:00
Jeremy Allison
34721ad233 r10042: Add in external LGPL library for accessing the share mode db. Allow
others to examine & test. May not end up here eventually...
Jeremy.
(This used to be commit 7cc70ae633)
2007-10-10 11:03:31 -05:00
Gerald Carter
a44e97c99f r10001: adding in libmsrpc from Chris Nicholls (SoC project). not built by default per conversation with Jeremy until the rpc changes from trunk are merged back
(This used to be commit e813de1e52)
2007-10-10 11:03:30 -05:00
Gerald Carter
a3ef9eb6dd r9947: fix build breakage on Status VOS (build farm)
(This used to be commit ea642ac3f1)
2007-10-10 11:03:29 -05:00
Gerald Carter
244a6421eb r9913: fix some build breakage on solaris with --enable-socket-wrapper
(This used to be commit ece650b062)
2007-10-10 11:03:28 -05:00
Günther Deschner
b3367b8ddc r9897: fix build with --enable-socket-wrapper
Guenther
(This used to be commit 56b84995bb)
2007-10-10 11:03:27 -05:00
Gerald Carter
7343eb9172 r9653: adding common popt args to profiles tool (needed for debuglevel to regfio lib)
(This used to be commit 092ff70625)
2007-10-10 11:03:23 -05:00
James Peach
77deaeac03 r9636: The new profiles code needs all the dummy objects to link.
(This used to be commit c72c4e4299)
2007-10-10 11:03:23 -05:00
Gerald Carter
83f44fc187 r9628: rewrite profiles tool to use the regfio code.
Still have one bug to track down in it though....
(This used to be commit e69df2d205)
2007-10-10 11:03:23 -05:00
Gerald Carter
dab71bed4e r9588: remove netsamlogon_cache interface...everything seems to work fine. Will deal with any fallout from special environments using a non-cache solution
(This used to be commit e1de6f238f)
2007-10-10 11:03:22 -05:00
Gerald Carter
c3d30670d4 r9582: a few makefile fixes for 'make test'; get the dependencies and cleanup right
(This used to be commit bec6cf7ea8)
2007-10-10 11:01:13 -05:00
Gerald Carter
a6ff363319 r9186: comment out 'make check'; to be replaced by 'make test'
(This used to be commit d66a5a97f3)
2007-10-10 11:00:27 -05:00
Gerald Carter
b549e4903d r8992: More make test work. Adding a way to order tests (might change
my mind on this later).
(This used to be commit 136fe3f15e)
2007-10-10 11:00:23 -05:00
Gerald Carter
c731d11471 r8990: First trivial example of 'make test'
(This used to be commit 11c8863949)
2007-10-10 11:00:23 -05:00
Lars Müller
3ddc4877bd r8151: Add support to create position independent executable (PIE) code if the
compiler supports it.

We have to compile with -fPIE and not -fpie.  Else ppc and s390(x) will
fail (to small GOT).

It's possible to disable configure's PIE detection with --disable-pie
(This used to be commit 07845bb4c5)
2007-10-10 10:58:12 -05:00
Günther Deschner
3922667cbe r7992: Adding PADL's idmap_ad plugin (taken from the latest
xad_oss_plugins-tarball).

Guenther
(This used to be commit 1d59841c99)
2007-10-10 10:58:07 -05:00
Jeremy Allison
f2f55d703d r7963: Add aio support to 3.0.
Jeremy.
(This used to be commit 1de27da470)
2007-10-10 10:58:05 -05:00
Gerald Carter
ab0033d40a r7938: * move the hardcoded registry value names from _reg_query_value()
to a thin layer in fetch_reg_values().  Not entirely efficient
  seeing as the the dynamic value paths are stored in an unsorted
  array but it is one strequal() per path.  If this was really big
  it should be worked into the reghook_cache().
(This used to be commit 63b81ad3cb)
2007-10-10 10:58:03 -05:00
Gerald Carter
2851e43e48 r7595: start trying to split out the svcctl functions into separate files for better maintenance; add SERVICE_CONTROL_OPS for spoolss service
(This used to be commit 2b0ea30a1a)
2007-10-10 10:57:15 -05:00
Gerald Carter
fed660877c r7415: * big change -- volker's new async winbindd from trunk
(This used to be commit a0ac9a8ffd)
2007-10-10 10:57:08 -05:00
Gerald Carter
503914b2c5 r7197: fix build failure when running 'make torture' without
first running 'make all' first
(This used to be commit 8a8408a340)
2007-10-10 10:57:05 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Gerald Carter
450e8d5749 r7130: remove 'winbind enable local accounts' code from the 3.0 tree
(This used to be commit 318c3db4cb)
2007-10-10 10:57:01 -05:00
Gerald Carter
af52df2f1f r7020: fixing printer ace values and getting rid of false compiler warning about unitialized variable
(This used to be commit 3a91b20e4b)
2007-10-10 10:57:00 -05:00
Gerald Carter
f0c650a382 r6942: * merging the registry changes back to the 3.0 tree
* removing the testprns tool
(This used to be commit 81ffb0dbbb)
2007-10-10 10:56:57 -05:00
Jelmer Vernooij
714a426fe5 r6585: Fix socket-wrapper-enabled build for the tdb tools
(This used to be commit 93ee9cfe22)
2007-10-10 10:56:45 -05:00
Jelmer Vernooij
2d1e1f7e2e r6570: Add socket_wrapper library to 3.0. Can be enabled by passing
--enable-socket-wrapper to configure
(This used to be commit 9c6cdd23ea)
2007-10-10 10:56:45 -05:00
Jeremy Allison
7981bd7f04 r6495: Bugfix for #2596 by James Peach @ SGI. Fix become_root link issues and one IRIX
stack backtrace bug.
Jeremy.
(This used to be commit c0b99c692b)
2007-10-10 10:56:43 -05:00
Tim Potter
4e95263320 r6407: Fix for bugzilla 2623 and 2630: $< and $* are not valid in explicit
rules according to POSIX.
(This used to be commit 3216125bed)
2007-10-10 10:56:40 -05:00
Herb Lewis
5a72f0da1d r6318: don't include smbwrapper stuff unless asked for
(This used to be commit ce38ead0fc)
2007-10-10 10:56:36 -05:00
Gerald Carter
2e3ce1d534 r6029: adding files necessary to support 'net rpc service' functions; will fill in tomorrow
(This used to be commit 6bbd61cfd1)
2007-10-10 10:56:16 -05:00
Gerald Carter
5d1cb8e79e r6014: rather large change set....
pulling back all recent rpc changes from trunk into
3.0.  I've tested a compile and so don't think I've missed
any files.  But if so, just mail me and I'll clean backup
in a couple of hours.

Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.

I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36)
2007-10-10 10:56:15 -05:00
Jelmer Vernooij
b62fae5edc r5915: Remove --with-manpages-languages= from configure (we only have them in one
lanuage, English, at the moment). Fixes #2261. If other languages
might are added in the future, this parameter will still not be needed.
(This used to be commit d41e790b4b)
2007-10-10 10:56:08 -05:00
Volker Lendecke
eb200fcdda r5880: From the comment....
* Implement a fixed mapping of forbidden NT characters in filenames that are
 * used a lot by the CAD package Catia.
 *
 * Yes, this a BAD BAD UGLY INCOMPLETE hack, but it helps quite some people
 * out there. Catia V4 on AIX uses characters like "<*$ a *lot*, all forbidden
 * under Windows...

Volker
(This used to be commit 8c0148df81)
2007-10-10 10:56:06 -05:00
Gerald Carter
61dfab9f70 r5805: merging spoolss parsing changes from trunk and cleaning up resulting segvs
(This used to be commit 25121547ca)
2007-10-10 10:56:01 -05:00
Gerald Carter
640eb81e06 r5597: full fix for BUG 2394 (unresolved symbols on IRIX)
(This used to be commit cb08dd5f90)
2007-10-10 10:55:49 -05:00
Gerald Carter
ec5ea58179 r5596: BUG 2394: fix nmbd linking issue on IRIX
(This used to be commit 0a07f2b1d9)
2007-10-10 10:55:49 -05:00
Gerald Carter
038d939c2a r5545: move cli_cm_XXX() connection handling code to clidfs and out of client.c; client.c still maintains a pointer to the first connection so the change is fairly reansparent to other smbclient functions such as -L and -M
(This used to be commit d6a05ffd66)
2007-10-10 10:55:46 -05:00
Gerald Carter
01b87c63c9 r5518: Add initial msdfs support to smbclient. Currently I can only
cd up and down the tree and get directory listings.

Still have to figure out how to get a directory listing on a
2k dfs root.  Also have to work out some issues with relative paths
that cross dfs mount points.

We're protected from the new code paths when connecting to
a non-dfs root share ( the flag from the tcon&X is stored
in the struct cli_state* )
(This used to be commit e57fd2c5f0)
2007-10-10 10:55:44 -05:00
Gerald Carter
37ea9da1fd r5495: * add in some code from Mike Nix <mnix@wanm.com.au> for the SMBsplopen
and SMBsplclose commands (BUG 2010)
* clarify some debug messages in smbspool (also from Mike)

my changes:

* start adding msdfs client routines
* enable smbclient to maintain multiple connections
* set the CAP_DFS flag for our internal clienht routines.

I actualy have a dfs referral working in do_cd() but that code
is too ugly to live so I'm not checking it in just yet.
Further work is to merge with vl's changes in trunk to support multiple
TIDs per cli_state *.
(This used to be commit 0449756309)
2007-10-10 10:55:43 -05:00
Günther Deschner
6c84ecb556 r5349: After talking with Jerry, reverted the addition of account policies to
passdb in 3_0 (they are still in trunk).

Guenther
(This used to be commit fdf9bdbbac)
2007-10-10 10:55:38 -05:00
Günther Deschner
b4afdc08d5 r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).
Does automated migration from account_policy.tdb v1 and v2 and offers a
pdbedit-Migration interface. Jerry, please feel free to revert that if
you have other plans.

Guenther
(This used to be commit 75af83dfcd)
2007-10-10 10:55:08 -05:00
Gerald Carter
cf85715319 r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a)
2007-10-10 10:53:56 -05:00
Gerald Carter
862e610e4a r4820: add beginnings of 'net rpc rights' for managing privilege assignments
(This used to be commit 164f94e529)
2007-10-10 10:53:55 -05:00
Gerald Carter
d94d87472c r4724: Add support for Windows privileges in Samba 3.0
(based on Simo's code in trunk).  Rewritten with the
following changes:

* privilege set is based on a 32-bit mask instead of strings
  (plans are to extend this to a 64 or 128-bit mask before
   the next 3.0.11preX release).
* Remove the privilege code from the passdb API
  (replication to come later)
* Only support the minimum amount of privileges that make
  sense.
* Rewrite the domain join checks to use the SeMachineAccountPrivilege
  instead of the 'is a member of "Domain Admins"?' check that started
  all this.

Still todo:

* Utilize the SePrintOperatorPrivilege in addition to the 'printer admin'
  parameter
* Utilize the SeAddUserPrivilege for adding users and groups
* Fix some of the hard coded _lsa_*() calls
* Start work on enough of SAM replication to get privileges from one
  Samba DC to another.
* Come up with some management tool for manipultaing privileges
  instead of user manager since it is buggy when run on a 2k client
  (haven't tried xp).  Works ok on NT4.
(This used to be commit 77c10ff9aa)
2007-10-10 10:53:51 -05:00
Gerald Carter
aedb05350a r4645: patch from Rob to fix the build breakage in vfstest after the reload_printers() cleanup
(This used to be commit 054b64fb86)
2007-10-10 10:53:49 -05:00
Volker Lendecke
0ac4cc4cae r4604: Attempt to fix the buildfarm build.
vfstest refers to reload_printers, only defined in smbd/server.c. Jerry, could
you take a look at that?

Thanks,

Volker
(This used to be commit a83e5c1132)
2007-10-10 10:53:49 -05:00
Gerald Carter
d097ea4905 r4539: patch from Rob -- adding real printcap name cache function to speed up printcap reloads
(This used to be commit 1cad525093)
2007-10-10 10:53:46 -05:00
Volker Lendecke
f9e87b9ba6 r3705: Nobody has commented, so I'll take this as an ack...
abartlet, I'd like to ask you to take a severe look at this!

We have solved the problem to find the global groups a user is in twice: Once
in auth_util.c and another time for the corresponding samr call. The attached
patch unifies these and sends them through the passdb backend (new function
pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further
optimize the corresponding call if the samba and posix accounts are unified by
issuing a specialized ldap query.

The parameter to activate this ldapsam behaviour is

ldapsam:trusted = yes

Volker
(This used to be commit b94838aff1)
2007-10-10 10:53:15 -05:00
Günther Deschner
7f0f846c26 r3681: Fix build of libsmbclient on x86_64.
Patch from Lars Mueller <lmuelle@suse.de>

Guenther
(This used to be commit b87abdfd0e)
2007-10-10 10:53:13 -05:00
Günther Deschner
f23d3c2cfc r3668: Fix unresolved symbols in libsmbclient.so.
Patch from Lars Müller <lmuelle@suse.de> ( Bugzilla #2013 )

Guenther
(This used to be commit af3ec11f8d)
2007-10-10 10:53:12 -05:00
Günther Deschner
951ebacf45 r3469: Fix build of smbmount.
Guenther
(This used to be commit d22b29ee9c)
2007-10-10 10:53:07 -05:00
Günther Deschner
1704ff8c12 r3437: fix the build.
Guenther
(This used to be commit c4cb2ffa61)
2007-10-10 10:53:07 -05:00
Volker Lendecke
9341fddf26 r3408: Another build fix
(This used to be commit 0bc5105f71)
2007-10-10 10:53:06 -05:00
Herb Lewis
c5621fe5a6 r3339: allow tdbtool to be built
(This used to be commit 682b746ab6)
2007-10-10 10:53:05 -05:00
Günther Deschner
94bfc6ff0f r3145: Add experimental idmap_rid-Plugin.
Written by Sumit Bose <sbose@suse.de> and myself a while ago.

idmap_rid does a direct, static mapping between RIDs and UIDs/GIDs using
the idmap-range as offset. It does thus allow to have a unified mapping
over several winbindd-systems without having the need of a central
LDAP-Server (and all related dependencies and problems this solution can
bring).

Compile:
./configure --with-shared-modules=idmap_rid

Usage:
        idmap backend = idmap_rid

idmp_rid does even allow you to have multiple mappings (for trusted
domains). This is a rather problemtic feature and will be turned off by
default rather soon. The problem is that ranges can quickly overlap when
not measured with caution.

        idmap backend = idmap_rid:"MYDOMAIN=1000-9999 OTHER=10000-19999"

Will valgrind idmap_rid later today and fix a couple of things.

Guenther
(This used to be commit 49a238bd37)
2007-10-10 10:53:02 -05:00
Tim Potter
73d82994fb r2453: I think this is the last lot of fixes to get shared libraries working on
HPUX.  This is Richard Allen's suggestion to get HPUX to use cc instead of
ld.

Also he added some missing $(DYNEXP) on link lines and removed the definition
of $(LINK) as it is no longer used in the Makefile.
(This used to be commit 9481f2a79e)
2007-10-10 10:52:44 -05:00
Jeremy Allison
f1688d61df r2112: Simplify the mangle hash code to use an in-memory tdb.
Should be ready for the new directory code now...
Jeremy.
(This used to be commit c2eff8ef1b)
2007-10-10 10:52:32 -05:00
Jeremy Allison
fcbb2d3132 r2026: Simplify statcache to use an in-memory tdb. Modify tdb to use
a customer hash function for this tdb (yes it does make a difference
on benchmarks). Remove the no longer used hash.c code.
Jeremy.
(This used to be commit 3fbadac85b)
2007-10-10 10:52:29 -05:00
Günther Deschner
ba183f876e r2015: Reverting fix for #1474.
Jelmer, we need to find another way to solve this bug. This way,
rpcclient is linked to libxml2, libmysqlclient and libpg (with according
dependencies in samba-client.rpm's) if one just wants to build the more
experimental pdb-modules as well.

Guenther
(This used to be commit 67bffc5034)
2007-10-10 10:52:28 -05:00
Jelmer Vernooij
5e77ee2a4f r1863: Fix build of exp stuff on Solaris (#1474)
(This used to be commit d5c757d89b)
2007-10-10 10:52:22 -05:00
Günther Deschner
60727acc3b r1692: first commit :)
* add IA64 to the architecture table of printer-drivers

* add new "net"-subcommands:

  net rpc printer migrate {drivers|printers|forms|security|settings|all}
        [printer]
  net rpc share migrate {shares|files|all} [share]

  this is the first part of the migration suite. this will will (once
  feature-complete) allow to do 1:1 server-cloning in the best possible way by
  making heavy use of samba's rpc_client-functions. all migration-steps
  are implemented as rpc/smb-client-calls; net communicates via rpc/smb
  with two servers at the same time (a remote, source server and a
  destination server that currently defaults to the local smbd). this
  allows e. g. printer-driver migration including driverfiles, recursive
  mirroring of file-shares including file-acls, etc. almost any migration
  step can be called with a migrate-subcommand to provide more flexibility
  during a migration process (at the cost of quite some redundancy :) ).

  "net rpc printer migrate settings" is still in a bad condition (many
  open questions that hopefully can be adressed soon).

  "net rpc share migrate security" as an isolated call to just migrate
  share-ACLs will be added later.

  Before playing with it, make sure to use a test-server. Migration is a
  serious business and this tool-set can perfectly overwrite your
  existing file/print-shares.

* along with the migration functions had to make I the following
  changes:

        - implement setprinter level 3 client-side

        - implement net_add_share level 502 client-side

        - allow security descriptor to be set in setprinterdata level 2
          serverside

guenther
(This used to be commit 8f1716a29b)
2007-10-10 10:52:19 -05:00
Volker Lendecke
b2701e8c72 r1531: smbd/tdbutil.c isn't used anymore. Bug 1443 is suspected to be a tdb
corruption problem, and smbd_log_tdb happily destoyed the evidence ....

Volker
(This used to be commit 359b9dcffe)
2007-10-10 10:52:13 -05:00
Volker Lendecke
0b3cfe4aab r1318: Install libsmbclient into $(LIBDIR), not into hardcoded ${prefix}/lib. This
helps amd64 systems with /lib and /lib64 and an explicit configure --libdir
setting.

Thanks to Bjoern Jacke <bj@sernet.de>

Volker
(This used to be commit cc1881c143)
2007-10-10 10:52:06 -05:00
Jelmer Vernooij
94edc72c90 r1220: Revert last change. Apparently, NOTPARALLEL blocks all parallel builds
(This used to be commit 0ca894d5cf)
2007-10-10 10:52:00 -05:00
Jelmer Vernooij
d79e149c5e r1219: Don't make proto parallel
(This used to be commit d08ce198b5)
2007-10-10 10:52:00 -05:00
Jeremy Allison
e948458a79 r1215: Intermediate checkin of the new keytab code. I need to make sure I
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958)
2007-10-10 10:52:00 -05:00
Herb Lewis
6945febc4f r643: fix typo
(This used to be commit 1f4db0b847)
2007-10-10 10:51:32 -05:00
Herb Lewis
98f5a30469 r642: use RPC_CLIENT_OBJ instead of file name
already included in PROTO_OBJ by LIBMSRPC_OBJ
(This used to be commit a9113df6e9)
2007-10-10 10:51:31 -05:00
Herb Lewis
47e712c950 r635: put files that are referenced multiple times in separate
definitions to be consistent.
(This used to be commit 86e78bf745)
2007-10-10 10:51:31 -05:00
Volker Lendecke
68938182ff r449: Two AFS-related things:
Split off the non-crypto related parts of lib/afs.c into
lib/afs_settoken.c. This makes wbinfo link without -lcrypto.

Commit vfs_afsacl.c, display & set AFS acls via the NT security editor.

Volker
(This used to be commit 43870a3fc1)
2007-10-10 10:51:23 -05:00
Stefan Metzmacher
9b4e6c7ea6 r410: merge tpot's changeset 353 from trunk:
Move msdfs.c into the source/smbd directory and remove source/msdfs.

metze
(This used to be commit 88e6e6d29c)
2007-10-10 10:51:22 -05:00
Volker Lendecke
9e7dcbdbb7 r404: Revert the change 378 to vfs_extd_audit.c, the parseable auditing
Implement vfs_full_audit.c that can log every vfs.h operation. So if you
change vfs.h, from now on you also have to change full_audit :-)

Volker
(This used to be commit 9cb9c5f7c9)
2007-10-10 10:51:21 -05:00
Stefan Metzmacher
6f3fe3a85a r329: add the shadow_copy vfs module
I'll add documentation to the Samba-Howto-Collection

metze
(This used to be commit 2bef5d2741)
2007-10-10 10:51:20 -05:00
Andrew Bartlett
78b5dfadca r177: Split ntlm_auth --diagnostics into a seperate file, so as not to clutter
the main ntlm_auth program.

It quite possibly should belong in smbtorture, but relies on the
winbind client for now.

Andrew Bartlett
(This used to be commit 6e1b7a8848)
2007-10-10 10:51:12 -05:00
Gerald Carter
7af3777ab3 r116: volker's patch for local group and group nesting
(This used to be commit b393469d95)
2007-10-10 10:51:10 -05:00
Volker Lendecke
90b168bfc8 r63: Remove -lcrypto from wbinfo. Sorry.
Volker
(This used to be commit b69e8e64d4)
2007-10-10 10:51:06 -05:00
Volker Lendecke
56e7c149ba This restructures lib/afs.c so that the token data can be but into a
stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.

Volker
(This used to be commit 2df6750a07)
2004-04-01 12:31:50 +00:00
Volker Lendecke
87280e9a79 Move the Client-IP based msdfs target expansion to a VFS module.
Volker
(This used to be commit 9cb6a4d76f)
2004-03-26 22:26:33 +00:00
Tim Potter
7850250445 Path for bugzilla #1152 from Timur Bakeyev. Allow python modules to
build despite libraries added to LDFLAGS instead of LDPATH.
(This used to be commit 98a25dcda8)
2004-03-24 23:52:11 +00:00
Jim McDonough
357998ddbd Password lockout for LDAP backend. Caches autolock flag, bad count, and
bad time locally, updating the directory only for hitting the policy limit
or resetting.

This needed to be done at the passdb level rather than auth, because some
of the functions need to be supported from tools such as pdbedit.  It was
done at the LDAP backend level instead of generically after discussion,
because of the complexity of inserting it at a higher level.

The login cache read/write/delete is outside of the ldap backend, so it could
easily be called by other backends.  tdbsam won't call it for obvious
reasons, and authors of other backends need to decide if they want to
implement it.
(This used to be commit 2a679cbc87)
2004-03-18 19:22:51 +00:00
Gerald Carter
56f2e80d58 include swatdir in 'make showlayout'
(This used to be commit b1115c0fc5)
2004-03-15 16:14:04 +00:00
Herb Lewis
2c2142d9d7 another typo
(This used to be commit e6c2d9a3f7)
2004-03-10 03:08:14 +00:00
Herb Lewis
3edf42f921 fix typo for tag in proto file
(This used to be commit 2367d988ae)
2004-03-10 00:53:36 +00:00
Andrew Bartlett
32665c36c8 Given how core this code is, I figure it should have it's own testsuite.
Big thanks to tpot and mbp for showing how easy it can be to write a simple
unit test, and for providing the STF.

This also changes the strstr_m() code to use strstr_w() (avoiding
duplication) and fixes it so that it passes the STF.

(We now always restart before doing the unicode run, until sombody can
show me why the testsuite is wrong).

Andrew Bartlett
(This used to be commit a893a324f3)
2004-03-09 11:15:44 +00:00
Gerald Carter
c987e9e611 fix build of lock tests
(This used to be commit 70cc747fdf)
2004-02-12 05:29:05 +00:00
Gerald Carter
df6d2db4ce merge from old APP_HEAD
* remove corrupt tdb and shutdown (only for printing tdbs, connections,
  sessionid & locking)
* decrement smbd counter in connections.tdb in smb_panic()
* various Makefile hack to get things to link

'max smbd processes' looks like it might be broken.  The counter KEY is not
being set.  Will look into that tomorrow.
(This used to be commit 6e22c5da92)
2004-02-12 05:24:02 +00:00
Andrew Bartlett
46975eb92f When we set a domain sid, force get_global_sam_sid() to do it's work again.
This should ensure that the value it returns is always consistant.

Andrew Bartlett
(This used to be commit a4392ede33)
2004-02-08 11:05:34 +00:00
Andrew Bartlett
d198c55877 Make more functions static, and remove duplication in the use of functions
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c

(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).

Andrew Bartlett
(This used to be commit fcdc5efb1e)
2004-02-08 08:38:42 +00:00
Tim Potter
a13282b690 Replace .po with .@PICSUFFIX@
(This used to be commit b21b36d927)
2004-02-06 01:20:45 +00:00
Andrew Bartlett
ccaf0e7fb1 This should be the correct fix for the lack of a prototype for
remote_password_change().

Sorry for the original bug.

Andrew Bartlett
(This used to be commit 955436a6f6)
2004-02-04 11:12:25 +00:00
Gerald Carter
cf55869f7b fix installmodules problem with make on True64
(This used to be commit ec30303669)
2004-02-02 20:54:14 +00:00
Andrew Bartlett
784b05c489 This adds client-side support for the unicode/SAMR password change scheme.
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.

This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.

Andrew Bartlett
(This used to be commit 2a2b1f0c87)
2004-01-26 08:45:02 +00:00
Tim Potter
c92a776bcf Fix for bug 905. Remove POBAD_CC as it doesn't seem to be applicable
anymore.
(This used to be commit 67d25f3de8)
2004-01-15 06:51:20 +00:00
Jelmer Vernooij
56f4e9726c Fix swatdir location for --with-fhs
(This used to be commit d12b793d9c)
2004-01-10 22:05:38 +00:00
Andrew Bartlett
7d068355aa This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.

The routines used for this behaviour have been upgraded to modern Samba
codeing standards.

This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.

This is in line with existing behaviour for native mode domains, and for
our primary domain.

As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values.  These changes move more routines to ADS_STATUS to return
kerberos errors.

Also found when valgrinding the setup, fix a few memory leaks.

While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.

Andrew Bartlett
(This used to be commit 7c34de8096)
2004-01-08 08:19:18 +00:00
Jelmer Vernooij
950a6d980a Add smbget utility, a simple wget-like utility that uses libsmbclient.
Supports recursive downloads and resume, progress indication and shows
estimated time remaining.
(This used to be commit 82bd1b45a4)
2004-01-07 00:43:52 +00:00
Jeremy Allison
67da3026a4 XFS quota patch from Stefan Metzmacher <metze@metzemix.de>.
Jeremy.
(This used to be commit cae5f158e5)
2004-01-06 18:13:32 +00:00
Jeremy Allison
31876a8478 Patch from Stefan (metze) Metzmacher <metze at metzemix.de> to revert to 2.2.x quota methods.
:-).

"here's a patch which ports the samba 2.2 samba_linux_quota.h stuff to 3_0.

This is needed because of so many broken quota files outthere.

Please, test this with old, new kernels
(strucr dqblk, struct mem_dqblk, and struct if_dqblk)
, quota.user, aquota.user formats

what is when a user is over soft quota and over hard quotas..."

Jeremy.
(This used to be commit 4350aa6ce6)
2004-01-05 19:36:02 +00:00
Jelmer Vernooij
430f9abd5f - Put functions for generating SQL queries in pdb_sql.c
- Add pgSQL backend (based on patch by Hamish Friedlander)
- Use query generate functions from pdb_mysql and pdb_pgsql
- Only pdb_pgsql.c needs to be changed whenever the fields in SAM_ACCOUNT change
(This used to be commit 65ad2c02fd)
2004-01-04 21:09:42 +00:00
Andrew Bartlett
adc07646a3 Move our basic password checking code from inside the authentication
subsystem into a seperate file - ntlm_check.c.

This allows us to call these routines from ntlm_auth.  The purpose of this
exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to
avoid talking to winbind.  This should allow for easier debugging.

ntlm_auth itself has been reorgainised, so as to share more code between
the SPNEGO-wrapped and 'raw' NTLMSSP modes.  A new 'client' NTLMSSP mode
has been added, for use with a Cyrus-SASL module I am writing (based on vl's
work)

Andrew Bartlett
(This used to be commit 48315e8fd2)
2003-12-30 07:33:58 +00:00
Gerald Carter
f2c6cec339 working on packaging; also fixed some path issues in configure.in & Makefile.in
(This used to be commit 8f6cd36fa0)
2003-12-09 21:29:25 +00:00
Gerald Carter
26dab8d9dd create libdir for installclientlib; patch from Bill Knox
(This used to be commit b19472e108)
2003-12-05 15:23:21 +00:00
Volker Lendecke
000b39a682 I needed a decently parseable format of smbstatus. Looking at smbstatus code
tells me that this should not be expanded, so I implemented

net status [sessions|shares] [parseable]

Volker
(This used to be commit 63d877c6b4)
2003-12-01 13:58:43 +00:00
Jeremy Allison
44d9ea4840 Patch from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de> to add
MacOSX (Darwin) specific charset module code. Also had to add AC_CHECK_CPP
to configure.in (this took a *long* time to track down) to make autoconf
work correctly on Fedora Core 1.
Jeremy.
(This used to be commit c51d974b18)
2003-11-26 20:58:53 +00:00
Jelmer Vernooij
8beace344c Fix build of winbindd with static pdb modules
(This used to be commit 92a138f027)
2003-11-25 19:41:47 +00:00
Andrew Tridgell
009c143efd added support for "make pch" to build a precompiled header. Note that
this is not called by default and I don't think it should be - I think
the programmer should specifically ask for pch generation when they
want it.
(This used to be commit ef01aedfb4)
2003-11-12 01:01:47 +00:00
Volker Lendecke
cb78cd74a2 Compile tdbdump by default.
Volker
(This used to be commit b628ba0fc0)
2003-11-05 17:38:15 +00:00
Tim Potter
e7d9803d93 Add ldaplibs to pdbedit link line. Fixes bug #651.
(This used to be commit e306c96268)
2003-11-04 21:17:22 +00:00
Tim Potter
14c05904b8 Re-order link command for smbd, rpcclient and smbpasswd to ensure $LDFLAGS
occurs before any library specification.  Closes bug #661.
(This used to be commit 7af7fa9be2)
2003-11-02 04:05:47 +00:00
Tim Potter
fdb2f57f62 Compile fix for tdbbackup when Samba needs to override non-C99
compliant implementations of snprintf.
(This used to be commit a38ab77b70)
2003-10-29 06:17:33 +00:00
Richard Sharpe
2f84a990bc Commit Derrell's changes to libsmbclient plus a small change to configure.in
to see if SGI and other platforms will build.
(This used to be commit cf9311044c)
2003-10-24 17:01:19 +00:00
Jim McDonough
3d8e3f314b Add initshutdown pipe commands to rpcclient. Second part of fix to bug
#534
(This used to be commit 4e86243ea1)
2003-10-24 13:49:29 +00:00
Jelmer Vernooij
ce1962520c Compile libsmbclient with $(DYNEXP) (fixes bug #505)
(This used to be commit 3098a9e4b0)
2003-10-19 22:44:32 +00:00
Jelmer Vernooij
636fe49569 CP* modules are not related to development
(This used to be commit 17d71852ae)
2003-10-17 14:43:09 +00:00
Tim Potter
53efe50458 Build fix for wrepld. From MORIYAMA Masayuki.
(This used to be commit 63a82debd8)
2003-10-16 05:10:18 +00:00
Tim Potter
48980f72cc Use @PICSUFFIX@ instead of .po in Makefile.in since we have gone to
the trouble of detecting what the PIC suffix should actually be.

Change PICFLAG in configure.in to PICFLAGS for consistency.

Patches from Joachim Schmitz <schmitz@hp.com> for bug 574.
(This used to be commit ecfbc5f529)
2003-10-14 03:02:46 +00:00
Gerald Carter
3289598de0 default DESTDIR=/
(This used to be commit 266fa232d9)
2003-10-06 16:31:38 +00:00
Simo Sorce
b1f610ebb1 split some security related functions in their own files.
(no need to include all of smbd files to use some basic sec functions)

also minor compile fixes
couldn't compile to test these due to some kerberos problems wirh 3.0,
but on HEAD they're working well, so I suppose it's ok to commit
(This used to be commit c78f2d0bd1)
2003-10-06 01:38:46 +00:00
Tim Potter
89eb0f6918 Explicitly initialise the value of AR for vendor makes that don't do
this (HPUX 11).  Currently it's initialised to 'ar' but this may have
to be changed if any systems pop up that have archivers that aren't
named 'ar'. Closes bug #552.
(This used to be commit 6aada3bd3e)
2003-10-03 00:06:46 +00:00
Gerald Carter
a234b822d4 fixed for /sbin/mount.smbfs link when using $DESTDIR; bug 525
(This used to be commit dc6d14c2bd)
2003-10-02 21:22:58 +00:00
Tim Potter
a6b3104042 Fix bug #456 for 3.0.0 release.
More work on SWAT i18n support to appear in later releases.
(This used to be commit c326774905)
2003-09-24 01:27:39 +00:00
Tim Potter
2002fbd72e Remove tags file for distclean.
(This used to be commit c972fac195)
2003-09-10 03:59:07 +00:00
Tim Potter
605281ef4b Rename FOOLIBS to FOO_LIBS to be consistent with the rest of the
library variable names.
(This used to be commit 9b0b0256a8)
2003-09-08 02:48:06 +00:00
Volker Lendecke
1c38391c70 Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.

Volker
(This used to be commit 5775690ee8)
2003-09-07 16:36:13 +00:00
Volker Lendecke
f0441479f4 Very weird. On my SLES8 installation ntlm_auth would give missing
kerberos symbols unless I do the same as smbd does. It does not hurt
on my debian, so simply give a pointer to LDAPLIBS as well.

Volker
(This used to be commit 353d527291)
2003-09-05 09:36:10 +00:00
Tim Potter
5bbdf6a5d0 Move $(KRBCLIENT_OBJ) to libnss_wins PICOBJ variable so it is converted to
relocatable form.

Added a comment about this in the hope that it won't happen again.

Renamed PAM_WINBIND_OBJ to PAM_WINBIND_PICOBJ to make it a bit clearer.
(This used to be commit 04797e12d8)
2003-09-05 03:05:37 +00:00
Tim Potter
d425729fd9 Add log2pcap to everything target.
(This used to be commit fb446ba811)
2003-08-29 01:25:17 +00:00
Alexander Bokovoy
e83031c84d Refactor charset plugins a bit and add CP437 module.
Now all 8-bit charsets with gaps (not all symbols defined) could be produced through
one macro -- SMB_GENERATE_CHARSET_MODULE_8_BIT_GAP(CHARSETNAME) within source file
with three charset tables. Full source code for such modules can be generated by
source/script/gen-8bit-gap.sh script which was taken from GNU libc and changed slightly
to follow our data types and structure.
(This used to be commit 37042c7bc0)
2003-08-28 17:16:27 +00:00
Jim McDonough
53a2778363 Fix email address in copyright statement
(This used to be commit ffc82460f2)
2003-08-28 14:57:23 +00:00
Gerald Carter
c2983f9323 Fix bug 327 (again and I think for the last time). Make sure that
pam_smbpass.so will load ok.  Had to move some functions around to work
around dependency problems (hence the new passdb/lookup_sid.c)

Also make sure that libsmbclient.a is built and installed when
we support shared libraries.
(This used to be commit 780055f442)
2003-08-27 20:52:56 +00:00
Alexander Bokovoy
da0397bd2f Add CAP VFS module from Monyo. Primary purpose of this module is to provide CAP-compatible encoded file names for CJKV
(This used to be commit e8a5a962ed)
2003-08-27 20:04:23 +00:00
Alexander Bokovoy
7e27147422 Fix for #150.
We now fallback to Samba-provided CP850 charset module if CP850 or IBM850 does not exist on target system at runtime.
1. Introduce CP850 charset module based on charmaps table from GNU libc 2.2.5
2. Make CP850 charset module shared and build it by default

Should fix Solaris run-time
(This used to be commit e855dc8c91)
2003-08-26 19:48:16 +00:00
Gerald Carter
a1d6ba950b fix bugs 327 & 340; make sure pam_smbpass.so gets linked with all the neccessary files & libs
(This used to be commit e52f95d681)
2003-08-25 19:09:24 +00:00
Gerald Carter
eff91556a3 * Fix for bug 290:
smbadduser must obeys the paths from configure options

* Try to get libsmbclient files installed during 'make install'
  Still one outstanding problem with static lib.  INSTALLCLIENTCMD_A
  is not getting set correctly.
(This used to be commit 50ab28bd25)
2003-08-22 18:00:17 +00:00
Gerald Carter
5600804bfa fix bug 327; make sure to link SMBLDAP_OBJ with PAM_SMBPASS_OBJ
(This used to be commit b7ccfb1592)
2003-08-21 21:09:29 +00:00
Gerald Carter
35063a3cc3 actually check in the fix for make torture
(This used to be commit 4d49ebf713)
2003-08-21 13:04:42 +00:00
Gerald Carter
8bfe26b62d metze's autogenerate patch for version.h
(This used to be commit ae452e51b0)
2003-08-20 17:13:38 +00:00
Jelmer Vernooij
f4dcc68e58 Remove nasty hack in modules system. We don't recompile files anymore
after the Makefile changes.
(This used to be commit 104f62272d)
2003-08-15 06:07:36 +00:00
Jelmer Vernooij
22535011e2 Add ability to output native pcap files without the requirement for text2pcap.
IP and TCP checksums are not calculated, but that should not matter.
(This used to be commit aa96f78001)
2003-08-15 05:31:46 +00:00
Volker Lendecke
4ad85bf48e Add the gss-spnego kerberos server side to ntml_auth. This uses the
same ads_verify_ticket routine that smbd uses, so in the current state
we have to be have the host password in secrets.tdb instead of the
keytab. This means we have to be an ADS member, but it's a start.

Volker
(This used to be commit dc2d2ad467)
2003-08-15 02:57:59 +00:00
Jelmer Vernooij
6c396ea577 Add utility that takes a samba log file (at least level 5 for headers and
10 for data contents as well) and creates a packet trace readable by
ethereal.

What does not work yet:
 - SMB data contents (log level 5)
 - SMB data contents beyond the 512 byte range (log level 99 or something?)
(This used to be commit 95b1d4933b)
2003-08-15 00:04:20 +00:00
Gerald Carter
11777e6a30 Attempt at fixing bug #283. There however is no solution.
There is a workaround documented in the bug report.

This patch does:

  * add server support for the LSA_DS UUID on the lsarpc pipe
  * store a list of context_ids/api_structs in the pipe_struct
    so that we don't have to lookup the function table for a pipe.
    We just match the context_id.  Note that a dce/rpc alter_context
    does not destroy the previous context so it is possible to
    have multiple bindings active on the same pipe. Observed from
    standalone win2k sp4 client.
  * added server code for DsROleGetPrimaryDOmainInfo() but disabled it
    since it causes problems enumerating users and groups from a 2ksp4
    domain member in a Samba domain.
(This used to be commit 96bc2abfcb)
2003-08-14 21:14:28 +00:00
Andrew Bartlett
172766eea7 Change Samba to always use extended security for it's guest logins, (ie,
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.

When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login.  If you don't, your machine
account is demoted to NT4.

Andrew Bartlett
(This used to be commit 3547cb3def)
2003-08-14 01:08:00 +00:00
Jelmer Vernooij
fd4c40a00d Create symlinks for modules that register multiple functions (fixes bug #91 )
(This used to be commit 3000a99b2d)
2003-08-13 04:11:50 +00:00
Volker Lendecke
5929cfd451 This adds *experimental* kerberos gss spnego client support to ntlm_auth.
(This used to be commit 5522c79045)
2003-08-12 20:50:56 +00:00
Alexander Bokovoy
7bc6f49fe4 Add vfs_readonly module which allows to enforce periodic read-only limit on a share based on a specified start and end dates according to date(1) format
(This used to be commit 8b263c2fda)
2003-08-12 04:35:47 +00:00
Jim McDonough
f210ee9b99 Fix copyright statements for various pieces of Anthony Liguori's work.
(This used to be commit 15d2bc4785)
2003-08-01 14:47:39 +00:00
Volker Lendecke
a34ba76435 locking.c now refers to map_nt_error_from_unix, so link it in with
smbstatus and smbcontrol

Volker
(This used to be commit c2c901e06b)
2003-08-01 07:45:02 +00:00
Volker Lendecke
34b15df02d spnego.c has function definitions. Prototype them.
Anybody familiar with Makefile.in could you please look at this?
This is probably the wrong way to fix this.

Volker
(This used to be commit 9a04750dea)
2003-07-31 15:53:26 +00:00
Volker Lendecke
9dbc000ecd bin/net needs server_mutex as kerberos_verify now uses it.
Volker
(This used to be commit ee09db891a)
2003-07-30 08:05:34 +00:00
Herb Lewis
edabf75a54 split replace into replace and replace1 to allow setenv to be used by
nsswitch modules. Add required libraries to get rid of undefined
functions for libns_winbind.so and libns_wins.so
(This used to be commit cec5bf5f99)
2003-07-29 20:11:18 +00:00
Alexander Bokovoy
428653ef72 Add NT quotas support. Users allowed now to manage quotas on systems with sysquotas interface detected (Linux at least) using native Windows tools. Also move default quota support for NT quotas to VFS module default_quota. Code by Metze
(This used to be commit e856a96c2c)
2003-07-29 18:07:13 +00:00
Volker Lendecke
7730b658a1 This adds gss-spnego to ntlm_auth. It contains some new spnego support
from Jim McDonough. It is to enable cyrus sasl to provide the
gss-spnego support. For a preliminary patch to cyrus sasl see

http://samba.sernet.de/cyrus-gss-spnego.diff

Volker
(This used to be commit 45cef8f66e)
2003-07-29 15:00:38 +00:00
Andrew Bartlett
ed7cb84dea the testsuite lib needs dummyroot too.
(This used to be commit e09a7c767e)
2003-07-27 03:43:41 +00:00
Tim Potter
274f1f8806 Replace the eight (!) copies of dummy become/unbecome root with a single one.
(This used to be commit 8b818ce381)
2003-07-22 00:20:53 +00:00
Tim Potter
71a93a1551 Metze's AD/LDAP detection patches mainly to do with library detection.
Tested on a large combination of operating systems and versions.
Hopefully the build farm will find any remaining nasties if they
exist.
(This used to be commit 2e42fa3d72)
2003-07-21 23:42:45 +00:00
Tim Potter
09f90ae63e Uninstall modules as part of uninstall. Partial fix for 236.
We still don't uninstall swat or the man pages properly.
(This used to be commit 90157b9bd3)
2003-07-18 02:57:43 +00:00
Jeremy Allison
4fbbaff415 Add API framework for server SMB signing.
Jeremy.
(This used to be commit 61fc9a7b2e)
2003-07-16 21:06:21 +00:00
Alexander Bokovoy
5c327041d6 Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
(This used to be commit bb31276c3d)
2003-07-15 09:50:44 +00:00
Herb Lewis
5cd3b7c71c get rid of CFLAGS from LDSHFLAGS and WINBIND_NSS_LDSHFLAGS and instead
define it in SHLD for those systems the use CC for SHLD.
(This used to be commit d0e2f3d109)
2003-07-11 14:20:12 +00:00
Tim Potter
5a02bb60e0 Fix for bug 203. Avoid using an autoconf expanded variable preceeded by a backslash
in case the variable is empty.  This apparently confuses some makes.
(This used to be commit 1e4043d54c)
2003-07-11 03:32:11 +00:00
Volker Lendecke
7f3f878abb pdbedit should not call idmap anymore. Otherwise pdbedit -L would
allocate id's.

Volker
(This used to be commit 0358cc7675)
2003-07-10 14:21:43 +00:00
Gerald Carter
16ff7b26f6 Large set of changes to add UNIX account/group management
to winbindd.  See README.idmap-and-winbind-changes for details.
(This used to be commit 1111bc7b0c)
2003-07-09 16:44:47 +00:00
Jeremy Allison
755486e011 Fix the build...
Jeremy.
(This used to be commit 61e9c49cd6)
2003-07-07 21:00:33 +00:00
Gerald Carter
fbc5f7e207 another compile fix
(This used to be commit 8b52802e5d)
2003-07-07 20:13:59 +00:00
Gerald Carter
b9d503defa fix some compile problems. Can't get IDMAP_OBJ our of proto.h
just yet.

`
(This used to be commit 6f0b5d474a)
2003-07-07 20:11:53 +00:00
Gerald Carter
5895dfb89b Cleaning up linking issues. sam/idmap*.c only links in
winbindd now.  Also removing an unused file.
(This used to be commit 688369c23c)
2003-07-07 20:00:29 +00:00
Gerald Carter
34f7dddab0 removing nisplussam
(This used to be commit f75683995c)
2003-07-01 18:08:11 +00:00
Gerald Carter
db6ce132e3 * fix the trustdom_cache to work when winbindd is not running.
smbd will update the trustdom_cache periodically after locking
  the timestamp key
(This used to be commit 7bc4b65b91)
2003-07-01 03:49:41 +00:00
Gerald Carter
e359dbcedb * cleanup more DC name resolution issues in check_*domain_security()
* is_trusted_domain() is broken without winbind.  Still working on this.
* get_global_sam_name() should return the workgroup name unless we
  are a standalone server (verified by volker)
* Get_Pwnam() should always fall back to the username (minus domain name)
  even if it is not our workgroup so that TRUSTEDOMAIN\user can logon
  if 'user' exists in the local list of accounts (on domain members w/o
  winbind)

Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0
domain member not running winbindd.

notes: make_user_info_map() is slightly broken now due to the
fact that is_trusted_domain() only works with winbindd.  disabled
checks temporarily until I can sort this out.
(This used to be commit e1d6094d06)
2003-06-30 20:45:14 +00:00
Jelmer Vernooij
dde593e190 Remove the MODULES_CLEAN variable. It's no longer necessary since
object files for modules are in .po files, while object files for
static use are in .o files. Pointed out by metze.

This reduces the number of files that have to be recompiled after the Makefile
changes. Preventing unnecessary recompiling of the other few is high
on my todo list.
(This used to be commit b9b46d43c7)
2003-06-26 17:33:58 +00:00
Gerald Carter
7a4e38155d cleaning up more build issues. Tested
"--with-ads=no --with-ldap=yes" and "--with-ads=yes && make everything"
(This used to be commit 3e9e4bb7d1)
2003-06-26 05:26:20 +00:00
Gerald Carter
88f1591216 fix linking of some things that are not built by default
(This used to be commit 42133092a4)
2003-06-25 20:16:53 +00:00
Gerald Carter
f51d769dd3 large change:
*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda42)
2003-06-25 17:41:05 +00:00
Andrew Bartlett
eb61c82382 Patch to move functions directly from pdb_ldap.c into lib/smbldap.c
The functions are unchanged.  Next step is to make idmap_ldap use them.

Andrew Bartlett
(This used to be commit 57617a0f8c)
2003-06-25 12:51:58 +00:00
Simo Sorce
52826c034e add tdb backup function separation and winbind idmap upgrade code form
pre-2.2.4 tdb database format.

tx volker for your work on this
(This used to be commit 2bdbeb9e97)
2003-06-24 14:02:21 +00:00
Andrew Bartlett
668a9af94e This removes the StrCaseCmp() stuff from 'net idmap' and 'net
groupmap'.  The correct way to implement this stuff is via a function
table, as exampled in all the other parts of 'net'.

This also moves the idmap code into a new file.  Volker, is this your
code?  You might want to put your name on it.

Andrew Bartlett
(This used to be commit 477f2d9e39)
2003-06-21 08:35:30 +00:00
Gerald Carter
93bcb9963b merge of the netsamlogon caching code from APPLIANCE_HEAD
This replaces the universal group caching code (was originally
based on that code).  Only applies to the the RPC code.

One comment: domain local groups don't show up in 'getent group'
that's easy to fix.

Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.

netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc)
2003-06-21 04:05:01 +00:00
Jelmer Vernooij
6605fec5dc Add installmodules to install
(This used to be commit 33e8dd8843)
2003-06-18 15:54:21 +00:00
Jelmer Vernooij
b9bf3252bf Fix building idmap_winbind as shared module
(This used to be commit 2556037796)
2003-06-17 10:41:08 +00:00
Tim Potter
35d0f987db Build libnss_wins.so as part of nsswitch target. Fix for bug #160
found by andreas@conectiva.com.br
(This used to be commit fa24fd6f5b)
2003-06-16 03:28:27 +00:00
Andrew Tridgell
50585d4c04 removed editreg from standard build until it is portable. Right now it
fails to build on a ton of platforms as it completely bypasses all of
our portability code.

if you want it then use 'make bin/editreg'. If some distros want to
add that to their spec files then thats up to them, but we really
can't have non-portable code unconditionally built in our main tree.
(This used to be commit 3c66111f32)
2003-06-10 14:09:20 +00:00
Herb Lewis
9960487103 get rid of IRIX o32 builds - some libraries (kerberos and ldap) are only
n32 so smbwrapper fails to link.
(This used to be commit 392f207a35)
2003-06-06 23:55:24 +00:00
Herb Lewis
6ae4c3c966 remove o32 targets for IRIX. kerberos and ldap libraries are n32 only so
linking smbwrappers will fail.
(This used to be commit f95f306729)
2003-06-06 23:35:22 +00:00
Herb Lewis
40eacb1648 get rid of warning about malformed if in Makefile
(This used to be commit 1e1e56efd8)
2003-06-06 22:24:36 +00:00
Gerald Carter
70da79f8a8 fix build on systems w/o LDAP libs
(This used to be commit f33aeaa039)
2003-06-06 20:31:19 +00:00
Herb Lewis
f5c21fc365 delete extra PASSDBLIB at beginning
(This used to be commit 1c82a3aa91)
2003-06-06 20:11:23 +00:00
Herb Lewis
bea0cf2c79 pdbedit needs PASSDBLIBS
(This used to be commit 0e91aca22c)
2003-06-06 19:44:32 +00:00
Gerald Carter
711f8d0a13 * break out more common code used between pdb_ldap and idmap_ldap
* remove 'winbind uid' and 'winbind gid' parameters (replaced
  by current idmap parameter)
* create the sambaUnixIdPool entries automatically in the 'ldap
  idmap suffix'
* add new 'ldap idmap suffix' and 'ldap group suffix' parametrer
* "idmap backend = ldap" now accepts 'ldap:ldap://server/' format
  (parameters are passed to idmap init() function
(This used to be commit 1665926281)
2003-06-06 13:48:39 +00:00
Gerald Carter
3bdfd57a2d working draft of the idmap_ldap code.
Includes sambaUnixIdPool objectclass

Still needs cleaning up wrt to name space.
More changes to come, but at least we now have a
a working distributed winbindd solution.
(This used to be commit 8241758544)
2003-06-05 02:34:30 +00:00
Jelmer Vernooij
69b50029f4 Add smb_register_idmap(). Based on a patch from metze
(This used to be commit 7e352f5c62)
2003-05-29 19:08:40 +00:00
Tim Potter
4e8052640e More fixes for builddir != srcdir.
- Use absolute directories for $builddir and $srcdir in the Makefile

 - Don't try and combine source files in $builddir and $srcdir to build
   proto.h.  It's just too hard to get it right across all targets we
   wish to compile on.  Use a hand created prototype for the single
   function in smbd/build_options.c that we need.  This allows us to ditch
   all the extra sed work that was causing problems: \t not portable - hah!

 - Fix bogus delheaders target to remove the correct files

This appears to work quite nicely now.  Let's see how it goes on the
buildfarm machines.
(This used to be commit 456184463d)
2003-05-27 02:35:53 +00:00
Jeremy Allison
9fd39e3f55 Don't use extensions like '\t' in a sed script. It breaks the make proto.
Jeremy.
(This used to be commit 7d546a6bad)
2003-05-23 18:31:57 +00:00
Andrew Tridgell
3d5d32826f installman needs to depend on installdirs, to fix parallel
build/install
(This used to be commit 8fa687701a)
2003-05-23 04:53:26 +00:00
Tim Potter
1f84a14b0b Bug 83: fixes for building when $srcdir != $builddir from David Lee
<t.d.lee@durham.ac.uk>
(This used to be commit e48a8b5e9c)
2003-05-23 01:59:43 +00:00
Jelmer Vernooij
1df21141e7 Compile shared modules with the -fPIC flag. Reported by Steve Langasek aka
vorlon.
(This used to be commit a5f165020a)
2003-05-22 21:02:25 +00:00
Jim McDonough
0de9034b4f Fix bug #95: net did not build when ldap was installed, but --without-ads
was specified.
(This used to be commit 17b0acff8a)
2003-05-20 14:55:01 +00:00
Simo Sorce
db0a223156 add idmap_winbind unless I made a better way to solve SID type for domain
SIDs
(This used to be commit b24c0efc4b)
2003-05-16 06:20:33 +00:00
Simo Sorce
c823b191ab And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
(This used to be commit 0e58085978)
2003-05-12 18:12:31 +00:00
Alexander Bokovoy
e8573c8fa9 Add NT quota support. Patch from Stefan (metze) Metzemacher
1. Allows to change quota settings for shared mount points from Win2K and WinXP from Explorer properties tab
2. Disabled by default and when requested, will be probed and enabled only on Linux where it works
3. Was tested for approx. two weeks now on Linux by two independent QA teams, have not found any bugs so far
Documentation to follow
(This used to be commit 4bf022ce9e)
2003-05-12 01:20:17 +00:00
Andrew Bartlett
03d8119017 Makefile changes to allow new NTLMv2 patch to work.
(This used to be commit 0c1946e51c)
2003-05-09 15:25:20 +00:00
Tim Potter
60233cd356 Add a new entry to make check. If we have compiled python extensions,
run the pythoncheck.py test.  At the moment this just checks every
python extension can be imported sucessfully.
(This used to be commit 38dac4ca4e)
2003-05-05 06:22:36 +00:00
Tim Potter
59991233e1 Merge of backslash @LDAP_LIBS@ fix from HEAD.
(This used to be commit f4ea0cc17d)
2003-05-05 04:10:29 +00:00
Tim Potter
73a3105b57 AIX doesn't append $SHLIB_EXT to NSS libraries.
(This used to be commit af083d2760)
2003-05-05 01:40:10 +00:00
Paul Green
5a61380820 Refactor existing sock_exec() and socketpair_tcp() functions into their own
source file. I will be making changes to sock_exec to work on VOS, which
has a blocking connect() call, but first I want to get it in its own source
file so that it can be called from a test program.
(This used to be commit 10bf65d335)
2003-04-30 17:48:46 +00:00
Andrew Bartlett
356d599662 Try to fix IRIX build - add quotes and never call libns_winbind by name - we
should only set that name once.
(This used to be commit 34f15bff6f)
2003-04-30 14:14:33 +00:00
Gerald Carter
ada60ce8a2 smbgroupedit has been replaced by 'net groupmap'
remove related file.  Left in EHAD for reference (for now)
(This used to be commit 2e7537d8e2)
2003-04-29 15:32:14 +00:00
Gerald Carter
4ae2e47b93 remove convert_smbpasswd and addtosmbpass from tree; people can get them from 2.2. if they still need them
(This used to be commit 237857a760)
2003-04-29 15:27:06 +00:00
Gerald Carter
b15ea80acf do not build wrepld by default; package maintainers need to update their files now (john :) )
(This used to be commit 4a2bd728a5)
2003-04-29 05:48:07 +00:00
Tim Potter
b6ac19c69e Merge: we need a rule for t_snprintf
(This used to be commit 4d2106f910)
2003-04-28 05:29:10 +00:00
Tim Potter
322d385b6e Merge stf updates from HEAD.
(This used to be commit 20bde94eb8)
2003-04-28 05:20:01 +00:00
Jelmer Vernooij
d2cea7d289 Add 'smbiconv' program - a clone of the 'iconv' utility
that uses samba's internal iconv() functions. Useful for
testing purposes.
(This used to be commit ccabb7961a)
2003-04-27 20:47:15 +00:00
Andrew Bartlett
38c0f29c9e Remove the unpopular pdb_unix, which has served it's time well.
Also get charset 'werid' for both --enable-developer options in configure.

Andrew Bartlett
(This used to be commit 2a99e77e91)
2003-04-26 13:49:55 +00:00
Jelmer Vernooij
3f3f30549c Fix the weird charset and build it by default for ./configure -enable-developer
(This used to be commit 8d17a4dc21)
2003-04-26 11:48:16 +00:00
Andrew Bartlett
30a6f801ae Add vfs_fake_perms to Samba 3.0
Andrew Bartlett
(This used to be commit 3ad260ced9)
2003-04-24 10:36:23 +00:00
Andrew Bartlett
53004910eb Patch by Vance Lankhaar <vlankhaar@linux.ca> to automaticly regenerate the
build options, so we will always have the right values for how and when
an smbd was built.

In particular, this is indended to address bitrot caused by configure.in
changes.

Andrew Bartlett
(This used to be commit 2be258071c)
2003-04-23 14:19:03 +00:00
Andrew Bartlett
13b54b9cfa We don't have IDMAP in 3.0 yet.
(This used to be commit a507f170d2)
2003-04-23 13:23:47 +00:00
Andrew Bartlett
1a9394195d Merge HEAD's winbind into 3.0.
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).

Andrew Bartlett
(This used to be commit d4d5e6c2ee)
2003-04-23 11:54:56 +00:00
John Terpstra
2595d6f94b Added editreg.
(This used to be commit ce016df1ec)
2003-04-22 17:06:03 +00:00
Gerald Carter
79d3731d98 * fix segfault when no vfs objects defined
* add "sid=..." to 'net groupmap add'
(This used to be commit e5f6676639)
2003-04-21 19:43:25 +00:00
John Terpstra
4a317cb748 Added smbgroupedit to PROGS2
(This used to be commit bed69decea)
2003-04-19 16:27:30 +00:00
Gerald Carter
a1fb9f2176 Merging smbgroupedit into 'net groupmap'. Not entirely done.
Need to check on where the privilege code is sitting
and update the docs.

Examples:

root# bin/net help groupmap
net groupmap add
  Create a new group mapping
net groupmap modify
  Update a group mapping
net groupmap delete
  Remove a group mapping
net groupmap list
  List current group map

# bin/net groupmap add
Usage: net groupmap add rid=<int> name=<string> type=<domain|local|builtin> [comment=<string>]

# bin/net groupmap delete
Usage: net groupmap delete name=<string|SID>

# bin/net groupmap modify
Usage: net groupmap modify name=<string|SID> [comment=<string>] [type=<domain|local>
(This used to be commit f2fd0ab41f)
2003-04-19 05:53:55 +00:00
Jim McDonough
bdaac40746 Move PAC decoding over from HEAD.
(This used to be commit b0fd4e5555)
2003-04-16 16:57:01 +00:00
Jelmer Vernooij
ddf662d118 More merges from HEAD:
- Stephan Kulow's changes (fixing warnings in libsmbclient)
 - VFS modules
 - Seperating libs
(This used to be commit 6e9b780233)
2003-04-16 14:45:11 +00:00
Jelmer Vernooij
004502551b Add support for the new modules system to lib/iconv.c (merge from HEAD)
(This used to be commit 64a357017a)
2003-04-16 13:09:00 +00:00
Jelmer Vernooij
5e96970480 Add make destination for librpc_echo
(This used to be commit 7ef7910004)
2003-04-16 12:59:12 +00:00
Jelmer Vernooij
a8c95d79f8 Add support for the new modules system to auth/ (merge from HEAD)
(This used to be commit c7a1de090d)
2003-04-16 12:13:07 +00:00
Gerald Carter
d15cd357c7 merge in metze' smbcquotas patch from HEAD
(This used to be commit b6a7704888)
2003-04-15 19:51:17 +00:00
Jelmer Vernooij
ab8a9c8419 use the new modules system for the rpc modules (backport from HEAD)
(This used to be commit aca7319e8d)
2003-04-15 16:55:21 +00:00
Jelmer Vernooij
9c3cecbdac Use the new modules system for passdb (merge from HEAD)
(This used to be commit 1755d5f662)
2003-04-15 16:01:14 +00:00
Jelmer Vernooij
37dc79d2b6 Add selection of the modules to configure (merge from HEAD)
(This used to be commit 3e283989ff)
2003-04-15 12:02:24 +00:00
Tim Potter
cd4da802f1 Merge of python extension picobj fix.
(This used to be commit 7e0e9585f1)
2003-04-15 06:54:27 +00:00
Tim Potter
1f68a389a3 Updates to compile correctly with --with-included-popt
(This used to be commit 5340b9c4c4)
2003-04-15 01:40:37 +00:00
Tim Potter
710bd555c8 Update check-programs target.
(This used to be commit ac6a1ea560)
2003-04-14 05:34:04 +00:00
Tim Potter
ab892c1160 Merge:
- Jelmer's popt changes
(This used to be commit b5b6f11940)
2003-04-14 04:05:48 +00:00
Tim Potter
63cbbe2692 Merge Jelmer's popt updates from HEAD.
(This used to be commit 98e84b3e83)
2003-04-14 03:30:20 +00:00
Tim Potter
be67b58247 Syncup popt changes with HEAD.
(This used to be commit 39c987c3c5)
2003-04-14 02:38:21 +00:00
Tim Potter
b30de2567b Merge a bunch of updates from HEAD:
- whitespace syncup
 - winbind nss client cleanups
 - new rpc echo pipe
 - prettier warnings for out of date autoconf scripts
(This used to be commit bb812d1670)
2003-04-14 01:09:16 +00:00
Tim Potter
270f95f920 Install libsmbclient.h from $(srcdir)
(This used to be commit a02370eccc)
2003-04-09 04:19:57 +00:00
Martin Pool
92a24ce87e t_doschar: Test harness that exercises check_dos_char()
(This used to be commit 9518712516)
2003-04-04 03:27:02 +00:00
Martin Pool
3496eb18bc Merge from HEAD: 1.630 through 1.634:
- build test harnesses for STF

 - "make check" runs STF
(This used to be commit 1e198d314f)
2003-04-04 03:05:10 +00:00
Gerald Carter
02d71a6222 nsswitch/winbind_nss.c doesn't exist
(This used to be commit 1370cc99a4)
2003-04-02 16:45:23 +00:00
Tim Potter
7e90c8a3b3 Merge of Paul Green's make clean fixes.
(This used to be commit d9e6f42599)
2003-04-02 06:26:01 +00:00