1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

1913 Commits

Author SHA1 Message Date
Jeremy Allison
364cb7f71a r17903: Fix null deref caught by Stanford checker. Don't
call ntlmssp_end on a null pointer ! (Doh !).
Jeremy.
(This used to be commit 7b53932b51)
2007-10-10 11:38:58 -05:00
Volker Lendecke
c52b3fb89f r17881: Another microstep towards better error reporting: Make get_sorted_dc_list
return NTSTATUS.

If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.

Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?

Volker
(This used to be commit 60a166f034)
2007-10-10 11:38:57 -05:00
Volker Lendecke
8f9a26cb40 r17847: Dummy commit
(This used to be commit cdcea36095)
2007-10-10 11:38:53 -05:00
Gerald Carter
5693e6c599 r17798: Beginnings of a standalone libaddns library released under
the LGPL.   Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.

It's still got some warts, but non-secure updates do
currently work.  There are at least four things left to
really clean up.

1. Change the memory management to use talloc() rather than
   malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
   dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
   (and under the LGPL).

A few notes:

* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
  issues.
(This used to be commit 36f04674ae)
2007-10-10 11:38:48 -05:00
Gerald Carter
c9f9c65050 r17669: Remove RID algorithm support from unmapped users and groups
when using smbpasswd
(This used to be commit dde552336c)
2007-10-10 11:38:45 -05:00
Jeremy Allison
b41e14abfd r17610: Added the ability for firefox to drive the winbindd
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a1)
2007-10-10 11:38:43 -05:00
Volker Lendecke
900fe6a625 r17603: Make net_ads_join_ok return NTSTATUS.
Thanks to Michael Adam <ma@sernet.de>

hop, hop, hop... ;-)

Volker
(This used to be commit 47facab798)
2007-10-10 11:38:42 -05:00
Volker Lendecke
01c77cefef r17602: Make check_ads_config return NTSTATUS, set some error codes in net_ads_join.
Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 27cca86150)
2007-10-10 11:38:42 -05:00
Volker Lendecke
8b39f5ef37 r17591: machine_account is unused, and ctx must be freed. Thanks Michael
(This used to be commit a347f8a9c4)
2007-10-10 11:38:41 -05:00
Volker Lendecke
20ad622b98 r17585: Don't let ads_status throw away the error information.
Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit ea3a4142a0)
2007-10-10 11:38:41 -05:00
Volker Lendecke
0691ed55ca r17584: Some C++ Warnings
(This used to be commit f6194cf4b2)
2007-10-10 11:38:41 -05:00
Volker Lendecke
db21dceb43 r17557: Change net_join_domain to return NTSTATUS instead of int.
Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit c4e10afadb)
2007-10-10 11:38:39 -05:00
Volker Lendecke
03e3cd1d5a r17554: Cleanup
(This used to be commit 761cbd52f0)
2007-10-10 11:38:38 -05:00
Volker Lendecke
c804dd0117 r17551: Move some DEBUG to d_printf in interactive functions and return
NO_LOGON_SERVERS if no domain controller was found.

Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit d44599de3a)
2007-10-10 11:38:38 -05:00
Jeremy Allison
51f6bfea3b r17496: net groupmap add could add uninitialized sid_name_type
entries to the group mapping db. Ensure this can't happen.
Jeremy.
(This used to be commit 2ba0d93d53)
2007-10-10 11:38:37 -05:00
Volker Lendecke
76362d0d33 r17468: To minimize the diff later on, pre-commit some changes independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.

Volker
(This used to be commit 4ebfc30a28)
2007-10-10 11:38:36 -05:00
Volker Lendecke
d802774e02 r17465: Get rid of add_initial_entry. In the two places it was called in it seemed a
bit pointless to me.

Volker
(This used to be commit 244b25ae49)
2007-10-10 11:38:36 -05:00
Volker Lendecke
e1e62d8999 r17463: A bit of cleanup work:
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.

Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.

Volker
(This used to be commit f9856f6490)
2007-10-10 11:38:36 -05:00
Volker Lendecke
ff7c0a7c35 r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an
argument.

Volker
(This used to be commit 873a5a1211)
2007-10-10 11:38:34 -05:00
Volker Lendecke
175aa92e9e r17446: Fix some C++ warnings and two memleaks found by Coverity, IDs 304 and 305.
Volker
(This used to be commit 4f6605a488)
2007-10-10 11:38:34 -05:00
Gerald Carter
e5f6544df1 r17383: Patch from Michael Adams <ma@sernet.de> to catch
some memory leaks on error paths in net_ads_join()
(This used to be commit 24de2d83ff)
2007-10-10 11:38:29 -05:00
Volker Lendecke
8e1fec05cb r17375: If a field containts only whitespace, we need to do base64 as well.
Volker
(This used to be commit 795d06f427)
2007-10-10 11:38:29 -05:00
Volker Lendecke
280e3895b6 r17374: Get rid of a silly "System User" default for "description", also fetch the
sambaProfilePath.

Volker
(This used to be commit 61e7ed593b)
2007-10-10 11:38:29 -05:00
Volker Lendecke
7c2b79ea48 r17356: Also transfer the sambaHomePath attribute.
Volker
(This used to be commit 49ad0d4d0e)
2007-10-10 11:38:28 -05:00
Volker Lendecke
175ac9f7db r17335: Some more fixes to net rpc vampire ldif. Still not good though :-(
Volker
(This used to be commit e947f4bd91)
2007-10-10 11:38:26 -05:00
Volker Lendecke
e23781b3b3 r17316: More C++ warnings -- 456 left
(This used to be commit 1e4ee728df)
2007-10-10 11:38:25 -05:00
Volker Lendecke
4e9df2fba3 r17313: Non-Ascii attribute values need to be encoded as base64, with an attribute
name attr:: instead of attr:

German domains tend to have umlauts in group names.

More to come tomorrow.

Volker
(This used to be commit 94cdd5d64c)
2007-10-10 11:38:24 -05:00
Volker Lendecke
3fa73aa04d r17312: Do some reformatting on net rpc samsync ldif. Not doing this checkin easily,
as this puts me into svn blame in places I'm not sure I want my name to show
up....

Volker
(This used to be commit d00e73c49b)
2007-10-10 11:38:24 -05:00
Gerald Carter
2681f88fbc r17260: remove extra ;SAMBA_3_0_23/source/utils/netlookup.c
(This used to be commit c152d20e90)
2007-10-10 11:38:22 -05:00
Gerald Carter
20c09b75fa r17258: Cleanup the 'net ads help join' output and document createupn
and createcomputer options
(This used to be commit 87be77bf35)
2007-10-10 11:38:22 -05:00
Andrew Bartlett
fe348fdb28 r17216: From Kai Blin <kai.blin@gmail.com>:
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:

The commands are the following:

Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.

Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.

Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.

(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).

Andrew Bartlett
(This used to be commit bd3e06a0e4)
2007-10-10 11:38:19 -05:00
Volker Lendecke
e0c68d0a1d r17177: Get rid of a global variable by adding a private data pointer to
share_mode_forall().

Volker
(This used to be commit f97f6cedff)
2007-10-10 11:38:17 -05:00
Gerald Carter
188e7ac756 r17158: Add two new options to 'net ads join'
* createupn=[host_upn@realm]
  * createcomputer=<ou path top to bottom> (this was previously
    the only arg)
(This used to be commit 75054e984e)
2007-10-10 11:38:17 -05:00
Gerald Carter
02f272f3c6 r17149: Fail the join if we cannot set any SPNs for the machine account.
Disable the one we created and whine.
(This used to be commit 1a7e81a4a8)
2007-10-10 11:38:16 -05:00
Günther Deschner
9c160dd9a7 r17086: Re-add ability to contact remote domain controllers with the "net ads"
toolset.

In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).

Guenther
(This used to be commit d573e64781)
2007-10-10 11:38:10 -05:00
Volker Lendecke
514af16de5 r17078: Ouch....
(This used to be commit 1d928f783a)
2007-10-10 11:38:10 -05:00
Volker Lendecke
95fd775e81 r17077: Activate RPC-SAMBA3-GETUSERNAME in the build farm
(This used to be commit 8c6088f2bd)
2007-10-10 11:38:10 -05:00
Volker Lendecke
1f2419d9f8 r17032: I thought I had already merged this from trunk:
> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
>
> get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC

Volker
(This used to be commit c89471e157)
2007-10-10 11:19:21 -05:00
Andrew Bartlett
0dc8f720e1 r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain.  This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).

The precalculated blobs do not reveal the plaintext password.

Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b713)
2007-10-10 11:19:17 -05:00
Gerald Carter
060b155cd2 r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
2007-10-10 11:19:15 -05:00
Jeremy Allison
65586c226c r16947: Fix warning with profile separator when profiles not
being used.
Jeremy.
(This used to be commit 441c289fd2)
2007-10-10 11:19:14 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Gerald Carter
03d116a1b7 r16845: Properly report the error during join when the set password fails
(This used to be commit ef6e9ca527)
2007-10-10 11:19:11 -05:00
Jeremy Allison
c7d2deb151 r16656: Fix #3894 and #3895 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit ddf35ad692)
2007-10-10 11:19:06 -05:00
Jeremy Allison
55f8ed0a81 r16652: Fix bug #3891 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 9b0df8d008)
2007-10-10 11:19:06 -05:00
Jeremy Allison
2b8abc030b r16644: Fix bug #3887 reported by jason@ncac.gwu.edu
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b6)
2007-10-10 11:19:05 -05:00
Jeremy Allison
b2ddb4626c r16640: Fix bug #3886 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 76cc25a37e)
2007-10-10 11:19:05 -05:00
Jeremy Allison
4471ce9a68 r16638: Fix bug #3885, reported by jason@ncac.gwu.edu. Use
the correct enumerated type in the macro.
Jeremy.
(This used to be commit 63ad19f71c)
2007-10-10 11:19:05 -05:00
Jeremy Allison
2ef834cdd8 r16614: Klocwork #2012. memleak on error path.
Jeremy.
(This used to be commit 58b9adb849)
2007-10-10 11:19:03 -05:00
Jeremy Allison
8413a18a58 r16612: Klocwork fix #2011. memleak on error path.
Jeremy.
(This used to be commit b4e9475d2a)
2007-10-10 11:19:03 -05:00
Günther Deschner
10252f270e r16453: Fix another memleak.
Guenther
(This used to be commit 49fb1a3ebc)
2007-10-10 11:18:55 -05:00
Jeremy Allison
54ea3c23e3 r16435: Add in the uid info that Jerry needs into the
share_mode struct. Allows us to know the unix
uid of the opener of the file/directory. Needed
for info level queries on open files.
Jeremy.
(This used to be commit d929323d6f)
2007-10-10 11:18:54 -05:00
Jeremy Allison
adc252c275 r16429: Fix final 4 Klocwork bugs we're going to fix before
release - #785, #786, #787, #788.
Jeremy.
(This used to be commit 9017547ccc)
2007-10-10 11:18:53 -05:00
Volker Lendecke
3c34f6085a r16409: Fix Klocwork ID's.
1177

In reg_perfcount.c: 1200 1202 1203 1204
In regfio.c: 1243 1245 1246 1247 1251

Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This
is really your code, and I'm not sure I did the right thing to return an
error.

smbcacls.c: 1377
srv_eventlog_nt.c: 1415 1416 1417
srv_lsa_nt.c: 1420 1421
srv_netlog_nt.c: 1429
srv_samr_nt: 1458 1459 1460

Volker

Volker
(This used to be commit d6547d12b1)
2007-10-10 11:18:52 -05:00
Volker Lendecke
3d672717e0 r16363: Fix Klocwork ID 981 1652
Volker
(This used to be commit ce1d8423ef)
2007-10-10 11:18:49 -05:00
Volker Lendecke
e7fc37cf0f r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749

in net_rpc_audit.c: 754 755 756

in net_rpc_join.c: 757

in net_rpc_registry: 766 767

in net_rpc_samsync.c: 771 773

in net_sam.c: 797 798

Volker
(This used to be commit 3df0bf7d60)
2007-10-10 11:18:48 -05:00
Günther Deschner
c53262d677 r16346: Allow to exit a "net rpc shell" with 'quit' or 'exit'.
Guenther
(This used to be commit 232566e1cb)
2007-10-10 11:17:37 -05:00
Günther Deschner
bf9b5b9baf r16345: Improve the chance that our users can discover one of the coolest 'net'
features.

Guenther
(This used to be commit 446d79a000)
2007-10-10 11:17:37 -05:00
Günther Deschner
c893dfa500 r16344: Allow to set passwords directly when creating users via "net rpc user
add" (as the documentation says, and currently onle "net ads user add"
did). Fixes #3843.

Guenther
(This used to be commit 5d776d5fab)
2007-10-10 11:17:36 -05:00
Jeremy Allison
0a5b892aee r16298: On request of jiri sasek - Sun Microsystems - Prague Czech Republic <Jiri.Sasek@Sun.COM>
change priv_op and priv_info to names that don't
conflict with the solaris namespace.
Jeremy.
(This used to be commit db5b4e3f13)
2007-10-10 11:17:32 -05:00
Jeremy Allison
300acb99ad r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned
int
in a format string.
Jeremy.
(This used to be commit face01ef01)
2007-10-10 11:17:31 -05:00
Jeremy Allison
c2528679d8 r16270: Fix Klocwork #706 - ensure sscanf has correct format
specifier.
Jeremy.
(This used to be commit dc53d35b0a)
2007-10-10 11:17:29 -05:00
Jeremy Allison
835bfbb8ac r16267: Fix Klocwork #401, #402 - ensure format specifier
limited. Fix memleak in printing gencache contents.
Jeremy.
(This used to be commit 81731e1f68)
2007-10-10 11:17:28 -05:00
Günther Deschner
e942ca4e0a r16261: Smaller fixes for net ads password.
Guenther
(This used to be commit 689ae22c80)
2007-10-10 11:17:28 -05:00
Volker Lendecke
c56f002525 r16252: Fix Klocwork ID 1119, 1121.
Volker
(This used to be commit 678bbcf061)
2007-10-10 11:17:28 -05:00
Volker Lendecke
d93b408678 r16251: for i in seq 1 1000
do
	echo "I will always compile before commit :-)"
done

Also fix Klokwork ID 806.

Volker
(This used to be commit 4974c598c0)
2007-10-10 11:17:28 -05:00
Volker Lendecke
99f271b3cb r16247: Fix Coverity ID 296
(This used to be commit b82c95cb43)
2007-10-10 11:17:27 -05:00
Jeremy Allison
f9147c4e40 r16241: Fix Klocwork #106 and others like it.
Make 2 important changes. pdb_get_methods()
returning NULL is a *fatal* error. Don't try
and cope with it just call smb_panic. This
removes a *lot* of pointless "if (!pdb)" handling
code. Secondly, ensure that if samu_init()
fails we *always* back out of a function. That
way we are never in a situation where the pdb_XXX()
functions need to start with a "if (sampass)"
test - this was just bad design, not defensive
programming.
Jeremy.
(This used to be commit a0d368197d)
2007-10-10 11:17:27 -05:00
Jeremy Allison
a1e0a0e928 r16230: Fix Klocwork #861 and others. localtime and asctime
can return NULL. Ensure we check all returns correctly.
Jeremy.
(This used to be commit 6c61dc8ed6)
2007-10-10 11:17:26 -05:00
Gerald Carter
b32d2ecf9c r16219: BUG 3836, 3837, 3004: compile warning fixes from Jason Mader.
(This used to be commit 6c1f1c091f)
2007-10-10 11:17:26 -05:00
Günther Deschner
bf7a5433b4 r16115: Make "net ads changetrustpw" work again.
(adapt to the new UPN/SPN scheme).

Guenther
(This used to be commit 8fc70d0df0)
2007-10-10 11:17:21 -05:00
Simo Sorce
c2ff57e326 r15971: Obey the manpage description and make changesecretpw accept a password via stdin
(This used to be commit 60d4aabc32)
2007-10-10 11:17:15 -05:00
Gerald Carter
883241c76b r15906: smbpasswd help text for -W option (patch from Aruna Prabakar <aruna.prabakar@hp.com>
(This used to be commit 0a81af4fef)
2007-10-10 11:17:12 -05:00
Jeremy Allison
fdb68ec206 r15890: Use correct enum type (bug #3722) from Jason Mader <jason@ncac.gwu.edu>.
Jeremy.
(This used to be commit a8eb1186a1)
2007-10-10 11:17:12 -05:00
Günther Deschner
ae4a2a2b9d r15703: Fix d_printf call.
Guenther
(This used to be commit 741602e03a)
2007-10-10 11:17:08 -05:00
Gerald Carter
463e7c1171 r15701: change 'net ads leave' to disable the machine account in the domain (since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625)
2007-10-10 11:17:08 -05:00
Gerald Carter
13bc6d4666 r15680: use the user creds when calling net_set_machine_spn() rather than the machine creds (just like WinXP)
(This used to be commit ae2bf464c4)
2007-10-10 11:17:07 -05:00
Volker Lendecke
a835209278 r15657: Fix some Tru64 warnings
(This used to be commit a85dfb9eff)
2007-10-10 11:17:05 -05:00
Simo Sorce
5e8221d909 r15646: Implement an setdomainsid command as well
(This used to be commit 51df47c772)
2007-10-10 11:17:05 -05:00
Jim McDonough
62f61caff4 r15630: adapt smbclient fix to smbtree to enable long share names
(This used to be commit ae56154fc7)
2007-10-10 11:17:03 -05:00
Volker Lendecke
bb4856b14a r15608: Fix a couple of Coverity errors
(This used to be commit 696e210bf6)
2007-10-10 11:17:03 -05:00
Gerald Carter
b16bdf985d r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb flags on the setuserinfo(), not the createuser info call
(This used to be commit d933ac273d)
2007-10-10 11:17:02 -05:00
Volker Lendecke
f390936c5b r15566: Fix Coverity bug # 284. The lp_ldap_xx_suffix function only return NULL if
talloc fails.

Volker
(This used to be commit 0ece5b32f9)
2007-10-10 11:17:01 -05:00
Gerald Carter
bc89437cca r15561: Should re-fix older systems without RC4-HMAC support
(This used to be commit 00c795e366)
2007-10-10 11:17:01 -05:00
Gerald Carter
f1039b8fb4 r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....
Re-add the capability to specify an OU in which to create
the machine account.  Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e304)
2007-10-10 11:17:01 -05:00
Günther Deschner
453e4b50aa r15559: Smaller fixes for the new cldap code:
* replace printf to stderr with DEBUG statements as they get printed in
  daemons
* "net ads lookup" return code

Guenther
(This used to be commit 8dd925c5fb)
2007-10-10 11:17:01 -05:00
Gerald Carter
18d5a26f74 r15549: removing rhosts and 'hosts equiv' authentication features
(This used to be commit d19dad8815)
2007-10-10 11:16:58 -05:00
Gerald Carter
2c029a8b96 r15543: New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f)
2007-10-10 11:16:57 -05:00
James Peach
8de0dcb3d9 r15529: Initialise our saved uid and gid so that we can tell when
we created the profiling shmem segment and don't bogusly
refuse to look at it.
(This used to be commit eb31ef3a0e)
2007-10-10 11:16:56 -05:00
Günther Deschner
f777697508 r15523: Honour the time_offset also when verifying kerberos tickets. This
prevents a nasty failure condition in winbindd's pam_auth where a tgt
and a service ticket could have been succefully retrieved, but just not
validated.

Guenther
(This used to be commit a75dd80c62)
2007-10-10 11:16:55 -05:00
Volker Lendecke
18250bc299 r15471: Clarify error message
(This used to be commit f21adc04f7)
2007-10-10 11:16:51 -05:00
Gerald Carter
af086da4ec r15462: replace the use of OpenLDAP's ldap_domain2hostlist() for
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3c)
2007-10-10 11:16:49 -05:00
Günther Deschner
c6fa16f330 r15460: Prefer to use the indexed objectCategory attribute (instead of
objectClass which is not indexed on AD) in LDAP queries.

Guenther
(This used to be commit 847882a983)
2007-10-10 11:16:49 -05:00
Günther Deschner
a0ff50efa7 r15428: Add "smbcontrol winbind onlinestatus" for debugging purpose.
Guenther
(This used to be commit 9e15b1659c)
2007-10-10 11:16:43 -05:00
James Peach
4ab90ea08c r15424: Implement a "stacktrace" smbcontrol option using libunwind's remote
stack tracing support. This provides an easy way for users to provide
stack traces (hopefully it will be implemented on something other than
ia64).
(This used to be commit 0b5e07e12d)
2007-10-10 11:16:42 -05:00
Jeremy Allison
677b4769bd r15341: Ok I give up, I've been beaten by bug reports. People
just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.
(This used to be commit cdc3aa9d07)
2007-10-10 11:16:36 -05:00
Jeremy Allison
c176ec2629 r15336: Unknown escape sequence: '\305' - should have been '\n'.
(How did that get in there ?).
Jeremy
(This used to be commit 780b71d300)
2007-10-10 11:16:36 -05:00
Gerald Carter
173261dc87 r15311: look at the NT password (not lanman one) when determining if smbpasswd -e should probably for a password
(This used to be commit 3522b53aec)
2007-10-10 11:16:35 -05:00
Günther Deschner
34e810076d r15305: Let winbind search by sid directly (or in windows terms: "bind to a
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.

Guenther
(This used to be commit 5557ada694)
2007-10-10 11:16:33 -05:00
Günther Deschner
ad8493d90c r15198: Mention the auditing tool in "net rpc help".
Guenther
(This used to be commit e55e1e1e96)
2007-10-10 11:16:28 -05:00
Günther Deschner
8fca274e47 r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.
Guenther
(This used to be commit ba81b508ca)
2007-10-10 11:16:28 -05:00
Volker Lendecke
22c4ad8a10 r15173: Fix a non-critical memleak
(This used to be commit bb8c69162f)
2007-10-10 11:16:27 -05:00
Alexander Bokovoy
3cd1101c9b r15152: Fix a case when target is offline. Jerry, this needs to be in 3.0.23pre1
(This used to be commit f068862e56)
2007-10-10 11:16:26 -05:00
Volker Lendecke
fb1f83b05d r15137: Refuse to join if our netbios name is longer than 15 chars. I think this is
sufficient to fix bug #3659.

Volker
(This used to be commit 0ef5e4372c)
2007-10-10 11:16:26 -05:00
Volker Lendecke
d4d04313ea r15136: Fix join consistency check
(This used to be commit a6e88785e7)
2007-10-10 11:16:25 -05:00
Günther Deschner
4549efe696 r15123: Don't even try to join with an inproper configuration.
Guenther
(This used to be commit 22b6875897)
2007-10-10 11:16:25 -05:00
Gerald Carter
8c9eb7631e r15053: fix portabilities issues between 32-bit winbind clients and a 64-bit winbindd server
(This used to be commit a95d11345e)
2007-10-10 11:16:00 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Jeremy Allison
22dbd67708 r15018: Merge Volker's ipc/trans2/nttrans changes over
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
2007-10-10 11:15:57 -05:00
Volker Lendecke
42131b759d r15011: Fix bug # 2413. net rpc info can't reliably work anonymously anymore.
Volker
(This used to be commit ba41c62b8b)
2007-10-10 11:15:56 -05:00
James Peach
9f9526f0c7 r14900: Separate words in error message.
(This used to be commit ffe1a2e23f)
2007-10-10 11:15:53 -05:00
James Peach
da3b7af764 r14899: Add missing semi-colon.
(This used to be commit 5f4f4cbe6f)
2007-10-10 11:15:53 -05:00
James Peach
4fa5559800 r14898: This change is an attempt to improve the quality of the information that
is produced when a process exits abnormally.

First, we coalesce the core dumping code so that we greatly improve our
odds of being able to produce a core file, even in the case of a memory
fault. I've removed duplicates of dump_core() and split it in two to
reduce the amount of work needed to actually do the dump.

Second, we refactor the exit_server code path to always log an explanation
and a stack trace. My goal is to always produce enough log information
for us to be able to explain any server exit, though there is a risk
that this could produce too much log information on a flaky network.

Finally, smbcontrol has gained a smbd fault injection operation to test
the changes above. This is only enabled for developer builds.
(This used to be commit 56bc02d644)
2007-10-10 11:15:53 -05:00
Jeremy Allison
576e17cbf3 r14831: Fix possible null deref. Coverity #279.
Jeremy.
(This used to be commit 75be5c17bc)
2007-10-10 11:15:49 -05:00
Günther Deschner
895fc239a4 r14757: Make sure we only send out a CLDAP request to an connected AD server.
Guenther
(This used to be commit d17712f976)
2007-10-10 11:15:46 -05:00
Jeremy Allison
4f655c952b r14743: Fix coverity bug #227. Possible deref of null pointer
in error code path.
Jeremy.
(This used to be commit 9117713c5e)
2007-10-10 11:15:45 -05:00
Gerald Carter
efd32bf371 r14699: allow 'net sam addmem' to accept a SID for the member
(This used to be commit 08d201806f)
2007-10-10 11:15:44 -05:00
Jim McDonough
05ef1d6b5d r14683: Get rid of hardcoded output file. With no arg, print to stdout,
otherwise append to output file specified.
(This used to be commit b4ec93f5a2)
2007-10-10 11:15:43 -05:00
Jim McDonough
a0e36ddb68 r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a
different directory the temp files should be in, or is /tmp ok?

Still have to get rid of the output file hardcoding, but that is to
come, because I need to cleanup stdout.
(This used to be commit 0d4bd93a5c)
2007-10-10 11:15:43 -05:00
Günther Deschner
485a286a65 r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options.

Guenther
(This used to be commit afc519530f)
2007-10-10 11:15:38 -05:00
Gerald Carter
b36e2921ee r14580: add 'net sam createbuiltingroup' to map BUILTIN local groups to a gid
(This used to be commit 3137fe5068)
2007-10-10 11:15:38 -05:00
Gerald Carter
5aa66fd039 r14577: BUG Fixes:
* Add back in the import/export support to pdbedit
* Fix segv in pam_smbpass
* Cleanup some error paths in pdb_tdb and pdb_interface
(This used to be commit df53d64910)
2007-10-10 11:15:37 -05:00
Jeremy Allison
fa57a318b4 r14416: Remove deadcode. Coverity #198.
Jeremy.
(This used to be commit 7fc61f5a63)
2007-10-10 11:15:29 -05:00
Gerald Carter
0ce53f8ba5 r14403: * modifies create_local_nt_token() to create a BUILTIN\Administrators
group IFF sid_to_gid(S-1-5-32-544) fails and 'winbind nested groups = yes'

* Add a SID domain to the group mapping enumeration passdb call
  to fix the checks for local and builtin groups.  The SID can be
  NULL if you want the old semantics for internal maintenance.
  I only updated the tdb group mapping code.

* remove any group mapping from the tdb that have a
  gid of -1 for better consistency with pdb_ldap.c.
  The fixes the problem with calling add_group_map() in
  the tdb code for unmapped groups which might have had
  a record present.

* Ensure that we distinguish between groups in the
  BUILTIN and local machine domains via getgrnam()
  Other wise BUILTIN\Administrators & SERVER\Administrators
  would resolve to the same gid.

* Doesn't strip the global_sam_name() from groups in the
  local machine's domain (this is required to work with
  'winbind default domain' code)

Still todo.

* Fix fallback Administrators membership for root and domain Admins
  if nested groups = no or winbindd is not running

* issues with "su - user -c 'groups'" command

* There are a few outstanding issues with BUILTIN\Users that
  Windows apparently tends to assume.  I worked around this
  presently with a manual group mapping but I do not think
  this is a good solution.  So I'll probably add some similar
  as I did for Administrators.
(This used to be commit 612979476a)
2007-10-10 11:15:28 -05:00
Jim McDonough
e0793b1b28 r14278: Remainder of fix for Coverity #79,80,81: only allow GROUP or OWNER to be
specified once in an ACL, so it can be allocated a second time,
overwriting the first
(This used to be commit 1804a8a01e)
2007-10-10 11:15:22 -05:00
Jim McDonough
30e751c56b r14272: Fix Coverity # 81: free alloc'ed storage before returning
(This used to be commit 1899d8ea28)
2007-10-10 11:15:22 -05:00
Volker Lendecke
3b6f14990a r14214: Fix Coverity Bug # 57
(This used to be commit 32364d8f01)
2007-10-10 11:15:16 -05:00
Jim McDonough
a5eda88677 r14156: Fix coverity #114: free storage alloc'ed by sstring_sub()
(This used to be commit 655fb66b28)
2007-10-10 11:15:14 -05:00
Jim McDonough
c0d4100517 r14155: Fix coverity #115: free storage alloc'ed by sstring_sub()
(This used to be commit a197b8c5cb)
2007-10-10 11:15:14 -05:00
Jim McDonough
49dec1cac6 r14153: Fix coverity #116: free storage alloc'ed by sstring_sub()
(This used to be commit dbc0ff5544)
2007-10-10 11:15:14 -05:00
Jim McDonough
c53c08ef86 r14152: Fix coverity #117: free storage alloc'ed by sstring_sub
(This used to be commit cf36f5949f)
2007-10-10 11:15:14 -05:00
Jim McDonough
b5f12bc0f8 r14150: Fix coverity #118: not freeing alloc'ed storage returned from
sstring_sub().
(This used to be commit 6ff849f35a)
2007-10-10 11:15:14 -05:00
Jim McDonough
a2d489c187 r14147: Fix coverity #119. alloc'ed memory returned not saved, so not freed.
Need to go back and correct the assumption that an "ldap xxx suffix"
parm must have an OU.
(This used to be commit 2d7ba11ffb)
2007-10-10 11:15:13 -05:00
Günther Deschner
c34e73cfcf r14146: Just some typos.
Guenther
(This used to be commit ade86cc787)
2007-10-10 11:15:13 -05:00
Jim McDonough
7a2bc34d4d r14135: Fix for Coverity #123: resource leak. Also rework much of the code to
make it cleaner.  There's still more to do on this...
(This used to be commit f75dad0325)
2007-10-10 11:15:13 -05:00
Volker Lendecke
35d2856ae3 r14101: Fix a segfault in trustdom establish, cli is NULL here.
(This used to be commit 1df58c7a00)
2007-10-10 11:11:12 -05:00
Volker Lendecke
d95efac94d r14099: Fix Coverity # 113
(This used to be commit db00570535)
2007-10-10 11:11:12 -05:00
Volker Lendecke
10373355df r14098: Fix Coverity # 112
(This used to be commit 121a350b92)
2007-10-10 11:11:11 -05:00
Jeremy Allison
485714ac6b r14087: Protect against domain being NULL. Finish Coverity #152.
Jeremy.
(This used to be commit 88dd4ab481)
2007-10-10 11:11:11 -05:00
Jim McDonough
cc7b53f673 r14085: Fix coverity bg #152, uninit'ed var.
(This used to be commit d8e69c18e0)
2007-10-10 11:11:11 -05:00
Günther Deschner
aeea749548 r14062: Forgot those in the uint16/32 acb_info switch.
Guenther
(This used to be commit 0167b6cca8)
2007-10-10 11:11:09 -05:00
Jim McDonough
924be04217 r14053: Implement Simo's suggestion: don't use /dev/null for a 'bad' path for
users/workstations
(This used to be commit 2690f015be)
2007-10-10 11:11:08 -05:00
Volker Lendecke
753dcde401 r14036: Ok, the last one generated a const warning. Also fix Coverity # 119.
net rpc vampire is ugly....

Volker
(This used to be commit c1ea48949d)
2007-10-10 11:11:07 -05:00
Volker Lendecke
3cc8b8125a r14035: Fix Coverity bug # 124
(This used to be commit 9fe21fd032)
2007-10-10 11:11:07 -05:00
Volker Lendecke
991fd6c28e r14034: Fix Coverity id # 125.
Jeremy, you might want to take a look here.

Volker
(This used to be commit e6e29937e8)
2007-10-10 11:11:07 -05:00
Volker Lendecke
4479d1b061 r14033: Fix Coverity bug # 126
(This used to be commit bb6d678575)
2007-10-10 11:11:06 -05:00
Jim McDonough
247bacf19b r13968: fix typo, caught by Guenther
(This used to be commit 217d3fbe79)
2007-10-10 11:11:02 -05:00
Jim McDonough
9bc20e14db r13957: Based on patch from Richard Renard <richard.renard@idealx.com>:
Fix machine accounts (should not have valid shells) and users with no
home directory (were getting previous user's directory).
(This used to be commit f629f8a7b9)
2007-10-10 11:11:01 -05:00
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a2)
2007-10-10 11:10:59 -05:00
Günther Deschner
9f2e29799e r13864: Some cleanup and the samr set security object function client-side.
Guenther
(This used to be commit 0ae3fddf95)
2007-10-10 11:10:57 -05:00
Günther Deschner
105825cf5a r13861: Avoid "net rpc join" segfaulting when storing the servername in the
affinity cache.

Guenther
(This used to be commit b8c07babbd)
2007-10-10 11:10:57 -05:00
Simo Sorce
092e3ed45a r13846: Take care of system that do not have LDAP libraries
(This used to be commit ab62c8d93a)
2007-10-10 11:10:57 -05:00
Simo Sorce
d54010e219 r13843: Merge in net sam provision and some pdb_ldap fixes
(This used to be commit 705d811808)
2007-10-10 11:10:56 -05:00
Günther Deschner
e54786b535 r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
  returning zero)

Guenther
(This used to be commit 5b89e8bc24)
2007-10-10 11:10:25 -05:00
Alexander Bokovoy
e99814b6ed r13695: Make code consistent with documentation. :-)
smbcontrol was sending messages designated for nmbd and winbindd to smbd. Thus, nmbd and winbindd
were "unshutdownable".
(This used to be commit 52e9b5f89f)
2007-10-10 11:10:24 -05:00
Gerald Carter
d95e13e68f r13679: Commiting the rm_primary_group.patch posted on samba-technical
* ignore the primary group SID attribute from struct samu*
* generate the primary group SID strictlky from the Unix
  primary group when dealing with passdb users
* Fix memory leak in original patch caused by failing to free a
  talloc *
* add wrapper around samu_set_unix() to prevent exposing the create
  BOOL to callers.  Wrappers are samu_set_unix() and samu-allic_rid_unix()
(This used to be commit bcf269e2ec)
2007-10-10 11:10:23 -05:00
Tim Potter
3444017ed3 r13648: Duh.
(This used to be commit 48cd81074e)
2007-10-10 11:10:21 -05:00
Jeremy Allison
202bc164ca r13641: Finish fix for #3510. Don't use client schannel when told
not to, cope with a server that doesn't offer schannel also.
Jeremy
(This used to be commit 68005f6bdb)
2007-10-10 11:10:20 -05:00
Jeremy Allison
0d7f6d650d r13614: First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.
(This used to be commit 7de1ee1861)
2007-10-10 11:10:19 -05:00
Jeremy Allison
b5caff56ec r13607: Fix compile - don't ref auto variable in a structure initialization.
Fix from Richard Bollinger <rabollinger@gmail.com>.
Jeremy.
(This used to be commit 02da5189f1)
2007-10-10 11:10:19 -05:00
Jeremy Allison
b9c73cb520 r13594: Got sense of NTSTATUS check reversed.
Jeremy.
(This used to be commit cd82107989)
2007-10-10 11:10:18 -05:00
Gerald Carter
cd55919263 r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()
(This used to be commit 6f1afa4acc)
2007-10-10 11:10:16 -05:00
Volker Lendecke
b7e7a5ef20 r13579: Next try to fix the AIX build. Thanks to Björn for nagging...
Volker
(This used to be commit 4cf5109c7a)
2007-10-10 11:10:15 -05:00
Gerald Carter
2203bed32c r13576: This is the beginnings of moving the SAM_ACCOUNT data structure
to make full use of the new talloc() interface.  Discussed with Volker
and Jeremy.

* remove the internal mem_ctx and simply use the talloc()
  structure as the context.
* replace the internal free_fn() with a talloc_destructor() function
* remove the unnecessary private nested structure
* rename SAM_ACCOUNT to 'struct samu' to indicate the current an
  upcoming changes.  Groups will most likely be replaced with a
  'struct samg' in the future.

Note that there are now passbd API changes.  And for the most
part, the wrapper functions remain the same.

While this code has been tested on tdb and ldap based Samba PDC's
as well as Samba member servers, there are probably still
some bugs.  The code also needs more testing under valgrind to
ensure it's not leaking memory.

But it's a start......
(This used to be commit 19b7593972)
2007-10-10 11:10:15 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Jeremy Allison
9132acff08 r13553: Fix all our warnings at -O6 on an x86_64 box.
Jeremy.
(This used to be commit ea82958349)
2007-10-10 11:10:13 -05:00
Jeremy Allison
cde2a30d8e r13530: Fix from William Jojo for #1970. Make nmblookup do
a node status on all IP's when requested.
Jeremy.
(This used to be commit 1fcac478cb)
2007-10-10 11:10:10 -05:00
Lars Müller
825f09e14e r13528: Mention the tools and commandline option names used.
(This used to be commit 5db7e9a42a)
2007-10-10 11:10:10 -05:00
Lars Müller
f2a6eeaae9 r13527: Adjust copyright header with information got from the 2.2 cvs tree.
(This used to be commit e00505cc94)
2007-10-10 11:10:10 -05:00
Lars Müller
b1002863e7 r13525: This is only a cleanup to have the memset() and SAFE_FREE() only one
time in the code.

Even if we now have an additional if statement after the free I prefer
this solution in opposite to the duplicated code we had before.
(This used to be commit 4272419b11)
2007-10-10 11:10:10 -05:00
Lars Müller
394d1aeb8e r13524: Add -t|--password-from-stdin option to pdbedit as we had with Samba 2.2.
This fixes bug #1386.

The initial changes had been made by Carsten Höger <choeger at
open-xhange dot com> for Samba 2.2 while being at SuSE. *sigh*

To not duplicate code from smbpasswd in pdbedit stdin_new_passwd() and
get_pass() are moved from smbpasswd to utils/passwd_util.c.
(This used to be commit dbdc5ba497)
2007-10-10 11:10:10 -05:00
Volker Lendecke
2f2ab29cc1 r13517: Fix typo -- thanks to Karolin Seeger <ks@sernet.de>
(This used to be commit d0efb435e5)
2007-10-10 11:10:09 -05:00
Jeremy Allison
8189bb6e4c r13502: Fix error messages for usershares when smbd is not
running. More generic error return cleanup in libsmb/
needs doing (everything returning NTSTATUS not BOOL).
Jeremy
(This used to be commit 654bb9853b)
2007-10-10 11:10:07 -05:00
Volker Lendecke
301d51e13a r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de)
2007-10-10 11:10:06 -05:00
Volker Lendecke
7461a457d1 r13486: Two more -- fix bug 3503
(This used to be commit 62b02a6843)
2007-10-10 11:10:05 -05:00
Gerald Carter
75ef18fa75 r13460: by popular demand....
* remove pdb_context data structure
* set default group for DOMAIN_RID_GUEST user as RID 513 (just
  like Windows)
* Allow RID 513 to resolve to always resolve to a name
* Remove auto mapping of guest account primary group given the
  previous 2 changes
(This used to be commit 7a2da5f0cc)
2007-10-10 11:10:04 -05:00
Gerald Carter
f351b9c6eb r13382: added server affinity cache stores for 'net rpc join' and trusted domain code
(This used to be commit 9eb743584d)
2007-10-10 11:09:57 -05:00
Jeremy Allison
616fea56e7 r13368: I must write out 1000 times, "Don't use C++ reserved words..."
Jeremy.
(This used to be commit b1ebc12b50)
2007-10-10 11:06:26 -05:00
Volker Lendecke
aa2e8f6b2c r13351: Fix copyright
(This used to be commit 70114f509c)
2007-10-10 11:06:26 -05:00
Volker Lendecke
da979c9e7e r13350: Implement rpccli_samr_set_domain_info. Weird that it was not around :-)
Implement 'net rpc shell account' -- An editor for account policies

nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.

Volker
(This used to be commit fc73690a70)
2007-10-10 11:06:26 -05:00
Volker Lendecke
4c4b5de4c8 r13337: Attempt to fix the AIX build
(This used to be commit b129b4f94f)
2007-10-10 11:06:25 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
0e551cd5a2 r13262: Arrgggg. Fix smbstatus and swat status to ignore
bloody placeholder share mode entries (I hate
these - I've had to add this filter code now to too
many places :-).
Jeremy.
(This used to be commit 815340e1a4)
2007-10-10 11:06:20 -05:00
Derrell Lipman
9c15bd311d r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500
lp_load() could not be called multiple times to modify parameter settings based
 on reading from multiple configuration settings.  Each time, it initialized all
 of the settings back to their defaults before reading the specified
 configuration file.

 This patch adds a parameter to lp_load() specifying whether the settings should
 be initialized.  It does, however, still force the settings to be initialized
 the first time, even if the request was to not initialize them.  (Not doing so
 could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769)
2007-10-10 11:06:18 -05:00
Simo Sorce
69981e3341 r13148: Fix bug: #3413
Check that ldap admin dn is defined in smb.conf before
setting the ldap password in secrets.tdb

Based on patch by William Jojo <jojowil@hvcc.edu>

Simo.
(This used to be commit c2c004a620)
2007-10-10 11:06:15 -05:00
Simo Sorce
5301c8b98d r13136: Fix handling user sid and user gid
(This used to be commit 65d5abda68)
2007-10-10 11:06:15 -05:00
Gerald Carter
efc04a2411 r13133: patch from Makr Proehl <m.proehl@science-computing.de> for dumping server role when calling 'testparm -s' (BUG 1336)
(This used to be commit a4c6eceaae)
2007-10-10 11:06:14 -05:00
Jeremy Allison
bdc6f05af5 r13091: Fix gcc warning about using '0' with %s.
Jeremy.
(This used to be commit 5f5f87584f)
2007-10-10 11:06:13 -05:00
Gerald Carter
8cf489e5ac r13083: patch suggested by Adam Nielsen for better smbstatus formatting
(This used to be commit ef69cf9614)
2007-10-10 11:06:13 -05:00
Gerald Carter
0773e79761 r13082: revert an accidentally commited patch (still in progress)
(This used to be commit e43775fb31)
2007-10-10 11:06:12 -05:00
Gerald Carter
e95e6044b0 r13081: correct fix for the segv in nmbd caused by a double free on namerec.
(This used to be commit c908dbc4b2)
2007-10-10 11:06:12 -05:00
Lars Müller
c42be9fd38 r12986: Use d_fprintf(stderr, ...) for any error message in net.
All 'usage' messages are still printed to stdout.

Fix some compiler warnings for system() calls where we didn't used the
return code.  Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdaf)
2007-10-10 11:06:09 -05:00
Gerald Carter
10b182fe73 r12870: fixing net rpc registry enumerate from overwritnig the open subkey handle
(This used to be commit cc2e7052bd)
2007-10-10 11:06:05 -05:00
Volker Lendecke
19563e6744 r12840: Add -W to smbpasswd. Thanks to William Jojo <jojowil@hvcc.edu>.
Volker
(This used to be commit 2942f3594b)
2007-10-10 11:06:04 -05:00
Volker Lendecke
263cbe122a r12781: Support the level parameter for lsa_lookupsids.
Simplify the interfaces to domain trusts a bit: Nothing outside secrets.c
needs to know we're storing stuff in ucs2.

Volker
(This used to be commit a01fa43ed2)
2007-10-10 11:06:03 -05:00
Volker Lendecke
d64db1c509 r12678: One more
(This used to be commit f80fe785bc)
2007-10-10 11:06:01 -05:00
Jeremy Allison
c8f28c92a7 r12555: Fix more load_case_table swegfaults. Arggg.
What I'd give for a global constructor...
Jeremy.
(This used to be commit c970d7d0a5)
2007-10-10 11:05:59 -05:00
Volker Lendecke
608aa3f41e r12544: Fix segfaults in winbind, smbpasswd and net
(This used to be commit 9ca8edc26e)
2007-10-10 11:05:59 -05:00
Günther Deschner
1501a1755c r12415: Forgot newlines.
Guenther
(This used to be commit c727a1a330)
2007-10-10 11:05:55 -05:00
Günther Deschner
107fe91d2b r12414: Remove the unnecessary SMB_STRDUP in server_role_str() + reuse the role
translation elsewhere.

Guenther
(This used to be commit 6c4a6da3dc)
2007-10-10 11:05:55 -05:00